krøllas Skrevet 16. februar 2006 Forfatter Del Skrevet 16. februar 2006 jeg får beskjeden "feil på siden" når jeg skal kjøre panda scan. Lenke til kommentar
Pozzolan Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 Hei igjen! Prøv de andre først og se om de finner noe. Lenke til kommentar
krøllas Skrevet 16. februar 2006 Forfatter Del Skrevet 16. februar 2006 det virker som det hjalp litt å fjerne alt på HJT, men fortsatt litt reklamer og jeg for beskjed om at noen trojanere og reklamer er satt i karatene av Norman her er en fersk log fra HJT hvis det hjelper, kanskje noe er oversett Logfile of HijackThis v1.99.1 Scan saved at 16:26:04, on 16.02.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe P:\quicktime\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe P:\Norman\Bin\ZLH.EXE C:\WINDOWS\TBPanel.exe C:\Programfiler\MSI\Live Update 3\LMonitor.exe C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programfiler\outlook\outlook.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\CTsvcCDA.EXE P:\Norman\Bin\Zanda.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe P:\Norman\bin\NJEEVES.EXE P:\Norman\Nvc\BIN\NVCSCHED.EXE P:\Norman\Nvc\BIN\nipsvc.exe P:\Norman\Nvc\BIN\NIP.EXE P:\Norman\Nvc\bin\nvcoas.exe P:\Norman\Nvc\bin\cclaw.exe P:\MOZILLA\plugins\GetFlash.exe P:\Spybot - Search & Destroy\SpybotSD.exe P:\MOZILLA\FIREFOX.EXE C:\WINDOWS\explorer.exe P:\WinRaR\WinRAR.exe C:\DOCUME~1\Jonas\LOKALE~1\Temp\Rar$EX10.797\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "P:\quicktime\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Norman ZANDA] P:\Norman\Bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [outlook] C:\Programfiler\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] P:\Valve\\Steam.exe -silent O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\m8ls0i37e8.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - P:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - P:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - P:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - P:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - P:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Lenke til kommentar
Pozzolan Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 Bare ett spørsmål: har du innstalert en ny brannmur? Se på http://smb.sygate.com/products/spf_standard.htm Lenke til kommentar
krøllas Skrevet 16. februar 2006 Forfatter Del Skrevet 16. februar 2006 Bare ett spørsmål: har du innstalert en ny brannmur? Se på http://smb.sygate.com/products/spf_standard.htm 5615343[/snapback] nope, er det mulig å få en gratis Firewall som er bra og ikke spammer meg med reklame osv? Lenke til kommentar
Pozzolan Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 Den jeg linker til er 100% gratis men de har stoppet utviklingen av den da dumme symantec kjøpte de opp. Jeg bruker den selv og har ikke noen problemer med den. Lenke til kommentar
krøllas Skrevet 16. februar 2006 Forfatter Del Skrevet 16. februar 2006 så det går ikke ann å laste den ned lenger? eller er det bare jeg som ikke ser en gratis download, ser bare de med priser Lenke til kommentar
Pozzolan Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 Se her. Du bør også fjerne O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\m8ls0i37e8.dll og O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ med hijackthis. Lenke til kommentar
krøllas Skrevet 16. februar 2006 Forfatter Del Skrevet 16. februar 2006 sånn da har jeg gjort det, men det kommer fortsatt litt reklamer.. hvordan vet jeg hvilke programmer/filer jeg ikke skal gi tilgang til internett? på firewallen Lenke til kommentar
berxter Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 Jajamen, her er MiMail vekk ihvertfall. Disse må vekk. O4 - HKLM\..\Run: [winlog] winlog.exe O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\m8ls0i37e8.dll Denne er blitt renamet, og vi tar'n med Killbox litt senere. O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ Du får heller ikke Panda til å virke; andremann i dag... OK, da gjør vi det slik: Last ned Ewido , installer og oppdater. IKKE KJØR! Mens du nå er ute og laster ned kan du ta Killbox , vi trenger den sikkert til denne .dll-fila. Kjør HJT, hak av ved disse 3 som nevnt, fix checked. Reboot til safe mode (du veit, med f8...) Lukk alle applikasjoner med ctr-del-alt Kjør Ewido, "Click on scanner Click on Settings Under "How to scan" all boxes should be selected Under "Possibly unwanted software" all boxes should be selected Under "What to scan" select scan every file Click OK Click on Complete system scan Let the program scan the machine If ewido finds anything, it will pop up a notification. Have ewido fix/clean anything found. Once the scan has completed, there will be a button located on the bottom of the screen named Save report. Click Save report Save the report to your desktop Exit ewido" Ewidologgen er så fælslig lang hvis den finner noe, så vi sparer den til senere. Bruk Killbox på C:\WINDOWS\system32\m8ls0i37e8.dll Ny HJT-logg? Bernt K Lenke til kommentar
Pozzolan Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 Du kan jo søke på google etter programmnavnet og så finner du raskt ut om det er virus/trojaner etc... Har du prøvd alle online scan sidene? Lenke til kommentar
krøllas Skrevet 16. februar 2006 Forfatter Del Skrevet 16. februar 2006 (endret) fersk HJT logg etter jeg fjerna det du sa forrige gang, og ja jeg har tatt noen online scannere. bruke killbox på den jeg fjerna med HJT:p file does not exist.. Endret 16. februar 2006 av Kaldahl Lenke til kommentar
krøllas Skrevet 16. februar 2006 Forfatter Del Skrevet 16. februar 2006 burde jeg blokkere programmet påloggingsprogram for Windows NT (winlogon.exe)? fikk dette på en ewido quick scan nå( har ikke tid til full akkurat nå..) --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 17:45:39, 16.02.2006 + Report-Checksum: 55455552 + Scan result: [172] C:\WINDOWS\system32\svcfiles.dll -> Adware.Look2Me : Error during cleaning [1668] C:\WINDOWS\system32\svcfiles.dll -> Adware.Look2Me : Error during cleaning [2496] C:\Programfiler\outlook\outlook.exe -> Worm.VB.dw : Cleaned with backup C:\WINDOWS\gimmygames.exe -> Downloader.VB.wd : Cleaned with backup Lenke til kommentar
Pozzolan Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 burde jeg blokkere programmet påloggingsprogram for Windows NT (winlogon.exe)? fikk dette på en ewido quick scan nå( har ikke tid til full akkurat nå..)" Hvor ligger programmet? Ligger det i C:WINDOWS\System32 så er det vel greit. Ligger det en annen plass så har du en trojaner/virus Lenke til kommentar
krøllas Skrevet 16. februar 2006 Forfatter Del Skrevet 16. februar 2006 (endret) den ligger i system 32 men når jeg blokker den har jeg enda ikke fått en popup Endret 16. februar 2006 av Kaldahl Lenke til kommentar
Pozzolan Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 Hva mener du? En popup om at den er blokkert eller hva? Det kan jo være at den ikke har prøvd flere ganger. Lenke til kommentar
berxter Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 (endret) Last ned fra en av disse stedene: http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe Save fila på desktoppen og dobbelklikk l2mfix.exe. Installer iht anvisningene, åpne l2mfix folderen på desktoppen. Dobbelklikk l2mfix.bat og velg option #1 for Run Find Log ved å trykke 1 og Enter. Dette scanner maskina, og det vil synes som intet skjer, så etter et minutt eller 2 åpner Notepad med en logg. Post denne. Ikke kjør option 2 eller noe annet i l2mfix før du har vist oss loggen. Bernt K Endret 16. februar 2006 av berxter Lenke til kommentar
krøllas Skrevet 16. februar 2006 Forfatter Del Skrevet 16. februar 2006 finner ikke l2mfix.bat i folderen.. Lenke til kommentar
berxter Skrevet 16. februar 2006 Del Skrevet 16. februar 2006 Hmmm? Dobbelklikk l2mfix, så får du opp en side med flg text: By using this tool you do so at your own risk. Please get proper guidance if not sure of anything. DO NOT mirror without permission from Shadowwar. I can be reached at [email protected] to knapper, accept og decline. Accept, og den dekomprimerer en del filer til en ny folder på desktoppen som heter l2mfix. Åpne denne folderen med et dobbelklikk, og du får opp disse: regfixes(folder) fixautont.html keypress.com l2mfix.bat locate.com og en del andre. Hmm, kanskje du må fortelle XP at den må vise deg skjulte og systemfiler, men det gikk jeg ut ifra at var ok, ettersom vi var kommet såpass langt. Vel, hvis det er årsaken, tools->folder options->view->show hidden files and folders og fjern merket i hide protected system files. Så trykker du på Apply to all folders. Bernt K Lenke til kommentar
krøllas Skrevet 17. februar 2006 Forfatter Del Skrevet 17. februar 2006 ok her har du loggen, programmet het bare l2mfix ikke l2mfix.bat:p så ble litt forvirret men her er den L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellServiceObjectDelayLoad] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\mv2ml9f11.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{CDA74586-3212-C02C-295F-88221CAF376E}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Egenskapsside for multimediefil" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM skannerbehandling" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-sikkerhetsside" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskapsside for OLE DOC-fil" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Skallutvidelse for deling" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermkort" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermtype" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrollpanelsutvidelse for skjermpanorering" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-sikkerhetsside" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Diskkopieringsutvidelse" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Skallutvidelser for Microsoft Windows-nettverksobjekter" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM skjermbehandling" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM skriverbehandling" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Skallutvidelser for filkomprimering" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Skallutvidelse for Web-skriver" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Hurtigmeny for kryptering" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Koffert" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Ikonutvidelse for HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Skrifter" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Skriversikkerhetsside" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Skallutvidelse for deling" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-utvidelse" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign-utvidelse" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Nettverkstilkoblinger" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Nettverkstilkoblinger" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannere og kameraer" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannere og kameraer" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannere og kameraer" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannere og kameraer" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannere og kameraer" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Skallutvidelser for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-datakobling" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte oppgaver" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Oppgavelinje og Start-meny" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›k" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hjelp og st›tte" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Kj›r..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internett" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-post" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative verkt›y" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Egenskapsside for tidligere versjoner" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Tidligere versjoner" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internett-verkt›ylinje" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Nedlastingsstatus" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="B†ndproxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft-tjeneste for tidligere URL-adresser" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Logg" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Midlertidige Internett-filer" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft-binding for URL-s›k" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbilde for Internet Explorer 4.0" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internett" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-b†nd" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Mappe for ActiveX-hurtigbuffer" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Abonnementsmappe" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Behandling av skallprogrammer" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerator for installerte programmer" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin Programpubliserer" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Uttrekking av miniatyrbilder i GDI+-filer" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Behandling av informasjon om miniatyrbilder" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Uttrekking av HTML-miniatyrbilder" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Veiviser for Web-publisering" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestille utskrifter via Weben" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Veiviserobjekt for skallpublisering" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="F† en passport-veiviser" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brukerkontoer" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanalsnarvei" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanalbehandlingsobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappe for Frakoblede filer" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Etter &personer..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{BF05BB6E-442C-428B-8025-82280B7BC26C}"="Zen Micro Media Explorer" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{A4DF5659-0801-4A60-9607-1C48695EFDA9}"="Share-to-Web-opplastingsmappe" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{0B2EFBA7-F846-41B1-BDF0-A0116041262C}"="" "{220F3861-5297-499F-B63C-24D3C217F8F0}"="" "{A55A7A8E-7533-4291-A966-513EC5FA2E32}"="" "{4728E1EB-F5AA-4901-BFBB-2A07B1851962}"="" "{CB514724-7051-47FA-9DFF-D7A54225D15F}"="" "{DFE271E0-E408-4B9A-8A30-4069EB9A956E}"="" "{6C083F03-A5E2-450D-8B2C-C90B63A87DD4}"="" "{DA643F36-AA22-4140-A2D4-A18801A757C1}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{0B2EFBA7-F846-41B1-BDF0-A0116041262C}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{0B2EFBA7-F846-41B1-BDF0-A0116041262C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{0B2EFBA7-F846-41B1-BDF0-A0116041262C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{0B2EFBA7-F846-41B1-BDF0-A0116041262C}\InprocServer32] @="C:\\WINDOWS\\system32\\srardssp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{220F3861-5297-499F-B63C-24D3C217F8F0}] @="" [HKEY_CLASSES_ROOT\CLSID\{220F3861-5297-499F-B63C-24D3C217F8F0}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{220F3861-5297-499F-B63C-24D3C217F8F0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{220F3861-5297-499F-B63C-24D3C217F8F0}\InprocServer32] @="C:\\WINDOWS\\system32\\awmlib.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A55A7A8E-7533-4291-A966-513EC5FA2E32}] @="" [HKEY_CLASSES_ROOT\CLSID\{A55A7A8E-7533-4291-A966-513EC5FA2E32}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A55A7A8E-7533-4291-A966-513EC5FA2E32}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A55A7A8E-7533-4291-A966-513EC5FA2E32}\InprocServer32] @="C:\\WINDOWS\\system32\\tXpiui.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4728E1EB-F5AA-4901-BFBB-2A07B1851962}] @="" [HKEY_CLASSES_ROOT\CLSID\{4728E1EB-F5AA-4901-BFBB-2A07B1851962}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4728E1EB-F5AA-4901-BFBB-2A07B1851962}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4728E1EB-F5AA-4901-BFBB-2A07B1851962}\InprocServer32] @="C:\\WINDOWS\\system32\\mdexch40.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CB514724-7051-47FA-9DFF-D7A54225D15F}] @="" [HKEY_CLASSES_ROOT\CLSID\{CB514724-7051-47FA-9DFF-D7A54225D15F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CB514724-7051-47FA-9DFF-D7A54225D15F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CB514724-7051-47FA-9DFF-D7A54225D15F}\InprocServer32] @="C:\\WINDOWS\\system32\\fRultrep.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DFE271E0-E408-4B9A-8A30-4069EB9A956E}] @="" [HKEY_CLASSES_ROOT\CLSID\{DFE271E0-E408-4B9A-8A30-4069EB9A956E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DFE271E0-E408-4B9A-8A30-4069EB9A956E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DFE271E0-E408-4B9A-8A30-4069EB9A956E}\InprocServer32] @="C:\\WINDOWS\\system32\\wxnbrand.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6C083F03-A5E2-450D-8B2C-C90B63A87DD4}] @="" [HKEY_CLASSES_ROOT\CLSID\{6C083F03-A5E2-450D-8B2C-C90B63A87DD4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6C083F03-A5E2-450D-8B2C-C90B63A87DD4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6C083F03-A5E2-450D-8B2C-C90B63A87DD4}\InprocServer32] @="C:\\WINDOWS\\system32\\waerrNOR.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DA643F36-AA22-4140-A2D4-A18801A757C1}] @="" [HKEY_CLASSES_ROOT\CLSID\{DA643F36-AA22-4140-A2D4-A18801A757C1}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DA643F36-AA22-4140-A2D4-A18801A757C1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DA643F36-AA22-4140-A2D4-A18801A757C1}\InprocServer32] @="C:\\WINDOWS\\system32\\MDRECR40.DLL" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Thu 24 Nov 2005 1:39:22 A.... 1 022 464 998,50 K bszip.dll Thu 16 Feb 2006 17:04:04 A.... 62 464 61,00 K cmdlin~1.dll Fri 30 Dec 2005 22:13:48 A.... 43 520 42,50 K enlol1~1.dll Fri 17 Feb 2006 13:59:48 ..S.R 233 913 228,43 K gdi32.dll Thu 29 Dec 2005 3:56:08 A.... 280 064 273,50 K legitc~1.dll Thu 12 Jan 2006 11:32:12 ..... 543 496 530,76 K mdrecr40.dll Fri 17 Feb 2006 13:59:48 ..S.R 237 179 231,62 K mshtml.dll Thu 24 Nov 2005 1:39:24 A.... 3 013 632 2,87 M mv2ml9~1.dll Thu 16 Feb 2006 18:07:56 ..S.R 237 179 231,62 K nv4_disp.dll Sat 10 Dec 2005 3:06:00 A.... 3 955 456 3,77 M nvapi.dll Sat 10 Dec 2005 3:06:00 A.... 110 592 108,00 K nvcod.dll Sat 10 Dec 2005 3:06:00 A.... 35 840 35,00 K nvcodins.dll Sat 10 Dec 2005 3:06:00 A.... 35 840 35,00 K nvcpl.dll Sat 10 Dec 2005 3:06:00 A.... 7 311 360 6,97 M nvhwvid.dll Sat 10 Dec 2005 3:06:00 A.... 573 440 560,00 K nview.dll Sat 10 Dec 2005 3:06:00 A.... 1 466 368 1,40 M nvmccs.dll Sat 10 Dec 2005 3:06:00 A.... 229 376 224,00 K nvmccsrs.dll Sat 10 Dec 2005 3:06:00 A.... 45 056 44,00 K nvmctray.dll Sat 10 Dec 2005 3:06:00 A.... 86 016 84,00 K nvnt4cpl.dll Sat 10 Dec 2005 3:06:00 A.... 286 720 280,00 K nvoglnt.dll Sat 10 Dec 2005 3:06:00 A.... 5 402 624 5,15 M nvshell.dll Sat 10 Dec 2005 3:06:00 A.... 466 944 456,00 K nvwddi.dll Sat 10 Dec 2005 3:06:00 A.... 81 920 80,00 K nvwdmcpl.dll Sat 10 Dec 2005 3:06:00 A.... 1 662 976 1,59 M nvwimg.dll Sat 10 Dec 2005 3:06:00 A.... 1 019 904 996,00 K shdocvw.dll Thu 1 Dec 2005 4:33:22 A.... 1 492 480 1,42 M sirenacm.dll Wed 14 Dec 2005 9:24:42 A.... 118 784 116,00 K w95inf16.dll Wed 30 Nov 2005 19:55:50 A.... 2 272 2,22 K w95inf32.dll Wed 30 Nov 2005 19:55:50 A.... 4 608 4,50 K webclnt.dll Wed 4 Jan 2006 4:36:32 A.... 68 096 66,50 K wgalogon.dll Thu 12 Jan 2006 11:32:06 A.... 400 136 390,76 K wmp.dll Tue 6 Dec 2005 6:02:16 A.... 5 533 696 5,28 M 32 items found: 32 files (3 H/S), 0 directories. Total of file sizes: 36 064 415 bytes 34,39 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volumet i stasjon C er uten navn. Volumserienummeret er 00B3-3839 Innhold i C:\WINDOWS\System32 17.02.2006 14:00 <DIR> .. 17.02.2006 14:00 <DIR> . 17.02.2006 13:59 237ÿ179 MDRECR40.DLL 17.02.2006 13:59 233ÿ913 enlol1331.dll 16.02.2006 21:58 <DIR> dllcache 16.02.2006 18:07 237ÿ179 mv2ml9f11.dll 02.06.2005 12:57 <DIR> Microsoft 3 fil(er) 708ÿ271 byte 4 mappe® 136ÿ623ÿ218ÿ688 byte ledig Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå