Gå til innhold

PC'n min har mistet alt minnet sitt

j0ker

Av j0ker
i IKT-drift og sikkerhet

Anbefalte innlegg

j0ker

j0ker

Skrevet
Skrevet

Hei,

Håper noen kan hjelpe meg.

Pc'n har i det siste gått så utrolig treigt, at det er helt forferdelig.

Selv VLC-videoer hakker.

og det er ikke holdbart

 

Har ikke installert noe nytt i det siste som jeg kommer på.

 

Jeg testet ut Hijackthis-logg.

 

og fikk dette

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:12:50, on 24.05.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Apoint\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\stsystra.exe

C:\Programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Apoint\Apntex.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Documents and Settings\Joakim\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe

C:\Programfiler\Apoint\HidFind.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Wave Systems Corp\Common\DataServer.exe

C:\Programfiler\Telenor\Mobilt bredbånd\GtDetectSc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Programfiler\Hotspot Shield\bin\openvpnas.exe

C:\Programfiler\Hotspot Shield\HssWPR\hsssrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.no/hws/sb/dell-row-rel/n...html?channel=no

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row-rel&channel=no&ibd=3061001

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.uib.no:81

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programfiler\Hotspot Shield\hssie\HssIE.dll

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WATCHPNP_Xerox] watchPnp.exe Xerox

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\D-Tools\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\Joakim\Programdata\Adobe\Manager.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Joakim\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://adsl.online.no

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/webgames/popcaploader_v10.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Common\DataServer.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GtDetectSc - OptionNV - C:\Programfiler\Telenor\Mobilt bredbånd\GtDetectSc.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programfiler\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Programfiler\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Programfiler\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

 

--

End of file - 11747 bytes

 

 

 

 

Håper noen har peiling på om jeg har fått noe spennede program som kødder opp alt.?

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
nassenØF

nassenØF

Skrevet
Skrevet

Her hadde du latterlig mange prosesser som sagte dreper pcen din.

 

Har laget en liste nedenfor, som forteller hva de forskjellige prossesene gjør , om det er safe og om de er en kork for systemet. ( Prosseser som trengs er fjernet fra listen )

 

GRØNN = Safe , kan fjernes etter brukerens ønske

GRÅ = Kan gjøre datamaskinen treg, annbefalt å fjerne

RØD = Virus/Spyware, må fjernes for godt. Hjelper ikke med kill process

 

 

 

 

C:\Programfiler\Apoint\Apoint.exe

(apoint.exe is a component of the drivers for your Alps Touchpad)

 

C:\WINDOWS\stsystra.exe

(stsystra.exe is a process from Sigmatel.)

C:\Programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

(docmgr.exe is a process associated with DocMgr from Wave Systems Corp)

 

C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe

(dvdlauncher.exe is a process belonging to the Cyberlink PowerCinema video)

 

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

(This program is a non-essential process)

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe (issch.exe is an update service relating to the InstallShield utility)

 

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

(application launcher.exe is a Application Launcher from Sony Ericsson Mobile )

 

C:\PROGRA~1\AVG\AVG8\avgtray.exe

(avgtray.exe is a avgtray belonging to AVG Internet Security)

 

C:\Programfiler\iTunes\iTunesHelper.exe

(ituneshelper.exe is a process belonging to Itunes MP3 streaming tool by Apple)

C:\Programfiler\Java\jre6\bin\jusched.exe

(jusched.exe is a process installed alongside Sun Microsystem's Java suite)

 

C:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (photoshopelementsfileagent.exe is a process belonging to Adobe Photoshop Elements)

C:\Programfiler\Apoint\Apntex.exe

(apntex.exe is device software for Alps Electric hardware.)

 

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(applemobiledeviceservice.exe is a Apple Mobile Device Service)

 

C:\Documents and Settings\Joakim\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe

(googleupdate.exe is a Google Update belonging to Google Update)

 

C:\Programfiler\Apoint\HidFind.exe

(hidfind.exe is a process associated with Alps Pointing Device Driver)

 

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

(avgwdsvc.exe is a avgwdsvc belonging to AVG Internet Security)

 

C:\Programfiler\Bonjour\mDNSResponder.exe

(The process mdnsresponder.exe is a component of the Apple Service)

 

C:\Programfiler\Wave Systems Corp\Common\DataServer.exe

(dataserver.exe is a process associated with Authentication Manager)

 

C:\Programfiler\Telenor\Mobilt bredbånd\GtDetectSc.exe

(gtdetectsc.exe is a GtDetectSc belonging to GtDetectSc)

 

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

(avgrsx.exe is a avgrs belonging to AVG Internet Security from AVG)

 

C:\Programfiler\Hotspot Shield\bin\openvpnas.exe

(Hide IP tull ? )

 

C:\Programfiler\Hotspot Shield\HssWPR\hsssrv.exe

(Hide IP tull ?)

 

C:\Programfiler\Java\jre6\bin\jqs.exe

(jqs.exe is a jqs belonging to Java Platform SE 6 )

 

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

(mdm.exe is associated with Microsoft Windows process debugging system.)

(mdm.exe is a process which is registered as a Virus.)

 

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

(nbservice.exe is a Nero BackItUp from Nero AG )

 

C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

(Nicconfigsvc.exe is a process associated with the power management settings)

 

C:\Programfiler\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

(tcsd_win32.exe is a NTRU Hybrid TSS Process from NTRU)

 

C:\Programfiler\iPod\bin\iPodService.exe

(ipodservice.exe is a process belonging to Apple's iTunes mp3 media suite)

 

C:\WINDOWS\system32\wbem\wmiapsrv.exe

(wmiapsrv.exe is a WMI performance adapter which collects information )

 

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

(generic.exe is the executable for Device Management by Teleca Software Solutions)

 

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

(avgnsx.exe is a avgnetscan belonging to AVG Internet Security)

 

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

(wmpnscfg.exe is a process associated with Windows Media Player Network Sharing Service)

 

C:\WINDOWS\system32\SearchIndexer.exe

( +++VISTA--- ? )

 

C:\WINDOWS\system32\SearchProtocolHost.exe

(searchprotocolhost.exe is a process associated with Microsoft® Windows® )

 

 

 

Annbefaler og kjøre CCleaner , for å få renska opp litt rusk.

Google litt , og se om du også finner en register cleaner. Fant den ikke i farta, men vet den er der ute.

 

Formatering hadde ikke vært dumt heller, men kanskje siste utvei.

Lenke til kommentar
Bruker-158599

Bruker-158599

Skrevet
Skrevet (endret)

Renger med at maskinen din er treg når den starter opp? start --> kjør (vista bruker? søk "kjør" , "run" på engelsk)

skriv "msconfig" gå på fanen oppstart. Der kommer det en liste hvor kan du velge hva du vil skal starte opp sammen med pc'n. Bare fjern det du VET du kan fjerne.

 

Du kan også bruke ccleaner som er linken til i posten over. Der kan du fjerne ting fra oppstarten og der kan du se hele navnet på filene.

 

 

 

Ccleaner:

 

 

Restart maskinen og se om den ble raskere i oppstarten. Hvis det er noe du er usikker på så spørr du oss. :)

 

Jeg anbefaler deg og rydde i registeret. Trykk på "register" og ta en scann, si ja til backup. Trykk på "valg", "avansert" og ta vekk haken ved "bare slett midlertidige filer som er eldre en 48 timer" Så trykker du på "rens" .

Endret av riskake90
Lenke til kommentar
j0ker

j0ker

Skrevet
  • Forfatter
Skrevet

tusen takk for hjelp.

 

Skal vi se, nå har jeg prøvd å rydde og slette,

Legger ved bilde fra CCleaner på oppstartsmenyen der.

post-193157-1243207062_thumb.jpg

 

Mye av de tingene som ligger der har jeg ikke peiling på.

 

PC'n har blitt litt raskere, men tror nok det er mye mer å gå på.

Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet

NassenØF det du har merket med rødt er ikke virus.

Skal man gi råd etter logger er postet,bør man vite hva man driver med.

 

Loggen er grei.

 

Du kan fjerne disse.

 

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

 

Når det gjelder råd om oppryddig så er dem greie.

Lenke til kommentar
j0ker

j0ker

Skrevet
  • Forfatter
Skrevet (endret)

alright, da har jeg prøvd meg på en MBAM søk,

 

her er loggen

 

 

Malwarebytes' Anti-Malware 1.37

Databaseversjon: 2182

Windows 5.1.2600 Service Pack 3

 

26.05.2009 23:10:34

mbam-log-2009-05-26 (23-10-29).txt

 

Skanntype: Rask Skann

Objekter skannet: 87405

Tid tilbakelagt: 3 minute(s), 52 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 2

Registerfiler infisert: 2

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> No action taken.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> No action taken.

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

 

regner med disse 6 registerfilene er bare til å fjerne

 

 

 

 

har også begitt meg ut på et comboFix søk

 

 

ComboFix 09-05-26.02 - Joakim 26.05.2009 23:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2046.1154 [GMT 2:00]

Kjører fra: c:\documents and settings\Joakim\Skrivebord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

ADS - system32: deleted 12 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-26 til 2009-05-26 )))))))))))))))))))))))))))))))))

.

 

2009-05-26 21:03 . 2009-05-26 21:03 -------- d-----w c:\documents and settings\Joakim\Programdata\Malwarebytes

2009-05-26 21:03 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 21:03 . 2009-05-26 21:03 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware

2009-05-26 21:03 . 2009-05-26 21:03 -------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes

2009-05-26 21:03 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-26 01:26 . 2009-05-26 21:11 -------- d--h--r c:\documents and settings\Joakim\Siste

2009-05-24 21:21 . 2009-05-24 21:22 -------- d-----w c:\programfiler\CCleaner

2009-05-23 23:12 . 2009-05-23 23:12 -------- d-----w c:\programfiler\Trend Micro

2009-05-20 06:06 . 2009-05-03 13:50 2051864 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgcorex.dll

2009-05-20 06:06 . 2009-05-03 13:49 3288344 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\setup.exe

2009-05-20 06:06 . 2009-05-03 13:48 354584 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgxch32.dll

2009-05-20 06:06 . 2009-05-03 13:48 424472 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgwdwsc.dll

2009-05-20 06:06 . 2009-05-03 13:48 177432 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgmail.dll

2009-05-20 06:06 . 2009-05-03 13:48 312088 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avglngx.dll

2009-05-20 06:06 . 2009-05-03 13:50 486168 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgrsx.exe

2009-05-20 06:05 . 2009-05-03 13:47 1437464 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgupd.dll

2009-05-20 06:05 . 2009-05-03 13:47 755992 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avginet.dll

2009-05-19 13:43 . 2009-05-20 16:02 -------- d-----w c:\documents and settings\Joakim\Programdata\Spotify

2009-05-19 13:43 . 2009-05-19 13:43 -------- d-----w c:\documents and settings\Joakim\Lokale innstillinger\Programdata\Spotify

2009-05-19 13:43 . 2009-05-19 13:43 -------- d-----w c:\programfiler\Spotify

2009-05-18 14:35 . 2009-05-18 14:35 8854 ----a-r c:\documents and settings\Joakim\Programdata\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe

2009-05-18 14:35 . 2009-05-18 14:35 40960 ----a-r c:\documents and settings\Joakim\Programdata\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe

2009-05-18 14:35 . 2009-05-18 14:35 10134 ----a-r c:\documents and settings\Joakim\Programdata\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe

2009-05-18 14:35 . 2009-05-18 14:35 -------- d-----w c:\programfiler\Western Digital Technologies

2009-05-12 19:50 . 2009-05-03 13:49 2302232 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avguiadv.dll

2009-05-12 19:50 . 2009-05-03 13:49 3399960 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgui.exe

2009-05-08 14:20 . 2009-05-08 14:20 -------- d-----w c:\documents and settings\Joakim\Programdata\Media Player Classic

2009-04-29 23:42 . 2009-04-29 23:42 -------- d-----w c:\programfiler\iPod

2009-04-29 23:42 . 2009-04-29 23:42 -------- d-----w c:\programfiler\iTunes

2009-04-29 23:42 . 2009-04-29 23:42 -------- d-----w c:\documents and settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-29 23:36 . 2009-04-29 23:36 75048 ----a-w c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-26 00:55 . 2006-10-11 18:22 -------- d-----w c:\documents and settings\Joakim\Programdata\Azureus

2009-05-24 23:04 . 2008-12-28 00:51 -------- d-----w c:\programfiler\Red Kawa

2009-05-24 22:50 . 2006-10-07 22:37 -------- d-----w c:\documents and settings\Joakim\Programdata\Wave Systems Corp

2009-05-24 18:42 . 2008-03-03 18:11 -------- d-----w c:\documents and settings\Joakim\Programdata\Skype

2009-05-24 16:30 . 2008-03-03 18:13 -------- d-----w c:\documents and settings\Joakim\Programdata\skypePM

2009-05-18 15:54 . 2006-10-01 10:49 27934 ----a-w c:\windows\system32\nvModes.dat

2009-05-18 14:41 . 2004-09-28 12:07 86262 ----a-w c:\windows\system32\perfc014.dat

2009-05-18 14:41 . 2004-09-28 12:07 461362 ----a-w c:\windows\system32\perfh014.dat

2009-05-18 14:40 . 2006-10-01 11:00 -------- d-----w c:\programfiler\Java

2009-05-17 17:54 . 2007-11-06 14:15 -------- d-----w c:\documents and settings\Joakim\Programdata\SolidDocuments

2009-05-07 13:36 . 2009-05-07 13:36 294731 ----a-w c:\documents and settings\All Users\Programdata\tmp46.tmp

2009-05-05 07:31 . 2009-05-05 07:31 120912 ----a-w c:\documents and settings\All Users\Programdata\tmp290.tmp

2009-05-03 13:50 . 2009-03-24 23:08 11952 ----a-w c:\windows\system32\avgrsstx.dll

2009-05-03 13:50 . 2009-03-24 23:08 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-05-03 13:50 . 2007-05-09 10:19 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys

2009-05-03 13:48 . 2009-03-24 23:08 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-04-30 19:41 . 2006-10-11 18:20 -------- d-----w c:\programfiler\Azureus

2009-04-29 23:42 . 2007-08-20 18:51 -------- d-----w c:\programfiler\Fellesfiler\Apple

2009-04-26 21:03 . 2009-04-26 21:03 -------- d-----w c:\programfiler\activePDF

2009-04-16 21:58 . 2009-02-11 08:31 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-16 21:57 . 2009-03-31 16:21 152576 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-16 21:57 . 2007-12-11 13:45 -------- d-----w c:\programfiler\Opera

2009-04-06 22:53 . 2008-06-18 19:48 -------- d-----w c:\documents and settings\Joakim\Programdata\dvdcss

2009-04-06 19:34 . 2009-04-06 19:34 -------- d-----w c:\programfiler\Netcom Mobilt Brebånd

2009-04-06 19:34 . 2006-10-01 11:05 -------- d--h--w c:\programfiler\InstallShield Installation Information

2009-04-04 11:05 . 2006-11-01 09:58 664 ----a-w c:\windows\system32\d3d9caps.dat

2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\documents and settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys

2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-06 14:24 . 2004-09-28 12:07 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-05 22:59 . 2008-09-10 08:33 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

2009-03-05 22:59 . 2007-11-21 13:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys

2009-03-03 00:16 . 2004-09-28 12:07 826368 ----a-w c:\windows\system32\wininet.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\programfiler\Apoint\Apoint.exe" [2005-10-07 176128]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]

"Document Manager"="c:\programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Dell QuickSet"="c:\programfiler\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-03 1947928]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-17 1626112]

"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-11-17 86016]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

"WATCHPNP_Xerox"="watchPnp.exe" - c:\windows\system32\watchPnp.exe [2002-10-25 36867]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-05-03 13:50 11952 ----a-w c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wxvault.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Programfiler\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Programfiler\\Azureus\\Azureus.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25.03.2009 01:08 325896]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25.03.2009 01:08 108552]

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11.09.2007 00:45 124832]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25.03.2009 01:07 298776]

R2 GtDetectSc;GtDetectSc;c:\programfiler\Telenor\Mobilt bredbånd\GtDetectSc.exe [18.12.2007 11:48 196704]

S2 SpPortEx;Samsung Port Exclusion;c:\windows\system32\drivers\SpPortEx.sys [29.08.2007 13:23 7168]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [13.11.2007 15:50 106112]

S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [09.10.2007 12:53 59264]

S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [30.03.2007 12:38 8064]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26.05.2009 23:03 40160]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [21.11.2007 15:59 36864]

S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\DRIVERS\z520bus.sys --> c:\windows\system32\DRIVERS\z520bus.sys [?]

S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z520mdfl.sys --> c:\windows\system32\DRIVERS\z520mdfl.sys [?]

S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\z520mdm.sys --> c:\windows\system32\DRIVERS\z520mdm.sys [?]

S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\z520mgmt.sys --> c:\windows\system32\DRIVERS\z520mgmt.sys [?]

S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\z520obex.sys --> c:\windows\system32\DRIVERS\z520obex.sys [?]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]

 

2009-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3942211861-2950740963-430290347-1005.job

- c:\documents and settings\Joakim\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-13 00:59]

 

2009-05-26 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

 

2009-05-26 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE

SafeBoot-procexp90.Sys

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.startsiden.no/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = www-cache.uib.no:81

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab

FF - ProfilePath - c:\documents and settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h960am4k.Standardbruker\

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-26 23:23

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-3942211861-2950740963-430290347-1005\Software\SecuROM\License information*]

"datasecu"=hex:f4,8c,81,58,dc,6b,b0,76,1c,58,49,a0,bc,bd,26,70,1a,c7,0b,50,88,

34,55,58,79,c7,ce,e6,6c,10,d7,7e,fd,94,b4,b8,fd,61,fe,36,fa,39,c8,ee,2f,d4,\

"rkeysecu"=hex:aa,bf,b5,e4,11,8d,82,13,ff,93,41,a3,2c,b7,11,c6

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'lsass.exe'(740)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

 

- - - - - - - > 'explorer.exe'(1932)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\scardsvr.exe

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programfiler\Wave Systems Corp\common\DataServer.exe

c:\programfiler\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

c:\programfiler\Dell\QuickSet\NicConfigSvc.exe

c:\windows\system32\nvsvc32.exe

c:\programfiler\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\programfiler\AVG\AVG8\avgtray.exe

c:\programfiler\Apoint\hidfind.exe

c:\programfiler\Apoint\ApntEx.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\searchprotocolhost.exe

c:\windows\system32\searchfilterhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-05-26 23:30 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-05-26 21:30

 

Pre-Run: 9 172 430 848 byte ledig

Post-Run: 9 053 384 704 byte ledig

 

234 --- E O F --- 2009-05-24 18:31

 

 

 

 

Da er jeg klare for å høre noen gode tips og idéer

Endret av j0ker
Lenke til kommentar
Tosha0007

Tosha0007

Skrevet
Skrevet

Køyr MBAM på nytt, og huk av for "Fjern valgte", dersom den finn (og fjernar) noko poster du loggen saman med ein ny Combofix logg.

 

Klikk på 'Vis resultat'-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som ble funnet.

MBAM vil i en del tilfeller be om en restart av pc'n.

Lenke til kommentar
j0ker

j0ker

Skrevet
  • Forfatter
Skrevet

OK!

 

DA er det gjort, selv om søket med MBAM kun fant to dingsebomser denne gangen.

de er iallefall long gone.

 

Her er ComboFix loggen

 

ComboFix 09-05-26.05 - Joakim 28.05.2009 0:41.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2046.1519 [GMT 2:00]

Kjører fra: c:\documents and settings\Joakim\Skrivebord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-27 til 2009-05-27 )))))))))))))))))))))))))))))))))

.

 

2009-05-27 18:41 . 2009-05-27 18:41 57344 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\Deployment\cache\6.0\50\5b902232-1ad9fb77-n\Decora-SSE.dll

2009-05-27 18:41 . 2009-05-27 18:41 24064 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\Deployment\cache\6.0\15\4e09eacf-2ab9547f-n\Decora-D3D.dll

2009-05-27 18:41 . 2009-05-27 18:41 315392 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\Deployment\cache\6.0\62\6baea4fe-74bc7507-n\jogl.dll

2009-05-27 18:41 . 2009-05-27 18:41 20480 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\Deployment\cache\6.0\62\6baea4fe-74bc7507-n\jogl_awt.dll

2009-05-27 18:41 . 2009-05-27 18:41 114688 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\Deployment\cache\6.0\62\6baea4fe-74bc7507-n\jogl_cg.dll

2009-05-27 18:41 . 2009-05-27 18:41 20480 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\Deployment\cache\6.0\45\4f710eed-5f9084d7-n\gluegen-rt.dll

2009-05-27 18:41 . 2009-05-27 18:41 499712 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\Deployment\cache\6.0\33\258cea61-13ff13b5-n\msvcp71.dll

2009-05-27 18:41 . 2009-05-27 18:41 499712 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\Deployment\cache\6.0\33\258cea61-13ff13b5-n\jmc.dll

2009-05-27 18:41 . 2009-05-27 18:41 348160 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\Deployment\cache\6.0\33\258cea61-13ff13b5-n\msvcr71.dll

2009-05-26 21:03 . 2009-05-26 21:03 -------- d-----w c:\documents and settings\Joakim\Programdata\Malwarebytes

2009-05-26 21:03 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 21:03 . 2009-05-26 21:03 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware

2009-05-26 21:03 . 2009-05-26 21:03 -------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes

2009-05-26 21:03 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-26 01:26 . 2009-05-27 18:44 -------- d--h--r c:\documents and settings\Joakim\Siste

2009-05-24 21:21 . 2009-05-24 21:22 -------- d-----w c:\programfiler\CCleaner

2009-05-23 23:12 . 2009-05-23 23:12 -------- d-----w c:\programfiler\Trend Micro

2009-05-20 06:06 . 2009-05-03 13:50 2051864 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgcorex.dll

2009-05-20 06:06 . 2009-05-03 13:49 3288344 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\setup.exe

2009-05-20 06:06 . 2009-05-03 13:48 354584 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgxch32.dll

2009-05-20 06:06 . 2009-05-03 13:48 424472 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgwdwsc.dll

2009-05-20 06:06 . 2009-05-03 13:48 177432 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgmail.dll

2009-05-20 06:06 . 2009-05-03 13:48 312088 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avglngx.dll

2009-05-20 06:06 . 2009-05-03 13:50 486168 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgrsx.exe

2009-05-20 06:05 . 2009-05-03 13:47 1437464 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgupd.dll

2009-05-20 06:05 . 2009-05-03 13:47 755992 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avginet.dll

2009-05-19 13:43 . 2009-05-20 16:02 -------- d-----w c:\documents and settings\Joakim\Programdata\Spotify

2009-05-19 13:43 . 2009-05-19 13:43 -------- d-----w c:\documents and settings\Joakim\Lokale innstillinger\Programdata\Spotify

2009-05-19 13:43 . 2009-05-19 13:43 -------- d-----w c:\programfiler\Spotify

2009-05-18 14:35 . 2009-05-18 14:35 8854 ----a-r c:\documents and settings\Joakim\Programdata\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe

2009-05-18 14:35 . 2009-05-18 14:35 40960 ----a-r c:\documents and settings\Joakim\Programdata\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe

2009-05-18 14:35 . 2009-05-18 14:35 10134 ----a-r c:\documents and settings\Joakim\Programdata\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe

2009-05-18 14:35 . 2009-05-18 14:35 -------- d-----w c:\programfiler\Western Digital Technologies

2009-05-12 19:50 . 2009-05-03 13:49 2302232 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avguiadv.dll

2009-05-12 19:50 . 2009-05-03 13:49 3399960 ----a-w c:\documents and settings\All Users\Programdata\avg8\update\backup\avgui.exe

2009-05-08 14:20 . 2009-05-08 14:20 -------- d-----w c:\documents and settings\Joakim\Programdata\Media Player Classic

2009-04-29 23:42 . 2009-04-29 23:42 -------- d-----w c:\programfiler\iPod

2009-04-29 23:42 . 2009-04-29 23:42 -------- d-----w c:\programfiler\iTunes

2009-04-29 23:42 . 2009-04-29 23:42 -------- d-----w c:\documents and settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-29 23:36 . 2009-04-29 23:36 75048 ----a-w c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-27 22:31 . 2006-10-07 22:37 -------- d-----w c:\documents and settings\Joakim\Programdata\Wave Systems Corp

2009-05-27 22:04 . 2006-10-11 18:22 -------- d-----w c:\documents and settings\Joakim\Programdata\Azureus

2009-05-24 23:04 . 2008-12-28 00:51 -------- d-----w c:\programfiler\Red Kawa

2009-05-24 18:42 . 2008-03-03 18:11 -------- d-----w c:\documents and settings\Joakim\Programdata\Skype

2009-05-24 16:30 . 2008-03-03 18:13 -------- d-----w c:\documents and settings\Joakim\Programdata\skypePM

2009-05-18 15:54 . 2006-10-01 10:49 27934 ----a-w c:\windows\system32\nvModes.dat

2009-05-18 14:41 . 2004-09-28 12:07 86262 ----a-w c:\windows\system32\perfc014.dat

2009-05-18 14:41 . 2004-09-28 12:07 461362 ----a-w c:\windows\system32\perfh014.dat

2009-05-18 14:40 . 2006-10-01 11:00 -------- d-----w c:\programfiler\Java

2009-05-17 17:54 . 2007-11-06 14:15 -------- d-----w c:\documents and settings\Joakim\Programdata\SolidDocuments

2009-05-07 13:36 . 2009-05-07 13:36 294731 ----a-w c:\documents and settings\All Users\Programdata\tmp46.tmp

2009-05-05 07:31 . 2009-05-05 07:31 120912 ----a-w c:\documents and settings\All Users\Programdata\tmp290.tmp

2009-05-03 13:50 . 2009-03-24 23:08 11952 ----a-w c:\windows\system32\avgrsstx.dll

2009-05-03 13:50 . 2009-03-24 23:08 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-05-03 13:50 . 2007-05-09 10:19 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys

2009-05-03 13:48 . 2009-03-24 23:08 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-04-30 19:41 . 2006-10-11 18:20 -------- d-----w c:\programfiler\Azureus

2009-04-29 23:42 . 2007-08-20 18:51 -------- d-----w c:\programfiler\Fellesfiler\Apple

2009-04-26 21:03 . 2009-04-26 21:03 -------- d-----w c:\programfiler\activePDF

2009-04-16 21:58 . 2009-02-11 08:31 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-16 21:57 . 2009-03-31 16:21 152576 ----a-w c:\documents and settings\Joakim\Programdata\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-16 21:57 . 2007-12-11 13:45 -------- d-----w c:\programfiler\Opera

2009-04-06 22:53 . 2008-06-18 19:48 -------- d-----w c:\documents and settings\Joakim\Programdata\dvdcss

2009-04-06 19:34 . 2009-04-06 19:34 -------- d-----w c:\programfiler\Netcom Mobilt Brebånd

2009-04-06 19:34 . 2006-10-01 11:05 -------- d--h--w c:\programfiler\InstallShield Installation Information

2009-04-04 11:05 . 2006-11-01 09:58 664 ----a-w c:\windows\system32\d3d9caps.dat

2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\documents and settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys

2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-06 14:24 . 2004-09-28 12:07 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-05 22:59 . 2008-09-10 08:33 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

2009-03-05 22:59 . 2007-11-21 13:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys

2009-03-03 00:16 . 2004-09-28 12:07 826368 ----a-w c:\windows\system32\wininet.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-26_21.25.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-27 22:09 . 2009-05-27 22:09 16384 c:\windows\Temp\Perflib_Perfdata_58c.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\programfiler\Apoint\Apoint.exe" [2005-10-07 176128]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]

"Document Manager"="c:\programfiler\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Dell QuickSet"="c:\programfiler\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-03 1947928]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-17 1626112]

"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-11-17 86016]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

"WATCHPNP_Xerox"="watchPnp.exe" - c:\windows\system32\watchPnp.exe [2002-10-25 36867]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-05-03 13:50 11952 ----a-w c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wxvault.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Programfiler\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Programfiler\\Azureus\\Azureus.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25.03.2009 01:08 325896]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25.03.2009 01:08 108552]

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11.09.2007 00:45 124832]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25.03.2009 01:07 298776]

R2 GtDetectSc;GtDetectSc;c:\programfiler\Telenor\Mobilt bredbånd\GtDetectSc.exe [18.12.2007 11:48 196704]

S2 SpPortEx;Samsung Port Exclusion;c:\windows\system32\drivers\SpPortEx.sys [29.08.2007 13:23 7168]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [13.11.2007 15:50 106112]

S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [09.10.2007 12:53 59264]

S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [30.03.2007 12:38 8064]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [21.11.2007 15:59 36864]

S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\DRIVERS\z520bus.sys --> c:\windows\system32\DRIVERS\z520bus.sys [?]

S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z520mdfl.sys --> c:\windows\system32\DRIVERS\z520mdfl.sys [?]

S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\z520mdm.sys --> c:\windows\system32\DRIVERS\z520mdm.sys [?]

S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\z520mgmt.sys --> c:\windows\system32\DRIVERS\z520mgmt.sys [?]

S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\z520obex.sys --> c:\windows\system32\DRIVERS\z520obex.sys [?]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]

 

2009-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3942211861-2950740963-430290347-1005.job

- c:\documents and settings\Joakim\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-13 00:59]

 

2009-05-26 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

 

2009-05-27 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.startsiden.no/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = www-cache.uib.no:81

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab

FF - ProfilePath - c:\documents and settings\Joakim\Programdata\Mozilla\Firefox\Profiles\h960am4k.Standardbruker\

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-28 00:45

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-3942211861-2950740963-430290347-1005\Software\SecuROM\License information*]

"datasecu"=hex:f4,8c,81,58,dc,6b,b0,76,1c,58,49,a0,bc,bd,26,70,1a,c7,0b,50,88,

34,55,58,79,c7,ce,e6,6c,10,d7,7e,fd,94,b4,b8,fd,61,fe,36,fa,39,c8,ee,2f,d4,\

"rkeysecu"=hex:aa,bf,b5,e4,11,8d,82,13,ff,93,41,a3,2c,b7,11,c6

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(680)

c:\windows\system32\wxvault.dll

 

- - - - - - - > 'lsass.exe'(736)

c:\windows\system32\wxvault.dll

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

 

- - - - - - - > 'explorer.exe'(3096)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tidspunkt ferdig: 2009-05-27 0:48

ComboFix-quarantined-files.txt 2009-05-27 22:48

ComboFix2.txt 2009-05-26 21:30

 

Pre-Run: 8 247 369 728 byte ledig

Post-Run: 8 228 749 312 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

216 --- E O F --- 2009-05-24 18:31

 

 

Lenke til kommentar
Thomas.

Thomas.

Skrevet
Skrevet
tusen takk for hjelp.

 

Skal vi se, nå har jeg prøvd å rydde og slette,

Legger ved bilde fra CCleaner på oppstartsmenyen der.

post-193157-1243207062_thumb.jpg

 

Mye av de tingene som ligger der har jeg ikke peiling på.

 

PC'n har blitt litt raskere, men tror nok det er mye mer å gå på.

 

Slå av alt, untatt de 2 jeg ikke har sreket over:

post-143342-1244415271_thumb.jpg

Lenke til kommentar
j0ker

j0ker

Skrevet
  • Forfatter
Skrevet

supert har gjort alt dette over nå.

Er imidlertidig ikke helt overbevist over Pcns yteevne for tiden.

 

Jeg lurte på om dere hadde noe peilig på alle prosessene PC'n min har gående.

 

post-193157-1245075322_thumb.jpg

 

Her kjører azureuz, men bortsett fra det er det en hel del ting jeg ikke har peiling på hva er.

 

Vet dere?

Lenke til kommentar
  • 3 uker senere...
j0ker

j0ker

Skrevet
  • Forfatter
Skrevet (endret)
supert har gjort alt dette over nå.

Er imidlertidig ikke helt overbevist over Pcns yteevne for tiden.

 

Jeg lurte på om dere hadde noe peilig på alle prosessene PC'n min har gående.

 

post-193157-1245075322_thumb.jpg

 

Her kjører azureuz, men bortsett fra det er det en hel del ting jeg ikke har peiling på hva er.

 

Vet dere?

 

Jeg har nå funnet ut at Vuze (eller azureus ) er en CPU tyv.

så vurderer å bytte den ut med noe annet.

Hva tror dere, forslag på ikke CPUslukende torrentprogram

Endret av j0ker
Lenke til kommentar
j0ker

j0ker

Skrevet
  • Forfatter
Skrevet
supert har gjort alt dette over nå.

Er imidlertidig ikke helt overbevist over Pcns yteevne for tiden.

 

Jeg lurte på om dere hadde noe peilig på alle prosessene PC'n min har gående.

 

post-193157-1245075322_thumb.jpg

 

Her kjører azureuz, men bortsett fra det er det en hel del ting jeg ikke har peiling på hva er.

 

Vet dere?

 

Jeg har nå funnet ut at Vuze (eller azureus ) er en CPU tyv.

så vurderer å bytte den ut med noe annet.

Hva tror dere, forslag på ikke CPUslukende torrentprogram

 

 

I det siste har PCn startet opp lynraskt ved oppstart noe som er nice!

men jeg kan sitte å se på film mens jeg surfer i firefox og mens jeg er på nedlasting i Azureus, og plutselig spiker de opp og tar 100% av CPU - pcn trenger da 5 minutter før pcn slapper av igjen.

Det suger!

 

Så tipsene deres har hjulpet, men mest med oppstarten, tips som kan hjelpe meg med CPU slukingen??

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...