Kimelimm Skrevet 31. august 2007 Del Skrevet 31. august 2007 Hei! Jeg har et problem nå. Jeg har koblet opp pcen min for 2 uker siden, og etter 1 uke var den dritt treg(Jge var på LAN for 2 uker siden) Og jeg har scanna 3 ganger med AD-Aware og SuperAntiSpyware. Jeg har også Defragmentert, og sletta 15GB med filer. Hva kan problemet være ? tar jo 1 minutt og starte MSN! (Tipper at Norbat kommer inn og sjekker ) Lenke til kommentar
norbat Skrevet 31. august 2007 Del Skrevet 31. august 2007 Post gjerne en Hijackthis-logg. Den kan kanskje si litt mer... Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 Viste du kom Norbat! Er KJEMPE glad vi har deg på forumet her! Jeg skal edite posten når jeg har en ferdig du! Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 Tok og lagde en ny jeg ^^ Hvis det er greit da, ellers bare putt i tråden over Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:43:16, on 31.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\QuickTime\QTTask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\nvsvc32.exe C:\DAEMON Tools\daemon.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\Purrint\Purrint.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\SiteAdvisor\6172\SAService.exe C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MessengerDiscovery\MessengerDiscovery Live.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Winamp\winamp.exe C:\Documents and Settings\Kim\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: SeekNewLive Bar - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0212} - C:\Programfiler\SNLBar\SNLBar.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [XLQS Agent] C:\WINDOWS\system32\28463\XLQS.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programfiler\Octoshape Streaming Services\Kim\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [12Voip] "C:\Programfiler\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-21-1844237615-412668190-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Purrint.lnk = C:\Programfiler\Purrint\Purrint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: License Management Service ESD - Unknown owner - C:\Programfiler\Fellesfiler\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Programfiler\SiteAdvisor\6172\SAService.exe -- End of file - 8756 bytes Have a good day Lenke til kommentar
norbat Skrevet 31. august 2007 Del Skrevet 31. august 2007 Fix disse med HJT: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SeekNewLive Bar - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0212} - C:\Programfiler\SNLBar\SNLBar.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file) Hent Smitfraudfix, legg det på skrivebordet Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2. Post loggen (C:\rapport.txt) + ny hjt-logg Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 (endret) Ok skriver dette i Sikkerhets modus, så du kan godt sjekke imens Tok ikke "Clean Registery" Siden jeg ikke tørr og miste alt i registeret... Si ifra hvis jeg MÅ det. Her har vi tinga Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:18:00, on 31.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kim\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [siteAdvisor] C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [XLQS Agent] C:\WINDOWS\system32\28463\XLQS.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programfiler\Octoshape Streaming Services\Kim\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [12Voip] "C:\Programfiler\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Purrint.lnk = C:\Programfiler\Purrint\Purrint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: License Management Service ESD - Unknown owner - C:\Programfiler\Fellesfiler\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Programfiler\SiteAdvisor\6172\SAService.exe -- End of file - 6886 bytes Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.218 Scan done at 16:10:09,60, 31.08.2007 Run from C:\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 Fookit »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139 Family PCI Fast Ethernet-kort - Miniport for pakkeplanlegger DNS Server Search Order: 10.0.0.138 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2ACFC4C-7F6A-4BC6-96AD-913CD8F88C6B}: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E2ACFC4C-7F6A-4BC6-96AD-913CD8F88C6B}: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E2ACFC4C-7F6A-4BC6-96AD-913CD8F88C6B}: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning not selected. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End og "Smithfraud" tingen over dette ^ Endret 31. august 2007 av Kimelimm Lenke til kommentar
norbat Skrevet 31. august 2007 Del Skrevet 31. august 2007 Du bør velge å la programmet rense evt. det det finner i registeret... Fra normal modus gjør du følgende: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) og fortell hvordan pc'n kjører. Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.218 Scan done at 16:34:55,01, 31.08.2007 Run from C:\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 Fookit »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139 Family PCI Fast Ethernet-kort - Miniport for pakkeplanlegger DNS Server Search Order: 10.0.0.138 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2ACFC4C-7F6A-4BC6-96AD-913CD8F88C6B}: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E2ACFC4C-7F6A-4BC6-96AD-913CD8F88C6B}: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E2ACFC4C-7F6A-4BC6-96AD-913CD8F88C6B}: DhcpNameServer=10.0.0.138 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Der var scaninngen av registery, skal starte opp vanlig, brb! Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 Ok den combofix ville ikke fortsette, venta 45 min, så den må vi nesten glemme, den er ikke så mye raskere atm :/ Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 FAAAAAEEN jeg har mista ALLE bokmerkene !! GRRRRR vare over 40 VIKTIGE bokmerker OMGOM OMG OMGO MGO M kan jeg få dem tilbake PLZ!? Lenke til kommentar
norbat Skrevet 31. august 2007 Del Skrevet 31. august 2007 Når forsvant disse bokmerkene? Kanskje de ligger i papirkurven? Restart pc'n og prøv og kjør combofix igjen. Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 de ligger ikke i papirkurv Det var 40 viktige i dass... Har slått av systemgjennprettning. FAEN I HELVETTE! Sorry språket ska ta combofix nå Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 Den har stått sånn i 20 min nå, og siden ikke antivirus finner noe virus, så skulle det jo tatt 10 min max? IKKE SI JEG MÅ FORMATERE! PLEASE! Er det muligheter for pcen min enda?! Lenke til kommentar
norbat Skrevet 31. august 2007 Del Skrevet 31. august 2007 Combofix kan ta vesentlig lengre tid en 10 min, så bare ha litt tålmodighet.... Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 De forsvant sikkert etter "Registery clean"... WTF DA KAN JEG SIKKERT IKKE BRUKE PROGRAMMER LENGER!? omgomgomg er det en backeup noe sted plzpzlz! Hvis ALT er fjerna nå, så sliter jeg sykt med programmer og slik! Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 (endret) Ok etter NESTEN 1 time, ble den ferdig håper dette hjelper as! Klikk for å se/fjerne innholdet nedenfor ComboFix 07-08-30.3 - "Kim" 2007-08-31 19:38:43.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.178 [GMT 2:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\KIMPET~1\MINEDO~1\sstem3~1 ((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 ))))))))))))))))))))))))))))))) 2007-08-31 16:10 1,814 --a------ C:\WINDOWS\system32\tmp.reg 2007-08-31 16:09 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-08-31 16:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-08-31 16:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-08-31 16:09 <DIR> d-------- C:\SmitfraudFix 2007-08-31 16:05 893,185 --a------ C:\SmitfraudFix.exe 2007-08-29 21:13 <DIR> dr-h----- C:\DOCUME~1\Kim\Siste 2007-08-29 14:48 54,193 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-08-29 14:48 25,600 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-08-29 14:47 34 --ah----- C:\WINDOWS\system32\MP3ToAMRConverter_sysquict.dat 2007-08-29 14:47 <DIR> d-------- C:\Programfiler\Okoker MP3 To AMR Converter 2007-08-29 14:42 45 --a------ C:\WINDOWS\system32\winitn.dll 2007-08-29 14:42 45 --a------ C:\WINDOWS\system32\kakle.dll 2007-08-29 14:39 <DIR> d-------- C:\WINDOWS\system32\RMBin 2007-08-26 20:42 <DIR> d-------- C:\Programfiler\GameBiz 2007-08-26 18:22 <DIR> d-------- C:\LIVEFORSPEED 2007-08-23 14:44 <DIR> d-------- C:\Programfiler\Bits N Bytes 2007-08-22 20:49 <DIR> d--hs---- C:\WINDOWS\system32\28463 2007-08-22 20:49 <DIR> d-------- C:\NEW FRAPS 2007-08-20 19:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Apple Computer 2007-08-20 18:27 246,767 --a------ C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe 2007-08-20 18:05 <DIR> d-------- C:\Programfiler\Pixar 2007-08-20 17:08 212 ---hs---- C:\WINDOWS\WSYS049.SYS 2007-08-20 15:53 <DIR> d-------- C:\Programfiler\rFactor 2007-08-19 11:45 <DIR> d-------- C:\Programfiler\1964 2007-08-17 23:48 <DIR> d-------- C:\Programfiler\DOSBox-0.71 2007-08-16 23:31 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Viewpoint 2007-08-16 23:21 <DIR> d-------- C:\Programfiler\Viewpoint 2007-08-16 23:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Viewpoint 2007-08-16 23:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\AOL OCP 2007-08-16 23:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\AOL 2007-08-16 23:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\AOL Downloads 2007-08-16 12:59 <DIR> d-------- C:\Programfiler\Duke 3D 2007-08-15 20:30 <DIR> d-------- C:\Programfiler\Creative 2007-08-15 20:30 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Creative 2007-08-15 20:13 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe 2007-08-15 15:59 <DIR> d-------- C:\Programfiler\Global Conflicts - Palestine Demo 2007-08-15 11:32 233,472 --a------ C:\WINDOWS\system32\Ilda32.dll 2007-08-15 11:32 18,944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL 2007-08-15 01:12 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\12Voip 2007-08-15 01:11 <DIR> d-------- C:\Programfiler\12Voip.com 2007-08-15 01:11 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\VoipStunt 2007-08-15 01:09 <DIR> d-------- C:\Programfiler\VoipStunt.com 2007-08-15 01:04 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\VoipBuster 2007-08-15 01:03 <DIR> d-------- C:\Programfiler\VoipBuster.com 2007-08-13 19:27 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\DivX 2007-08-13 01:10 <DIR> d-------- C:\SSAM2_FILES 2007-08-13 00:20 <DIR> d-------- C:\Arabic drifters BACKUP 2007-08-12 14:56 <DIR> d-------- C:\Programfiler\Thief - Deadly Shadows 2007-08-10 18:27 <DIR> d--hs---- C:\WINDOWS\system32\Sys 2007-08-10 02:03 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\NASA 2007-08-07 18:43 <DIR> d-------- C:\Programfiler\Blaze Media Pro 2007-08-07 18:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\{CFAB4006-0AE0-414D-866A-DCB2C46553CF} 2007-08-07 12:48 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2007-08-07 12:48 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Propellerhead Software 2007-08-07 12:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Propellerhead Software 2007-08-07 12:32 <DIR> d-------- C:\Programfiler\Propellerhead 2007-08-06 20:05 <DIR> d-------- C:\Programfiler\EA GAMES 2007-08-06 19:31 <DIR> d-------- C:\Programfiler\XP Codec Pack 2007-08-04 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Google 2007-08-03 17:28 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Apple Computer 2007-08-03 17:19 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-08-03 17:19 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-08-03 17:19 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-08-03 17:19 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-08-03 17:19 163,840 --a------ C:\WINDOWS\system32\unrar.dll 2007-08-03 17:19 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Real 2007-08-03 17:19 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Media Player Classic 2007-08-03 17:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Real 2007-08-03 17:16 <DIR> d-------- C:\Programfiler\Apple Software Update 2007-08-03 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Apple 2007-08-03 16:42 74,492 --a------ C:\WINDOWS\War3Unin.dat 2007-08-03 16:42 2,829 --a------ C:\WINDOWS\War3Unin.pif 2007-08-03 16:42 139,264 --a------ C:\WINDOWS\War3Unin.exe 2007-08-03 16:40 <DIR> d-------- C:\Programfiler\Warcraft III 2007-08-02 20:54 <DIR> d-------- C:\Programfiler\Octoshape Streaming Services 2007-08-02 19:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Trymedia 2007-08-01 19:52 <DIR> d-------- C:\Programfiler\Fellesfiler\DirectX 2007-08-01 17:30 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Lionhead Studios 2007-08-01 13:13 <DIR> d-------- C:\WINDOWS\NV5961984.TMP 2007-08-01 11:03 <DIR> d-------- C:\Programfiler\Lionhead Studios Ltd 2007-08-01 11:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Lionhead Studios 2007-08-01 10:55 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-08-01 09:57 16,384 --a------ C:\WINDOWS\system32\FileOps.exe 2007-07-31 20:13 <DIR> d-------- C:\Programfiler\Lead Pursuit 2007-07-30 14:44 <DIR> d-------- C:\Programfiler\SecondLife 2007-07-27 01:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-27 01:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-27 01:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-27 01:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-27 01:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-26 20:03 <DIR> d-------- C:\DOCUME~1\Kim\PROGRA~1\Texture Maker 2007-07-26 20:01 <DIR> d-------- C:\Programfiler\Texture Maker 2007-07-26 19:41 <DIR> d-------- C:\DOCUME~1\Kim\.assistant 2007-07-26 19:00 <DIR> d-------- C:\DOCUME~1\Kim\scenes 2007-07-26 18:57 <DIR> d-------- C:\Programfiler\Next Limit 2007-07-26 15:18 <DIR> d-------- C:\tmp 2007-07-25 19:42 <DIR> d-------- C:\WINDOWS\system32\include 2007-07-24 17:36 <DIR> d-------- C:\Programfiler\TechSmith 2007-07-24 01:44 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-31 18:31 --------- d-------- C:\DOCUME~1\Kim\PROGRA~1\uTorrent 2007-08-31 00:09 --------- d-------- C:\Programfiler\SiteAdvisor 2007-08-31 00:08 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\SiteAdvisor 2007-08-30 21:40 --------- d-------- C:\Programfiler\SUPERAntiSpyware 2007-08-29 14:42 987136 --a------ C:\WINDOWS\system32\agsaamh.dll 2007-08-29 14:42 90112 --a------ C:\WINDOWS\system32\agsaami.dll 2007-08-29 14:42 610304 --a------ C:\WINDOWS\system32\agsaamg.dll 2007-08-29 14:42 372736 --a------ C:\WINDOWS\system32\agsaamc.dll 2007-08-29 14:42 331776 --a------ C:\WINDOWS\system32\agsaama.dll 2007-08-29 14:42 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll 2007-08-29 14:42 237568 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-08-29 14:42 1986560 --a------ C:\WINDOWS\system32\akll.dll 2007-08-29 14:42 196608 --a------ C:\WINDOWS\system32\maag.dll 2007-08-29 14:42 1245184 --a------ C:\WINDOWS\system32\bkll.dll 2007-08-29 14:42 1212416 --a------ C:\WINDOWS\system32\ckll.dll 2007-08-29 14:40 53760 --a------ C:\WINDOWS\system\ppacklib.dll 2007-08-28 17:38 --------- d-------- C:\DOCUME~1\Kim\PROGRA~1\Hamachi 2007-08-26 15:55 --------- d-------- C:\Programfiler\Steam 2007-08-25 07:09 --------- d-------- C:\Programfiler\uTorrent 2007-08-22 20:51 --------- d-a------ C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\TEMP 2007-08-20 19:54 --------- d-------- C:\Programfiler\QuickTime 2007-08-20 18:27 --------- d-------- C:\Programfiler\CoffeeCup Software 2007-08-18 16:48 --------- d-------- C:\DOCUME~1\LOCALS~1.NT-\PROGRA~1\SiteAdvisor 2007-08-15 20:42 --------- d-------- C:\Programfiler\Logitech 2007-08-15 20:36 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-08-15 20:13 --------- d-------- C:\Programfiler\Fellesfiler\Logitech 2007-08-14 23:36 --------- d-------- C:\DOCUME~1\Kim\PROGRA~1\Skype 2007-08-14 00:14 --------- d-------- C:\Programfiler\AV Vcs 4.0 DIAMOND 2007-08-13 10:01 --------- d-------- C:\Programfiler\The Rosetta Stone 2007-08-08 13:09 --------- d-------- C:\Programfiler\MessengerDiscovery 2007-08-06 16:56 --------- d-------- C:\Programfiler\PartyGaming 2007-08-04 11:47 --------- d-------- C:\Programfiler\DivX 2007-08-04 11:46 --------- d-------- C:\Programfiler\Google 2007-08-03 17:19 --------- d-------- C:\Programfiler\K-Lite Codec Pack 2007-08-03 01:30 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-08-02 19:21 --------- d-------- C:\Programfiler\Sierra 2007-08-01 17:29 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-07-30 14:55 --------- d-------- C:\DOCUME~1\Kim\PROGRA~1\SecondLife 2007-07-29 19:00 --------- d-------- C:\DOCUME~1\Kim\PROGRA~1\Publish Providers 2007-07-29 18:15 --------- d-------- C:\Programfiler\VirtualDJ 2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-27 01:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-07-27 01:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-27 01:03 740442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-27 01:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-07-27 01:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-07-27 01:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-27 01:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-27 01:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-07-27 01:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-24 00:42 --------- d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-07-23 22:44 --------- d-------- C:\Programfiler\Fellesfiler\Autodesk Shared 2007-07-23 22:38 --------- d-------- C:\Programfiler\Autodesk 2007-07-23 20:44 --------- d-------- C:\Programfiler\Sony Ericsson 2007-07-23 11:39 --------- d-------- C:\Programfiler\Vstplugins 2007-07-22 16:08 --------- d-------- C:\Programfiler\Cheat Engine 2007-07-02 20:11 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-07-02 00:48 --------- d-------- C:\DOCUME~1\Kim\PROGRA~1\teamspeak2 2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll 2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll 2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll 2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe 2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll 2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll 2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SiteAdvisor"="C:\Programfiler\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 17:42] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "LiveMonitor"="C:\Programfiler\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32] "XLQS Agent"="C:\WINDOWS\system32\28463\XLQS.exe" [2007-08-22 20:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "DAEMON Tools"="C:\DAEMON Tools\daemon.exe" [2007-04-04 00:29] "Octoshape Streaming Services"="C:\Programfiler\Octoshape Streaming Services\Kim\OctoshapeClient.exe" [] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-04-12 17:11] "12Voip"="C:\Programfiler\12Voip.com\12Voip\12Voip.exe" [2007-06-15 09:33] C:\DOCUME~1\KIMPET~1\START-~1\PROGRA~1\Oppstart\ Purrint.lnk - C:\Programfiler\Purrint\Purrint.exe [2005-03-31 06:12:30] C:\DOCUME~1\Kim\START-~1\PROGRA~1\Oppstart\ Purrint.lnk - C:\Programfiler\Purrint\Purrint.exe [2005-03-31 06:12:30] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12Voip] "C:\Programfiler\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GXST Agent] C:\WINDOWS\system32\Sys32\GXST.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] HDAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "c:\programfiler\steam\steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20] C:\WINDOWS\system32\sw20.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24] C:\WINDOWS\system32\sw24.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster] "C:\Programfiler\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt] "C:\Programfiler\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys *Newly Created Service* - WEBNTACCESS [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{010F37E3-CEE3-9BCA-0402-020200040604}] C:\WINDOWS\system32\iexplorer.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-31 20:30:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-08-31 20:33:34 C:\ComboFix-quarantined-files.txt ... 2007-08-31 20:32 --- E O F --- EDIT: Er det mulig og få tilbake de bokmerkene? Endret 31. august 2007 av Kimelimm Lenke til kommentar
norbat Skrevet 31. august 2007 Del Skrevet 31. august 2007 Hvorfor dine bokmerker har forsvunnet, vet jeg ikke. Ingen ting av de fixene som du har gjennomført i denne tråden fjerner bokmerker. Bruker du Firefox kan du sjekke denne siden og se om du kan bruke noe av det: http://kb.mozillazine.org/Lost_bookmarks Hvis pc'n fortsatt er treg så kan du sjekke om noen systemfiler trenger recovery: Klikk: Start -> Kjør Skriv: sfc /scannow (mellomrom mellom sfc og / ) Mulig du trenger XP-cd'n. Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 TAKK! Da er bokmerkene på plass, men jeg trengte xp cden, hva skjer hvis jeg tar det du sier der? Lenke til kommentar
norbat Skrevet 31. august 2007 Del Skrevet 31. august 2007 Hvis det er systemfiler som er skadet eller mangler, blir de erstattet. Lenke til kommentar
Kimelimm Skrevet 31. august 2007 Forfatter Del Skrevet 31. august 2007 (endret) EDIT: Tar en CHKDSK for og sjekke om det er skadde filer... Si ifra hvis det ikke hjelper noe, fordi jeg vetoikke hvor XP cden er atm! Endret 31. august 2007 av Kimelimm Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå