LØST - Treg maskin, virus? Hjelp til Hijack This log + combofix log.

vetting · 11. august 2009

Har en veldig treg pc, som CPU jobber veldig mye på hele tiden. Jeg tror nok det er virus som forårsaker dette. Kan noen sjekke loggene mine (Hijack this og combofix)?

Combofix

ComboFix 09-08-10.06 - Eier 11.08.2009 20:47.3.1 - NTFSx86 MINIMAL
Kjører fra: c:\documents and settings\Eier\Skrivebord\Søker\Øyst\Øyst.exe

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-11 til 2009-08-11 )))))))))))))))))))))))))))))))))

.

2009-08-11 18:42 . 2009-08-11 18:43 -------- d-----w- c:\documents and settings\Administrator

2009-08-11 15:49 . 2009-08-11 15:50 -------- d-s---w- C:\Øys

2009-08-11 15:34 . 2009-08-11 15:49 -------- d-s---w- C:\ComboFix

2009-08-11 15:02 . 2009-08-11 15:02 -------- d-----w- c:\documents and settings\Eier\Programdata\Malwarebytes

2009-08-11 15:02 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-11 15:02 . 2009-08-11 15:02 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-08-11 15:02 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-11 15:02 . 2009-08-11 15:02 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2009-08-10 20:45 . 2009-08-11 16:23 -------- d--h--r- c:\documents and settings\Eier\Siste

2009-08-10 16:40 . 2009-08-10 16:40 -------- d-----w- c:\documents and settings\Eier\Programdata\BoneTown

2009-08-10 16:31 . 2009-08-10 16:31 -------- d--h--r- c:\documents and settings\Eier\Programdata\SecuROM

2009-08-10 16:28 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2009-08-10 16:27 . 2009-08-10 17:32 -------- d-----w- c:\programfiler\BoneTown

2009-07-28 19:24 . 2009-08-08 14:53 -------- d-----w- c:\documents and settings\Eier\Programdata\Spotify

2009-07-28 19:24 . 2009-07-28 19:24 -------- d-----w- c:\documents and settings\Eier\Lokale innstillinger\Programdata\Spotify

2009-07-28 19:24 . 2009-07-28 19:24 -------- d-----w- c:\programfiler\Spotify

2009-07-22 20:55 . 2009-07-22 20:55 -------- d-----w- c:\documents and settings\Eier\Programdata\Snapfish

2009-07-22 20:55 . 2009-07-22 20:55 -------- d-----w- c:\documents and settings\Eier\Lokale innstillinger\Programdata\Snapfish

2009-07-18 21:40 . 2009-07-18 21:40 -------- d-sh--w- c:\documents and settings\Eier\IECompatCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-11 15:49 . 2005-07-28 18:43 -------- d-----w- c:\programfiler\Fellesfiler\Symantec Shared

2009-08-11 15:11 . 2009-08-11 15:11 262 ----a-w- c:\programfiler\souuxzhk.txt

2009-08-10 17:35 . 2005-07-28 18:45 -------- d-----w- c:\programfiler\Norton Internet Security

2009-08-01 09:49 . 2008-06-24 18:13 -------- d-----w- c:\programfiler\Microsoft Silverlight

2009-07-28 16:49 . 2006-12-25 16:34 -------- d-----w- c:\programfiler\NovaLogic

2009-07-27 20:46 . 2006-12-31 17:04 -------- d-----w- c:\documents and settings\Eier\Programdata\uTorrent

2009-07-22 21:53 . 2005-08-05 01:13 18616 ----a-w- c:\documents and settings\Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-07-04 17:09 . 2001-10-09 12:00 79648 ----a-w- c:\windows\system32\perfc014.dat

2009-07-04 17:09 . 2001-10-09 12:00 444036 ----a-w- c:\windows\system32\perfh014.dat

2009-07-04 16:57 . 2009-07-04 16:57 -------- d-----w- c:\programfiler\Microsoft

2009-07-03 17:01 . 2004-08-23 16:17 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-30 18:58 . 2008-06-24 13:33 -------- d-----w- c:\programfiler\CCleaner

2009-06-30 18:54 . 2007-04-11 12:10 -------- d-----w- c:\programfiler\Opera

2009-06-30 18:51 . 2005-12-25 12:41 -------- d-----w- c:\programfiler\Fellesfiler\Adobe

2009-06-16 14:43 . 2001-10-09 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:43 . 2001-10-09 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-09 17:37 . 2009-06-09 17:36 15469280 ----a-w- c:\documents and settings\All Users\Programdata\Telenor\Telenorhjelpen\Update\Telenorhjelpen_2_4_1_0.exe

2009-06-03 19:11 . 2001-10-09 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll

2005-08-06 13:32 . 2005-08-06 13:32 56 --sh--r- c:\windows\system32\80EA3021BE.sys

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 376912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-31 58728]

"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-06-24 100056]

"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 11:41 294912 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\messenger\\msmsgs.exe"=

"c:\\Programfiler\\uTorrent\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\Microsoft ActiveSync\\WCESCOMM.EXE"=

R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]

R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-08-07 c:\windows\Tasks\Norton AntiVirus - Søk på min datamaskin - Eier.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-09 14:24]

2009-07-31 c:\windows\Tasks\{6AD5F2CC-4B72-4286-A02E-E53A9E1B3F17}_DAG_Eier.job

- c:\windows\system32\mobsync.exe [2001-10-09 16:22]

2009-07-31 c:\windows\Tasks\{8D045F33-7F09-4226-B64E-03AFA88D3FB4}_DAG_Eier.job

- c:\windows\system32\mobsync.exe [2001-10-09 16:22]

2009-08-10 c:\windows\Tasks\{CAADD4FD-475F-433B-BB0C-53184C7659F2}_DAG_Eier.job

- c:\windows\system32\mobsync.exe [2001-10-09 16:22]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.startsiden.no/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www3.snapfish.no/SnapfishActivia2.cab

DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp03.photoprintit.de/microsite/18/defaults/activex/IPSUploader.cab

FF - ProfilePath - c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\a5vvted1.default\

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-11 20:53

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-2025429265-287218729-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:5d,05,89,c0,a9,b4,62,78,c9,c5,86,00,57,3f,35,c4,a1,c2,06,a6,d6,

31,2e,06,15,4b,18,f9,01,ae,13,e4,9a,c8,d8,ff,8c,58,e7,0c,02,a9,dd,df,d1,ac,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(200)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

.

Tidspunkt ferdig: 2009-08-11 20:57

ComboFix-quarantined-files.txt 2009-08-11 18:57

ComboFix2.txt 2009-08-11 15:31

Pre-Run: 30 831 456 256 byte ledig

Post-Run: 30 782 111 744 byte ledig

151 --- E O F --- 2009-07-31 15:37

Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:11, on 11.08.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Eier\Skrivebord\Søker\ein\ein.exe

C:\WINDOWS\system32\igfxsrvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programfiler\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122577670545

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122581497889

O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www3.snapfish.no/SnapfishActivia2.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/18/...IPSUploader.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 8508 bytes

Edit: Legger til Malwarebytes' Anti-Malware log. Dette er anre gang jeg kjører denne. Første gangen var det 4 annmerkninger, men husker ikke hva...

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.40

Databaseversjon: 2602

Windows 5.1.2600 Service Pack 3

11.08.2009 22:36:26

mbam-log-2009-08-11 (22-36-26).txt

Skanntype: Rask Skann

Objekter skannet: 91297

Tid tilbakelagt: 5 minute(s), 51 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert: