xaroncss Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 (endret) Hei. Har en helvettes irriterende msn orm på pcen min. Har prøvd å bruke Avast og AVG-antivirus for å fjerne det, men funket tydeligvis ikke. Avast fant ingenting, og etter å ha slettet filene som AVG fant, kom de bare tilbake. Hadde vært flott med litt hjelp Hær er HijackThis loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:32:35, on 13.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Microsoft IntelliType Pro\itype.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\lssas.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Programfiler\Last.fm\LastFMHelper.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\LimeWire\LimeWire.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\BitLord\BitLord.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Stian\Skrivebord\Ny mappe\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSN] lssas.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Orb] "C:\Programfiler\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191589338359 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7138 bytes Endret 13. januar 2008 av xaroncss Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKLM\..\Run: [MSN] lssas.exe Det skal fjernes noen filer også. Til det lager du en combofix-logg som du poster: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
xaroncss Skrevet 13. januar 2008 Forfatter Del Skrevet 13. januar 2008 Sånn =] ComboFix 08-01-13.1 - Stian 2008-01-13 16:49:12.1 - NTFSx86 Running from: C:\Documents and Settings\Stian\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\images.zip . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-13 16:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 16:31 . 2008-01-13 16:31 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-12 22:19 . 2008-01-12 22:23 <DIR> d-------- C:\Programfiler\Windows Live 2008-01-12 22:19 . 2008-01-12 22:23 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-01-12 22:19 . 2008-01-12 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-01-12 22:03 . 2008-01-13 16:12 <DIR> d-------- C:\Documents and Settings\Stian\Programdata\AVG7 2008-01-12 22:02 . 2008-01-12 22:02 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-01-12 22:02 . 2008-01-12 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-12 22:02 . 2008-01-13 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-01-12 21:01 . 2006-03-29 15:05 32,768 --------- C:\WINDOWS\system32\IJRMF.exe 2008-01-12 21:01 . 2008-01-12 21:01 1 --a------ C:\Documents and Settings\Stian\SI.bin 2008-01-11 23:03 . 2008-01-11 23:03 45,568 -r-hs---- C:\WINDOWS\lssas.exe 2008-01-11 23:03 . 2008-01-11 23:03 45,568 --a------ C:\update.exe 2008-01-11 22:45 . 2008-01-11 22:45 132 --a------ C:\WINDOWS\ODBC.INI 2008-01-11 22:43 . 2008-01-11 22:43 <DIR> d-------- C:\Programfiler\Alwil Software 2008-01-04 15:14 . 2008-01-04 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm 2008-01-04 14:44 . 2008-01-04 14:44 <DIR> d-------- C:\Programfiler\Last.fm 2007-12-24 14:57 . 2007-12-24 14:57 <DIR> d-------- C:\Programfiler\Tibiarl 2007-12-23 19:15 . 2007-12-23 19:15 <DIR> d-------- C:\Documents and Settings\Stian\Programdata\CD-LabelPrint 2007-12-23 17:11 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-23 17:11 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-12-23 17:10 . 2006-05-01 06:00 161,792 --a------ C:\WINDOWS\system32\CNMLM86.DLL 2007-12-23 17:08 . 2008-01-12 21:04 <DIR> d-------- C:\Programfiler\Canon 2007-12-23 16:56 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-12-23 16:56 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 13:45 --------- d-----w C:\Documents and Settings\Stian\Programdata\LimeWire 2008-01-13 13:24 --------- d-----w C:\Programfiler\Steam 2008-01-12 20:01 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-12 14:03 --------- d-----w C:\Programfiler\Winamp Remote 2008-01-08 21:37 --------- d-----w C:\Programfiler\Winamp 2008-01-06 23:27 --------- d-----w C:\Programfiler\Java 2007-12-14 16:14 --------- d-----w C:\Documents and Settings\Stian\Programdata\Tibia 2007-12-09 04:51 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-09 04:51 --------- d-----w C:\Programfiler\Bonjour 2007-12-07 13:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-05 07:12 --------- d-----w C:\Documents and Settings\Stian\Programdata\AdobeUM 2007-12-04 23:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2007-12-04 23:19 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared 2007-11-28 20:04 --------- d-----w C:\Programfiler\skiStunt 2007-11-25 19:42 --------- d-----w C:\Programfiler\Ventrilo 2007-11-25 19:41 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-13 19:16 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-10-13 12:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\programfiler\steam\steam.exe" [2007-12-01 13:35 1266936] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Orb"="C:\Programfiler\Winamp Remote\bin\OrbTray.exe" [2007-10-23 01:47 360448] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 08:54 77824 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "itype"="C:\Programfiler\Microsoft IntelliType Pro\itype.exe" [2006-11-21 16:08 813912] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-12 22:21 1838592] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-12 22:02 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 22:02 219136] C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\ Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2008-01-04 14:44:13] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-08-15 00:28:35] Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2007-08-15 00:26:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WhenUSave"="C:\Programfiler\Save\Save.exe" "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7524cb3-415d-11dc-8590-806d6172696f}] \Shell\AutoRun\command - F:\Setup.exe *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 16:51:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 16:51:44 ComboFix-quarantined-files.txt 2008-01-13 15:51:30 . 2008-01-09 17:10:48 --- E O F --- Håper jeg gjorde det riktig Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\lssas.exe Folder:: C:\Programfiler\Save Registry:: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WhenUSave"=- Lenke til kommentar
xaroncss Skrevet 13. januar 2008 Forfatter Del Skrevet 13. januar 2008 Done ComboFix 08-01-13.1 - Stian 2008-01-13 18:01:10.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.631 [GMT 1:00] Running from: C:\Documents and Settings\Stian\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Stian\Skrivebord\CFScript.txt.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\lssas.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\lssas.exe . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-13 17:30 . 2008-01-13 17:30 <DIR> d-------- C:\WINDOWS\LastGood 2008-01-13 17:30 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-13 17:30 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-13 17:30 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-13 17:07 . 2008-01-13 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg7 2008-01-13 16:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 16:31 . 2008-01-13 16:31 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-12 22:19 . 2008-01-12 22:23 <DIR> d-------- C:\Programfiler\Windows Live 2008-01-12 22:19 . 2008-01-12 22:23 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-01-12 22:19 . 2008-01-12 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-01-12 21:01 . 2006-03-29 15:05 32,768 --------- C:\WINDOWS\system32\IJRMF.exe 2008-01-12 21:01 . 2008-01-12 21:01 1 --a------ C:\Documents and Settings\Stian\SI.bin 2008-01-11 23:03 . 2008-01-11 23:03 45,568 --a------ C:\update.exe 2008-01-11 22:45 . 2008-01-11 22:45 132 --a------ C:\WINDOWS\ODBC.INI 2008-01-11 22:43 . 2008-01-11 22:43 <DIR> d-------- C:\Programfiler\Alwil Software 2008-01-04 15:14 . 2008-01-04 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm 2008-01-04 14:44 . 2008-01-04 14:44 <DIR> d-------- C:\Programfiler\Last.fm 2007-12-24 14:57 . 2007-12-24 14:57 <DIR> d-------- C:\Programfiler\Tibiarl 2007-12-23 19:15 . 2007-12-23 19:15 <DIR> d-------- C:\Documents and Settings\Stian\Programdata\CD-LabelPrint 2007-12-23 17:11 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-23 17:11 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-12-23 17:10 . 2006-05-01 06:00 161,792 --a------ C:\WINDOWS\system32\CNMLM86.DLL 2007-12-23 17:08 . 2008-01-12 21:04 <DIR> d-------- C:\Programfiler\Canon 2007-12-23 16:56 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-12-23 16:56 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 16:09 --------- d-----w C:\Programfiler\Steam 2008-01-13 13:45 --------- d-----w C:\Documents and Settings\Stian\Programdata\LimeWire 2008-01-12 20:01 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-08 21:37 --------- d-----w C:\Programfiler\Winamp 2008-01-06 23:27 --------- d-----w C:\Programfiler\Java 2007-12-14 16:14 --------- d-----w C:\Documents and Settings\Stian\Programdata\Tibia 2007-12-09 04:51 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-09 04:51 --------- d-----w C:\Programfiler\Bonjour 2007-12-07 13:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-05 07:12 --------- d-----w C:\Documents and Settings\Stian\Programdata\AdobeUM 2007-12-04 23:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2007-12-04 23:19 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared 2007-11-28 20:04 --------- d-----w C:\Programfiler\skiStunt 2007-11-25 19:42 --------- d-----w C:\Programfiler\Ventrilo 2007-11-25 19:41 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-13 19:16 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-10-13 12:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-13_16.51.19,82 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-13 15:49:03 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-13 17:01:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-13 15:49:03 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-13 17:01:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-13 15:49:03 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-13 17:01:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-13 15:49:03 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-13 17:01:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-13 15:49:03 5,533,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-13 17:01:07 5,533,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-13 15:49:03 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-13 17:01:07 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\programfiler\steam\steam.exe" [2007-12-01 13:35 1266936] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 08:54 77824 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432] "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920] "itype"="C:\Programfiler\Microsoft IntelliType Pro\itype.exe" [2006-11-21 16:08 813912] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-12 22:21 1838592] C:\Documents and Settings\Stian\Start-meny\Programmer\Oppstart\ Last.fm Helper.lnk - C:\Programfiler\Last.fm\LastFMHelper.exe [2008-01-04 14:44:13] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-08-15 00:28:35] Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2007-08-15 00:26:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7524cb3-415d-11dc-8590-806d6172696f}] \Shell\AutoRun\command - F:\Setup.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 18:02:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 18:02:47 ComboFix-quarantined-files.txt 2008-01-13 17:02:31 ComboFix2.txt 2008-01-13 15:51:45 . 2008-01-09 17:10:48 --- E O F --- Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Ser bra ut dette Du kan avinstallere Combofix ved å skrive ComboFix /u i kjørfeltet (start->kjør) Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
xaroncss Skrevet 13. januar 2008 Forfatter Del Skrevet 13. januar 2008 Hjertelig takk skal du ha! You're the best Lenke til kommentar
bskalle84 Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Hjelp meg, er viruset vekke. Har køyrd avg og norton, og fått vekk virus som det fant, og køyrd hijack. Men er det der framleis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:55:03, on 13.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\DOCUME~1\BJRNSK~1\LOKALE~1\Temp\services.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Media Manager\airsvcu.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Programfiler\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Programfiler\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ValueX] C:\DOCUME~1\BJRNSK~1\LOKALE~1\Temp\services.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [instantTray] C:\Programfiler\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Programfiler\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Introducing Media Manager.lnk = C:\Programfiler\Fellesfiler\Microsoft Shared\Media Manager\SPLASHA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170529941843 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.nfoto.no/upload/ImageUploader4_5.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe -- End of file - 11299 bytes Hjelp meg få det. Grundig forklaring, er ikkje god på data Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 bskalle84: Svar gitt i din egen tråd https://www.diskusjon.no/index.php?showtopic=894753 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå