Rapporter, hva bør jeg gjøre?

eivindhetalnd · 3. april 2007

Håper noen kan hjelpe meg med denne. Det ble ganske mye i filen

Klikk for å se/fjerne innholdet nedenfor

<ComboScan v20070306.20 run by Eivind on 2007-04-03 at 17:07:11

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.

-- Last 5 Restore Point(s) --

16: 2007-04-03 15:07:20 UTC - RP1036 - ComboScan Restore Point

15: 2007-04-03 14:52:08 UTC - RP1035 - System Checkpoint

14: 2007-04-02 13:23:15 UTC - RP1034 - Software Distribution Service 2.0

13: 2007-04-02 13:19:12 UTC - RP1033 - Software Distribution Service 2.0

12: 2007-04-02 13:15:39 UTC - RP1032 - Software Distribution Service 2.0

-- First Restore Point --

1: 2007-03-25 09:22:39 UTC - RP1021 - Configured iTunes

Performed disk cleanup.

-- HijackThis (run as Eivind.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 17:07:57, on 03.04.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Norman\Npm\bin\ELOGSVC.EXE

D:\Norman\Npm\Bin\Zanda.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\Norman\Npf\BIN\NPFSVICE.EXE

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\wdfmgr.exe

D:\Norman\Npm\bin\NJEEVES.EXE

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Logitech\MouseWare\system\em_exec.exe

D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\Norman\Npf\BIN\npfmsg2.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Norman\Nvc\BIN\NIP.EXE

D:\Norman\Nvc\BIN\NVCSCHED.EXE

D:\Norman\Nvc\bin\nvcoas.exe

D:\Norman\Nvc\bin\cclaw.exe

D:\Program Files\MSN Messenger\usnsvc.exe

D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe

D:\Documents and Settings\Eivind\Desktop\comboscan.exe

D:\WINDOWS\System32\wbem\wmiprvse.exe

D:\PROGRA~1\HIJACK~1\Eivind.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - D:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Norman ZANDA] D:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunServices: [systemTools] D:\WINDOWS\system32\kernels1118.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - d:\program files\microsoft office\office10\excel.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.no/quickfix2/asp/chelloInstall.CAB

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) - http://web01.ifi.fi/Webupload/ActiveX/FotolaboUploader.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://post.stud.his.no/iNotes6.cab

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.no/quickfix2/asp/LaunchApp.CAB

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://nettbank.fokus.no/html/activex/e-Sa...K/e-Safekey.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp09.photoprintit.de/microsite/502...geUploader3.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0586AE86-106B-4640-803E-FA7EF374793A}: NameServer = 62.179.100.29,62.179.100.30

O17 - HKLM\System\CS1\Services\Tcpip\..\{0586AE86-106B-4640-803E-FA7EF374793A}: NameServer = 62.179.100.29,62.179.100.30

O17 - HKLM\System\CS2\Services\Tcpip\..\{0586AE86-106B-4640-803E-FA7EF374793A}: NameServer = 62.179.100.29,62.179.100.30

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: byxxvvu - byxxvvu.dll (file missing)

O20 - Winlogon Notify: mszsrn32 - D:\WINDOWS\system32\mszsrn32.dll (file missing)

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: COM+ Messages - Unknown owner - D:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001411 (file missing)

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - D:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norman NJeeves - Unknown owner - D:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman Type-R - Unknown owner - D:\Norman\Npf\BIN\NPFSVICE.EXE

O23 - Service: Norman ZANDA - Norman ASA - D:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - D:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*

.chm - chm.file - "D:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - D:\WINDOWS\system32\drivers\ALCXWDM.SYS

1R AmdK7 (AMD K7 Processor Driver) - D:\WINDOWS\system32\drivers\amdk7.sys

2R EIO - D:\WINDOWS\system32\drivers\EIO.sys

3R GEARAspiWDM (GEAR CDRom Filter) - D:\WINDOWS\system32\drivers\GEARAspiWDM.sys

3S GMSIPCI - F:\INSTALL\GMSIPCI.SYS (not found)

3S HidUsb (Microsoft HID Class Driver) - D:\WINDOWS\system32\drivers\hidusb.sys

3S KodakPPCAM (Kodak EZ200 DIGITAL CAMERA) - D:\WINDOWS\system32\DRIVERS\DC31VID.sys (not found)

3R L8042pr2 (Logitech PS/2 Mouse Filter Driver) - D:\WINDOWS\system32\drivers\L8042pr2.Sys

3R LMouFlt2 (Logitech Mouse Class Filter Driver) - D:\WINDOWS\system32\drivers\LMouFlt2.Sys

1R mchInjDrv (madCodeHook DLL injection driver) - D:\WINDOWS\system32\drivers\mchInjDrv.sys

2S MustekMA1908Driver - D:\WINDOWS\system32\drivers\ma1908.sys (not found)

2R Ndiskio - D:\Norman\Nse\Bin\Ndiskio.sys

0R NDIS_RD (Firewall Engine Type-R2) - D:\WINDOWS\system32\drivers\Ndis_rd.sys

3S nm (Network Monitor Driver) - D:\WINDOWS\system32\drivers\nmnt.sys

3S NPF (NetGroup Packet Filter Driver) - D:\WINDOWS\system32\drivers\npf.sys

3R nv - D:\WINDOWS\system32\drivers\nv4_mini.sys

3S nvcfsr - D:\Norman\NVC\Bin\Nvcfsr.sys

3R NvcMFlt - D:\WINDOWS\system32\drivers\nvcw32mf.sys

3S nvcoafl51 - D:\Norman\NVC\Bin\Nvcoafl51.sys

3S nvcoaft51 - D:\Norman\NVC\Bin\Nvcoaft51.sys

3S nvcoarc51 - D:\Norman\NVC\Bin\Nvcoarc51.sys

3S PA7333I (Kodak Webcam Explorer Bulk Mode Device) - D:\WINDOWS\system32\DRIVERS\DC31Bulk.sys (not found)

0R PxHelp20 - D:\WINDOWS\system32\drivers\pxhelp20.sys

3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - D:\WINDOWS\system32\drivers\rtl8139.sys

3S SFC4 - D:\WINDOWS\system32\drivers\SFC4.sys (not found)

3S SLIP (BDA Slip De-Framer) - D:\WINDOWS\system32\drivers\slip.sys

3R SMC1211 (SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver) - D:\WINDOWS\system32\drivers\SMC1211.sys

1R TDI_RD (Firewall Engine Type-R) - D:\WINDOWS\system32\drivers\Tdi_rd.sys

3S usbaudio (USB Audio Driver (WDM)) - D:\WINDOWS\system32\drivers\USBAUDIO.sys

3S usbccgp (Microsoft USB Generic Parent Driver) - D:\WINDOWS\system32\drivers\usbccgp.sys

3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - D:\WINDOWS\system32\drivers\usbehci.sys

3S USBSTOR (USB Mass Storage Driver) - D:\WINDOWS\system32\drivers\usbstor.sys

0R viaagp (VIA AGP Bus Filter) - D:\WINDOWS\system32\drivers\viaagp.sys

pe386 driver present

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

2S COM+ Messages - "D:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001411

2R eLoggerSvc6 (Norman eLogger service 6) - D:\Norman\Npm\bin\ELOGSVC.EXE

3S gusvc (Google Updater Service) - "D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"

3S IDriverT (InstallDriver Table Manager) - "D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"

3R iPodService (iPod Service) - "D:\Program Files\iPod\bin\iPodService.exe"

3R Norman NJeeves - D:\Norman\Npm\bin\NJEEVES.EXE

2R Norman Type-R - D:\Norman\Npf\BIN\NPFSVICE.EXE

2R Norman ZANDA - "D:\Norman\Npm\Bin\Zanda.exe"

3R nvcoas (Norman Virus Control on-access component) - D:\Norman\Nvc\bin\nvcoas.exe

3R NVCScheduler (Norman Virus Control Scheduler) - D:\Norman\Nvc\BIN\NVCSCHED.EXE

2R NVSvc (NVIDIA Display Driver Service) - D:\WINDOWS\system32\nvsvc32.exe

3S rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "D:\Program Files\WinPcap\rpcapd.exe" -d -f "D:\Program Files\WinPcap\rpcapd.ini"

2R UMWdf (Windows User Mode Driver Framework) - D:\WINDOWS\system32\wdfmgr.exe

3R usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "D:\Program Files\MSN Messenger\usnsvc.exe"

-- Scheduled Tasks -------------------------------------------------------------

2007-04-03 15:58:21 414 --a------ D:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>

2007-03-24 18:36:01 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>

-- Files created between 2007-03-03 and 2007-04-03 -----------------------------

2007-04-02 22:50:37 0 d-------- D:\Documents and Settings\Eivind\Application Data\JAM Software<JAMSOF~1>

2007-04-02 22:38:14 0 d-------- D:\Program Files\JAM Software<JAMSOF~1>

2007-04-02 22:22:31 0 d---s---- D:\Documents and Settings\LocalService\UserData

2007-03-28 14:42:54 95288 --a------ D:\WINDOWS\system32\drivers\nvcw32mf.sys

2007-03-25 11:22:49 0 d-------- D:\Program Files\iPod

2007-03-17 18:42:31 0 d-------- D:\Program Files\QuickTime<QUICKT~1>

2007-03-11 15:18:14 0 d-------- D:\Documents and Settings\Eivind\Application Data\Google

-- Find3M Report ---------------------------------------------------------------

2007-04-02 22:28:55 0 d-------- D:\Program Files\MSN Messenger<MSNMES~1>

2007-03-25 11:21:54 0 d-------- D:\Program Files\FlashFXP

2007-03-25 11:19:19 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>

2007-03-25 11:19:19 0 d-------- D:\Program Files\Google

2007-03-17 18:38:22 0 d-------- D:\Program Files\Apple Software Update<APPLES~1>

2007-03-17 10:33:45 0 d-------- D:\Program Files\Java

2007-03-15 23:14:49 0 d-------- D:\Program Files\mIRC

2007-03-05 20:02:24 0 d-------- D:\Program Files\PeDevice

2007-02-22 20:55:37 0 d-------- D:\Program Files\Kazaa

2007-02-22 20:39:15 10 --a----c- D:\WINDOWS\smdat32m.sys

2007-02-22 20:39:00 0 d-------- D:\Program Files\Need2Find<NEED2F~1>

2007-02-21 22:25:12 0 d-------- D:\Documents and Settings\Eivind\Application Data\Wireshark<WIRESH~1>

2007-02-21 22:23:59 0 d-------- D:\Documents and Settings\Eivind\Application Data\Lavasoft

2007-02-21 22:23:39 0 d-------- D:\Program Files\Lavasoft

2007-02-21 22:23:18 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>

2007-02-21 21:38:32 0 d-------- D:\Program Files\WinPcap

2007-02-19 19:57:36 0 d-------- D:\Program Files\Windows Live Safety Center<WINDOW~4>

2007-01-29 10:58:06 60416 -----n--- D:\WINDOWS\system32\tzchange.exe

2007-01-25 19:31:36 240496 --a------ D:\WINDOWS\system32\wpcap.dll

2007-01-25 19:31:36 53299 --a------ D:\WINDOWS\system32\pthreadVC.dll<PTHREA~1.DLL>

2007-01-25 19:31:34 68480 --a------ D:\WINDOWS\system32\WanPacket.dll<WANPAC~1.DLL>

2007-01-25 19:31:34 88952 --a------ D:\WINDOWS\system32\Packet.dll

2007-01-19 13:53:04 51056 --a------ D:\WINDOWS\system32\sirenacm.dll

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"msnmsgr"="\"D:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

"ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NeroCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"

"Logitech Utility"="Logi_MwX.Exe"

"NvCplDaemon"="\"RUNDLL32.EXE\" D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="\"nwiz.exe\" /install"

"NvMediaCenter"="\"RUNDLL32.EXE\" D:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"Norman ZANDA"="D:\\Norman\\Npm\\bin\\ZLH.EXE /LOAD /SPLASH"

"SunJavaUpdateSched"="D:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe"

"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]

"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"SoundMan"="SOUNDMAN.EXE"

"WinampAgent"="\"D:\\Program Files\\Winamp\\winampa.exe\""

"AutoSys"="D:\\WINDOWS\\system32\\autosys.exe"

"{E494880E-05FD-1033-0710-02082800002f}"="\"D:\\Program Files\\Common Files\\{E494880E-05FD-1033-0710-02082800002f}\\Update.exe\" mc-110-12-0001411"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"SystemTools"="D:\\WINDOWS\\system32\\kernels1118.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks\AutorunsDisabled]

"{4C35E955-429F-4D26-B644-85625054B330}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxvvu

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of ComboScan: finished at 2007-04-03 at 17:08:30 ------------------------>

norbat · 3. april 2007

Last ned SDfix til skrivebordet og pakk det ut. Det vil legge seg i C:\SDfix

Hent SAS, installer og oppdater. Lukk programmet.

Restart i sikker modus (tapp F8 under oppstart)

Kjør Runthis.bat som du finner i SDfix-mappa. Klikk Y for å starte rensingen.

Pc'n vil restarte og fullføre rensingen. Den lage en logg som du poster senere.

Start og kjør en full scan med SAS.

Post en ny HJT-logg sammen men loggen fra SDfix og SAS (preferences->statistics/logs).

eivindhetalnd: Fint om du oppretter en egen (ny) post der du legger loggene, så slipper vi at denne tråden blir så veeeeeeldig lang :thumbup:

Edit: Egen post: https://www.diskusjon.no/index.php?showtopic=742894

Endret 29. april 2007 av norbat

eivindhetalnd · 3. april 2007

Hei

Jeg har nå kjørt gjennom det som ble foreslått i My Webpage

Da får jeg

Ny HJT:

Klikk for å se/fjerne innholdet nedenfor

<Logfile of HijackThis v1.99.1

Scan saved at 20:10:40, on 03.04.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Norman\Npm\bin\ELOGSVC.EXE

D:\Norman\Npm\Bin\Zanda.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Norman\Npm\bin\ZLH.EXE

D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\Logitech\MouseWare\system\em_exec.exe

D:\Program Files\MSN Messenger\msnmsgr.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

D:\Norman\Nvc\BIN\NIP.EXE

D:\Norman\Npf\BIN\npfmsg2.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\Norman\Npf\BIN\NPFSVICE.EXE

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\wdfmgr.exe

D:\Norman\Npm\bin\NJEEVES.EXE

D:\Norman\Nvc\BIN\NVCSCHED.EXE

D:\Norman\Nvc\bin\nvcoas.exe

D:\Program Files\iPod\bin\iPodService.exe

D:\WINDOWS\System32\alg.exe

D:\Norman\Nvc\bin\cclaw.exe

D:\WINDOWS\system32\WgaTray.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program Files\HijackThis\TestThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Norman ZANDA] D:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - d:\program files\microsoft office\office10\excel.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.no/quickfix2/asp/chelloInstall.CAB

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) - http://web01.ifi.fi/Webupload/ActiveX/FotolaboUploader.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://post.stud.his.no/iNotes6.cab

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.no/quickfix2/asp/LaunchApp.CAB

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://nettbank.fokus.no/html/activex/e-Sa...K/e-Safekey.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp09.photoprintit.de/microsite/502...geUploader3.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0586AE86-106B-4640-803E-FA7EF374793A}: NameServer = 62.179.100.29,62.179.100.30

O17 - HKLM\System\CS1\Services\Tcpip\..\{0586AE86-106B-4640-803E-FA7EF374793A}: NameServer = 62.179.100.29,62.179.100.30

O17 - HKLM\System\CS2\Services\Tcpip\..\{0586AE86-106B-4640-803E-FA7EF374793A}: NameServer = 62.179.100.29,62.179.100.30

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll