hernil Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 (endret) jeg bestemte meg for å google alt som jeg ikke visste hva var og som startet opp sammen med xp. jeg hadde blant annet cftmon.exe googlet det og sjekket på denne siden (det var der jeg sjekket de andre tingene også). de påstår at den er skadelig. poster en HJT logg. Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 16:22:34, on 10.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Mozy\mozybackup.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\lvcomsx.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Dell\QuickSet\Quickset.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\FlashMute\FlashMute.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\Mozy\mozystat.exe C:\Prog telecharger\MouseTrack\MouseTrack.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Mozilla Thunderbird\thunderbird.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Prog telecharger\CCleaner\ccleaner.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Dell\Media Experience\DMX.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\nils herde\Skrivebord\HT.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.44.220:8099 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bMT] C:\Prog telecharger\MouseTrack\MouseTrack.exe O4 - HKCU\..\Run: [FlashMute] C:\Programfiler\FlashMute\FlashMute.exe O4 - Startup: Mozy Status.lnk = C:\Programfiler\Mozy\mozystat.exe O4 - Startup: Snarvei til MouseTrack.lnk = C:\Prog telecharger\MouseTrack\MouseTrack.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: &Konverter koblingsmål til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konverter koblingsmål til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konverter valgte koblinger til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Konverter valgte koblinger til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Konverterer utvalg til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konverterer utvalg til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: IntelWireless - C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Programfiler\Mozy\mozybackup.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\Sptisrv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe hva er greia? er det skadelig, eller er det helt normalt? hvis det ikke er skadelig, kan jeg fjerne den fra oppstarten uansett? edit: legger like godt med flere ting jeg er usikker på jeg. tfswctrl.exe LVCOMSX.exe Quickset.exe OSA9.exe dlg.exe cftmon.exe sndmon.exe ifrmewrk.exe sistnevnte tipper jeg er har noe med det trådløse nettverkstilkobling eller noe. det kan sikkert ikke fjernes (?). Endret 10. mai 2007 av hernil Lenke til kommentar
propers404 Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 tfswctrl.exe tilhører HP Skriver LVCOMSX.exe tilhører Logitech Webcamera Quickset.exe tilhører Dell OSA9.exe tilhører Office dlg.exe tilhører BVRP Phone Tools cftmon.exe tilhører Office den å sndmon.exe tilhører Norton ifrmewrk.exe tilhører ntel PRO/Set Wireless Ingen grunn til å frykte de. Lenke til kommentar
hernil Skrevet 10. mai 2007 Forfatter Del Skrevet 10. mai 2007 greit. vet du hvilke jeg kan fjerne? Lenke til kommentar
norbat Skrevet 10. mai 2007 Del Skrevet 10. mai 2007 Hei, hernil Kjør HJT, sett merke framfor følgende linje og klikk 'Fix checked': O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file) Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Det lager en logg, combofix.txt, som du kan poste, så ser vi om det er noe mer som må fjernes. Hvis du ønsker å fjerne programmer fra oppstarten kan du gå til: Start -> Kjør Skriv: msconfig Velg arkfanen oppstart. Der har du mulighet for å fjerne programmer fra å starte opp sammen med windows. Lenke til kommentar
hernil Skrevet 11. mai 2007 Forfatter Del Skrevet 11. mai 2007 (endret) hei. kjørte combofix og her er loggen: Klikk for å se/fjerne innholdet nedenfor "nils herde" - 2007-05-11 14:47:10 Service Pack 2 ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\nils herde\Skrivebord\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\installer\148e9e.msi C:\DOCUME~1\NILSHE~1\SKRIVE~1.\internet explorer.lnk ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NM -------\LEGACY_NPF -------\nm ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 )))))))))))))))))))))))))))))))))) 2007-05-10 20:56 <DIR> d-------- C:\Programfiler\Alcohol Soft 2007-05-10 18:23 <DIR> dr-h----- C:\DOCUME~1\NILSHE~1\Siste 2007-05-07 19:07 <DIR> d-------- C:\Programfiler\FlashMute 2007-05-05 18:55 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\.purple 2007-05-05 18:49 <DIR> d-------- C:\Programfiler\Pidgin 2007-05-05 18:48 <DIR> d-------- C:\Programfiler\Fellesfiler\GTK 2007-05-03 16:13 52,984 --a------ C:\WINDOWS\system32\drivers\mozy.sys 2007-05-03 16:13 <DIR> d-------- C:\Programfiler\Mozy 2007-04-29 11:17 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-04-24 20:09 <DIR> d-------- C:\Programfiler\Windows Live Safety Center 2007-04-24 19:59 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-04-23 15:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Google 2007-04-22 19:40 <DIR> d-------- C:\DOCUME~1\NILSHE~1\Contacts 2007-04-22 16:59 <DIR> d-------- C:\Programfiler\MSXML 6.0 2007-04-22 16:39 <DIR> d-------- C:\Programfiler\Microsoft SQL Server 2007-04-22 16:18 <DIR> d-------- C:\Programfiler\Microsoft.NET 2007-04-22 16:18 <DIR> d-------- C:\Programfiler\Microsoft Visual Studio 8 2007-04-22 16:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Help 2007-04-17 18:20 181,760 --a------ C:\WINDOWS\system32\iwpsetup.exe 2007-04-16 17:45 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\Nvu 2007-04-16 17:44 <DIR> d-------- C:\Programfiler\Nvu 2007-04-16 17:42 1,901 --a------ C:\WINDOWS\panose.bin 2007-04-16 17:39 <DIR> d-------- C:\Programfiler\Fellesfiler\Vbox 2007-04-16 17:38 94,285 --a------ C:\WINDOWS\system32\MSVCIRTD.DLL 2007-04-16 17:38 6,144 --a------ C:\WINDOWS\system32\W95FIBER.DLL 2007-04-16 17:38 401,484 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2007-04-16 17:38 322,832 --a------ C:\WINDOWS\system32\MFC30.DLL 2007-04-16 17:38 133,392 --a------ C:\WINDOWS\system32\MFCO30.DLL 2007-04-16 17:37 327,168 --a------ C:\WINDOWS\IsUninst.exe 2007-04-15 12:48 <DIR> d-------- C:\Programfiler\Mozilla Thunderbird (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-11 12:55:02 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\.purple 2007-05-11 12:05:45 172 ----a-w C:\sccfg.sys 2007-05-10 17:07:53 3,888 ----a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS 2007-05-10 14:26:41 -------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-05-09 15:23:21 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\MyPhoneExplorer 2007-05-09 14:32:56 -------- d-----w C:\Programfiler\Messenger 2007-05-09 13:39:41 -------- d-----w C:\Programfiler\Norton Internet Security 2007-05-06 11:24:03 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\AdobeUM 2007-05-04 13:08:15 -------- d-----w C:\Programfiler\MSN Messenger 2007-04-22 15:22:29 89,578 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-04-22 15:22:29 453,462 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-04-15 10:49:48 7,770 ----a-w C:\WINDOWS\mozver.dat 2007-04-15 10:20:39 -------- d-----w C:\Programfiler\Symantec 2007-04-07 13:39:52 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\dvdcss 2007-04-05 17:52:22 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-05 16:10:20 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2007-04-05 12:01:05 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\vlc 2007-03-28 16:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-28 16:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-28 16:41:26 266,552 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-03-28 16:41:24 18,904 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-03-28 16:41:20 37,016 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-03-28 16:41:18 47,192 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-03-28 16:41:14 171,928 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-03-28 16:41:12 11,480 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-03-27 19:24:40 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\Thunderbird 2007-03-27 19:16:10 -------- d-----w C:\Programfiler\MyPhoneExplorer 2007-03-26 17:26:42 335 ----a-w C:\WINDOWS\mozregistry.dat 2007-03-24 18:45:10 71 ----a-w C:\sjekk for minnebrikke2.bat 2007-03-24 18:45:10 71 ----a-w C:\minnebrikke.bat 2007-03-24 18:45:10 34 ----a-w C:\invisble.vbs 2007-03-24 17:18:57 82 ----a-w C:\oppstart.bat 2007-03-23 15:53:32 4,608 ----a-w C:\WINDOWS\system32\Dayofweek.exe 2007-03-17 18:35:12 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\Talkback 2007-03-17 18:09:44 -------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-21 11:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-02-10 13:29:51 67,952 ----a-w C:\WINDOWS\system32\sqlctr90.dll 2007-02-10 03:29:52 2,234,224 ----a-w C:\WINDOWS\system32\sqlncli.dll 2007-02-05 20:19:38 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ccApp"="\"C:\\Programfiler\\Fellesfiler\\Symantec Shared\\ccApp.exe\"" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "IntelWireless"="C:\\Programfiler\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BMT"="C:\\Prog telecharger\\MouseTrack\\MouseTrack.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "isamonitor.exe"="C:\\Programfiler\\Video ActiveX Object\\isamonitor.exe" "none"="C:\\Programfiler\\Video ActiveX Object\\pmsngr.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start-meny^programmer^oppstart^adobe acrobat speed launcher.lnk C:\WINDOWS\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start-meny^programmer^oppstart^lancement rapide d'adobe reader.lnk C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start-meny^programmer^oppstart^logitech desktop messenger.lnk C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start-meny^programmer^oppstart^logitech setpoint.lnk C:\PROGRA~1\Logitech\SetPoint\KEM.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acrobat assistant 7.0 "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe photo downloader "C:\Programfiler\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apoint C:\Programfiler\Apoint\Apoint.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atipta C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bittorrent "C:\Prog telecharger\BitTorrent\bittorrent.exe" --force_start_minimized HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmxlauncher C:\Programfiler\Dell\Media Experience\DMXLauncher.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvdlauncher "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isusscheduler "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lantalk.net C:\Prog telecharger\LanTalk NET\LanTalk.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldm C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechcameraassistant C:\Programfiler\Logitech\Video\CameraAssistant.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideo[inspector] C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmm "C:\Prog telecharger\fjerning av høyreklikkfunksjoner\Test\Mmm.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtray C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task "C:\Programfiler\QuickTime\qttask.exe" -atboottime HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sony ericsson pc suite "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - S›k p† min datamaskin - nils herde.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\User_Feed_Synchronization-{31075987-982C-428A-B86F-95132FFF26AC}.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-11 14:58:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-11 15:02:45 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-11 15:02 skal nå fikse HJT. edit: fiksa det i HJT, men den jævelen av en combofix slette hele IE7 jo, har fått tilbake 6 i Windows mappa Endret 11. mai 2007 av hernil Lenke til kommentar
norbat Skrevet 11. mai 2007 Del Skrevet 11. mai 2007 IE7 er det bare å reinstallere igjen når vi er ferdig med rensingen Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker'. Hent SAS, installer, oppdater og kjør en full (Complete) scan. Kjør deretter Combofix på ny. Post loggen fra SAS (preferences->statistics/logs) + combofix-loggen + en ny HJT-logg Lenke til kommentar
hernil Skrevet 11. mai 2007 Forfatter Del Skrevet 11. mai 2007 (endret) SAS logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 05/11/2007 at 04:53 PM Application Version : 3.7.1018 Core Rules Database Version : 3236 Trace Rules Database Version: 1247 Scan type : Complete Scan Total Scan Time : 01:10:52 Memory items scanned : 594 Memory threats detected : 0 Registry items scanned : 7381 Registry threats detected : 2 File items scanned : 68714 File threats detected : 3 Trojan.Security Toolbar C:\Documents and Settings\All Users\Start-meny\Online Security Guide.url C:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url Trojan.Media-Codec HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#isamonitor.exe [ C:\Programfiler\Video ActiveX Object\isamonitor.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#none [ C:\Programfiler\Video ActiveX Object\pmsngr.exe ] Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\NILS HERDE\FAVORITTER\ONLINE SECURITY TEST.URL ComboFix logg: Klikk for å se/fjerne innholdet nedenfor "nils herde" - 2007-05-11 16:59:15 Service Pack 2 ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\nils herde\Skrivebord\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 )))))))))))))))))))))))))))))))))) 2007-05-11 15:41 <DIR> dr-h----- C:\DOCUME~1\NILSHE~1\Siste 2007-05-11 15:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-11 15:38 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-05-11 15:38 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-11 15:02 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-07 19:07 <DIR> d-------- C:\Programfiler\FlashMute 2007-05-05 18:55 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\.purple 2007-05-05 18:49 <DIR> d-------- C:\Programfiler\Pidgin 2007-05-05 18:48 <DIR> d-------- C:\Programfiler\Fellesfiler\GTK 2007-05-03 16:13 52,984 --a------ C:\WINDOWS\system32\drivers\mozy.sys 2007-05-03 16:13 <DIR> d-------- C:\Programfiler\Mozy 2007-04-29 11:17 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-04-24 20:09 <DIR> d-------- C:\Programfiler\Windows Live Safety Center 2007-04-24 19:59 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-04-23 15:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Google 2007-04-22 19:40 <DIR> d-------- C:\DOCUME~1\NILSHE~1\Contacts 2007-04-22 16:59 <DIR> d-------- C:\Programfiler\MSXML 6.0 2007-04-22 16:39 <DIR> d-------- C:\Programfiler\Microsoft SQL Server 2007-04-22 16:18 <DIR> d-------- C:\Programfiler\Microsoft.NET 2007-04-22 16:18 <DIR> d-------- C:\Programfiler\Microsoft Visual Studio 8 2007-04-22 16:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Help 2007-04-17 18:20 181,760 --a------ C:\WINDOWS\system32\iwpsetup.exe 2007-04-16 17:45 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\Nvu 2007-04-16 17:44 <DIR> d-------- C:\Programfiler\Nvu 2007-04-16 17:42 1,901 --a------ C:\WINDOWS\panose.bin 2007-04-16 17:39 <DIR> d-------- C:\Programfiler\Fellesfiler\Vbox 2007-04-16 17:38 94,285 --a------ C:\WINDOWS\system32\MSVCIRTD.DLL 2007-04-16 17:38 6,144 --a------ C:\WINDOWS\system32\W95FIBER.DLL 2007-04-16 17:38 401,484 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2007-04-16 17:38 322,832 --a------ C:\WINDOWS\system32\MFC30.DLL 2007-04-16 17:38 133,392 --a------ C:\WINDOWS\system32\MFCO30.DLL 2007-04-16 17:37 327,168 --a------ C:\WINDOWS\IsUninst.exe 2007-04-15 12:48 <DIR> d-------- C:\Programfiler\Mozilla Thunderbird (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-11 13:52:35 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\.purple 2007-05-11 13:40:30 -------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-05-11 13:38:05 -------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-10 17:07:53 3,888 ----a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS 2007-05-09 15:23:21 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\MyPhoneExplorer 2007-05-09 14:32:56 -------- d-----w C:\Programfiler\Messenger 2007-05-09 13:39:41 -------- d-----w C:\Programfiler\Norton Internet Security 2007-05-06 11:24:03 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\AdobeUM 2007-05-04 13:08:15 -------- d-----w C:\Programfiler\MSN Messenger 2007-04-22 15:22:29 89,578 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-04-22 15:22:29 453,462 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-04-15 10:49:48 7,770 ----a-w C:\WINDOWS\mozver.dat 2007-04-15 10:20:39 -------- d-----w C:\Programfiler\Symantec 2007-04-07 13:39:52 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\dvdcss 2007-04-05 17:52:22 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-05 16:10:20 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2007-04-05 12:01:05 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\vlc 2007-03-28 16:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-28 16:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-28 16:41:26 266,552 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-03-28 16:41:24 18,904 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-03-28 16:41:20 37,016 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-03-28 16:41:18 47,192 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-03-28 16:41:14 171,928 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-03-28 16:41:12 11,480 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-03-27 19:24:40 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\Thunderbird 2007-03-27 19:16:10 -------- d-----w C:\Programfiler\MyPhoneExplorer 2007-03-26 17:26:42 335 ----a-w C:\WINDOWS\mozregistry.dat 2007-03-24 18:45:10 71 ----a-w C:\sjekk for minnebrikke2.bat 2007-03-24 18:45:10 71 ----a-w C:\minnebrikke.bat 2007-03-24 18:45:10 34 ----a-w C:\invisble.vbs 2007-03-24 17:18:57 82 ----a-w C:\oppstart.bat 2007-03-23 15:53:32 4,608 ----a-w C:\WINDOWS\system32\Dayofweek.exe 2007-03-17 18:35:12 -------- d-----w C:\DOCUME~1\NILSHE~1\PROGRA~1\Talkback 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-21 11:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-02-10 13:29:51 67,952 ----a-w C:\WINDOWS\system32\sqlctr90.dll 2007-02-10 03:29:52 2,234,224 ----a-w C:\WINDOWS\system32\sqlncli.dll 2007-02-05 20:19:38 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ccApp"="\"C:\\Programfiler\\Fellesfiler\\Symantec Shared\\ccApp.exe\"" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "IntelWireless"="C:\\Programfiler\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BMT"="C:\\Prog telecharger\\MouseTrack\\MouseTrack.exe" "SUPERAntiSpyware"="C:\\Programfiler\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start-meny^programmer^oppstart^adobe acrobat speed launcher.lnk C:\WINDOWS\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start-meny^programmer^oppstart^lancement rapide d'adobe reader.lnk C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start-meny^programmer^oppstart^logitech desktop messenger.lnk C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start-meny^programmer^oppstart^logitech setpoint.lnk C:\PROGRA~1\Logitech\SetPoint\KEM.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acrobat assistant 7.0 "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe photo downloader "C:\Programfiler\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apoint C:\Programfiler\Apoint\Apoint.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atipta C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bittorrent "C:\Prog telecharger\BitTorrent\bittorrent.exe" --force_start_minimized HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmxlauncher C:\Programfiler\Dell\Media Experience\DMXLauncher.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvdlauncher "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isusscheduler "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lantalk.net C:\Prog telecharger\LanTalk NET\LanTalk.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldm C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechcameraassistant C:\Programfiler\Logitech\Video\CameraAssistant.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideo[inspector] C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmm "C:\Prog telecharger\fjerning av høyreklikkfunksjoner\Test\Mmm.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtray C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task "C:\Programfiler\QuickTime\qttask.exe" -atboottime HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sony ericsson pc suite "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASDIFSV *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASENUM *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASKUTIL Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - S›k p† min datamaskin - nils herde.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\User_Feed_Synchronization-{31075987-982C-428A-B86F-95132FFF26AC}.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-11 17:03:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... C:\sccfg.sys 176 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 ******************************************************************** Completion time: 2007-05-11 17:03:25 C:\ComboFix-quarantined-files.txt ... 2007-05-11 17:03 C:\ComboFix2.txt ... 2007-05-11 15:02 HJT logg: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 17:13:21, on 11.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programfiler\Mozy\mozystat.exe C:\Prog telecharger\MouseTrack\MouseTrack.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Mozy\mozybackup.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\nils herde\Skrivebord\HT.exe C:\Programfiler\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.44.220:8099 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bMT] C:\Prog telecharger\MouseTrack\MouseTrack.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Mozy Status.lnk = C:\Programfiler\Mozy\mozystat.exe O4 - Startup: Snarvei til MouseTrack.lnk = C:\Prog telecharger\MouseTrack\MouseTrack.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: &Konverter koblingsmål til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konverter koblingsmål til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konverter valgte koblinger til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Konverter valgte koblinger til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Konverterer utvalg til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konverterer utvalg til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: IntelWireless - C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Programfiler\Mozy\mozybackup.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\Sptisrv.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe får du noe fornuftig ut av dette? Endret 11. mai 2007 av hernil Lenke til kommentar
norbat Skrevet 11. mai 2007 Del Skrevet 11. mai 2007 Loggen ser nå fine ut Oppdater gjerne JAVA http://java.com/en/download/index.jsp Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
hernil Skrevet 12. mai 2007 Forfatter Del Skrevet 12. mai 2007 hva var det egentlig som var galt? Lenke til kommentar
norbat Skrevet 12. mai 2007 Del Skrevet 12. mai 2007 Du hadde en kjent og "kjær" Smitfraud-infeksjon Lenke til kommentar
hernil Skrevet 12. mai 2007 Forfatter Del Skrevet 12. mai 2007 ok (det sa meg ikke så mye ). tusen takk for hjelpen! Lenke til kommentar
hernil Skrevet 14. mai 2007 Forfatter Del Skrevet 14. mai 2007 veit du forresten hvordan man kan få en Smitfraud-infeksjon? bare lurer sånn at jeg eventuelt kan "tette hullet". Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå