r2d290 Skrevet 14. juni 2008 Del Skrevet 14. juni 2008 (endret) haakka: Edit: følg veiledningen til norbat nedenfor først. Last ned SDFix til skrivebordet. Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix Restart PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus) Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet Velg Y for å starte rensingen PC-en vil restarte, og SDFix vil fortsette. Dette programmet vil lage en logg som du poster etterpå. Last ned, installer, oppdater, og kjør Full scan av maskinen din med SUPERAntiSpyware (Gratisversonen for hjemmebrukere). Dette programmet vil lage en logg som du poster etterpå. ******** Restart maskinen ******** Post nå følgende logger i en ny tråd, ved å klikke "Nytt emne" Loggen fra SDFix (vil ligge som Report.txt i SDFix-mappa). Loggen fra SUPERAntiSpyware (Start programmet. Velg: Preferences->statistics/logs)Superantispyware-logg: Og en ny logg fra HijackThis Endret 14. juni 2008 av r2d290 Lenke til kommentar
norbat Skrevet 14. juni 2008 Forfatter Del Skrevet 14. juni 2008 haakka: Dette blir en dobbeltpost, men det kan være greit at du fixer noen linjer vha. HJT før du kjører gjennom veilednigen gitt over Start hjt, velg "Do a system scan only", sett merke framfor linjene og klikk Fix checked: O2 - BHO: (no name) - {7BB07DEF-FB3D-4E49-AEB6-89773CA08F3A} - F:\WINDOWS\system32\urqPgDTL.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {948ED74F-0B10-4453-AE31-2AF8B87A2692} - F:\WINDOWS\system32\tuvuurQG.dll (file missing) O2 - BHO: QXK Olive - {D708B23A-8C56-442F-9FD7-6237FC253E46} - F:\WINDOWS\boqnrwdmsvr.dll (file missing) O4 - HKLM\..\Run: [94a8d052] rundll32.exe "F:\WINDOWS\system32\wlqgngpr.dll",b O4 - HKLM\..\Run: [DelayLoad] F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msprint.exe O4 - HKCU\..\RunOnce: [spybotDeletingB3547] command /c del "F:\WINDOWS\system32\urqPgDTL.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD5064] cmd /c del "F:\WINDOWS\system32\urqPgDTL.dll" O20 - Winlogon Notify: pmnkHYrr - F:\WINDOWS\ Det burde ikke være så mye å finne av malware etter dette, men en runde med SAS (og evt. SDfix), skader ikke. Lenke til kommentar
Lord Baconost Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 (endret) Flyttet! Endret 21. juni 2008 av Anaesthesis Lenke til kommentar
norbat Skrevet 21. juni 2008 Forfatter Del Skrevet 21. juni 2008 (endret) Anaesthesis: Kunne du ha opprettet en egen tråd der du legger disse loggene? Det gjør du ved å klikke på Nytt Emne-knappen. Lim inn loggene slik du har gjort her, så lager vi en veiledning til deg som fjerner resten av de infiserte filene Fortsetter i egen tråd: https://www.diskusjon.no/index.php?showtopic=971547 Endret 21. juni 2008 av norbat Lenke til kommentar
Kazento Skrevet 24. juni 2008 Del Skrevet 24. juni 2008 her er min logg Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:33:17, on 24.06.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DNA\btdna.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Windows\system32\conime.exe C:\Program Files\Trend Micro\HijackThis\OterLars.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe, O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file) O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file) O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file) O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file) O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file) O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file) O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file) O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file) O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file) O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file) O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Kazento\lsass.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7318 bytes Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 06/24/2008 at 11:02 PM Application Version : 4.15.1000 Core Rules Database Version : 3489 Trace Rules Database Version: 1480 Scan type : Complete Scan Total Scan Time : 00:22:43 Memory items scanned : 661 Memory threats detected : 2 Registry items scanned : 6520 Registry threats detected : 42 File items scanned : 23452 File threats detected : 65 Trojan.Unclassified/IFTUYSZV C:\WINDOWS\SYSTEM32\IFTUYSZV.EXE C:\WINDOWS\SYSTEM32\IFTUYSZV.EXE Trojan.Unknown Origin C:\USERS\KAZENTO\LSASS.EXE C:\USERS\KAZENTO\LSASS.EXE [LSA Shellu] C:\USERS\KAZENTO\LSASS.EXE C:\Windows\Prefetch\LSASS.EXE-1E71D2C6.pf Trojan.Downloader-Gen/MROFIN [runner1] C:\WINDOWS\MROFINU1188.EXE C:\WINDOWS\MROFINU1188.EXE C:\WINDOWS\MROFINU1000106.EXE C:\WINDOWS\MROFINU1188.EXE.TMP Parasite.CoolWebSearch Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} C:\WINDOWS\OLEHELP.EXE HTMLCore Module BHO HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} CoolWebSearch Parasite Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} Adware.CoolWebSearch HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} Browser Hijacker.Tubby HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} ClientMan BHO HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} Adware.Adservs C:\Windows\system32\atmtd.dll._ C:\WINDOWS\SYSTEM32\ERT\RINACOMIT.EXE Trojan.Downloader-Gen/RetAd HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\Windows\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257 ] Adware.Zango/ShoppingReport HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\win32 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\win32 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32 HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32 HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version HKU\S-1-5-21-3195349631-297410775-901768349-1000\Software\ShoppingReport HKLM\Software\ShoppingReport HKLM\Software\ShoppingReport#affid HKLM\Software\ShoppingReport#Version HKLM\Software\ShoppingReport#ProductName HKLM\Software\ShoppingReport#SG_Not_Set C:\Program Files\ShoppingReport\Bin\2.5.0 C:\Program Files\ShoppingReport\Bin C:\Program Files\ShoppingReport Trojan.Fake-Drop/Gen C:\WINDOWS\ACCESSS.EXE C:\WINDOWS\AVPCC.DLL C:\WINDOWS\CLRSSN.EXE C:\WINDOWS\CPAN.DLL C:\WINDOWS\CTFMON32.EXE C:\WINDOWS\CTRLPAN.DLL C:\WINDOWS\DIRECTX32.EXE C:\WINDOWS\DNSRELAY.DLL C:\WINDOWS\EDITPAD.EXE C:\WINDOWS\EXPLORE.EXE C:\WINDOWS\EXPLORER32.EXE C:\WINDOWS\FUNNIEST.EXE C:\WINDOWS\FUNNY.EXE C:\WINDOWS\GFMNAAA.DLL C:\WINDOWS\HELPCVS.EXE C:\WINDOWS\INETINF.EXE C:\WINDOWS\INTERNET.EXE C:\WINDOWS\MSCONFD.DLL C:\WINDOWS\MSSPI.DLL C:\WINDOWS\MSSYS.EXE C:\WINDOWS\MSUPDATE.EXE C:\WINDOWS\MSWSC10.DLL C:\WINDOWS\MSWSC20.DLL C:\WINDOWS\MTWIRL32.DLL C:\WINDOWS\NOTEPAD32.EXE C:\WINDOWS\QTTASKS.EXE C:\WINDOWS\QUICKEN.EXE C:\WINDOWS\RUNDLL16.EXE C:\WINDOWS\SEARCHWORD.DLL C:\WINDOWS\SISTEM.EXE C:\WINDOWS\SVCHOST32.EXE C:\WINDOWS\SVCINIT.EXE C:\WINDOWS\TIME.EXE C:\WINDOWS\USERS32.EXE C:\WINDOWS\WAOL.EXE C:\WINDOWS\WIN64.EXE C:\WINDOWS\WINAJBM.DLL C:\WINDOWS\WINDOW.EXE C:\WINDOWS\WINMGNT.EXE C:\WINDOWS\X.EXE C:\WINDOWS\XPLUGIN.DLL C:\WINDOWS\Y.EXE Trojan.Dropper/ASTCTL32 C:\WINDOWS\ASTCTL32.OCX Rogue.LiveSecurityCenter-Trace C:\WINDOWS\DEFAULT.HTM Trojan.Downloader-Gen/Win C:\WINDOWS\IEDLL.EXE C:\WINDOWS\WIN32E.EXE Trojan.Unclassified/IExplorer-Fake C:\WINDOWS\IEXPLORER.EXE Trojan.Unclassified/Loader-Suspicious C:\WINDOWS\LOADER.EXE Trojan.CWS/VBE C:\WINDOWS\RUNDLL32.VBE Trojan.Downloader-Systeem C:\WINDOWS\SYSTEEM.EXE Rogue.Multi-Dropper/Installer C:\WINDOWS\SYSTEM32\RI\FUNTRSLL.EXE Trojan.Downloader-SystemCritcial/Fake Alert C:\WINDOWS\SYSTEMCRITICAL.EXE Trojan.Unclassified/XXXVid C:\WINDOWS\XXXVIDEO.HTA Lenke til kommentar
norbat Skrevet 24. juni 2008 Forfatter Del Skrevet 24. juni 2008 Kjør combofix også. Loggene legges i en egen tråd som du oppretter ved å klikke Nytt Emne. Derfra skal vi nok fjerne resten av malwaren Lenke til kommentar
pxK Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 Fikk en trojan nå og må bare sjekke om jeg klarte å slette den og ta vekk alt driten den fikk med. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:33:30, on 25.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Windows\SysWOW64\CtHelper.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\AVG\AVG8\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUpldnb-no.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9686 bytes Lenke til kommentar
r2d290 Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 Så ganske rent og pent ut det der. Du kan godt fikse denne linja: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Hvis du vil være helt sikker på at det er rent, kan du lage en combofix-logg: Last ned Combofix, og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Post loggfilen fra Combofix (c:\combofix.txt) Lenke til kommentar
pxK Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 Fikk feilmelding om at den bare funker på win 2000 eller xp ? Lenke til kommentar
r2d290 Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 Det stemmer ikke, men den fungerer ikke på 64-bit som du har... Du kan legge ut en deckard-log istede: Deckard, legg på skrivebord. Kjør dss.exe og følg veiledningen post loggen som spretter opp. Lenke til kommentar
pxK Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 (endret) deckard logg Deckard's System Scanner v20071014.68 Run by Per Otto on 2008-06-25 15:10:34 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 18: 2008-06-22 20:31:58 UTC - RP328 - Planlagt kontrollpunkt 17: 2008-06-21 17:45:58 UTC - RP327 - Planlagt kontrollpunkt 16: 2008-06-20 08:53:12 UTC - RP326 - Windows Update 15: 2008-06-20 00:44:06 UTC - RP325 - Planlagt kontrollpunkt 14: 2008-06-19 10:32:06 UTC - RP324 - Planlagt kontrollpunkt -- First Restore Point -- 1: 2008-06-06 11:07:49 UTC - RP311 - Planlagt kontrollpunkt Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Per Otto.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:11:47, on 25.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Windows\SysWOW64\CtHelper.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\AVG\AVG8\avgtray.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Users\Per Otto\Desktop\dss.exe C:\Windows\SysWOW64\conime.exe C:\PROGRA~2\TRENDM~1\HIJACK~1\Per Otto.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUpldnb-no.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9683 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 ACPI (Microsoft ACPI-driver) - c:\windows\system32\drivers\acpi.sys (file missing) R0 atapi (IDE-kanal) - c:\windows\system32\drivers\atapi.sys (file missing) R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing) R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing) R0 disk (Diskdriver) - c:\windows\system32\drivers\disk.sys (file missing) R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing) R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing) R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing) R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys (file missing) R0 JRAID - c:\windows\system32\drivers\jraid.sys (file missing) R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing) R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing) R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing) R0 Mup - c:\windows\system32\drivers\mup.sys (file missing) R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing) R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing) R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing) R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing) R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing) R0 Tcpip (Driver for TCP/IP-protokoll) - c:\windows\system32\drivers\tcpip.sys (file missing) R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing) R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing) R0 volsnap (Lagringsvolumer) - c:\windows\system32\drivers\volsnap.sys (file missing) R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing) R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing) R1 AvgLdx64 (AVG AVI Loader Driver x64) - c:\windows\system32\drivers\avgldx64.sys (file missing) R1 AvgMfx64 (AVG Minifilter x64 Resident Driver) - c:\windows\system32\drivers\avgmfx64.sys (file missing) R1 cdrom (CD-ROM-driver) - c:\windows\system32\drivers\cdrom.sys (file missing) R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing) R1 i8042prt (i8042-tastatur og PS/2-museportdriver) - c:\windows\system32\drivers\i8042prt.sys (file missing) R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing) R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing) R1 mouclass (Museklassedriver) - c:\windows\system32\drivers\mouclass.sys (file missing) R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing) R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing) R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing) R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing) R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing) R1 Null - c:\windows\system32\drivers\null.sys (file missing) R1 PSched (QoS-pakkeplanlegger) - c:\windows\system32\drivers\pacer.sys (file missing) R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing) R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing) R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing) R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing) R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys (file missing) R1 Serial (Driver for seriell port) - c:\windows\system32\drivers\serial.sys (file missing) R1 Smb (Meldingsorientert TCP/IP- og TCP/IPv6-protokoll (SMB-økt)) - c:\windows\system32\drivers\smb.sys (file missing) R1 tdx (TDI-støttedriver for eldre NetIO) - c:\windows\system32\drivers\tdx.sys (file missing) R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing) R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing) R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing) R2 lltdio (I/U-driver for tilordning av topologigjenkjenning for linklag) - c:\windows\system32\drivers\lltdio.sys (file missing) R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing) R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing) R2 rspndr (Svarer for topologigjenkjenning for linklag) - c:\windows\system32\drivers\rspndr.sys (file missing) R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing) R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing) R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys (file missing) R3 AsyncMac (RAS asynkron mediedriver) - c:\windows\system32\drivers\asyncmac.sys (file missing) R3 AvgWfpA (AVG8 Firewall Driver x64) - c:\windows\system32\drivers\avgwfpa.sys (file missing) R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing) R3 CT20XUT.DLL - c:\windows\system32\ct20xut.dll (file missing) R3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing) R3 CTEXFIFX.DLL - c:\windows\system32\ctexfifx.dll (file missing) R3 CTHWIUT.DLL - c:\windows\system32\cthwiut.dll (file missing) R3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing) R3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing) R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing) R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing) R3 fdc (Driver for diskettkontroller) - c:\windows\system32\drivers\fdc.sys (file missing) R3 flpydisk (Diskettstasjondriver) - c:\windows\system32\drivers\flpydisk.sys (file missing) R3 GEARAspiWDM - c:\windows\system32\drivers\gearaspiwdm.sys (file missing) R3 ha20x2k (Creative 20X HAL Driver) - c:\windows\system32\drivers\ha20x2k.sys (file missing) R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing) R3 HidUsb (Microsoft HID-klassedriver) - c:\windows\system32\drivers\hidusb.sys (file missing) R3 HTTP - c:\windows\system32\drivers\http.sys (file missing) R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing) R3 iScsiPrt (iScsiPort-driver) - c:\windows\system32\drivers\msiscsi.sys (file missing) R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing) R3 L8042Kbd (SetPoint Keyboard Driver) - c:\windows\system32\drivers\l8042kbd.sys (file missing) R3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing) R3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing) R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing) R3 mouhid (Muse-HID-driver) - c:\windows\system32\drivers\mouhid.sys (file missing) R3 mpsdrv (Driver for Windows-brannmurgodkjenning) - c:\windows\system32\drivers\mpsdrv.sys (file missing) R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing) R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing) R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing) R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing) R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing) R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing) R3 NativeWifiP (NativeWiFi-filter) - c:\windows\system32\drivers\nwifi.sys (file missing) R3 NdisTapi (NDIS TAPI-driver for ekstern pålogging) - c:\windows\system32\drivers\ndistapi.sys (file missing) R3 Ndisuio (I/T-protokoll for NDIS-brukermodus) - c:\windows\system32\drivers\ndisuio.sys (file missing) R3 NdisWan (NDIS WAN-driver for ekstern pålogging) - c:\windows\system32\drivers\ndiswan.sys (file missing) R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing) R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing) R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing) R3 ohci1394 (AGERE OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing) R3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing) R3 PptpMiniport (WAN-miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing) R3 Rasl2tp (WAN-miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing) R3 RasPppoe (PPPOE-driver for ekstern pålogging) - c:\windows\system32\drivers\raspppoe.sys (file missing) R3 RasSstp (WAN-miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing) R3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing) R3 RTL8169 (Realtek 8169 NT Driver) - c:\windows\system32\drivers\rtlh64.sys (file missing) R3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing) R3 srv - c:\windows\system32\drivers\srv.sys (file missing) R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing) R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing) R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing) R3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing) R3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing) R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing) R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing) R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing) R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing) R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing) R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing) R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing) R3 yukonx64 (NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller) - c:\windows\system32\drivers\yk60x64.sys (file missing) R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing) S2 atksgt - c:\windows\system32\drivers\atksgt.sys (file missing) S2 lirsgt - c:\windows\system32\drivers\lirsgt.sys (file missing) S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing) S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing) S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing) S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing) S3 BthEnum (Bluetooth Enumerator Service) - c:\windows\system32\drivers\bthenum.sys (file missing) S3 BthPan (Bluetooth-enhet (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys (file missing) S3 BTHPORT (Bluetooth Port-driver) - c:\windows\system32\drivers\bthport.sys (file missing) S3 BTHUSB (Bluetooth Radio USB-driver) - c:\windows\system32\drivers\bthusb.sys (file missing) S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll (file missing) S3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing) S3 CTAUDFX.DLL - c:\windows\system32\ctaudfx.dll (file missing) S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll (file missing) S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll (file missing) S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll (file missing) S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll (file missing) S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing) S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll (file missing) S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing) S3 E1G60 (Intel® PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing) S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing) S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing) S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing) S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing) S3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\hdaudio.sys (file missing) S3 IpFilterDriver (Driver for IP-trafikkfilter) - c:\windows\system32\drivers\ipfltdrv.sys (file missing) S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing) S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing) S3 Modem - c:\windows\system32\drivers\modem.sys (file missing) S3 MSKSSRV (Tjenesteproxy for Microsoft Streaming) - c:\windows\system32\drivers\mskssrv.sys (file missing) S3 MSPCLOCK (Klokkeproxy for Microsoft Streaming) - c:\windows\system32\drivers\mspclock.sys (file missing) S3 MSPQM (Kvalitetsbehandlingsproxy for Microsoft Streaming) - c:\windows\system32\drivers\mspqm.sys (file missing) S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing) S3 MSTEE (Tee/Sink-to-Sink-konverterer for Microsoft Streaming) - c:\windows\system32\drivers\mstee.sys (file missing) S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing) S3 QWAVEdrv (QWAVE-driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing) S3 RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - c:\windows\system32\drivers\rfcomm.sys (file missing) S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing) S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing) S3 Tcpip6 (Microsoft IPv6-protokolldriver) - c:\windows\system32\drivers\tcpip.sys (file missing) S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing) S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing) S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing) S3 USBAAPL64 (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl64.sys (file missing) S3 usbaudio (USB-lyddriver (WDM)) - c:\windows\system32\drivers\usbaudio.sys (file missing) S3 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing) S3 usbscan (USB Scanner Driver) - c:\windows\system32\drivers\usbscan.sys (file missing) S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing) S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing) S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing) S3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing) S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing) S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing) S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing) S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing) S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing) S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing) S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing) S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing) S4 arc - c:\windows\system32\drivers\arc.sys (file missing) S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing) S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing) S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing) S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing) S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing) S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing) S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing) S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing) S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing) S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing) S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing) S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing) S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing) S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing) S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing) S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing) S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing) S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing) S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing) S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing) S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing) S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing) S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing) S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing) S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing) S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing) S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing) S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing) S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing) S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing) S4 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing) S4 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing) S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing) S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing) S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing) S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing) S4 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing) S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing) S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing) S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing) S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing) S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing) S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing) S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing) S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing) S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing) S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing) S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing) S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing) S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing) S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing) S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing) S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing) S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing) S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing) S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing) S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing) S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AEADIFilters (Andrea ADI Filters Service) - c:\windows\system32\aeadisrv.exe (file missing) R2 Apple Mobile Device - "c:\program files (x86)\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files (x86)\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> R2 CTAudSvcService (Creative Audio Service) - c:\program files (x86)\creative\shared files\ctaudsvc.exe R2 nvsvc (NVIDIA Display Driver Service) - c:\windows\system32\nvvsvc.exe (file missing) R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing) R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing) R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing) R3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing) R3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing) S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing) S3 Creative ALchemy AL6 Licensing Service - "c:\program files (x86)\common files\creative labs shared\service\al6licensing.exe" <Not Verified; Creative Labs; Creative ALchemy AL6 Licensing Service> S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing) S3 FLEXnet Licensing Service - "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing) S3 Netlogon - c:\windows\system32\lsass.exe (file missing) S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing) S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing) S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing) S3 Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe /runasservice S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing) S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing) S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: PS/2 Keyboard Device ID: ACPI\PNP0303\4&23F9C1E3&0 Manufacturer: Logitech Name: PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0 Service: i8042prt -- Scheduled Tasks ------------------------------------------------------------- 2008-06-25 15:11:04 270 --a------ C:\Windows\Tasks\RtlVistaStart.job 2008-06-25 13:34:18 464 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{6990F410-65C3-4547-9C58-B124B92D38D2}.job -- Files created between 2008-05-25 and 2008-06-25 ----------------------------- 2008-06-04 18:19:28 0 d-------- C:\Program Files (x86)\Lavasoft 2008-05-26 05:16:00 186463 --a------ C:\wubildr 2008-05-26 04:43:28 0 d-------- C:\ubuntu -- Find3M Report --------------------------------------------------------------- 2008-06-24 23:31:00 12 --a------ C:\Windows\bthservsdp.dat 2008-06-17 17:07:43 0 d-------- C:\Users\Per Otto\AppData\Roaming\Mozilla 2008-06-13 18:39:19 0 d-------- C:\Users\Per Otto\AppData\Roaming\Adobe 2008-06-13 18:38:10 0 d-------- C:\Program Files (x86)\Common Files\Adobe 2008-06-11 10:18:44 0 d-------- C:\Program Files (x86)\Windows Mail 2008-06-10 10:10:58 0 d-------- C:\Program Files (x86)\Common Files\Steam 2008-06-07 12:26:16 0 d-------- C:\Users\Per Otto\AppData\Roaming\uTorrent 2008-06-04 18:18:53 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2008-05-26 03:32:30 0 d-------- C:\Program Files (x86)\Stardock 2008-05-26 03:32:29 0 d-------- C:\Program Files (x86)\Common Files 2008-05-23 21:13:40 0 d-------- C:\Users\Per Otto\AppData\Roaming\Touchstone 2008-05-20 13:09:42 0 d-------- C:\Program Files (x86)\Microsoft Silverlight 2008-05-15 22:06:08 0 d-------- C:\Program Files (x86)\Creative 2008-05-15 22:04:41 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information 2008-05-15 22:04:19 0 d-------- C:\Program Files (x86)\Common Files\Creative Labs Shared 2008-05-02 19:01:52 0 d-------- C:\Program Files (x86)\iTunes 2008-05-02 19:01:48 0 d-------- C:\Program Files (x86)\iPod 2008-05-02 19:00:40 0 d-------- C:\Program Files (x86)\QuickTime 2008-05-02 18:58:24 0 d-------- C:\Program Files (x86)\Common Files\Apple 2008-05-02 18:49:07 0 d-------- C:\Program Files (x86)\Apple Software Update 2008-04-29 15:46:49 0 d-------- C:\Program Files (x86)\NeoSmart Technologies 2008-04-28 17:27:11 0 d-------- C:\Program Files (x86)\PROnetworks 2008-04-26 08:18:28 0 d-------- C:\Program Files (x86)\AVG 2008-04-16 00:40:54 174 --ahs---- C:\Program Files (x86)\desktop.ini 2008-04-16 00:20:56 413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-04-16 00:20:56 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library> 2008-04-01 04:05:23 34308 --a------ C:\Windows\system32\Chip.dll -- Registry Dump --------------------------------------------------------------- -- End of Deckard's System Scanner: finished at 2008-06-25 15:13:01 ------------ EDIT: skulle extra txt'en også følge med? Endret 25. juni 2008 av PoG Lenke til kommentar
norbat Skrevet 25. juni 2008 Forfatter Del Skrevet 25. juni 2008 Loggen ser grei ut. Hvilken type trojaner var det? (se i loggen på programmet du brukte) Lenke til kommentar
pxK Skrevet 25. juni 2008 Del Skrevet 25. juni 2008 (endret) Trojan horse BackDoor.Generic9.MQL EDIT: så det var rent? nada keylogger osv? Endret 25. juni 2008 av PoG Lenke til kommentar
mona14 Skrevet 1. juli 2008 Del Skrevet 1. juli 2008 Har en pc som går syyyyykt treigt. Hijackthis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:43:25, on 01.07.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SMINST\scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\F-Secure\common\FSM32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 12317 bytes Lenke til kommentar
norbat Skrevet 1. juli 2008 Forfatter Del Skrevet 1. juli 2008 Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør dereter en quick scan med gratisversjonen til SAS Fortell hvordan pc'n kjører etterpå. Lenke til kommentar
GLN Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 (endret) Fikk i oppdrag om å rense en pc til ei veninne av mor. Som jeg forstod har det ikke vært antivirus program på den. Loggene vil komme(maks 5min ca), skriver bare dette mens pcen scannes. SAS log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/02/2008 at 09:55 PM Application Version : 4.15.1000 Core Rules Database Version : 3495 Trace Rules Database Version: 1486 Scan type : Complete Scan Total Scan Time : 00:35:34 Memory items scanned : 630 Memory threats detected : 1 Registry items scanned : 5156 Registry threats detected : 27 File items scanned : 17110 File threats detected : 173 Adware.MyWebSearch C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32 HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable C:\PROGRAMFILER\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel C:\PROGRAMFILER\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKU\S-1-5-21-3937634974-2806810885-3606822660-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} C:\PROGRAMFILER\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE C:\WINDOWS\Prefetch\MWSOEMON.EXE-22AAA5A1.pf Adware.Tracking Cookie C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@1068557993[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@telenor.112.2o7[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@maxserving[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.vg.basefarm[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@1070873828[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@e2.emediate[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.stardoll[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@1063703709[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@tacoda[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@apmebf[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.dyrogmedia[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.cartoondollemporium[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@adrevolver[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@msnaccountservices.112.2o7[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@1071616675[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@revsci[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.gamesbannernet[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@telenorstartsiden.112.2o7[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@indextools[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@tradedoubler[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@2o7[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@clicksor[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@1061305017[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@watagame.banneradministration[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@adopt.euroclick[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@1061646973[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@msnportal.112.2o7[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@m1.webstats.motigo[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@click24[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@funwebproducts[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@mywebsearch[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@adopt.specificclick[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.gamershell[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@webcount.finn[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@crackle[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.habbogroup[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@maxis.112.2o7[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@media.adrevolver[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@track.adform[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@anad.tacoda[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@onetruemedia[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@stat.katalysatormedia[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@euros4click[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@eas.apm.emediate[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@toplist[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@server.cpmstar[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ad.yieldmanager[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@advertpro2.babymedia[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@blinck.112.2o7[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.no.webdeal[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@1062153831[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@doubleclick[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@tribalfusion[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.glispa[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ad1.hardware[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@specificclick[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@adrevolver[3].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.habbohotel[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@kontera[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@atdmt[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ad1.emediate[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@findexa.adbureau[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ad.zanox[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@www.click24[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@adbrite[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@adserver.myvideo[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ads.monster[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@account.live[2].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@spreadshirtag.112.2o7[1].txt C:\Documents and Settings\Birthe^_^\Cookies\birthe^_^@ad1.dmcmedia.co[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@hitbox[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@advertising[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@atdmt[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@casalemedia[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@toplist[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@ehg-nokiafin.hitbox[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@indextools[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@www.pstats[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@tradedoubler[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@xiti[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@zedo[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@doubleclick[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@e2.emediate[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@fastclick[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@media.adrevolver[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@track.adform[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@ads.vg.basefarm[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@ads.gamesbannernet[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@apmebf[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@statcounter[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@mywebsearch[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@ad.yieldmanager[2].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@adrevolver[1].txt C:\Documents and Settings\Birthe^_^\Lokale innstillinger\Temp\Cookies\birthe^_^@adtech[1].txt C:\Documents and Settings\Elena^_^\Cookies\elena^_^@atdmt[2].txt C:\Documents and Settings\Elena^_^\Cookies\elena^_^@2o7[2].txt C:\Documents and Settings\Elena^_^\Cookies\elena^_^@ad.yieldmanager[2].txt C:\Documents and Settings\Elena^_^\Cookies\elena^_^@msnaccountservices.112.2o7[1].txt C:\Documents and Settings\Elena^_^\Cookies\elena^_^@mywebsearch[1].txt C:\Documents and Settings\isabel\Cookies\[email protected][2].txt C:\Documents and Settings\isabel\Cookies\isabel@2o7[1].txt C:\Documents and Settings\isabel\Cookies\[email protected][1].txt C:\Documents and Settings\isabel\Cookies\[email protected][2].txt C:\Documents and Settings\isabel\Cookies\isabel@serving-sys[1].txt C:\Documents and Settings\isabel\Cookies\isabel@atdmt[2].txt C:\Documents and Settings\isabel\Cookies\isabel@doubleclick[1].txt C:\Documents and Settings\isabel\Cookies\isabel@mywebsearch[1].txt C:\Documents and Settings\isabel\Cookies\isabel@tradedoubler[1].txt C:\Documents and Settings\Kåre\Cookies\kåre@adbrite[1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@insightexpressai[2].txt C:\Documents and Settings\Kåre\Cookies\kåre@indextools[2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][2].txt C:\Documents and Settings\Kåre\Cookies\kåre@adrevolver[2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@adrevolver[3].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][2].txt C:\Documents and Settings\Kåre\Cookies\kåre@adinterax[2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@accounts[1].txt C:\Documents and Settings\Kåre\Cookies\kåre@tripod[2].txt C:\Documents and Settings\Kåre\Cookies\kåre@2o7[2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@atdmt[2].txt C:\Documents and Settings\Kåre\Cookies\kåre@accounts[2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@apmebf[1].txt C:\Documents and Settings\Kåre\Cookies\kåre@bravenet[1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][2].txt C:\Documents and Settings\Kåre\Cookies\kåre@clicksor[1].txt C:\Documents and Settings\Kåre\Cookies\kåre@doubleclick[1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@interclick[1].txt C:\Documents and Settings\Kåre\Cookies\kåre@indexstats[2].txt C:\Documents and Settings\Kåre\Cookies\kåre@kontera[2].txt C:\Documents and Settings\Kåre\Cookies\kåre@maxserving[1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@mywebsearch[2].txt C:\Documents and Settings\Kåre\Cookies\kåre@popularscreensavers[1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][2].txt C:\Documents and Settings\Kåre\Cookies\kåre@revsci[1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@smileycentral[1].txt C:\Documents and Settings\Kåre\Cookies\kåre@specificclick[2].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@tacoda[1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kåre@toplist[1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt C:\Documents and Settings\Kåre\Cookies\kå[email protected][1].txt .doubleclick.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] e2.emediate.se [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] e2.emediate.se [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .adtech.de [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .adtech.de [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .realmedia.com [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .freefind.com [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Kåre\Programdata\Mozilla\Firefox\Profiles\4wrhafdn.default\cookies.txt ] Combofix log: ComboFix 08-07-01.5 - Birthe^_^ 2008-07-02 22:36:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.113 [GMT 2:00] Running from: C:\Documents and Settings\Birthe^_^\Mine dokumenter\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Birthe^_^\Programdata\FunWebProducts C:\Documents and Settings\Birthe^_^\Programdata\FunWebProducts\Data\Birthe^_^\avatar.dat C:\Programfiler\FunWebProducts C:\Programfiler\FunWebProducts\ScreenSaver\Cache\00518A06.jpg C:\Programfiler\FunWebProducts\ScreenSaver\Cache\files.ini C:\Programfiler\FunWebProducts\ScreenSaver\Images\004F6198.urr C:\Programfiler\FunWebProducts\ScreenSaver\Images\0050FF98.urr C:\Programfiler\FunWebProducts\ScreenSaver\Images\02452F34.urr C:\Programfiler\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp C:\Programfiler\FunWebProducts\ScreenSaver\Images\wrkparam.lst C:\Programfiler\FunWebProducts\Shared\00476AF5.dat C:\Programfiler\FunWebProducts\Shared\00F9F7E1.dat C:\Programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MailStampBtn-new.html C:\Programfiler\FunWebProducts\Shared\Cache\MailStampBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html C:\Programfiler\FunWebProducts\Shared\Cache\MyStationeryBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Programfiler\GamesBar\oberontb.dll C:\Programfiler\internet explorer\msimg32.dll C:\Programfiler\MyWebSearch C:\Programfiler\MyWebSearch\bar\1.bin\F3BKGERR.JPG C:\Programfiler\MyWebSearch\bar\1.bin\F3BROVLY.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3CJPEG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3DTACTL.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HISTSW.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HTMLMU.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HTTPCT.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3IMSTUB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3POPSWT.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3PSSAVR.SCR C:\Programfiler\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3RESTUB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SCHMON.EXE C:\Programfiler\MyWebSearch\bar\1.bin\F3SCRCTR.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SHLLVW.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SPACER.WMV C:\Programfiler\MyWebSearch\bar\1.bin\F3WALLPP.DAT C:\Programfiler\MyWebSearch\bar\1.bin\F3WPHOOK.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3FFXTBR.JAR C:\Programfiler\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\1.bin\M3HTML.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3IDLE.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3IMPIPE.EXE C:\Programfiler\MyWebSearch\bar\1.bin\M3MSG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3PLUGIN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3SKIN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3SKPLAY.EXE C:\Programfiler\MyWebSearch\bar\1.bin\M3SLSRCH.EXE C:\Programfiler\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\NPMYWEBS.DLL C:\Programfiler\MyWebSearch\bar\Avatar\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Cache\0004B3FA C:\Programfiler\MyWebSearch\bar\Cache\002E6F25.bin C:\Programfiler\MyWebSearch\bar\Cache\002E707D.bin C:\Programfiler\MyWebSearch\bar\Cache\002E730D.bin C:\Programfiler\MyWebSearch\bar\Cache\002E7436.bin C:\Programfiler\MyWebSearch\bar\Cache\002E7678 C:\Programfiler\MyWebSearch\bar\Cache\00444693.bin C:\Programfiler\MyWebSearch\bar\Cache\004447DB.bin C:\Programfiler\MyWebSearch\bar\Cache\004454DB.bin C:\Programfiler\MyWebSearch\bar\Cache\004461CC.bin C:\Programfiler\MyWebSearch\bar\Cache\files.ini C:\Programfiler\MyWebSearch\bar\Game\CHECKERS.F3S C:\Programfiler\MyWebSearch\bar\Game\CHESS.F3S C:\Programfiler\MyWebSearch\bar\Game\REVERSI.F3S C:\Programfiler\MyWebSearch\bar\History\search2 C:\Programfiler\MyWebSearch\bar\icons\CM.ICO C:\Programfiler\MyWebSearch\bar\icons\MFC.ICO C:\Programfiler\MyWebSearch\bar\icons\PSS.ICO C:\Programfiler\MyWebSearch\bar\icons\SMILEY.ICO C:\Programfiler\MyWebSearch\bar\icons\WB.ICO C:\Programfiler\MyWebSearch\bar\icons\ZWINKY.ICO C:\Programfiler\MyWebSearch\bar\Message\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Notifier\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Notifier\DOG.F3S C:\Programfiler\MyWebSearch\bar\Notifier\FISH.F3S C:\Programfiler\MyWebSearch\bar\Notifier\KUNGFU.F3S C:\Programfiler\MyWebSearch\bar\Notifier\LIFEGARD.F3S C:\Programfiler\MyWebSearch\bar\Notifier\MAID.F3S C:\Programfiler\MyWebSearch\bar\Notifier\MAILBOX.F3S C:\Programfiler\MyWebSearch\bar\Notifier\OPERA.F3S C:\Programfiler\MyWebSearch\bar\Notifier\ROBOT.F3S C:\Programfiler\MyWebSearch\bar\Notifier\SEDUCT.F3S C:\Programfiler\MyWebSearch\bar\Notifier\SURFER.F3S C:\Programfiler\MyWebSearch\bar\Settings\prevcfg2.htm C:\Programfiler\MyWebSearch\bar\Settings\s_pid.dat C:\Programfiler\MyWebSearch\bar\Settings\setting2.htm C:\Programfiler\MyWebSearch\bar\Settings\settings.dat C:\WINDOWS\system32\f3PSSavr.scr . ((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))) . 2008-07-02 21:18 . 2008-07-02 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-02 21:17 . 2008-07-02 21:18 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-02 21:17 . 2008-07-02 21:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-02 21:17 . 2008-07-02 21:17 <DIR> d-------- C:\Documents and Settings\Birthe^_^\Programdata\SUPERAntiSpyware.com 2008-06-04 22:34 . 2008-06-04 22:34 754 --a------ C:\WINDOWS\WORDPAD.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-02 20:37 --------- d-----w C:\Programfiler\GamesBar 2008-07-02 20:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\GamesBar 2008-07-02 20:30 --------- d-----w C:\Documents and Settings\Birthe^_^\Programdata\IMVU 2008-07-02 20:29 --------- d-----w C:\Documents and Settings\Birthe^_^\Programdata\OpenOffice.org2 2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:16 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-03-03 21:40 0 ----a-w C:\Programfiler\temp01 2006-03-31 19:43 0 ----a-w C:\Documents and Settings\Kåre\Programdata\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-05 13:38 68856] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 22:05 344064] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32 132760] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 22:50 729178] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 11:59 794624] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2004-10-13 17:04 278528] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2005-11-30 08:13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54 253952] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 17:17 409600] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26 233534] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 06:42 176128] "OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 17:16 356352] "lxdimon.exe"="C:\Programfiler\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 20:07 435120] "lxdiamon"="C:\Programfiler\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 14:40 20480] "FaxCenterServer"="C:\Programfiler\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 20:10 312240] "LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 02:12 488984] "LogitechQuickCamRibbon"="C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 02:13 774168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360] C:\Documents and Settings\isabel\Start-meny\Programmer\Oppstart\ IMVU.lnk - C:\Programfiler\IMVU\IMVUClient.exe [2007-12-20 04:00:16 49408] C:\Documents and Settings\K†re\Start-meny\Programmer\Oppstart\ IMVU.lnk - C:\Programfiler\IMVU\IMVUClient.exe [2007-12-20 04:00:16 49408] OpenOffice.org 2.0.lnk - C:\Documents and Settings\K†re\Favoritter\Mail.url [2007-02-21 11:06:08 322] OpenOffice.org 2.1.lnk - C:\Programfiler\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48 393216] C:\Documents and Settings\Birthe^_^\Start-meny\Programmer\Oppstart\ IMVU.lnk - C:\Programfiler\IMVU\IMVUClient.exe [2007-12-20 04:00:16 49408] OpenOffice.org 2.1.lnk - C:\Programfiler\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48 393216] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Bluetooth Manager.lnk - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 21:42:36 45056] HP Digital Imaging Monitor.lnk - C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] Mobilt Kontor.lnk - C:\Programfiler\Telenor\Mobilt Kontor\Mobilt Kontor.exe [2007-05-10 09:38:58 565248] Photo Loader supervisory.lnk - C:\Programfiler\CASIO\Photo Loader\Plauto.exe [2007-07-04 09:09:11 229376] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\Lexmark 3500-4500 Series\\lxdimon.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"= "C:\\Programfiler\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"= "C:\\WINDOWS\\system32\\lxdicoms.exe"= "C:\\Programfiler\\Lexmark 3500-4500 Series\\lxdiamon.exe"= "C:\\Programfiler\\Lexmark 3500-4500 Series\\App4r.exe"= "C:\\Programfiler\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"= "C:\\Programfiler\\Lexmark Fax Solutions\\FaxCtr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 11:06] R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-03-12 01:49] S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48] S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48] S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-03-21 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe "2008-07-02 19:44:09 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . - - - - ORPHANS REMOVED - - - - HKCU-Run-SweetIM - C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-02 22:41:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????8?1?0?8??`???? ???B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-02 22:43:08 ComboFix-quarantined-files.txt 2008-07-02 20:43:04 Pre-Run: 57,800,200,192 byte ledig Post-Run: 59,196,809,216 byte ledig 240 --- E O F --- 2008-06-30 11:37:03 HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:44:44, on 02.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe C:\Programfiler\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxdicoms.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Lexmark 3500-4500 Series\lxdimon.exe C:\Programfiler\Lexmark 3500-4500 Series\lxdiamon.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe C:\Programfiler\HPQ\SHARED\HPQWMI.exe C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntupd.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Telenor\Mobilt Kontor\Mobilt Kontor.exe C:\Programfiler\CASIO\Photo Loader\Plauto.exe C:\Programfiler\OpenOffice.org 2.1\program\soffice.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programfiler\OpenOffice.org 2.1\program\soffice.BIN C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\LVComSX.exe C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programfiler\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Birthe^_^\Mine dokumenter\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [lxdimon.exe] "C:\Programfiler\Lexmark 3500-4500 Series\lxdimon.exe" O4 - HKLM\..\Run: [lxdiamon] "C:\Programfiler\Lexmark 3500-4500 Series\lxdiamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programfiler\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Programfiler\IMVU\IMVUClient.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Programfiler\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Mobilt Kontor.lnk = C:\Programfiler\Telenor\Mobilt Kontor\Mobilt Kontor.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm490YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\isabel\Start-meny\Programmer\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://172.21.15.50:8080/officescan/consol...ll/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://172.21.15.50:8080/officescan/consol...ll/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://172.21.15.50:8080/officescan/consol...stall/setup.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://C:\Programfiler\Forgotten Riddles - The Mayan Princess\Images\stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://172.21.15.50:8080/officescan/console/html/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://172.21.15.50:8080/officescan/consol.../RemoveCtrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140028536852 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programfiler\Baby Luv\Images\armhelper.ocx O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://rc.puppyred.com/init.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: GtFlashSwitch - OptionNV - C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programfiler\Hotspot Shield\bin\openvpnas.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe -- End of file - 12856 bytes Hvordan ser det ut, hva må gjøres? Vil ha bort de det "reklame-søk" tingene som er under adressebaren, er ca 4-5stk bla google. Er det mulig? Ellers så vil jeg ha bort så mest mulig dritt. Endret 2. juli 2008 av Pirja Lenke til kommentar
norbat Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 Mange av disse søk-linjene kan fjernes fra legg til / fjern programmer: SweetIM Google toolbar Live Toolbar Start deretter hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm490YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Fortell hvordan det går med toolbars etc. Lenke til kommentar
mona14 Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør dereter en quick scan med gratisversjonen til SAS Fortell hvordan pc'n kjører etterpå. Den er kanskje ikke like treig som før jeg kjørte det her, men den er fortsatt treg : o Lenke til kommentar
norbat Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 Fant SAS noe annet enn cookies? Det virker ikke som om dette skyldes malware, så jeg tror du skal fortsette å rydde litt: 1. Avinstaller programmer du ikke bruker 2. Fjern programmer fra å starte opp samtidig med windows: Start CCleaner, velg Verktøy. Klikk på Oppstart-knappen. Slett oppslag knyttet til programmer du ikke behøver å starte når windows starter opp. 3. Diskdefragmentering: Tilbehør->systemverktøy->diskdefragmentering Har den plutselig blitt treg eller har det skjedd gradvis? Lenke til kommentar
GLN Skrevet 3. juli 2008 Del Skrevet 3. juli 2008 (endret) Etter jeg søkte gjennom pcen og posta loggene, så kjørte jeg en diskfragmentering siden pcen gikk så tregt, trodde det, sammen med få bort alle virusene skulle få fart på pcen. Men da jeg startet pcen idag var det ingen programmer på programlisten i start-menyen, oppgavebehandligen fantes ikke og ingen av filene på skrivebordet reagerte, men de er der forsatt. Kan viruset ha tatt knekken på pcen, eller er det noe annet pc feil? Endret 3. juli 2008 av Pirja Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå