fredonor Skrevet 15. februar 2007 Del Skrevet 15. februar 2007 Har hatt litt trøbbel med treg pc i det siste, men det ser ikke ut til at jeg klarer å bli kvitt det. Jeg fikk noe uhumskheter inn etter et lite besøk på astalavista (ja, jeg vet - men det er faktisk 1. gang jeg ikke har klart å forhindre angrep...). Jeg fikk fjernet BitDefender mm. med en gang, men siden dette har jeg fått beskjed fra Norman om at det er funnet et W32 worm i temp-mappa med jevne mellomrom. Jeg har slettet det jeg kunne fra denne, og nå er det bare en gjeng filer med navn som "~DF9951.tmp" og lignende igjen, samt "nvcbin.def.843A6FA5.TMP" igjen som jeg ikke får slettet. Tok en titt i system32-mappa, og fant en fil som heter "dlh9jkd1q8.exe", str: 1kb, som vekket mistanke. Jeg får ikke slettet den. Har jeg rett i mistankene mine? Vil det løse noe om jeg fjerner denne filen? Har tatt en runde med hijackthis, men fant ikke noe mistenkelig der... Lenke til kommentar
norbat Skrevet 15. februar 2007 Del Skrevet 15. februar 2007 Last ned SDFix.exe. Pakk ut programmet. Last ned SAS, installer og oppdater. Restart i sikker modus (tapp f8 under oppstart) Kjør RunThis.bat i SDfix-mappa. Det lages en rapport (Report.txt) Kjør en full scan med SAS. Restart i normal modus Post en HJT-logg sammen med loggen fra SDfix og SAS (Preferences->statistics/logs) Lenke til kommentar
fredonor Skrevet 15. februar 2007 Forfatter Del Skrevet 15. februar 2007 SDFix slettet i allefall den fila :-) ******************* SDFix: Version 1.65 Run by: Henrik - 15.02.2007 @ 23:43:49,45 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\Documents and Settings\Henrik\Skrivebord\SDFix Safe Mode: Checking Services: Name: Path: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\system32\dlh9jkd1q8.exe - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\sandra.exe"="C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcSandraSrv.exe"="C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcDataSrv.exe"="C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Veiviser for overføring av filer og innstillinger" "C:\\Programfiler\\Messenger\\msmsgs.exe"="C:\\Programfiler\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Fjernhjelp - Windows Messenger og Stemme" "C:\\Programfiler\\Fellesfiler\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"="C:\\Programfiler\\Fellesfiler\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe:*:Enabled:artpschd" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-server" "C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool" "H:\\Spill\\EA SPORTS\\FIFA 07\\fifa07.exe"="H:\\Spill\\EA SPORTS\\FIFA 07\\fifa07.exe:*:Enabled:fifa07" "H:\\Spill\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="H:\\Spill\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\\Programfiler\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Programfiler\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer" "C:\\Programfiler\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Programfiler\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole" "C:\\Programfiler\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Programfiler\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Programfiler\\Opera\\Opera.exe"="C:\\Programfiler\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser" "C:\\Programfiler\\uTorrent\\utorrent.exe"="C:\\Programfiler\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "H:\\Spill\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"="H:\\Spill\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe:*:Enabled:Sid Meier's Railroads!" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\sandra.exe"="C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcSandraSrv.exe"="C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcDataSrv.exe"="C:\\Programfiler\\SiSoftware\\SiSoftware Sandra Lite 2005.SR2a\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\Henrik\SKRIVE~1\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\DEVICE.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\KEYB.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\MODE.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\MOUSE.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\NETBIND.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\Paralink.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\pcdos\command.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com C:\WINDOWS\system32\NTIBUN4.dll C:\WINDOWS\system32\NTICDMK7.dll C:\WINDOWS\system32\NTIFCD3.dll C:\WINDOWS\system32\NTIMP3.dll C:\WINDOWS\system32\NTIMPEG2.dll C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\CMDS.EXE C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\CMDS16.EXE C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\E.EXE C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\GUEST.EXE C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\MSCDEX.EXE C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\Net.exe C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\OHCI.EXE C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\PROTMAN.EXE C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\UHCI.EXE C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe C:\Programfiler\Picasa2\setup.exe C:\Programfiler\QuickTime\QuickTimeUpdater.exe C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\ASPI1394.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\ASPI2DOS.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\ASPI4DOS.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\ASPI8DOS.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\ASPI8U2.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\ASPICD.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\ASPIEHCI.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\ASPIOHCI.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\ASPIUHCI.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\BOOTSRV.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\bootsrv16.sys C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\BTCDROM.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\BTDOSM.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\COUNTRY.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\DISPLAY.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\DLSHELP.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\FLASHPT.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\HIMEM.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\KEYBOARD.SYS C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\msbootsrv16.sys C:\Documents and Settings\All Users\Programdata\Symantec\Ghost\Template\common\OAKCDROM.SYS C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Finished Lenke til kommentar
fredonor Skrevet 15. februar 2007 Forfatter Del Skrevet 15. februar 2007 SAS fant bare Tracking cookies, ikke noe annet. Jeg ser ikke noe mistenkelig i HiJackThis-loggen heller. Jeg går ut i fra at problemet er løst, og at "this house is now clean" :-) Takk for hjelpen! Logfile of HijackThis v1.99.1 Scan saved at 00:50:07, on 16.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Acer\Acer eConsole\MediaServerService.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\Programfiler\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\CTHELPER.EXE C:\Norman\bin\ZLH.EXE C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe C:\Programfiler\HDD Health\HDDHealth.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\Winbond Electronics Corp\Hardware Doctor\hwdoctor.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Npf\BIN\npfmsg2.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Henrik\Skrivebord\Utilities & Drivere\Ny mappe\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ig?hl=no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1044 O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKCU\..\Run: [HDDHealth] C:\Programfiler\HDD Health\HDDHealth.exe -wl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Hardware Doctor.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: *.imdb.com O15 - Trusted Zone: *.sf-anytime.com O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128638498218 O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acer Media Server - Acer Inc. - C:\Programfiler\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTSVCCDA.EXE (file missing) O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe Lenke til kommentar
norbat Skrevet 16. februar 2007 Del Skrevet 16. februar 2007 Så fint ut dette, fredonor. Du kan kjøre en diskopprydding evt. ccleaner for å slette temp.-filer, samt "nullstille" systemgjenopprettingen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå