Poster utskilt fra veiledningestråden

[RMBB]

Legger inn et temmelig dumt spørsmål her jeg... hehe

Hvordan vet dere hva som skal være der eller ikke? Har dere pugget hvilke programmer som skal være med windows osv. ?

[norbat]

Ingen spørsmål er for dumme

 

Et greit utgangspunkt er hijackthis.de som gir en automatisk tilbakemelding på loggen. Disse automatiske sjekkene (det finnes flere) er dessverre ikke fullgod, så man skal være litt forsiktig med å stole fullstendig på disse.

 

Det finnes en del databaser som man kan bruke i tillegg til søk (google, yahoo etc)

Castlecops.combruker jeg ofte til å se om ei fil er registrert som ok eller bad.

 

Ellers bør man lese hjt-logger på andre forum samt se hvordan løsninger som velges. Etter hvert vil man begynne å kjenne igjen filer i loggen som tilhører en eller annen infeksjon. Dette bestemmer hvilket verktøy man velger å bruke for å fjerne dette.

Endret 17. august 2007 av norbat

[Dynejonas]

Hei.

 

 

IE popper opp hele tia med lame reklame. Jeg vet ikke hvorfor men jeg vil ha det bort

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 04:02:31, on 18.08.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE

C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe

C:\Programfiler\Razer\Diamondback\razerhid.exe

C:\Programfiler\Razer\Diamondback\razerofa.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe

C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\CTHELPER.EXE

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDCountdown.exe

C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDMedia.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDClock.exe

C:\Programfiler\WhatPulse\WhatPulse.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE

C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Programfiler\Azureus\Azureus.exe

C:\Programfiler\Pidgin\pidgin.exe

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Jonas\Skrivebord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://nettbank.sparebank1.no/inloggning_n...sb1?bankid=4210

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [sBDrvDet] C:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe"

O4 - HKLM\..\Run: [Dimondback] C:\Programfiler\Razer\Diamondback\razerhid.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Programdata\close poke frag ooze\OBJ THUNK.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WhatPulse] C:\Programfiler\WhatPulse\WhatPulse.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [mRouterConfig] "C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

O4 - HKCU\..\Run: [Hopethe] C:\DOCUME~1\Jonas\PROGRA~1\EXTRAI~1\dvd meow.exe

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171515194171

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

 

 

 

her en en ny hijacktis logg

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 14:05:51, on 18.08.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE

C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe

C:\Programfiler\Razer\Diamondback\razerhid.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe

C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\CTHELPER.EXE

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDCountdown.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDMedia.exe

C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDClock.exe

C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\WhatPulse\WhatPulse.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Programfiler\Razer\Diamondback\razerofa.exe

C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE

C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe

C:\Programfiler\Pidgin\pidgin.exe

C:\Programfiler\Opera\Opera.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Reg Organizer\organizer.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Jonas\Skrivebord\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [sBDrvDet] C:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe"

O4 - HKLM\..\Run: [Dimondback] C:\Programfiler\Razer\Diamondback\razerhid.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WhatPulse] C:\Programfiler\WhatPulse\WhatPulse.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [mRouterConfig] "C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171515194171

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

 

Endret 18. august 2007 av Dynejonas

[norbat]

Se om du har et prog som heter CiD help. Hvis, avintaller det fra legg til/fjern programmer (kontrollpanelet)

 

Deretter:

Klikk: Start -> Kjør

Skriv: notepad "c:\Windows\System32\drivers\etc\hosts" . Klikk OK.

Fjern, hvis tilstede, alle linjer med ... CiD

Du skal i utg.pkt kun ha ei linje der det står: 127.0.0.1 localhost

Etter at du har fjernet aktuelle linjer, klikker du Fil->Lagre.

 

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

 

Last ned SAS (Free), installer og oppdater. Kjør en full scan.

 

Post loggen fra SAS (preferences->statistics/logs) og fortell om det fortsatt er popups-problemer.

[Dynejonas]

Takk for hjelpen. Jeg kjører sas i morgen, må sove litt før skolen

[grimsbo]

Ja, da har det seg slik at jeg har fått en ukontrolerbar mengde spyware/adware/malware inne på datamaskinen. Jeg får ikke lastet opp hijackthis filen slik at dere kan lese fordi de greiene jeg har fått gjør pcn min veldig treig.

Men jeg kan si at de tingene jeg har heter "Error Cleaner", "Privacy Protector" og "Spyware&Malware Protection".

 

Har prøvd alle måtene som ble beskrevet i første post, men kommer ikke noe spesielt langt med det.

[norbat]

grimsbo:

 

Hent Smitfraudfix, legg det på skrivebordet

 

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

 

Kjør Smitfraudfix, velg valg 2.

 

Logg: Vanligvis å finne i C:\rapport.txt. Den poster du sammen med en HJT-logg.

 

Fint om du oppretter en egen tråd der du legger loggene dine.

Endret 25. august 2007 av norbat

[ainstainy]

Her loggene mine

 

SAS:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/31/2007 at 09:24 AM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3296

Trace Rules Database Version: 1305

 

Scan type : Complete Scan

Total Scan Time : 01:14:12

 

Memory items scanned : 638

Memory threats detected : 0

Registry items scanned : 7117

Registry threats detected : 0

File items scanned : 71072

File threats detected : 107

 

Adware.Tracking Cookie

C:\Documents and Settings\Ainstainy\Cookies\ainstainy@advertising[1].txt

C:\Documents and Settings\Ainstainy\Cookies\[email protected][2].txt

C:\Documents and Settings\Ainstainy\Cookies\ainstainy@xiti[1].txt

C:\Documents and Settings\Gunnar\Cookies\[email protected][1].txt

C:\Documents and Settings\Gunnar\Cookies\[email protected][2].txt

C:\Documents and Settings\Gunnar\Cookies\[email protected][1].txt

C:\Documents and Settings\Gunnar\Cookies\[email protected][2].txt

C:\Documents and Settings\Harald\Cookies\[email protected][2].txt

C:\Documents and Settings\Harald.PC417247783219\Cookies\[email protected][1].txt

C:\Documents and Settings\Harald.PC417247783219\Cookies\[email protected][2].txt

C:\Documents and Settings\Harald.PC417247783219\Cookies\harald@doubleclick[1].txt

C:\Documents and Settings\Harald.PC417247783219\Cookies\[email protected][2].txt

C:\Documents and Settings\Harald.PC417247783219\Cookies\harald@imrworldwide[2].txt

C:\Documents and Settings\Harald.PC417247783219\Cookies\[email protected][1].txt

C:\Documents and Settings\Harald.PC417247783219\Cookies\harald@tradedoubler[1].txt

C:\Documents and Settings\Harald.PC417247783219\Cookies\[email protected][1].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][2].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][2].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt

C:\Documents and Settings\Øystein\Cookies\øystein@atwola[1].txt

C:\Documents and Settings\Øystein\Cookies\øystein@clicktorrent[2].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][2].txt

C:\Documents and Settings\Øystein\Cookies\øystein@imrworldwide[2].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt

C:\Documents and Settings\Øystein\Cookies\ø[email protected][1].txt

C:\Documents and Settings\Øystein\Cookies\øystein@xiti[1].txt

C:\Documents and Settings\Øystein\Cookies\øystein@yadro[1].txt

 

Adware.Lop-Gen

C:\DOCUMENTS AND SETTINGS\AINSTAINY\BYTEBATWAVE\NVRGZXGA.EXE

C:\DOCUMENTS AND SETTINGS\AINSTAINY\BYTEBATWAVE\THDDEGXS.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AXISNAMEOOZEGRID\BLUE WAVE.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AXISNAMEOOZEGRID\CREATIVE DART.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPPORT META WIN BALM\1 DUPE.EXE

C:\DOCUMENTS AND SETTINGS\ØYSTEIN\LOCAL SETTINGS\TEMP\BIS72.EXE

C:\DOCUMENTS AND SETTINGS\ØYSTEIN\PROGRAMDATA\BYTEBATWAVE\REF OPEN BEND.EXE

C:\DOCUMENTS AND SETTINGS\ØYSTEIN\PROGRAMDATA\BYTEBATWAVE\TAUDPGMI.EXE

C:\DOCUMENTS AND SETTINGS\ØYSTEIN\PROGRAMDATA\BYTEBATWAVE\WMAPHONEFORK.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0047355.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0047357.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP97\A0033057.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP97\A0033058.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP97\A0033059.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP97\A0033060.EXE

 

Adware.Lop-Variant

C:\DOCUMENTS AND SETTINGS\AINSTAINY\BYTEBATWAVE\REF OPEN BEND.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP103\A0033545.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0034537.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0034563.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0034564.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0034615.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0035616.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0035715.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0036620.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0036648.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0036652.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0036681.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0037681.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0038703.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP107\A0038723.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP108\A0038931.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP108\A0038933.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP108\A0038950.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP108\A0038951.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP111\A0039032.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP111\A0039103.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP111\A0040106.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP111\A0040132.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP111\A0040142.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0040173.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0041191.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0041215.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0042214.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0043211.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0044214.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0044243.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0045214.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0046215.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0046248.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0047246.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP112\A0047251.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0047356.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0047358.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0047412.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0047414.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0049430.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0049457.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0049544.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0049691.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0049724.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP113\A0049758.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP114\A0050864.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP116\A0051088.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP117\A0051118.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP118\A0051200.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP118\A0051265.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP118\A0051292.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP118\A0051374.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP123\A0052468.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP123\A0052493.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP123\A0053494.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP123\A0053562.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP123\A0053616.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6533A10-FCAF-4627-A13C-ED56AC89BC49}\RP124\A0053833.EXE

 

BearShare File Sharing Client

C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

C:\WINDOWS\Prefetch\BEARSHARE.EXE-2A0C795D.pf

 

 

HijackThis:

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:31:01, on 31.08.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ClueAddIn.IE.ObjectWithSite - {1F6C23D6-854C-497f-9275-439C89CF1F68} - mscoree.dll (file missing)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [GramTrans] C:\DOCUME~1\AINSTA~1\PROGRA~1\BYTEBA~1\Ref open bend.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176321852046

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 12487 bytes

 

Hva har du å sei?

Endret 31. august 2007 av ainstainy

[norbat]

ainstainy: https://www.diskusjon.no/index.php?showtopic=822286

[Rincewind76]

Noe her som ikke burde vært her?

 

Hijackthis:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:57:39, on 03.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

C:\Documents and Settings\Ole\Lokale innstillinger\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE

C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe

C:\Programfiler\Maxtor\OneTouch\utils\Onetouch.exe

C:\Programfiler\Saitek\Software\ProfilerU.exe

C:\Programfiler\Saitek\Software\SaiMfd.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\CTHELPER.EXE

C:\Programfiler\Adobe\Adobe Photoshop Lightroom\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\PROGRAMFILER\PROMIXIS\GIRDER\GIRDER.EXE

C:\Programfiler\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\Ray Adams\ATI Tray Tools\atitray.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programfiler\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Programfiler\Netropa\Onscreen Display\OSD.exe

C:\Programfiler\Netropa\InetKb\Inetkb.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Ole\Lokale innstillinger\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE

O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Programfiler\Maxtor\OneTouch\utils\Onetouch.exe

O4 - HKLM\..\Run: [Profiler] C:\Programfiler\Saitek\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] C:\Programfiler\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"

O4 - HKLM\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Girder4] C:\PROGRAMFILER\PROMIXIS\GIRDER\GIRDER.EXE

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programfiler\Ray Adams\ATI Tray Tools\atitray.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 10.5.0.1091 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 10.5.0.1091 (User 'Default user')

O4 - S-1-5-18 Startup: PowerReg Scheduler.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) - http://web06.ifi.fi/WEBUPLOAD/app_support/...aboUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188678634937

O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe (file missing)

O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programfiler\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

 

--

End of file - 8166 bytes

[norbat]

Grei logg.

 

Har du mistanke om noe eller var det bare en sjekk.

[Rincewind76]

Grei logg.

 

Har du mistanke om noe eller var det bare en sjekk.

9416791[/snapback]

 

Takk. Har et foreløpig uidentifisert problem (sannsynligvis hw) med maskinen, så det var for å eliminere en av mulighetene.

[cossiest]

Hei

har et problem på en pc til en kompis.

prossessor kjører på 99-100 hele tiden.

 

er prosess med navnet system.

 

Noen forslag?

 

her er log fiLogfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:07:02, on 06.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\slserv.exe

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Symantec\LiveUpdate\AUpdate.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\Programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

v

[cossiest]

sånn ser cntrl alt del ut

[norbat]

hjt-loggen ser grei ut.

 

Vi kan prøve et annet prog:

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (vanligvis c:\combofix.txt)

[cossiest]

Her er filen. håper den sier deg noe *

 

-Ronny-

ComboFix.txt

[cossiest]

legger ved denne også...

kjørt i sikkerhets modus..

ComboFix_quarantined_files.txt

[odderling]

Jeg og har noen små problemer, Noe som er spesielt irriterende er at et program kalt ''Personal securety center'' utgir seg for å være mitt sikkerhens-senter og det ''spamer'' meg med at jeg må innstalere nye oppdateringer!

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:44:15, on 18.09.2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Winamp\winampa.exe

C:\Programfiler\Razer\DeathAdder\razerhid.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\avp.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\regsvr32.exe

C:\Programfiler\SecCenter\scprot4.exe

C:\WINDOWS\mgrs.exe

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\Razer\DeathAdder\razertra.exe

C:\Programfiler\Razer\DeathAdder\razerofa.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programfiler\uTorrent\uTorrent.exe

C:\Programfiler\SecCenter\scprot4.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - C:\Programfiler\Hgnxhxsw\inpbpgzk.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {80F52B11-B980-4FCF-9B66-5B733054D190} - C:\WINDOWS\System32\opnnmll.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Ai Nap] "C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvdes.dll,startup

O4 - HKLM\..\Run: [qbkfezwb] rundll32.exe "C:\Programfiler\qbkfezwb\uzgdibgd.dll",Init

O4 - HKLM\..\Run: [xihctabu] regsvr32 /u "C:\Documents and Settings\All Users\Programdata\xihctabu.dll"

O4 - HKLM\..\Run: [sC2] C:\Programfiler\SecCenter\scprot4.exe

O4 - HKLM\..\Run: [smgr] mgrs.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\RunOnce: [CAFIX] "C:\WINDOWS\system32\ZoneLabs\cafix.exe" /IgnoreAll

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Eser] "C:\WINDOWS\CROSOF~1.NET\mmc.exe" -vt yazb

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O20 - Winlogon Notify: opnnmll - C:\WINDOWS\SYSTEM32\opnnmll.dll

O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Prime95 Service - Unknown owner - C:\Documents and Settings\Odd erling\Skrivebord\P95\PRIME95.EXE (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 6744 bytes

[norbat]

Hei, odderling

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny hjt-logg

[odderling]

Combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-09-18.4 - "Odd erling" 2007-09-19 16:28:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1252.1.1044.18.1380 [GMT 2:00]

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\DOCUME~1\ALLUSE~1\PROGRA~1.\xihctabu.dll

C:\Programfiler\Fellesfiler\Yazzle1162OinAdmin.exe

C:\Programfiler\Fellesfiler\Yazzle1162OinUninstaller.exe

C:\Programfiler\Hgnxhxsw

C:\Programfiler\Hgnxhxsw\inpbpgzk.dll

C:\Programfiler\qbkfezwb

C:\Programfiler\qbkfezwb\uzgdibgd.dll

C:\Programfiler\s2f.exe

C:\Programfiler\SecCenter

C:\Programfiler\SecCenter\scprot4.exe

C:\Programfiler\ucleaner_setup.exe

C:\Programfiler\Ultimate Cleaner

C:\WINDOWS\avp.exe

C:\WINDOWS\Casino.ico

C:\WINDOWS\crosof~1.net

C:\WINDOWS\crosof~1.net\??crosoft.NET\

C:\WINDOWS\Free Online Dating.ico

C:\WINDOWS\mgrs.exe

C:\WINDOWS\Spyware Remover.ico

C:\WINDOWS\system32\okqipwgf

C:\WINDOWS\system32\okqipwgf\bg1.gif

C:\WINDOWS\system32\okqipwgf\bgtop.gif

C:\WINDOWS\system32\okqipwgf\bottom1.gif

C:\WINDOWS\system32\okqipwgf\essentials.gif

C:\WINDOWS\system32\okqipwgf\icon1.ico

C:\WINDOWS\system32\okqipwgf\install1.gif

C:\WINDOWS\system32\okqipwgf\left1.gif

C:\WINDOWS\system32\okqipwgf\li.gif

C:\WINDOWS\system32\okqipwgf\logo.gif

C:\WINDOWS\system32\okqipwgf\main.htm

C:\WINDOWS\system32\okqipwgf\mainframe.htm

C:\WINDOWS\system32\okqipwgf\okqipwgf1.exe

C:\WINDOWS\system32\okqipwgf\okqipwgf2.exe

C:\WINDOWS\system32\okqipwgf\okqipwgf3.exe

C:\WINDOWS\system32\okqipwgf\reinstall1.gif

C:\WINDOWS\system32\okqipwgf\right1.gif

C:\WINDOWS\system32\okqipwgf\s1.htm

C:\WINDOWS\system32\okqipwgf\s2.htm

C:\WINDOWS\system32\okqipwgf\s3.htm

C:\WINDOWS\system32\okqipwgf\SMTop1.gif

C:\WINDOWS\system32\okqipwgf\SMTop2.gif

C:\WINDOWS\system32\okqipwgf\SMTop3.gif

C:\WINDOWS\system32\okqipwgf\SMTop4.gif

C:\WINDOWS\system32\okqipwgf\soft1_off.gif

C:\WINDOWS\system32\okqipwgf\soft1_off_ext.gif

C:\WINDOWS\system32\okqipwgf\soft1_on.gif

C:\WINDOWS\system32\okqipwgf\soft1_on_ext.gif

C:\WINDOWS\system32\okqipwgf\soft2_off.gif

C:\WINDOWS\system32\okqipwgf\soft2_off_ext.gif

C:\WINDOWS\system32\okqipwgf\soft2_on.gif

C:\WINDOWS\system32\okqipwgf\soft2_on_ext.gif

C:\WINDOWS\system32\okqipwgf\soft3_off.gif

C:\WINDOWS\system32\okqipwgf\soft3_off_ext.gif

C:\WINDOWS\system32\okqipwgf\soft3_on.gif

C:\WINDOWS\system32\okqipwgf\soft3_on_ext.gif

C:\WINDOWS\system32\okqipwgf\softbottom_off.gif

C:\WINDOWS\system32\okqipwgf\softbottom_on.gif

C:\WINDOWS\system32\okqipwgf\softleft_off.gif

C:\WINDOWS\system32\okqipwgf\softleft_on.gif

C:\WINDOWS\system32\okqipwgf\top1.gif

C:\WINDOWS\system32\okqipwgf\top2.gif

C:\WINDOWS\system32\okqipwgf\turnoff1.gif

C:\WINDOWS\system32\okqipwgf\turnon1.gif

C:\WINDOWS\system32\opnnmll.dll

C:\WINDOWS\system32\winzzc32.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))

.

 

2007-09-19 16:36 <DIR> d-------- C:\WINDOWS\CAVTemp

2007-09-19 16:26 62,464 --a------ C:\WINDOWS\NirCmd.exe

2007-09-18 21:39 <DIR> d-------- C:\Programfiler\Trend Micro

2007-09-18 21:03 1,021,504 --a------ C:\WINDOWS\system32\vete.dll

2007-09-18 19:55 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\MailFrontier

2007-09-18 19:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-09-18 19:34 <DIR> dr-h----- C:\DOCUME~1\ODDERL~1\Siste

2007-09-18 19:06 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-09-18 19:06 <DIR> d-------- C:\Programfiler\Microsoft AntiSpyware

2007-09-18 18:50 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\AdobeUM

2007-09-18 18:47 55,296 --a------ C:\Programfiler\hlpsrv.exe

2007-09-18 18:46 15,360 --a------ C:\WINDOWS\system32\drvdesr.dll

2007-09-18 18:46 103,936 --a------ C:\WINDOWS\system32\drvdes.dll

2007-09-18 18:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Adobe Systems

2007-09-18 18:24 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared

2007-09-17 21:54 <DIR> d-------- C:\DOCUME~1\ODDERL~1\Contacts

2007-09-17 21:51 <DIR> d-------- C:\Programfiler\MSN Messenger

2007-09-17 18:36 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\teamspeak2

2007-09-17 17:52 <DIR> d-------- C:\Programfiler\uTorrent

2007-09-17 17:52 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\uTorrent

2007-09-17 17:49 991,232 --a------ C:\WINDOWS\system32\esent.dll

2007-09-17 17:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-09-17 17:44 <DIR> d-------- C:\WINDOWS\system32\bits

2007-09-17 15:49 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll

2007-09-17 15:49 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll

2007-09-17 15:49 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll

2007-09-17 15:49 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll

2007-09-17 15:49 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll

2007-09-17 15:49 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll

2007-09-17 15:49 331,776 --a------ C:\WINDOWS\system32\winhttp.dll

2007-09-17 15:49 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll

2007-09-17 15:49 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2007-09-17 15:48 1,152 --a------ C:\WINDOWS\mozver.dat

2007-09-17 15:46 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-09-17 15:46 33,624 --a------ C:\WINDOWS\system32\wups.dll

2007-09-17 15:46 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-09-17 15:46 203,096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-09-17 15:46 186,648 --a------ C:\WINDOWS\system32\wuaueng1.dll

2007-09-17 15:46 169,240 --a------ C:\WINDOWS\system32\wuauclt1.exe

2007-09-16 19:23 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2007-09-16 19:22 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll

2007-09-16 19:22 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll

2007-09-16 19:22 232,192 --a------ C:\WINDOWS\system32\drivers\rt73.sys

2007-09-16 19:22 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys

2007-09-16 19:22 <DIR> d-------- C:\Programfiler\Belkin

2007-09-16 19:21 <DIR> d-------- C:\Programfiler\Fellesfiler\muvee Technologies

2007-09-16 19:20 <DIR> d-------- C:\Programfiler\muvee Technologies

2007-09-16 19:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\muvee Technologies

2007-09-16 19:15 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-09-16 19:15 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-09-16 19:14 5,120 --a------ C:\WINDOWS\TBManage.dll

2007-09-16 19:14 36,864 --a------ C:\WINDOWS\GWLib.dll

2007-09-16 19:14 32,768 --a------ C:\WINDOWS\TBPanelExt.dll

2007-09-16 19:14 208,384 --a------ C:\WINDOWS\DXTool.exe

2007-09-16 19:14 2,173,744 --a------ C:\WINDOWS\TBPanel.exe

2007-09-16 19:14 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys

2007-09-16 19:14 103,936 --a------ C:\WINDOWS\TBZoom.exe

2007-09-16 19:14 <DIR> d-------- C:\WINDOWS\UI

2007-09-16 18:15 <DIR> d-------- C:\Programfiler\VentriloMIX

2007-09-16 18:15 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\Ventrilo

2007-09-16 16:23 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2007-09-16 16:23 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2007-09-16 16:23 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2007-09-16 16:23 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2007-09-16 16:22 <DIR> d-------- C:\Programfiler\Futuremark

2007-09-16 14:04 <DIR> d-------- C:\Programfiler\Nero

2007-09-16 14:04 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2007-09-16 14:04 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\Ahead

2007-09-16 14:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Nero

2007-09-16 10:39 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\dvdcss

2007-09-16 10:36 <DIR> d-------- C:\Programfiler\DAEMON Tools

2007-09-16 10:35 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-09-15 15:12 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll

2007-09-15 15:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys

2007-09-15 15:12 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys

2007-09-15 15:12 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys

2007-09-15 15:12 <DIR> d-------- C:\Programfiler\ASUS

2007-09-15 14:01 <DIR> d-------- C:\Programfiler\OpenAL

2007-09-15 13:55 <DIR> d-------- C:\Spell

2007-09-15 13:40 <DIR> d-------- C:\DOCUME~1\ODDERL~1\PROGRA~1\vlc

2007-09-15 13:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2007-09-15 13:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll

2007-09-15 13:30 <DIR> d-------- C:\Programfiler\Plato DVD to AVI Converter

2007-09-15 13:30 <DIR> d-------- C:\Programfiler\Cheat Engine

2007-09-15 13:28 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-09-15 09:05 0 --a------ C:\WINDOWS\nsreg.dat

2007-09-15 08:53 <DIR> d-------- C:\Seria

2007-09-15 08:53 <DIR> d-------- C:\Filma

2007-09-15 08:45 <DIR> d-------- C:\Programfiler\Dvd shrink Kopierte filma

2007-09-15 08:14 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys

2007-09-15 08:14 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-09-15 08:13 9,728,000 -r------- C:\WINDOWS\RTLCPL.exe

2007-09-15 08:13 4,395,008 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.sys

2007-09-15 08:13 2,822,144 -r------- C:\WINDOWS\alcwzrd.exe

2007-09-15 08:13 2,169,856 -r------- C:\WINDOWS\MicCal.exe

2007-09-15 08:13 180,224 -r------- C:\WINDOWS\Alcmtr.exe

2007-09-15 08:13 16,139,776 -ra------ C:\WINDOWS\RTHDCPL.exe

2007-09-15 08:13 131,072 -r------- C:\WINDOWS\SoundMan.exe

2007-09-15 08:13 1,835,008 -r------- C:\WINDOWS\SkyTel.exe

2007-09-15 08:13 1,204,224 -r------- C:\WINDOWS\RtlUpd.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-18 21:03 645904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys

2007-09-18 21:03 115088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys

2007-09-16 16:23 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2007-09-15 17:29 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll

2007-09-14 21:58 --------- d-------- C:\Programfiler\microsoft frontpage

2007-09-14 21:56 --------- d-------- C:\Programfiler\Fellesfiler\Tjenester

2007-09-14 21:56 --------- d-------- C:\Programfiler\Fellesfiler\MSSoap

2007-09-14 21:55 --------- d-------- C:\Programfiler\Elektroniske tjenester

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll

2007-06-29 00:43 831488 --a------ C:\WINDOWS\system32\nvcplui.exe

2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll

2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll

2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll

2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll

2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll

2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll

2007-06-29 00:43 487424 --a------ C:\WINDOWS\system32\nvappbar.exe

2007-06-29 00:43 471040 --a------ C:\WINDOWS\system32\keystone.exe

2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll

2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll

2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll

2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll

2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll

2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll

2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll

2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll

2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll

2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll

2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll

2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll

2007-06-29 00:43 266308 --a------ C:\WINDOWS\system32\nvsvc32.exe

2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll

2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll

2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll

2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll

2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2007-06-29 00:43 159744 --a------ C:\WINDOWS\system32\nvcolor.exe

2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll

2007-06-29 00:43 1417216 --a------ C:\WINDOWS\system32\nvdspsch.exe

2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll

2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll

2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin

2006-06-24 00:48 77824 -ra------ C:\WINDOWS\inf\UpdateUSB.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"@"="" []

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 16:36]

"36X Raid Configurer"="C:\WINDOWS\System32\xRaidSetup.exe" [2007-03-21 18:23]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-29 00:43]

"nwiz"="nwiz.exe" []

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-02-13 20:29]

"DeathAdder"="C:\Programfiler\Razer\DeathAdder\razerhid.exe" [2006-12-06 22:30]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-06-29 00:43]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 C:\WINDOWS\RTHDCPL.exe]

"Ai Nap"="C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 14:49]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-04-23 13:18]

"gcasServ"="C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]

"Zone Labs Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-16 16:00]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-08-29 17:09]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-18 18:47]

"Eser"="C:\WINDOWS\CROSOF~1.NET\mmc.exe" []

 

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

 

C:\DOCUME~1\ODDERL~1\START-~1\PROGRA~1\Oppstart\

Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

 

R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\System32\DRIVERS\JGOGO.sys

R0 JRAID;JRAID;C:\WINDOWS\System32\DRIVERS\jraid.sys

R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe

R2 TBPanel;TBPanel;C:\WINDOWS\System32\drivers\TBPanel.sys

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys

R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\System32\drivers\dadder.sys

 

*Newly Created Service* - ALG

*Newly Created Service* - IPNAT

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-19 16:38:25

Windows 5.1.2600 Service Pack 1 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-09-19 16:47:28 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-09-19 16:47

.

--- E O F ---

 

Hijackthis

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:49:43, on 19.09.2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

C:\Programfiler\Winamp\winampa.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programfiler\Razer\DeathAdder\razerhid.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe

C:\Programfiler\Razer\DeathAdder\razertra.exe

C:\WINDOWS\TBPanel.exe

C:\Programfiler\Razer\DeathAdder\razerofa.exe

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\System32\ZoneLabs\isafe.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xp.attrezzi.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Ai Nap] "C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Eser] "C:\WINDOWS\CROSOF~1.NET\mmc.exe" -vt yazb

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Prime95 Service - Unknown owner - C:\Documents and Settings\Odd erling\Skrivebord\P95\PRIME95.EXE (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 5721 bytes