Teds Skrevet 3. februar 2009 Del Skrevet 3. februar 2009 (endret) Hei, Da har en venninne av meg vært litt uheldig og fått inn en god del småsnusk på maskinen sin. Av det jeg kunne se før maskinen var frosset var: : QuickInstallPack, SecureExpertCleaner, Virus Remover 2008 og AntiVirus 360. Gjennom sikkermodus har jeg fått slettet SecureExpertCleaner og Virus Remover 2008, men ennå ligger AntiVirus 260 i veien for at normal oppstart skal være mulig. Har akkurat satt i gang med MBAM og vil deretter kjøre ComboFix, etterfulgt av en hel del egne, valgte programmer. Logger vil komme så raskt så mulig, og jeg håper på kommentarer og tilbakemeldinger. Redigert: Da viste deg seg at installeringsfilen til MBAM ikke ville starte i sikkermodus, og prøver dermed ved normal oppstart i stedet for. Redigert2: Da viser det seg også at MBAM ikke vil kjøre ved vanlig oppstart, legger seg i taskmanager, men intet vises. ComboFix kjøres. Redigert3: Ei heller ComboFix ville kjøre fra .exe-fil så av den grunn kjørte jeg en HijackThis! aller først. Loggen kommer så fort jeg har fått flyttet den over på stasjonær maskin. Redigert4: Her kommer HijackThis-loggen, håper noen kan se på den! Logfile of HijackThis v1.99.1 Scan saved at 18:58:47, on 03.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\ASUS\Wireless Console 2\wcourier.exe C:\Programfiler\Norman\Npm\Bin\ZLH.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DNA\btdna.exe C:\WINDOWS\system32\spoolsv.exe C:\DOCUME~1\Vidar\LOKALE~1\Temp\a.exe C:\DOCUME~1\Vidar\LOKALE~1\Temp\~tmpa.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ASWLSVC.exe C:\WINDOWS\ATKKBService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ASWL2K.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\DOCUME~1\Vidar\LOKALE~1\Temp\~tmpd.exe C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\Bin\Nip.exe C:\Programfiler\Norman\Nvc\Bin\cclaw.exe C:\Documents and Settings\Vidar\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: iercptbho - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - C:\Documents and Settings\Vidar\Lokale innstillinger\Programdata\qip\iercpt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll (file missing) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Wireless Console 2] C:\Programfiler\ASUS\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Vidar\LOKALE~1\Temp\~tmpa.exe O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Vidar\LOKALE~1\Temp\a.exe O4 - HKCU\..\Run: [21440207872931010657080978530214] C:\Programfiler\Antivirus 2009\av2009.exe O4 - HKCU\..\Run: [QuickInstallPack] C:\Documents and Settings\Vidar\Lokale innstillinger\Programdata\qip\QuickInstallPack.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199968055203 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\Programfiler\Norman\nse\bin\NSESVC.EXE" -daemon (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe Med vennlig hilsen, Ole Martin Haugesten. Endret 4. februar 2009 av Teds Lenke til kommentar
norbat Skrevet 3. februar 2009 Del Skrevet 3. februar 2009 (endret) Prøv følgende: Last ned Roguefix til skrivebordet (høyreklikk på linken og velg lagre som). Du får føre den over med minnepenna. Kjør roguefix.bat-fila og følg veiledningen. Forsøk deretter å kjøre mbam Endret 3. februar 2009 av norbat Lenke til kommentar
Teds Skrevet 3. februar 2009 Forfatter Del Skrevet 3. februar 2009 RougeFix er kjørt og spør meg nå om å slette filen "beep.sys" om jeg vil ha renset maskinen, ser ikke denne filen som en potensiell farlighet og slette? Står videre at denne filen kun behandler systemalarmer, så tar sjansen. Lenke til kommentar
norbat Skrevet 3. februar 2009 Del Skrevet 3. februar 2009 (endret) Kan hentes på nytt, hvis ønskelig. Endret 3. februar 2009 av norbat Lenke til kommentar
Teds Skrevet 3. februar 2009 Forfatter Del Skrevet 3. februar 2009 (endret) Fikk videre en liten melding fra Windows, direkte hentet: "Filbeskyttelse for Windows | Filer som kreves for at Windows skal kjøre skikkelig har blitt erstattet av versjoner som ikke gjenkjennes. Windows må opprette de opprinnelige versjonene av disse filene for å beholde systemstabilitet. Sett inn CD-ROM for Windows XP Home nå. Valg: Prøv på nytt, Mer informasjon og avbryt." Videre sier RougeFix i bakgrunnen: "Do you want to set your DESKTOP BACKGROUND back to the Windows default settings? These changes will not take effect untill you reboot. Press N then ENTER if your desktop background has not changed or you prefer to do it manually. Press Y then ENTER to reset." Det skal sies at skrivebordet/bakgrunnen er uendret, men hva med Windows-henvendelsen? Takker så langt! Endret 3. februar 2009 av Teds Lenke til kommentar
norbat Skrevet 3. februar 2009 Del Skrevet 3. februar 2009 Du bør følge oppfordringen. Spm. er vel om du har en xp cd? Har .bat-fila kjørt ferdig eller må du gjøre valgene først? Lenke til kommentar
Teds Skrevet 3. februar 2009 Forfatter Del Skrevet 3. februar 2009 Har en XP-cd liggende et sted, men det er en Professional-utgave, vil det fungere da? Valgene i RougeFix og Windows sin henvendelse er uavhengige av hverandre, så det er mulig å fullføre RougeFix, eller omvendt Lenke til kommentar
norbat Skrevet 3. februar 2009 Del Skrevet 3. februar 2009 Da fortsetter du bare... Lenke til kommentar
Teds Skrevet 3. februar 2009 Forfatter Del Skrevet 3. februar 2009 (endret) RougeFix ble gjennomført og maskinen restartes av RougeFix. Maskinen starter opp uten noen symptomer på feil, og MBAM starter som fanken! Både MBAM og ComboFix kjøres og logger vil komme ut så fort som mulig. Tusen millioner takk enn så lenge norbat. Dette er ikke første gang du redder meg fra en søvnløs natt med prøving og feiling. Redigert1: Hvor smart er det å koble en maskin opp mot internett i den tilstanden den er nå? Ser du henviser til en full oppdatering av MBAM, men vet ikke om dette vil være mer destruktivt for maskinen å bli oppkoblet mot nettet. Redigert2: MBAM ble oppdatert over nett gjennom kablet nett, trådløst fungerte visst ikke, ennå. Hurtigsøk pågår, logg kommer. Redigert3: MBAM fant 43 infiserte filer, mesteparten ble slettet, mens de resterende filene skulle bli slettet ved ny oppstart. Logg ble først lagret, deretter ble maskinen restartet etter MBAM sitt ønske. Endret 3. februar 2009 av Teds Lenke til kommentar
Teds Skrevet 3. februar 2009 Forfatter Del Skrevet 3. februar 2009 (endret) Er klar over dobbelt innlegg, men ser null poeng i å legge logger i allerede gjeldene innlegg, da dette er mer hensiktsmessig for alle parter. Logg HijackThis (*OPPDATERT*): Logfile of HijackThis v1.99.1 Scan saved at 8:26:27 , on 03.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ASWLSVC.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Norman\Npm\Bin\ZLH.EXE C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DNA\btdna.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\ASWL2K.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programfiler\Norman\Nvc\Bin\Nip.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Vidar\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll (file missing) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Wireless Console 2] C:\Programfiler\ASUS\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199968055203 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\Programfiler\Norman\nse\bin\NSESVC.EXE" -daemon (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe Logg RougeFix: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ logfile of scans by Roguefix V2.236 Scan performed on ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~ Files found ~~~~ antivirus 2009 folder antivirus 2009 folder deleted "C:\WINDOWS\system32\ieupdates.exe" successfully deleted ieupdates.exe "C:\WINDOWS\system32\msxml71.dll" unable to delete msxml71.dll - will delete on reboot "C:\WINDOWS\system32\tdssnrsr.dll" unable to delete tdssnrsr.dll - will delete on reboot "C:\WINDOWS\system32\tdssofxh.dll" unable to delete tdssofxh.dll - will delete on reboot "C:\WINDOWS\system32\tdssriqp.dll" unable to delete tdssriqp.dll - will delete on reboot checking size of beep.sys beep.sys has been infected Cleaned Temporary files Cleaned Prefetch folder Registry was cleaned and repaired Logg MBAM: Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1721 Windows 5.1.2600 Service Pack 3 03.02.2009 19:52:35 mbam-log-2009-02-03 (19-52-35).txt Skanntype: Rask Skann Objekter skannet: 48587 Tid tilbakelagt: 4 minute(s), 34 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 14 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 4 Filer infisert: 21 Minneprosesser infisert: C:\Documents and Settings\Vidar\Lokale innstillinger\Temp\~tmpd.exe (Trojan.FakeAlert) -> Unloaded process successfully. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\Interface\{59c345ba-3d5e-44e3-9d10-d3848af15d73} (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{a6fbd2e4-1c7e-4eab-80dd-01de2645566a} (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b385ee3-ee18-4c69-bf55-6b6b406ef591} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickInstallPack (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\21440207872931010657080978530214 (Rogue.Antivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\Vidar\Programdata\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\Vidar\Programdata\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully. Filer infisert: C:\Documents and Settings\Vidar\Lokale innstillinger\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsystems.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Vidar\Lokale innstillinger\Programdata\qip\iercpt.dll (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSScfum.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSofxh.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\Temp\TDSSc1ee.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSSc6df.tmp (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\Temp\TDSScac7.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSScf3c.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSSd4ca.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\SEC\schedule.dat (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\Vidar\Programdata\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sx23i1eL.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Vidar\Lokale innstillinger\Temp\a.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Vidar\Lokale innstillinger\Temp\~tmpa.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Delete on reboot. Logg ComboFix: ComboFix 09-02-02.04 - Vidar 2009-02-03 20:01:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.495.153 [GMT 1:00] Kjører fra: c:\documents and settings\Vidar\Skrivebord\ComboFix.exe AV: Norman Security Suite ver. 7.00 *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\TDSSosvd.dat c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-03 til 2009-02-03 ))))))))))))))))))))))))))))))))) . 2009-02-03 19:39 . 2009-02-03 19:39 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-03 19:39 . 2009-02-03 19:39 <DIR> d-------- c:\documents and settings\Vidar\Programdata\Malwarebytes 2009-02-03 19:39 . 2009-02-03 19:39 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-03 19:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-03 19:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-03 18:14 . 2008-04-14 17:22 21,504 --a------ c:\windows\system32\hidserv.dll 2009-02-03 18:14 . 2008-04-14 17:22 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll 2009-01-24 12:35 . 2009-01-24 12:35 <DIR> d-------- c:\documents and settings\Vidar\Programdata\SecureExpertCleaner 2009-01-24 12:30 . 2009-01-24 12:30 <DIR> d-------- C:\My Downloads 2009-01-23 18:29 . 2009-01-23 18:29 <DIR> d-------- c:\documents and settings\NetworkService\Programdata\AdobeUM 2009-01-23 17:00 . 2009-01-23 17:00 <DIR> dr------- c:\documents and settings\NetworkService\Favoritter 2009-01-23 15:20 . 2009-02-03 19:52 70,656 --a------ c:\windows\system32\sx23i1eL.exe 2009-01-22 22:12 . 2009-01-24 15:53 <DIR> d-------- c:\programfiler\Full Tilt Poker 2009-01-12 20:19 . 2008-04-14 17:22 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-01-12 20:19 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-12 20:19 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-01-12 20:19 . 2001-10-06 14:02 5,632 --a------ c:\windows\system32\ptpusb.dll 2009-01-12 20:18 . 2008-11-07 14:23 32,000 --------- c:\windows\system32\drivers\SETBF.tmp 2009-01-12 19:57 . 2009-01-12 19:57 <DIR> d-------- c:\programfiler\Bonjour 2009-01-12 19:56 . 2009-01-12 19:56 <DIR> d-------- c:\programfiler\iTunes 2009-01-12 19:56 . 2009-01-12 19:56 <DIR> d-------- c:\programfiler\iPod 2009-01-12 19:56 . 2009-01-12 19:56 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-12 19:52 . 2009-01-12 19:52 <DIR> d-------- c:\programfiler\Safari 2009-01-12 19:44 . 2009-01-12 19:44 <DIR> d-------- c:\programfiler\Apple Software Update 2009-01-12 19:43 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2009-01-12 17:11 . 2009-02-03 20:08 <DIR> d-------- c:\programfiler\DNA 2009-01-12 17:11 . 2009-01-12 17:11 <DIR> d-------- c:\programfiler\BitTorrent 2009-01-12 17:11 . 2009-01-12 17:51 <DIR> d-------- c:\programfiler\AskBarDis 2009-01-12 17:11 . 2009-02-03 20:08 <DIR> d-------- c:\documents and settings\Vidar\Programdata\DNA 2009-01-12 17:11 . 2009-01-15 18:09 <DIR> d-------- c:\documents and settings\Vidar\Programdata\BitTorrent 2009-01-09 09:05 . 2009-01-09 10:05 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2009-01-09 09:05 . 2009-01-09 10:05 <DIR> d-------- c:\documents and settings\Vidar\Programdata\SUPERAntiSpyware.com 2009-01-09 09:05 . 2009-01-09 09:05 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2009-01-08 14:17 . 2009-01-08 14:17 <DIR> d-------- c:\documents and settings\NetworkService\Start-meny 2009-01-08 14:06 . 2009-02-03 20:08 <DIR> d-------- c:\programfiler\Norman 2009-01-08 14:06 . 2009-01-08 14:06 <DIR> d-------- c:\documents and settings\LocalService\Start-meny 2009-01-08 14:06 . 2008-05-16 10:28 212,024 --a------ c:\windows\system32\nscrnsav.scr 2009-01-08 14:06 . 2008-09-02 12:48 19,512 --a------ c:\windows\system32\drivers\nvcw32mf.sys 2009-01-08 13:25 . 2009-01-08 13:25 <DIR> d-------- c:\documents and settings\All Users\Programdata\Avg7 2009-01-04 13:26 . 2009-01-04 13:26 <DIR> d-------- c:\windows\system32\no 2009-01-04 13:26 . 2009-01-04 13:26 <DIR> d-------- c:\windows\l2schemas 2009-01-04 13:25 . 2009-01-04 13:26 <DIR> d-------- c:\windows\system32\bits 2009-01-04 13:21 . 2009-01-04 13:26 <DIR> d-------- c:\windows\ServicePackFiles 2009-01-04 13:10 . 2009-01-04 13:10 <DIR> d-------- c:\windows\EHome . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 21:12 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-12 21:58 --------- d-----w c:\documents and settings\Vidar\Programdata\Apple Computer 2009-01-12 18:56 --------- d-----w c:\programfiler\Fellesfiler\Apple 2009-01-12 18:46 --------- d-----w c:\programfiler\QuickTime 2009-01-12 18:38 --------- d-----w c:\documents and settings\Vidar\Programdata\DivX 2009-01-08 13:09 --------- d-----w c:\programfiler\Norton Security Scan 2009-01-08 13:09 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2009-01-08 11:52 --------- d-----w c:\programfiler\Google 2008-12-31 15:19 --------- d-----w c:\documents and settings\Vidar\Programdata\LimeWire 2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-29 17:24 325000 --a------ c:\programfiler\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programfiler\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programfiler\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2009-01-12 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="c:\windows\ATK0100\HControl.exe" [2005-08-29 102400] "Wireless Console 2"="c:\programfiler\ASUS\Wireless Console 2\wcourier.exe" [2005-08-23 987136] "Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SoundMan"="SOUNDMAN.EXE" [2005-08-18 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] --a------ 2003-09-19 12:54 172032 c:\programfiler\ASUS\ASUS Live Update\ALU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-14 17:22 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] -ra------ 2005-07-19 04:06 77824 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] -ra------ 2005-07-19 04:10 114688 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] -ra------ 2005-07-19 04:09 94208 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent] --a------ 2007-01-30 20:36 57344 c:\programfiler\MarkAny\ContentSafer\MaAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear] --a------ 2005-06-16 15:48 86016 c:\programfiler\ASUS\Power4 Gear\BatteryLife.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 c:\programfiler\ASUSTeK\ASUSDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray] --a------ 2007-09-20 17:21 132624 c:\programfiler\Samsung\Samsung Media Studio 5\SMSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 03:25 144784 c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-02-25 21:54 68856 c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2005-08-19 03:07 737369 c:\programfiler\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 11:43 69632 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a------ 2005-07-26 09:54 2806784 c:\windows\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snarvei til egenskapsside for High Definition Audio] --------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\DNA\\btdna.exe"= "c:\\Programfiler\\BitTorrent\\bittorrent.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [2009-01-08 20448] R2 NVOY;Norman's Very Own supplY of resources;c:\programfiler\Norman\Npm\Bin\nvoy.exe [2009-01-08 121912] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2008-01-10 16269] R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [2009-01-08 322616] R3 NVCScheduler;Norman Virus Control Scheduler;c:\programfiler\Norman\Npm\Bin\nvcsched.exe [2009-01-08 154680] R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [2008-01-10 702326] R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-01-10 4790] S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2009-01-08 19512] S3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [2009-01-08 191544] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2009-01-12 32000] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-23 c:\windows\Tasks\At1.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At10.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At100.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At101.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At102.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At103.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At104.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At105.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At106.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At107.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At108.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At109.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At11.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At110.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At111.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At112.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At113.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At114.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At115.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At116.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At117.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At118.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At119.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At12.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At120.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At121.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At122.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At123.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At124.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At125.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At126.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At127.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At128.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At129.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At13.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At130.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At131.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At132.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At133.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At134.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At135.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At136.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At137.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At138.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At139.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At14.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At140.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At141.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At142.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At143.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At144.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At15.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At16.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At17.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At18.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At19.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At2.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At20.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At21.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At22.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At23.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At24.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At25.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At26.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At27.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At28.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At29.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At3.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At30.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At31.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At32.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At33.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At34.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At35.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At36.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At37.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At38.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At39.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At4.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At40.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At41.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At42.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At43.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At44.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At45.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At46.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At47.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At48.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At49.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At5.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At50.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At51.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At52.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At53.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At54.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At55.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At56.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At57.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At58.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At59.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At6.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At60.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At61.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At62.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At63.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At64.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At65.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At66.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At67.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At68.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At69.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At7.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At70.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At71.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-23 c:\windows\Tasks\At72.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At73.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At74.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At75.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At76.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At77.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At78.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At79.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At8.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At80.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At81.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At82.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At83.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At84.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At85.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At86.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At87.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At88.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At89.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At9.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At90.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At91.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At92.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\At93.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At94.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At95.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-24 c:\windows\Tasks\At96.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At97.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At98.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-01-27 c:\windows\Tasks\At99.job - c:\windows\system32\sx23i1eL.exe [2009-02-03 19:52] 2009-02-03 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-21440207872931010657080978530214 - c:\programfiler\Antivirus 2009\av2009.exe MSConfigStartUp-ieupdate - c:\windows\system32\explorer32.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.ask.com/?o=101764&l=dis uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-03 20:08:40 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Norman\Npm\Bin\elogsvc.exe c:\programfiler\Norman\Npm\Bin\Zanda.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\ASWLSVC.exe c:\windows\ATKKBService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe c:\windows\system32\ASWL2K.exe c:\windows\system32\wdfmgr.exe c:\programfiler\Norman\Npm\Bin\Njeeves.exe c:\programfiler\iPod\bin\iPodService.exe c:\windows\ATK0100\ATKOSD.exe c:\programfiler\Norman\nvc\bin\Nip.exe . ************************************************************************** . Tidspunkt ferdig: 2009-02-03 20:12:14 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-02-03 19:12:09 Pre-Run: 17 515 118 592 byte ledig Post-Run: 18,541,424,640 byte ledig 511 --- E O F --- 2009-01-15 17:14:40 Etter kjøring av ComboFix virker maskinen i fin form. Venter på en liten analyse og kjører deretter noen ekstraprogrammer og rydder opp i usselt installert før jeg anser denne som frisk! Takk! Endret 3. februar 2009 av Teds Lenke til kommentar
norbat Skrevet 3. februar 2009 Del Skrevet 3. februar 2009 (endret) Hvis du ikke vet hva følgende fil er, kan du laste den opp på Virustotalfor sjekk: c:\windows\system32\sx23i1eL.exe Hvis det blir funnet noe på fila, kan du gå og slette 'jobb-lista' knyttet til dette: c:\windows\Tasks\At1.job - At144.job Gi gjerne tilbakemelding på om det ble funnet noe på fila. Slett fila: c:\windows\system32\drivers\SETBF.tmp Slett mappa: c:\documents and settings\Vidar\Programdata\SecureExpertCleaner (Programdata er en skjult mappe, så du må sørge for at du ser "skjulte filer og mapper" (kontrollpanel->mappealternativ->vis..") ) Vurder om ASK Toolbar er noe man trenger. Hvis ikke, avinstaller fra legg til/fjern programmer. Når dette er gjort, avinstallerer du combofix ved å skrive combofix /u i kjør-feltet. Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Endret 3. februar 2009 av norbat Lenke til kommentar
Teds Skrevet 3. februar 2009 Forfatter Del Skrevet 3. februar 2009 Da var VirusTotal kjørt, med blandede inntrykk. Forstod ærlig ikke så mye, men lesningen sier at det er en trojaner(?) Om en, kanskje uleselig logg fra VirusTotal: File 1iHM2Uxc.exe received on 02.02.2009 16:24:12 (CET)Antivirus Version Last Update Result a-squared 4.0.0.93 2009.02.02 - AhnLab-V3 5.0.0.2 2009.02.02 - AntiVir 7.9.0.70 2009.02.02 TR/FraudPack.aoy Authentium 5.1.0.4 2009.02.01 - Avast 4.8.1281.0 2009.02.01 Win32:Trojan-gen {Other} AVG 8.0.0.229 2009.02.02 SHeur2.NUU BitDefender 7.2 2009.02.02 - CAT-QuickHeal 10.00 2009.02.02 - ClamAV 0.94.1 2009.02.02 Trojan.Agent-73805 Comodo 959 2009.02.02 - DrWeb 4.44.0.09170 2009.02.02 - eSafe 7.0.17.0 2009.02.01 Win32.MalEncPk.cz eTrust-Vet 31.6.6335 2009.01.29 - F-Prot 4.4.4.56 2009.02.02 - F-Secure 8.0.14470.0 2009.02.02 Trojan.Win32.FraudPack.aoy Fortinet 3.117.0.0 2009.02.02 W32/Dropper.AOY!tr GData 19 2009.02.02 Win32:Trojan-gen {Other} Ikarus T3.1.1.45.0 2009.02.02 - K7AntiVirus 7.10.615 2009.02.02 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.02.02 Trojan.Win32.FraudPack.aoy McAfee 5513 2009.02.01 Generic Dropper.cx McAfee+Artemis 5513 2009.02.01 Generic Dropper.cx Microsoft 1.4306 2009.02.02 TrojanDownloader:Win32/Obvod.C NOD32 3818 2009.02.02 a variant of Win32/Kryptik.GD Norman 6.00.02 2009.02.02 W32/DLoader.MVPV nProtect 2009.1.8.0 2009.02.02 - Panda 9.5.1.2 2009.02.02 - PCTools 4.4.2.0 2009.02.02 - Prevx1 V2 2009.02.02 Malicious Software Rising 21.14.61.00 2009.02.01 - SecureWeb-Gateway 6.7.6 2009.02.02 Trojan.FraudPack.aoy Sophos 4.38.0 2009.02.02 Mal/EncPk-CZ Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.02.02 Downloader TheHacker 6.3.1.5.243 2009.02.02 - TrendMicro 8.700.0.1004 2009.02.02 TROJ_KRYPTIK.GS VBA32 3.12.8.12 2009.02.01 - ViRobot 2009.2.2.1585 2009.02.02 - VirusBuster 4.5.11.0 2009.02.02 - Additional information File size: 70656 bytes MD5...: 527846730ae62c0e01f6f305ed07db38 SHA1..: 794aa40c8709c3cd27ae67fb6a3bfe5f2d95b312 SHA256: 24c8f0379e6baae6cfdc66245119f9ff111953cc8ae2444b4ddde225ce21924b SHA512: 841199399b7eced8cc85843ff0038c98b1e54f8250324ca3ba4cbd2fee9441ee<BR>8751b7ddf668504b4f0d4a38415005d93e8b418825c9d529d4aacfb50be459d4<BR> ssdeep: 1536:an5qT4qacreCQbg48deC9Kgf3kdX9eOBIZUpNX:an5SvZeCQb8deXgk9jpN<BR>X<BR> PEiD..: - TrID..: File type identification<BR>Win32 Dynamic Link Library (generic) (55.5%)<BR>Clipper DOS Executable (14.7%)<BR>Generic Win/DOS Executable (14.6%)<BR>DOS Executable Generic (14.6%)<BR>VXD Driver (0.2%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1105<BR>timedatestamp.....: 0x47a08f6e (Wed Jan 30 14:53:34 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2689 0x2800 5.21 8e7aefb7d1b50572d66c2463067b5641<BR>.odata 0x4000 0xcf07 0xd000 7.17 5433e668c3d1ac2e3336053a63f97008<BR>.fdata 0x11000 0x15078 0x600 0.00 53e979547d8c2ea86560ac45de08ae25<BR>.oOEuVY 0x27000 0xb46 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.CetaVF 0x28000 0x5a1 0x600 0.00 53e979547d8c2ea86560ac45de08ae25<BR><BR>( 4 imports ) <BR>> advapi32.dll: RegQueryInfoKeyA, RegEnumKeyExA, RegQueryValueA, RegEnumValueW, RegOpenKeyA, RegOpenKeyW, RegQueryInfoKeyW, RegLoadKeyA, RegReplaceKeyA, RegDeleteKeyW, RegEnumKeyW, RegEnumKeyA, RegGetKeySecurity, RegCreateKeyExW, RegOpenKeyExW, RegEnumValueA<BR>> user32.dll: AppendMenuA, GetFocus, EndDialog, GetWindowTextLengthA, IsMenu, CopyIcon, LoadCursorA, GetWindowTextA, CalcMenuBar, GetDC, CloseWindow, DrawIconEx, DrawIcon, GetDlgItem, DialogBoxParamA, InsertMenuA<BR>> kernel32.dll: GetModuleFileNameA, GetCPInfo, lstrcpyA, HeapFree, GetStdHandle, DeleteFileA, GetModuleHandleA, GetFileType, GlobalFree, lstrcmpA, lstrcpynA, lstrlenA, HeapAlloc, GetLocalTime, GetDateFormatA, lstrcatA, GetStringTypeW, GetCommandLineA<BR>> comctl32.dll: InitCommonControls, ImageList_GetDragImage, ImageList_DragEnter, ImageList_DrawEx, ImageList_LoadImage, ImageList_Create, ImageList_AddMasked, ImageList_EndDrag, ImageList_Copy, ImageList_Read, ImageList_BeginDrag, ImageList_Replace, ImageList_DragShowNolock, ImageList_GetImageRect, ImageList_Remove, ImageList_Merge, ImageList_DragMove, ImageList_GetImageInfo, ImageList_GetIcon<BR><BR>( 0 exports ) <BR> Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=ED4853D500EBD79F14F101067CE25500DED522A5" target=_blank>http://info.prevx.com/aboutprogramtext.asp?PX5=ED4853D500EBD79F14F101067CE25500DED522A5</A> Lenke til kommentar
norbat Skrevet 3. februar 2009 Del Skrevet 3. februar 2009 Ja, fila + at*.job-filene i Tasks-mappa, sletter du. Lenke til kommentar
Teds Skrevet 3. februar 2009 Forfatter Del Skrevet 3. februar 2009 Tusen hjertelig takk for hjelpen norbat! Skal nå søke gjennom med "tradisjonelle" programmer som Spybot, Ad-aware, CCleaner pluss et gjennomsøk med antivirus-programmet, pluss at jeg skal slette, i mine øyne, unødvendige programmer. Skal jeg legge opp noen flere logger etter at dette er gjort, eller er maskinen friskmeldt i dine/deres øyne? har fulgt dine instrukser over og alt er slettet, mens ComboFix ligger inne ennå. Lenke til kommentar
norbat Skrevet 3. februar 2009 Del Skrevet 3. februar 2009 Ser ikke noe mer i loggen enn det som er nevnt. Før du kjører de skanningene du nevner, så er det lurt å resette gjenopprettingsmappa da det ligger malware der + i karantenemappa til combofix. Kjør altså combofix /u før skanningene. Lenke til kommentar
Teds Skrevet 4. februar 2009 Forfatter Del Skrevet 4. februar 2009 Avinstalleringen av ComboFix er gjort, kjøring av CCleaner, Spybot (som fant denne forresten: "Microsoft.Windows.SecurityCenter.FirewallOverride"), og Ad-aware, er gjort. Legger opp nok en HijackThis-logg og setter stor pris på om noen kunne sett over den før jeg leverte den fra meg i morgen. Logfile of HijackThis v1.99.1 Scan saved at 01:10:01, on 04.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ASWLSVC.exe C:\WINDOWS\ATKKBService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ASWL2K.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\ASUS\Wireless Console 2\wcourier.exe C:\Programfiler\Norman\Npm\Bin\ZLH.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\ASUSTeK\ASUSDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DNA\btdna.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\Bin\Nip.exe C:\Programfiler\Norman\Nvc\Bin\cclaw.exe C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Vidar\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Wireless Console 2] C:\Programfiler\ASUS\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\ASUSTeK\ASUSDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199968055203 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programfiler\Java\jre6\bin\jqs.exe" -service -config "C:\Programfiler\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Unknown owner - C:\Programfiler\Norman\nse\bin\NSESVC.EXE" -daemon (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe Videre sitter jeg igjen med kun ett eneste problem på maskinen som for meg er uforståelig. For de som vil prøve ligger tråden her: Piltast nedover "henger" kontinuerlig ved oppstart! Vil igjen rette en meget stor takk til norbat som, for andre gang, har reddet meg fra en laaaaaang natt med virusfaenskap! Stor applaus til denne personen! Lenke til kommentar
norbat Skrevet 4. februar 2009 Del Skrevet 4. februar 2009 Loggen viser ingen malware I hjt-loggen kan du gjerne fixe følgende linjer: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) Ang Spybot og Microsoft.Windows.SecurityCenter.FirewallOverride: http://www.safer-networking.org/en/faq/46.html Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå