dell_online Skrevet 9. september 2007 Del Skrevet 9. september 2007 HJT logg for noen som har peiling Når jeg trykker på egenskaper på min datamaskin eller prøver å gå inn på funksjoner i kontrollpanel får jeg opp "Denne operasjonen ble avbrutt på grunn av begrensninger som er definert for denne maskinen. Kontakt systemansvarlig." Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:25:22, on 09.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\BCMSMMSG.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Dell\AccessDirect\dadapp.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\Media Experience\PCMService.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Programfiler\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Dell\AccessDirect\DadTray.exe C:\Programfiler\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\ParetoLogic\Anti-Spyware\Pareto_AS.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) F2 - REG:system.ini: Shell=Explorer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DadApp] C:\Programfiler\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Programfiler\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [mmtask] "C:\Programfiler\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AAWTray] C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [AdwareAlert] C:\Programfiler\AdwareAlert\AdwareAlert.exe -boot O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Programfiler\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Google Search - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} (Room328 Designer Setup) - http://www.no.room328.com/app/WebVDSetup.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144504092828 O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9380 bytes Lenke til kommentar
Core-1 Skrevet 9. september 2007 Del Skrevet 9. september 2007 var litt mye på en gang syns du ikke? Lenke til kommentar
Konnis Skrevet 9. september 2007 Del Skrevet 9. september 2007 var litt mye på en gang syns du ikke? 9461121[/snapback] Mener du at loggen var for lang? Lenke til kommentar
Core-1 Skrevet 9. september 2007 Del Skrevet 9. september 2007 alt for lang, men det er jo ikke din skyld kan jo prøve og sende mail til ansvarlig for software, eller kansje sjekke sidene dems? Lenke til kommentar
-Tommy Skrevet 9. september 2007 Del Skrevet 9. september 2007 Hæ? Hva snakker du om? Lenke til kommentar
dell_online Skrevet 9. september 2007 Forfatter Del Skrevet 9. september 2007 Jeg skjønner iallefall ingenting!! Hva menes med at loggen er for lang?? En logg er en logg og jeg la den her for forhåpentlig å få litt hjelp.... Lenke til kommentar
Konnis Skrevet 9. september 2007 Del Skrevet 9. september 2007 Tror joarn2 har glemt HJT-pilla si i dag... Lenke til kommentar
norbat Skrevet 9. september 2007 Del Skrevet 9. september 2007 Kjør HJT, velg 'Do a system scan only', sett merke framfor følgende linjer og klikk 'Fix checked': O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post Combofix-loggen (c:\combofix.txt), SAS-loggen (preferences->statistics/logs) + ny hjt-logg Du bør også vurdere om Bearshare er et program du trenger. Hvis ikke så avinstallerer du det. Lenke til kommentar
dell_online Skrevet 9. september 2007 Forfatter Del Skrevet 9. september 2007 (endret) Takk! Her er loggene... Prøvde å legge som vedlegg men det fikk eg ikkje til.... ComboFix 07-09-09.5 - "Ingvar" 2007-09-09 23:25:43.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.543 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\autorun.inf C:\WINDOWS\system32\drivers\ASC3550.SYS ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_FOPN ((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 ))))))))))))))))))))))))))))))) . 2007-09-09 23:20 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-09 22:18 <DIR> dr-h----- C:\DOCUME~1\Ingvar\Siste 2007-09-09 21:48 <DIR> d-------- C:\Programfiler\CCleaner 2007-09-08 22:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-09-08 22:49 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-09-08 22:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-09-08 22:49 <DIR> d-------- C:\DOCUME~1\Ingvar\PROGRA~1\SUPERAntiSpyware.com 2007-09-08 22:44 <DIR> d-------- C:\Ny mappe 2007-09-08 22:39 <DIR> d-------- C:\Programfiler\Trend Micro 2007-09-08 00:59 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1.001\Siste 2007-09-08 00:59 <DIR> dr------- C:\DOCUME~1\ADMINI~1.001\Start-meny 2007-09-08 00:59 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.001\Skrivere 2007-09-08 00:59 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.001\AndrMask 2007-09-08 00:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1.001\Skrivebord 2007-09-07 23:31 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1.001\Programdata 2007-09-07 23:31 <DIR> dr------- C:\DOCUME~1\ADMINI~1.001\Mine dokumenter 2007-09-07 23:31 <DIR> dr------- C:\DOCUME~1\ADMINI~1.001\Favoritter 2007-09-07 23:31 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.001\Maler 2007-09-07 23:31 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.001\Lokale innstillinger 2007-09-07 23:26 4,694 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-09-06 02:58 <DIR> d-------- C:\Programfiler\ParetoLogic 2007-09-06 02:58 <DIR> d-------- C:\Programfiler\Fellesfiler\ParetoLogic 2007-09-06 02:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\ParetoLogic Anti-Spyware 2007-09-06 00:44 <DIR> d-------- C:\Programfiler\Lavasoft 2007-09-06 00:08 <DIR> d-------- C:\Programfiler\Windows Defender 2007-09-05 23:55 <DIR> d-------- C:\DOCUME~1\Ingvar\PROGRA~1\AdwareAlert 2007-09-05 23:33 0 --a------ C:\WINDOWS\nsreg.dat 2007-09-05 21:37 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll 2007-09-05 20:47 8,704 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll 2007-09-05 20:47 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll 2007-09-05 20:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\TEMP 2007-08-23 14:45 <DIR> d-------- C:\DOCUME~1\Ingvar\PROGRA~1\Media Player Classic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-09 22:27 --------- d-------- C:\Programfiler\Winamp 2007-09-09 21:48 --------- d-------- C:\Programfiler\Yahoo! 2007-09-08 22:27 --------- d-------- C:\Programfiler\DivX 2007-08-14 20:43 --------- d-a------ C:\Programfiler\Furnish Lite 2007-07-17 17:46 --------- d-------- C:\Programfiler\Google 2007-07-17 11:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Google 2007-06-13 15:24 1033216 --a------ C:\WINDOWS\explorer.exe 2007-02-12 22:06 15424 --a------ C:\Programfiler\Furnish Lite uninstal.log 2006-08-09 23:35 13188506 --a------ C:\Programfiler\4623_content.exe 2006-02-28 00:41 643711 --a------ C:\Programfiler\XviD-1.1.0-30122005.exe 2006-01-17 00:58 36440 --a------ C:\Programfiler\en.fpf 2006-01-16 22:27 6867035 --a------ C:\Programfiler\IHP_Kitchen_2006.EXE 2006-01-15 02:28 11477288 --a------ C:\Programfiler\DivXPlay.exe 2006-01-01 23:06 3801301 --a------ C:\Programfiler\RCA_Web_Release_v1.0.55a.exe 2006-01-01 21:53 1625790 --a------ C:\Programfiler\PDP2812_FWUpgrade_v105a.exe 2005-12-24 01:55 34412848 --a------ C:\Programfiler\iTunesSetup.exe 2005-12-14 00:45 16150144 --a------ C:\Programfiler\avg71free_371a669.exe 2003-09-22 13:09 1703936 --a------ C:\Programfiler\XVideoConverter.exe 2001-11-20 00:48 47539 --a------ C:\Programfiler\Rmtour.hlp 2001-11-16 03:43 162147 --a------ C:\Programfiler\AutoLoad.EXE 2001-11-14 01:06 9136 --a------ C:\Programfiler\INETWH16.DLL 2001-11-14 01:06 48640 --a------ C:\Programfiler\INETWH32.DLL 2001-11-14 01:06 16489 --a------ C:\Programfiler\ReadThis.rtf 2001-11-14 01:05 960 --a------ C:\Programfiler\RMTour.CNT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-08-19 01:44] "nwiz"="nwiz.exe" [2004-08-19 01:44 C:\WINDOWS\SYSTEM32\nwiz.exe] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 07:59 C:\WINDOWS\BCMSMMSG.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "DadApp"="C:\Programfiler\Dell\AccessDirect\dadapp.exe" [2004-03-04 13:36] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2004-03-04 22:59] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 21:23] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 11:35] "PCMService"="C:\Programfiler\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 13:43] "MMTray"="C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:03] "LyraHD2TrayApp"="C:\Programfiler\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-02-18 18:38] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2006-03-03 23:13] "BearShare"="C:\Programfiler\BearShare\BearShare.exe" [] "mmtask"="C:\Programfiler\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 14:03] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-02-23 16:45] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-03-05 12:48] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-21 19:21] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "DataLayer"="C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 14:45] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-05-15 00:22] "Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "AAWTray"="C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 15:49] "ParetoLogic Anti-Spyware"="C:\Programfiler\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2007-08-01 22:56] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] DESKTOP.INI [2004-09-28 20:23:40] C:\DOCUME~1\Ingvar\START-~1\PROGRA~1\Oppstart\ DESKTOP.INI [2004-09-28 20:23:40] C:\DOCUME~1\Silje\START-~1\PROGRA~1\Oppstart\ DESKTOP.INI [2004-09-28 20:23:40] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"=0 (0x0) "NoMovingBands"=0 (0x0) "NoCloseDragDropBands"=0 (0x0) "NoSetTaskbar"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Programfiler\ParetoLogic\Anti-Spyware\PASShlExt.dll [2007-08-01 22:50 98304] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys S3 pmxscan;USB Flatbed Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys . Contents of the 'Scheduled Tasks' folder "2007-09-06 17:15:36 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Programfiler\AdwareAlert\AdwareAlert.exe "2007-06-15 22:00:15 C:\WINDOWS\Tasks\Low Battery Alarm Program.job" "2007-09-09 20:48:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2007-09-06 00:58:26 C:\WINDOWS\Tasks\Pareto UNS.job" - C:\Programfiler\Fellesfiler\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe "2007-09-06 00:58:21 C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job" - C:\Programfiler\ParetoLogic\Anti-Spyware\Pareto_AS.exe "2007-09-08 22:33:00 C:\WINDOWS\Tasks\ParetoLogic Update.job" - C:\Programfiler\Fellesfiler\ParetoLogic\UUS\Pareto_Update.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-09 23:32:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\viaagp] "ImagePath"="system32\DRIVERS\viaagp.sys" . Completion time: 2007-09-09 23:34:54 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-09 23:34 . --- E O F --- SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/10/2007 at 00:19 AM Application Version : 3.9.1008 Core Rules Database Version : 3302 Trace Rules Database Version: 1308 Scan type : Complete Scan Total Scan Time : 00:39:19 Memory items scanned : 486 Memory threats detected : 0 Registry items scanned : 6654 Registry threats detected : 0 File items scanned : 36800 File threats detected : 8 Malware.VirusProtectPro C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP334\A0089147.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP338\A0091146.EXE Trojan.Downloader-Gen/NoMultiTask C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP334\A0090102.DLL Trojan.Smitfraud Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP340\A0097105.DLL Trojan.ErrorSafe C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP345\A0102127.EXE Adware.WhenU C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP345\A0102128.EXE Adware.PointsManager-Uninstaller C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP345\A0102129.EXE Trojan.WinAntiSpyware/WinAntiVirus 2006 C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP345\A0102130.EXE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:25:10, on 10.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\BCMSMMSG.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Dell\AccessDirect\dadapp.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\Media Experience\PCMService.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Programfiler\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Dell\AccessDirect\DadTray.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\ParetoLogic\Anti-Spyware\Pareto_AS.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DadApp] C:\Programfiler\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Programfiler\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bearShare] "C:\Programfiler\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [mmtask] "C:\Programfiler\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AAWTray] C:\Programfiler\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Programfiler\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} (Room328 Designer Setup) - http://www.no.room328.com/app/WebVDSetup.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144504092828 O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9055 bytes Endret 9. september 2007 av dell_online Lenke til kommentar
norbat Skrevet 10. september 2007 Del Skrevet 10. september 2007 Ser vi bort bra Bearshare, så ser loggen din fin ut. Hvordan kjører pc'n? Lenke til kommentar
dell_online Skrevet 10. september 2007 Forfatter Del Skrevet 10. september 2007 Nå virker alt som det skal!! Har kvittet meg med Bear Share. PC'n kjører fint, alt vel. Tusen millioner takk norbat!! Lenke til kommentar
norbat Skrevet 10. september 2007 Del Skrevet 10. september 2007 Bare hyggelig. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå