Zerpin Skrevet 1. november 2007 Del Skrevet 1. november 2007 Hei. Jeg har lastet ned et program, der fulgte det med virus og keylogger og det suger skikkelig. Norbat kan du hjelpe meg med dette? Lenke til kommentar
norbat Skrevet 1. november 2007 Del Skrevet 1. november 2007 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Zerpin Skrevet 2. november 2007 Forfatter Del Skrevet 2. november 2007 HJT logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:58:37, on 02.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\NavNT\vptray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\NavNT\defwatch.exe C:\Programfiler\NavNT\rtvscan.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsgSys.EXE C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {86DA0852-9FFB-49C5-A195-CB53FD97A2A1} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {F244C050-3D11-49FB-8EBF-43045F512645} - (no file) O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [vptray] C:\Programfiler\NavNT\vptray.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunServer] C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134 Lenke til kommentar
norbat Skrevet 2. november 2007 Del Skrevet 2. november 2007 Hent Smitfraudfix, legg det på skrivebordet Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Smitfraudfix, velg valg 2. Fra normal modus: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post følgende logger: SAS (preferences->statistics/logs) Smitfraudfix (C:\rapport.txt) Ny hjt-logg Lenke til kommentar
Zerpin Skrevet 2. november 2007 Forfatter Del Skrevet 2. november 2007 (endret) SAS logg PERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/02/2007 at 11:46 AM Application Version : 3.9.1008 Core Rules Database Version : 3336 Trace Rules Database Version: 1337 Scan type : Complete Scan Total Scan Time : 00:45:57 Memory items scanned : 523 Memory threats detected : 0 Registry items scanned : 5716 Registry threats detected : 15 File items scanned : 34684 File threats detected : 7 Adware.Tracking Cookie C:\Documents and Settings\Jonas\Cookies\jonas@advertising[2].txt C:\Documents and Settings\Jonas\Cookies\[email protected][1].txt C:\Documents and Settings\Jonas\Cookies\[email protected][2].txt C:\Documents and Settings\Jonas\Cookies\[email protected][1].txt C:\Documents and Settings\Jonas\Cookies\[email protected][1].txt Trojan.NewDotNet HKU\.DEFAULT\Software\New.net HKU\S-1-5-18\Software\New.net Trojan.Unknown Origin HKLM\SOFTWARE\Microsoft\MSSMGR HKLM\SOFTWARE\Microsoft\MSSMGR#Data HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd HKLM\SOFTWARE\Microsoft\MSSMGR#Rid HKLM\SOFTWARE\Microsoft\MSSMGR#LID C:\VUNDOFIX BACKUPS\SERVICES.DLL.BAD Adware.Toolbar888 HKCR\MyToolBar.MyToolBarObj.1 HKCR\MyToolBar.MyToolBarObj.1\CLSID HKLM\Software\Classes\MyToolBar.MyToolBarObj.1 HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID Trojan.Malware HKCR\MezziaCodec.Chl HKCR\MezziaCodec.Chl\CLSID Unclassified.PC MightyMax HKU\S-1-5-21-796845957-1532298954-725345543-1002\Software\PC MightyMax Trojan.SpySheriff C:\DOCUMENTS AND SETTINGS\JONAS\HPNUNPYS.EXE Smitfraudfix logg SmitFraudFix v2.246 Scan done at 10:44:16,39, 02.11.2007 Run from C:\Documents and Settings\Jonas\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{7719505F-598E-441C-92D1-1C93C061B3DB}: DhcpNameServer=192.168.3.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D8F10DC2-29C0-455B-8387-890A049F9DD2}: DhcpNameServer=192.168.1.1 4.2.2.2 4.2.2.3 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E5A3FB4C-6749-42F2-9F5B-1CA91109CF1A}: DhcpNameServer=192.169.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7719505F-598E-441C-92D1-1C93C061B3DB}: DhcpNameServer=192.168.3.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D8F10DC2-29C0-455B-8387-890A049F9DD2}: DhcpNameServer=192.168.1.1 4.2.2.2 4.2.2.3 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E5A3FB4C-6749-42F2-9F5B-1CA91109CF1A}: DhcpNameServer=192.169.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7719505F-598E-441C-92D1-1C93C061B3DB}: DhcpNameServer=192.168.3.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D8F10DC2-29C0-455B-8387-890A049F9DD2}: DhcpNameServer=192.168.1.1 4.2.2.2 4.2.2.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E5A3FB4C-6749-42F2-9F5B-1CA91109CF1A}: DhcpNameServer=192.169.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7719505F-598E-441C-92D1-1C93C061B3DB}: DhcpNameServer=192.168.3.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{D8F10DC2-29C0-455B-8387-890A049F9DD2}: DhcpNameServer=192.168.1.1 4.2.2.2 4.2.2.3 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E5A3FB4C-6749-42F2-9F5B-1CA91109CF1A}: DhcpNameServer=192.169.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End *NY* HJT Logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:09, on 02.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\NavNT\vptray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\NavNT\defwatch.exe C:\Programfiler\NavNT\rtvscan.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsgSys.EXE C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {86DA0852-9FFB-49C5-A195-CB53FD97A2A1} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {F244C050-3D11-49FB-8EBF-43045F512645} - (no file) O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [vptray] C:\Programfiler\NavNT\vptray.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunServer] C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O13 - WWW Prefix: http://www.serial99.com/? O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160658691765 O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.com/de/download/NpFp415.dll O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DefWatch - Symantec Corporation - C:\Programfiler\NavNT\defwatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programfiler\NavNT\rtvscan.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe -- End of file - 6716 bytes Når jeg kjører CounterSpy nå så finner jeg en AFX Windows Rootkit 2003 Backdoor Endret 2. november 2007 av Zerpin Lenke til kommentar
norbat Skrevet 2. november 2007 Del Skrevet 2. november 2007 Kjør hjt, sett merke framfor følgendel linjer og klikk Fix checked: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {86DA0852-9FFB-49C5-A195-CB53FD97A2A1} - (no file) O2 - BHO: (no name) - {F244C050-3D11-49FB-8EBF-43045F512645} - (no file) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O13 - WWW Prefix: http://www.serial99.com/? Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny hjt-logg. Fortell også hvordan PC-en kjører. Lenke til kommentar
Zerpin Skrevet 2. november 2007 Forfatter Del Skrevet 2. november 2007 (endret) Combofix Logg ComboFix 07-11-01.1 - Jonas 2007-11-02 12:54:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.557 [GMT 1:00] Running from: C:\Documents and Settings\Jonas\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Fellesfiler\{BC634~1 C:\Programfiler\inetget2 . ((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))) . 2007-11-02 12:53 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-02 12:12 <DIR> d--hs---- C:\Documents and Settings\Jonas\Siste 2007-11-02 10:58 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-11-02 10:58 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\SUPERAntiSpyware.com 2007-11-02 10:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\SUPERAntiSpyware.com 2007-11-02 10:44 1,848 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-02 10:43 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-02 10:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-02 10:43 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-02 10:43 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-01 22:24 <DIR> d-------- C:\Programfiler\Trend Micro 2007-11-01 21:32 <DIR> d-------- C:\Programfiler\Yahoo! 2007-11-01 21:32 <DIR> d-------- C:\Programfiler\CCleaner 2007-10-31 15:41 <DIR> d-------- C:\Team17 2007-10-31 15:08 <DIR> d-------- C:\Programfiler\Worms 2007-10-30 16:37 <DIR> d-------- C:\Programfiler\Lavalys 2007-10-30 15:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-10-15 21:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-10-15 19:53 <DIR> d-------- C:\Programfiler\ATITool 2007-10-05 21:00 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Sony Setup 2007-10-04 15:43 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-10-04 15:43 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll 2007-10-04 14:09 <DIR> d-------- C:\Fraps 2007-10-03 22:33 <DIR> d-------- C:\Programfiler\Vstplugins 2007-10-03 22:33 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Publish Providers 2007-10-03 22:32 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Sony 2007-10-03 22:31 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll 2007-10-03 22:31 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll 2007-10-03 22:30 <DIR> d-------- C:\Programfiler\Microsoft SQL Server 2007-10-03 22:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Sony 2007-10-03 22:29 <DIR> d-------- C:\Programfiler\Sony 2007-10-03 22:28 <DIR> d-------- C:\Programfiler\Sony Setup 2007-10-03 21:46 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Viewpoint 2007-10-03 21:45 <DIR> d-------- C:\Programfiler\QuickTime 2007-10-03 21:29 <DIR> d-------- C:\Documents and Settings\Jonas\Programdata\Azureus 2007-10-03 21:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Azureus 2007-10-03 21:22 <DIR> d-------- C:\Programfiler\Azureus . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-02 09:58 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-01 16:12 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP 2007-10-31 15:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-10-30 15:56 --------- d-----w C:\Documents and Settings\Jonas\Programdata\Skype 2007-10-12 20:34 --------- d-----w C:\Programfiler\SwiftSwitch 2007-10-12 09:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-12 09:07 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-10-06 14:24 --------- d-----w C:\Programfiler\DivX 2007-09-30 11:41 --------- d-----w C:\Documents and Settings\Jonas\Programdata\DivX 2007-09-29 14:39 --------- d-----w C:\Documents and Settings\Jonas\Programdata\mIRC 2007-09-29 08:33 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-09-29 08:33 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-09-27 14:58 --------- d-----w C:\Documents and Settings\Jonas\Programdata\IGN_DLM 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-09-17 14:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-09-17 14:14 22,328 ----a-w C:\Documents and Settings\Jonas\Programdata\PnkBstrK.sys 2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-08-22 02:07 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-08-22 01:47 3,091,392 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-08-22 01:35 1,586,816 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-08-22 01:21 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-08-22 01:11 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-08-21 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43] "Cmaudio"="cmicnfg.cpl" [] "vptray"="C:\Programfiler\NavNT\vptray.exe" [2001-09-24 07:59] "RegistryMechanic"="" [] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2007-01-19 20:06] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe] "SunServer"="C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-11-11 16:47] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 13:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.exe.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^BlueSoleil.lnk] backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jonas^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jonas^Start-meny^Programmer^Oppstart^Xfire.lnk] backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] "D:\Ting Æ Træng\MsgPlus.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programfiler\Messenger\Msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 3Com_A02;3com Driver;C:\WINDOWS\system32\DRIVERS\3C254G50.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys S3 StkMini;Syntek DC-112X;C:\WINDOWS\system32\Drivers\StkMini.sys S3 StkScan;Syntek DC-112X Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys S3 w3304an5;WN3X0X Wireless Adapter;\??\C:\PROGRA~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0443ab46-a608-11da-abc5-806d6172696f}] \Shell\AutoRun\command - E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2dc834f-a604-11da-9a83-806d6172696f}] \Shell\AutoRun\command - D:\MSsetup.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2006-09-21 17:56:46 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-02 12:56:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-02 12:57:31 . --- E O F --- *NY HJT Logg* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:08:15, on 02.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\NavNT\defwatch.exe C:\Programfiler\NavNT\rtvscan.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\NavNT\vptray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [vptray] C:\Programfiler\NavNT\vptray.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunServer] C:\Programfiler\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160658691765 O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.com/de/download/NpFp415.dll O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DefWatch - Symantec Corporation - C:\Programfiler\NavNT\defwatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programfiler\NavNT\rtvscan.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe -- End of file - 6293 bytes Det virker som PC-en fungerer bra nå. Kan jeg slette programmene som jeg installerte? og Tusen Takk Norbat Endret 2. november 2007 av Zerpin Lenke til kommentar
norbat Skrevet 2. november 2007 Del Skrevet 2. november 2007 Ser greit ut dette. Du bør oppdatere javaen: http://java.com/en/download/index.jsp Deretter nullstiller du gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå