Keiseren av Grønland Skrevet 2. desember 2007 Del Skrevet 2. desember 2007 Jeg har ikke hatt adgang til det på over et år, nå begynner det virkelig å bli irriterende. Jeg er administrator, det er ingen andre brukere, men når jeg trykker ctrl alt del, så er oppgavebehandlingsknappen grålagt. Hva er grunnen til dette og hvordan kan jeg få adgang igjen? Lenke til kommentar
Rocket Skrevet 2. desember 2007 Del Skrevet 2. desember 2007 var borti det på en maskin, og da hadde han hatt virus på maskinen. jeg fikk fjernet alt viruset tror jeg, men fikk fortsatt ikke tilbake oppgavebehandlinga på den brukeren..testa på en annen bruker, og da funket det merkelig nok helt ok. prøvde å google på "disabled task manager" eller noe i den duren, husker ikke helt... da fant jeg et lite program som ganske enkelt enablet oppgavebehandling igjen..funka flott men husker dessverre ikke hva det het. Lenke til kommentar
Jallenbo Skrevet 2. desember 2007 Del Skrevet 2. desember 2007 (endret) Logg på administratorkontoen i sikkermodus. Høyreklikk nå på partisjonen du har Windows på (vanligvis C:\). Under fanen "Brukere" kan du endre rettighetene til de forskjellige brukerene. Endret 2. desember 2007 av Jallenbo Lenke til kommentar
Keiseren av Grønland Skrevet 3. desember 2007 Forfatter Del Skrevet 3. desember 2007 (endret) Prøvde denne metoden her i mellomtiden http://www.pc-hjelpen.com/html/visxptweak.asp?Nyhet_ID=61 Da jeg skrev det der inn i regedit fikk jeg melding om at brukeren har deaktivert redigering av registeret, så vet noen man aktiverer det Jeg har tidligere hatt virus som muligens har gjort dette ja. Fjernet det med smitrem, var et sånn superstygt antivirusprogram-virus. - Jallenbo jeg har nå prøvd det du sa. Det fungerte dessverre ikke. Oppgavebehandling og endring av registeret er fortsat deaktivert av administratoren. Faen jeg blir så irritert. Hvorfor må jeg alltid løse slike problemer i windows med å formatere? Det er jo nesten ikke noe annet valg. Endret 3. desember 2007 av Ramius Lenke til kommentar
norbat Skrevet 3. desember 2007 Del Skrevet 3. desember 2007 Post gjerne en hjt-logg. Den kan evt. si om det ligger noe mer på PC-en som bør fjernes: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Keiseren av Grønland Skrevet 3. desember 2007 Forfatter Del Skrevet 3. desember 2007 Ok? Håper det er riktig fil du spør etter for dette blir langt:P Dette var den tekstfilen som dukket opp etter jeg gjorde scannen, antar at det var loggen. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:25:04, on 03.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\Probe\AsusProb.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\uTorrent\uTorrent.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.5.19.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar5.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://CD-en.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B91BED64-CB32-47F7-A6D9-7F1FE6930400}: NameServer = 217.13.7.140,217.13.4.24 O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - C:\WINDOWS\system32\titiau.dll (file missing) O22 - SharedTaskScheduler: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - C:\WINDOWS\system32\titiau.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe -- End of file - 9440 bytes Lenke til kommentar
Jallenbo Skrevet 3. desember 2007 Del Skrevet 3. desember 2007 Loggfilen kan du sjekke selv på hijackthis.de. Lenke til kommentar
Keiseren av Grønland Skrevet 3. desember 2007 Forfatter Del Skrevet 3. desember 2007 Ah ok, det var jo effektivt. Men til ingen overraskelse så fikk jeg der masse ukjente på lista. Altså med spørsmålstegn. Hvordan skal jeg vite at de ikke er problemene eller om jeg skal slette dem uten å få noen systemproblemer. Lenke til kommentar
norbat Skrevet 3. desember 2007 Del Skrevet 3. desember 2007 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.5.19.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - C:\WINDOWS\system32\titiau.dll (file missing) O22 - SharedTaskScheduler: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - C:\WINDOWS\system32\titiau.dll (file missing) Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny hjt-logg. Lenke til kommentar
Keiseren av Grønland Skrevet 3. desember 2007 Forfatter Del Skrevet 3. desember 2007 (endret) Okay, litt ubekvem med å poste disse loggene på et forum men det får gå. Gjorde akkurat som du sa Norbat. Combofixloggen: ComboFix 07-12-02.6 - Marius 2007-12-03 17:38:54.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.560 [GMT 1:00] Running from: C:\Documents and Settings\Marius\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Fonts\acrsecI.fon . ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))) . 2007-12-03 13:24 . 2007-12-03 13:24 <DIR> d-------- C:\Programfiler\Trend Micro 2007-12-03 02:00 . 2005-08-11 21:56 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2007-12-03 02:00 . 2005-08-11 21:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2007-12-03 02:00 . 2005-08-11 21:56 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2007-12-03 02:00 . 2005-08-11 21:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2007-12-03 02:00 . 2005-08-11 21:56 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2007-12-03 02:00 . 2005-08-11 21:56 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2007-12-03 02:00 . 2005-08-11 21:10 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2007-12-03 02:00 . 2005-08-11 21:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2007-12-03 02:00 . 2005-08-11 21:56 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2007-12-03 02:00 . 2005-08-11 21:56 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2007-11-30 18:22 . 2007-11-30 18:22 <DIR> d-------- C:\Programfiler\ffdshow 2007-11-30 18:22 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-11-30 18:22 . 2007-06-03 14:31 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-30 18:22 . 2006-12-10 23:32 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-11-30 18:21 . 2007-11-30 18:22 <DIR> d-------- C:\Programfiler\TVersity Codec Pack 2007-11-18 18:48 . 2007-11-18 18:48 <DIR> d--h----- C:\CWDS2Temp 2007-11-12 17:57 . 2007-12-03 12:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-12 17:57 . 2007-11-12 17:57 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-12 17:56 . 2007-11-12 17:56 <DIR> d-------- C:\Programfiler\iTunes 2007-11-12 17:55 . 2007-11-12 17:55 <DIR> d-------- C:\Programfiler\QuickTime 2007-11-12 00:36 . 2007-11-12 00:36 <DIR> dr-h----- C:\Documents and Settings\Marius\Programdata\SecuROM 2007-11-12 00:26 . 2007-11-12 00:26 <DIR> d-------- C:\Programfiler\GameSpy 2007-11-12 00:26 . 2007-11-12 00:26 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-11-12 00:26 . 2007-11-12 00:26 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-11-12 00:26 . 2007-11-12 00:26 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-11-12 00:26 . 2007-11-12 00:26 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-12 00:26 . 2007-11-12 00:26 22,328 --a------ C:\Documents and Settings\Marius\Programdata\PnkBstrK.sys 2007-11-10 23:51 . 2007-11-10 23:51 103,420 --a------ C:\0083.jpg 2007-11-10 23:51 . 2007-11-10 23:51 81,528 --a------ C:\0084.jpg 2007-11-10 23:50 . 2007-11-10 23:50 95,670 --a------ C:\0081.jpg 2007-11-10 23:50 . 2007-11-27 02:09 84,449 --a------ C:\billig.jpg 2007-11-10 23:50 . 2007-11-10 23:50 65,076 --a------ C:\0070.jpg 2007-11-10 23:50 . 2007-11-10 23:50 57,524 --a------ C:\0069.jpg 2007-11-04 19:57 . 2007-11-04 19:57 <DIR> d-------- C:\Programfiler\NVIDIA Corporation 2007-11-04 01:35 . 2007-11-04 01:35 8 --a------ C:\WINDOWS\system32\nvModes.dat 2007-11-03 14:00 . 2007-11-03 14:00 <DIR> d-------- C:\Documents and Settings\Marius\Programdata\InstallShield Installation Information 2007-11-03 13:58 . 2007-11-03 13:58 <DIR> d-------- C:\Programfiler\Unreal Tournament 3 Demo 2007-11-03 13:56 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-11-03 13:56 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-11-03 13:56 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-11-03 13:56 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-11-03 13:56 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-11-03 13:56 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-11-03 13:55 . 2007-11-03 13:55 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-11-03 13:55 . 2007-11-03 13:55 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-03 13:55 . 2007-11-03 13:56 <DIR> d-------- C:\Programfiler\AGEIA Technologies . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-03 16:42 --------- d-----w C:\Documents and Settings\Marius\Programdata\uTorrent 2007-11-12 16:56 --------- d-----w C:\Programfiler\iPod 2007-11-11 23:36 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-28 19:58 --------- d-----w C:\Programfiler\Electronic Arts 2007-10-03 11:40 --------- d-----w C:\Programfiler\Windows Live Safety Center 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvusmb.exe 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvunrm.exe 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvuide.exe 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-09-17 00:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-09-17 00:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-09-17 00:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-09-17 00:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-09-17 00:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-09-17 00:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-09-17 00:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-09-17 00:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-09-17 00:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-09-17 00:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-09-17 00:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-09-17 00:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-09-17 00:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-09-17 00:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-09-17 00:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-09-17 00:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-09-17 00:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-09-17 00:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-09-17 00:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-09-17 00:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-09-17 00:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll 2007-09-17 00:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-09-17 00:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-09-17 00:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-09-13 08:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 13:20] "uTorrent"="C:\Programfiler\uTorrent\uTorrent.exe" [2007-09-09 13:45] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-08-29 16:09] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe] "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-10-19 20:16] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-11-02 18:36] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoStart IR.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\AutoStart IR.lnk backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marius^Start-meny^Programmer^Oppstart^XFX Game Controller.lnk] path=C:\Documents and Settings\Marius\Start-meny\Programmer\Oppstart\XFX Game Controller.lnk backup=C:\WINDOWS\pss\XFX Game Controller.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 10:09 63712 --a------ C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 18:51 39792 --a------ C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobemgr] C:\WINDOWS\system32\adobemgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe] 2002-12-06 16:07 617984 --a------ C:\Program Files\ASUS\Probe\AsusProb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] C:\Programfiler\BitComet\BitComet.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 09:03 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Programfiler\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 EPSON Stylus C42 Series /O6 USB001 /M Stylus C42 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps] 2005-08-15 14:12 2822144 --a------ C:\FRAPS\FRAPS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-02 18:36 267048 --a------ C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] 2007-03-21 14:41 145496 --a------ C:\Programfiler\Pinnacle\Studio 11\LaunchList2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] 2003-06-30 19:56 188416 --a------ C:\Programfiler\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2003-06-30 19:56 188416 --a------ C:\Programfiler\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2003-06-30 20:00 65536 --a------ C:\Programfiler\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Programfiler\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD] 2001-11-08 21:28 147456 --a------ C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] C:\Programfiler\Power Scan\powerscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programfiler\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 19:24 32768 --a------ C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareStrike] C:\Programfiler\SpywareStrike\SpywareStrike.exe /h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 02:43 83608 --a------ C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy] C:\Programfiler\SurfAccuracy\SAcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-07-28 13:20 68856 --a------ C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2007-09-09 13:45 219952 --a------ C:\Programfiler\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "usnjsvc"=3 (0x3) "UleadBurningHelper"=2 (0x2) "PCLEPCI"=2 (0x2) "Norman ZANDA"=2 (0x2) "nhksrv"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "EPSONStatusAgent2"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "CCALib8"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) R1 LtcyCfgDrv;PCI Latency Tool driver;\??\C:\WINDOWS\system32\drivers\LtcyCfgDrv.sys R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys R2 Ndiskio;Ndiskio;\??\C:\Norman\Nse\bin\NDISKIO.SYS R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys R3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder/Decoder);C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys R3 XFX_program;XFX Game Controller;C:\WINDOWS\system32\DRIVERS\XFX_program.sys S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys S3 nvcfsr;nvcfsr;\??\C:\Norman\Nvc\bin\nvcfsr.sys S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys S3 nvcoafl51;nvcoafl51;\??\C:\Norman\Nvc\bin\nvcoafl51.sys S3 nvcoaft51;nvcoaft51;\??\C:\Norman\Nvc\bin\nvcoaft51.sys S3 nvcoarc51;nvcoarc51;\??\C:\Norman\Nvc\bin\nvcoarc51.sys S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys S4 nhksrv;Netropa NHK Server;C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-11-30 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Programfiler\TuneUp Utilities 2006\SystemOptimizer.exe "2007-11-26 16:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 17:46:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-03 17:47:16 . --- E O F --- Ny Hijac log Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:04:20, on 03.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\Explorer.EXE C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ASUS\Probe\AsusProb.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar5.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://CD-en.digitalcity.com/radio/ampx/am....1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B91BED64-CB32-47F7-A6D9-7F1FE6930400}: NameServer = 217.13.7.140,217.13.4.24 O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe -- End of file - 8861 bytes Vrøy. nå har jeg faktisk tilgang til oppgavebehandling, det må være en av disse fremgangsmåtene som hjalp. Takk for all hjelp. Endret 3. desember 2007 av Ramius Lenke til kommentar
Jallenbo Skrevet 3. desember 2007 Del Skrevet 3. desember 2007 Det var HJT som ordnet det for deg. Hadde du sett gjennom loggen din, hadde du funnet en registeroppføring som deaktiverte registerendring. Oppgavebehandling ble kanskje "slått av" som følge av denne endringen. Denne hadde også et rødt kryss ved siden av seg. Lenke til kommentar
norbat Skrevet 3. desember 2007 Del Skrevet 3. desember 2007 Du kan gjerne fjerne de siste loggene om du føler for det. Åpne notisblokk, kopier inn det som er i fet tekst under, lagre fila som regfix.reg og legg den på skrivebordet. Dobbeltklikk på fila og si ja til å legge til info'n i registeret: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareStrike] Bruk deretter utforsker og slett, hvis tilstede, mappa (i fet): C:\Programfiler\SpywareStrike Oppdater Java: http://java.com/en/download/index.jsp Nullstille gjenopprettingsmappa slik at du ikke blir infisert igjen ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
Keiseren av Grønland Skrevet 3. desember 2007 Forfatter Del Skrevet 3. desember 2007 Norbat før jeg gjør det du sier... hva er det du egentlig forklarer nå? Jeg har jo fått tilbake adgang..? Lenke til kommentar
norbat Skrevet 3. desember 2007 Del Skrevet 3. desember 2007 Det jeg sier er at du kan fjerne en registeroppføring til et 'falskt' av-prog (SpywareStrike) samt Spywarestrike-mappa. Jeg sier videre at du bør oppdatere javaen. Og til slutt foreslår jeg at du nullstiller systemgjenopprettingen slik at systeminnstillinger og evt. infiserte filer ikke blir gjenopprettet om du senere trenger å kjøre systemgjenoppretting. Lenke til kommentar
Keiseren av Grønland Skrevet 7. desember 2007 Forfatter Del Skrevet 7. desember 2007 Nullstille systemgjenopprettingen... det er ikke noe formateirng inni bildet her? Jeg beholder fortsatt alt jeg har nå? Lenke til kommentar
covah Skrevet 7. desember 2007 Del Skrevet 7. desember 2007 Oppgavebehandling kan bli "grålagt" dersom du dobbeltklikke på det grå rammefeltet rundt selve oppgavebehandling. Løsningen da er å dobbeltklikke på det på nytt. Lenke til kommentar
norbat Skrevet 7. desember 2007 Del Skrevet 7. desember 2007 Nullstille systemgjenopprettingen... det er ikke noe formateirng inni bildet her? Jeg beholder fortsatt alt jeg har nå? Neida, du beholder alt du har nå. Lenke til kommentar
mikkex Skrevet 7. desember 2007 Del Skrevet 7. desember 2007 Kjør combofix som ble foreslått litt lenger opp her. Har god erfaring med dette programmet og smitfraudfix på PC-er med ditt spesifikke problem. Lenke til kommentar
Keiseren av Grønland Skrevet 7. desember 2007 Forfatter Del Skrevet 7. desember 2007 jeg fjernet Spyware strike command og item i registeret. Jeg fikk andre filer opp på søket men det virket som de var assossiert med Windows så jeg lot dem være. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå