nasse222 Skrevet 21. februar 2008 Del Skrevet 21. februar 2008 Kjørt ALT av antivirus , adaware, spyware, rootkit osv. Her er loggen, noe som ikke hører hjemme der..? : Win Xp, 2 år gammel, en vennine av meg sin. Har ikke fått oppgradert til SP2 engang, pcen er helt wreck.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:24, on 21.02.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\carpserv.exe C:\Programfiler\HPQ\One-Touch\OneTouch.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\HPConfig.exe C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Programfiler\Spyware Terminator\sp_rsser.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\ZyXEL Communications Corporation\ZyXEL G-220 Utility\ZyXEL_G-220_GUI.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\System32\WgaTray.exe C:\Programfiler\Spyware Terminator\SpywareTerminator.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\system32\cleanmgr.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [TV Now] C:\Programfiler\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Display Settings] C:\Programfiler\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Programfiler\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: ZyXEL G-220 Utility GUI.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programfiler\ladbrokesMPP\MPPoker.exe O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...AAHHJIADGHGBFEA (file missing) O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...AAHHJIADGHGBFEA (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://topofthemountain.spaces.live.com//P...ad/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203616451088 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://eurofoto.com/uploader/ImageUploader4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.com/activex/ImageUploader3.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_236/w...OCX/FlashAX.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe -- End of file - 8989 bytes Lenke til kommentar
r2d290 Skrevet 21. februar 2008 Del Skrevet 21. februar 2008 vel, noe av det første jeg ville ha gjort, er å oppgardere til sp2 forøvrig, bør du oppdatere internett explorer (mer info her) (anbefaler også å bruke firefox fremfor internett explorer. tryggere, raskere, bedre). link (kjenner du igjen dette pokerspillet: C:\Programfiler\ladbrokesMPP\MPPoker.exe)? start hjt, og fix følgende linjer: O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...AAHHJIADGHGBFEA (file missing) Unknown O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_236/w...OCX/FlashAX.cab post deretter ny hjt-logg, så ser vi om du har fått fjernet alt Lenke til kommentar
nasse222 Skrevet 21. februar 2008 Forfatter Del Skrevet 21. februar 2008 ja, skal gjøre det. Takk for all hjelp! Lenke til kommentar
nasse222 Skrevet 22. februar 2008 Forfatter Del Skrevet 22. februar 2008 ja, skal gjøre det. Takk for all hjelp! Hvordan ser det ut nå da? : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:26:12, on 22.02.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\carpserv.exe C:\Programfiler\HPQ\One-Touch\OneTouch.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\RALINK\Common\RaUI.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\HPConfig.exe C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\WgaTray.exe C:\Programfiler\internet explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\31bb2527e77dad2ffab1846cfe7e73ba\update\update.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.BIN c:\windows\$hf_mig$\KB901017\update\update.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [TV Now] C:\Programfiler\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Display Settings] C:\Programfiler\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Programfiler\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programfiler\ladbrokesMPP\MPPoker.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://topofthemountain.spaces.live.com//P...ad/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203616451088 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://eurofoto.com/uploader/ImageUploader4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.com/activex/ImageUploader3.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe -- End of file - 7946 bytes Lenke til kommentar
snippsat Skrevet 22. februar 2008 Del Skrevet 22. februar 2008 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Etter det en ny hjt-logg Lenke til kommentar
nasse222 Skrevet 22. februar 2008 Forfatter Del Skrevet 22. februar 2008 Last Combofix ned ,legg på skrivebordet.Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Etter det en ny hjt-logg Ok, supert gutta` ,takker for tips:) Skal få gjort det så fort som mulig. (er helg og pils vettu`..) Lenke til kommentar
nasse222 Skrevet 22. februar 2008 Forfatter Del Skrevet 22. februar 2008 Ok, kjørte Combo, så HiJackThis Her er filene: ComboFix 08-02-22.3 - KimO&Ingrid 2008-02-22 21:16:29.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.117 [GMT 1:00] Running from: F:\ComboFix MARS 08.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\KimO&Ingrid\Programdata\FunWebProducts C:\Documents and Settings\KimO&Ingrid\Programdata\FunWebProducts\Data\KimO&Ingrid\avatar.dat C:\Documents and Settings\KimO&Ingrid\Programdata\inst.exe . ((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))) . 2008-02-22 20:24 . 2008-02-22 20:24 <DIR> d-------- C:\Programfiler\QuickTime 2008-02-22 20:23 . 2008-02-22 20:23 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-02-22 20:23 . 2008-02-22 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-02-22 20:23 . 2008-02-22 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-02-22 20:19 . 2008-02-22 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NCH Swift Sound 2008-02-22 20:18 . 2008-02-22 20:19 <DIR> d-------- C:\Documents and Settings\KimO&Ingrid\Programdata\NCH Swift Sound 2008-02-22 20:16 . 2008-02-22 20:16 <DIR> d-------- C:\Programfiler\NCH Software 2008-02-22 20:15 . 2008-02-22 20:20 <DIR> d-------- C:\Programfiler\NCH Swift Sound 2008-02-22 20:08 . 2008-02-22 20:08 35,296 --a------ C:\WINDOWS\system32\drivers\Dvd43.sys 2008-02-22 20:08 . 2008-02-22 20:08 67 --a------ C:\WINDOWS\DVDRegionFree.INI 2008-02-22 20:07 . 2008-02-22 20:07 <DIR> d-------- C:\Programfiler\DVD Region+CSS Free 2008-02-22 20:04 . 2008-02-22 20:56 <DIR> d-------- C:\Documents and Settings\KimO&Ingrid\Programdata\Vso 2008-02-22 20:04 . 2008-02-22 20:04 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-02-22 20:04 . 2008-02-22 20:56 47,360 --a------ C:\Documents and Settings\KimO&Ingrid\Programdata\pcouffin.sys 2008-02-22 20:01 . 2008-02-22 20:01 <DIR> d-------- C:\Programfiler\BitComet 2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Documents and Settings\KimO&Ingrid\Programdata\Ashampoo 2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ashampoo 2008-02-22 19:58 . 2008-02-22 19:58 <DIR> d-------- C:\Programfiler\Ashampoo 2008-02-22 19:50 . 2008-02-22 19:51 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.3 2008-02-22 09:37 . 2008-02-22 20:29 <DIR> dr-h----- C:\Documents and Settings\KimO&Ingrid\Siste 2008-02-22 07:46 . 2008-02-22 07:46 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-02-22 07:43 . 2008-02-22 07:43 <DIR> d-------- C:\Programfiler\MSBuild 2008-02-22 07:39 . 2008-02-22 08:32 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-02-22 07:38 . 2008-02-22 07:38 <DIR> d-------- C:\Programfiler\Reference Assemblies 2008-02-22 07:36 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-02-22 07:35 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-02-22 07:35 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-02-22 07:35 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-02-22 07:34 . 2008-02-22 07:34 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-02-22 07:32 . 2008-02-22 07:32 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-02-22 07:32 . 2008-02-22 07:33 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-02-22 05:38 . 2007-12-07 03:17 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-02-22 05:38 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-22 05:38 . 2007-07-01 04:36 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-22 05:38 . 2007-12-07 03:17 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-02-22 05:38 . 2007-12-07 03:17 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-02-22 05:38 . 2007-12-07 03:17 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-02-22 05:38 . 2007-12-07 03:17 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-02-22 05:38 . 2007-12-07 03:17 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-02-22 05:38 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-22 05:37 . 2008-02-22 07:45 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-02-22 05:30 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2008-02-22 05:09 . 2008-02-22 05:09 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-02-22 04:53 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-02-22 04:53 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-02-22 04:53 . 2006-08-21 13:28 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-02-22 04:21 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-02-22 04:09 . 2008-02-22 04:09 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny 2008-02-22 03:07 . 2008-02-22 03:07 <DIR> d-------- C:\Programfiler\RegCleanerFraGamleMaskinen 2008-02-22 01:56 . 2008-02-22 08:23 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-02-22 01:52 . 2004-08-04 09:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-02-22 01:50 . 2004-08-04 09:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-02-22 01:50 . 2004-08-04 08:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-02-22 01:49 . 2008-02-22 01:49 <DIR> d-------- C:\WINDOWS\provisioning 2008-02-22 01:49 . 2008-02-22 01:49 <DIR> d-------- C:\WINDOWS\peernet 2008-02-22 01:42 . 2008-02-22 01:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-02-22 01:05 . 2007-05-14 20:03 445,696 --a------ C:\WINDOWS\system32\drivers\rt73.sys 2008-02-22 01:05 . 2008-02-22 01:05 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-02-22 01:00 . 2008-02-22 01:00 <DIR> d-------- C:\Temp\DTI 2008-02-22 01:00 . 2008-02-22 01:00 <DIR> d-------- C:\Temp 2008-02-22 00:44 . 2008-02-22 00:44 0 --a------ C:\WINDOWS\nsreg.dat 2008-02-22 00:31 . 2003-06-03 09:05 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-02-22 00:31 . 2003-06-03 09:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-02-22 00:31 . 2003-06-03 09:05 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-02-22 00:31 . 2003-06-03 09:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-02-22 00:31 . 2003-06-03 00:21 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\InterTrust 2008-02-22 00:31 . 2003-06-03 00:21 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-02-22 00:31 . 2003-06-03 00:21 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-02-22 00:31 . 2003-06-03 09:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-02-22 00:31 . 2003-06-03 09:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-02-22 00:31 . 2003-06-03 09:05 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter 2008-02-22 00:31 . 2003-06-03 09:05 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-02-21 23:56 . 2006-03-20 17:17 402,944 -ra------ C:\WINDOWS\system32\drivers\WlanUZXP.sys 2008-02-21 21:35 . 2008-02-21 21:35 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-02-21 21:35 . 2008-02-22 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-02-21 20:45 . 2008-02-21 20:45 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-21 20:15 . 2008-02-21 20:15 <DIR> d-------- C:\Programfiler\ffdshow 2008-02-21 20:15 . 2008-10-02 20:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2008-02-21 20:15 . 2008-10-02 20:30 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-02-21 20:15 . 2008-10-02 20:30 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm 2008-02-21 20:15 . 2008-10-02 20:30 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-02-21 20:07 . 2008-02-21 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-21 20:06 . 2008-02-22 12:13 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-21 20:06 . 2008-02-21 20:06 <DIR> d-------- C:\Documents and Settings\KimO&Ingrid\Programdata\SUPERAntiSpyware.com 2008-02-21 20:05 . 2008-02-21 20:05 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-21 19:17 . 2008-02-22 01:24 <DIR> d-------- C:\WINDOWS\EHome 2008-02-21 19:14 . 2008-02-21 19:14 <DIR> d-------- C:\Programfiler\Avira 2008-02-21 19:14 . 2008-02-21 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira 2008-02-21 18:54 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-02-21 18:50 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-02-21 18:50 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-02-21 18:50 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-02-21 18:50 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-02-21 18:40 . 2005-12-15 10:38 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe 2008-02-21 18:40 . 2006-06-17 12:29 295,018 --a------ C:\WINDOWS\system32\Install7x.dll 2008-02-21 18:40 . 2005-11-30 11:33 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin 2008-02-21 18:40 . 2006-03-06 15:36 45 --a------ C:\WINDOWS\filespec7x 2008-02-21 18:39 . 2008-02-21 18:39 <DIR> d-------- C:\Programfiler\RALINK 2008-02-21 18:25 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.dll 2008-02-21 18:25 . 2004-10-28 19:24 36,352 --a------ C:\WINDOWS\system32\uninst_Zyxel.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-22 19:49 --------- d-----w C:\Documents and Settings\KimO&Ingrid\Programdata\OpenOffice.org2 2008-02-22 18:49 --------- d-----w C:\Programfiler\OpenOffice.org 2.0 2008-02-22 17:55 --------- d-----w C:\Programfiler\Telenor 2008-02-22 17:55 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor 2008-02-22 17:35 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-02-22 17:02 --------- d-----w C:\Programfiler\Canon 2008-02-22 15:23 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-02-22 15:23 --------- d-----w C:\Programfiler\Azureus 2008-02-22 03:13 --------- d-----w C:\Programfiler\MSN Messenger 2008-02-21 21:42 --------- d-----w C:\Programfiler\Trend Micro 2008-02-14 13:22 --------- d-----w C:\Documents and Settings\KimO&Ingrid\Programdata\MSN6 2008-02-03 11:53 --------- d-----w C:\Documents and Settings\KimO&Ingrid\Programdata\Microgaming 2008-01-31 08:30 --------- d-----w C:\Programfiler\Winamp Remote 2008-01-13 00:23 --------- d-----w C:\Documents and Settings\KimO&Ingrid\Programdata\Azureus 2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2008-01-01 18:10 --------- d-----w C:\Documents and Settings\KimO&Ingrid\Programdata\Sony Corporation 2008-01-01 18:02 --------- d-----w C:\Programfiler\Sony 2008-01-01 18:01 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-01-01 18:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Corporation 2007-12-19 22:58 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-08 09:47 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-12-07 00:47 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-12-07 00:47 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-12-07 00:47 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-12-07 00:47 1,054,720 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-12-07 00:47 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-12-06 11:05 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-12-06 11:04 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52 476702] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CARPService"="carpserv.exe" [2003-05-21 14:35 4608 C:\WINDOWS\system32\carpserv.exe] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2003-02-26 15:25 180316] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-23 20:00 290816] "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 22:34 36864] "TV Now"="C:\Programfiler\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 09:34 282624] "QT4HPOT"="C:\Programfiler\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 16:14 102400] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 20:12 102492] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 20:11 692316] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50 155648] "REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-22 01:35 249896] "SpywareTerminator"="C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe" [ ] "DVD43"="C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe" [2006-08-03 18:38 259072] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] C:\Documents and Settings\KimO&Ingrid\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.3.lnk - C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Programfiler\DVD Region+CSS Free\DVDShell.dll [2004-10-09 15:18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Display Settings"=C:\Programfiler\HPQ\Notebook Utilities\hptasks.exe /s "PreloadApp"=c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019 "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000 "C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"= "C:\\Programfiler\\BitComet\\BitComet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2007-07-18 14:22] R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-08-09 13:04] R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03] R3 CALIAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\caliaud.sys [2004-02-17 17:58] R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2004-02-17 17:59] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2004-05-04 14:24] R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2008-02-22 20:08] R3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-03-20 17:17] S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys [2003-03-05 02:00] S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 02:53] . Contents of the 'Scheduled Tasks' folder "2008-02-22 19:23:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-02-22 02:30:01 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Programfiler\ErrorSmart\ErrorSmart.ex - C:\Programfiler\ErrorSmart . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-22 21:20:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe???????????P?r?o??????? ??3B?????????????T?B???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-22 21:21:37 ComboFix-quarantined-files.txt 2008-02-22 20:21:22 . 2008-02-22 05:02:39 --- E O F --- --------------------------------- HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:22:47, on 22.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\carpserv.exe C:\Programfiler\HPQ\One-Touch\OneTouch.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\HPConfig.exe C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\snmp.exe C:\Programfiler\Spybot - Search & Destroy\Updates\sbsd152upd.exe C:\DOCUME~1\KIMO&I~1\LOKALE~1\Temp\is-NKJ17.tmp\sbsd152upd.tmp C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\explorer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [TV Now] C:\Programfiler\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [QT4HPOT] C:\Programfiler\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spywareTerminator] "C:\Programfiler\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://topofthemountain.spaces.live.com//P...ad/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203616451088 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://eurofoto.com/uploader/ImageUploader4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.com/activex/ImageUploader3.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programfiler\HPQ\Notebook Utilities\HPWirelessMgr.exe -- End of file - 7564 bytes Hva sier dere? Ser dere noen feil?.. Lenke til kommentar
snippsat Skrevet 23. februar 2008 Del Skrevet 23. februar 2008 Kjør bare hjt,ikke noe annet som kjører. Start HijackThis finn disse linjene merk dem,så trykk fixed checked. C:\DOCUME~1\KIMO&I~1\LOKALE~1\Temp\is-NKJ17.tmp\sbsd152upd.tmp O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx. Kjør register-renser og. Restart og en ny HijackThis logg. Lenke til kommentar
nasse222 Skrevet 23. februar 2008 Forfatter Del Skrevet 23. februar 2008 Kjør bare hjt,ikke noe annet som kjører. Start HijackThis finn disse linjene merk dem,så trykk fixed checked. C:\DOCUME~1\KIMO&I~1\LOKALE~1\Temp\is-NKJ17.tmp\sbsd152upd.tmp O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx. Kjør register-renser og. Restart og en ny HijackThis logg. Da var det gjort, og her er loggen: (ps:maskinen begynner å komme seg nå! ) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46:56, on 23.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\carpserv.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://topofthemountain.spaces.live.com//P...ad/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203616451088 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203780824122 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://eurofoto.com/uploader/ImageUploader4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://eurofoto.com/activex/ImageUploader3.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe -- End of file - 6525 bytes Lenke til kommentar
snippsat Skrevet 23. februar 2008 Del Skrevet 23. februar 2008 (endret) Loggen ser fin ut Kjører pcen greit kan du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Defragmere er lurt + denne Pagedefrag Endret 23. februar 2008 av SNIPPSAT Lenke til kommentar
nasse222 Skrevet 23. februar 2008 Forfatter Del Skrevet 23. februar 2008 Takker hjertligst!Nå er faktisk maskinen brukenes! Og endel av det skyldes dere som har hjulpet meg, så igjen takk! Supert forum:) Nasse. Lenke til kommentar
nasse222 Skrevet 25. februar 2008 Forfatter Del Skrevet 25. februar 2008 (endret) slettet Endret 25. februar 2008 av nasse222 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå