[løst]Sirupssnipper, heng, varsler og outlook-krøll... HJELP!

NinaSkj · 19. mars 2008

Jeg har fulgt oppskriften her et sted med Combofix osv. Problemet begynte med heng, men så ble det skermforstyrrelser og outlooken ville ikke virker - fikk varsel om at adresseboken var skadet og mailer kan verken åpnes eller sendes - derimot tas imot. Jeg har nettopp installert Trend via jobben.

Her er min logg fra combo-fix:

ComboFix 08-03-17.1 - Nina Skjelbred 2008-03-19 13:03:59.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.385 [GMT 1:00]

Running from: D:\Mine dokumenter\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))

.

2008-03-19 00:19 . 2008-03-19 00:19 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-19 00:19 . 2008-03-19 00:19 <DIR> d-------- C:\Documents and Settings\Nina Skjelbred\Programdata\SUPERAntiSpyware.com

2008-03-19 00:19 . 2008-03-19 00:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com

2008-03-19 00:18 . 2008-03-19 00:18 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-19 00:13 . 2008-03-19 00:13 <DIR> dr-h----- C:\Documents and Settings\Nina Skjelbred\Siste

2008-03-19 00:12 . 2008-03-19 00:12 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-14 18:19 . 2008-03-14 18:19 <DIR> d-------- C:\Programfiler\Lavasoft

2008-03-11 15:26 . 2008-03-11 15:26 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-11 15:26 . 2008-03-11 15:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Trend Micro

2008-03-11 00:19 . 2008-03-11 00:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\AntiSpyInfo

2008-03-10 23:44 . 2008-03-11 00:13 <DIR> d-------- C:\Programfiler\RegistryFix

2008-03-10 23:29 . 2008-03-10 23:36 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\TEMP

2008-03-10 23:19 . 2008-03-10 23:19 <DIR> d-------- C:\Documents and Settings\Nina Skjelbred\Programdata\Antispyware

2008-03-10 23:18 . 2008-03-10 23:25 <DIR> d-------- C:\Programfiler\AntiSpywareApp

2008-03-02 17:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-02 17:20 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-02 17:20 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-02 10:07 . 2008-03-02 10:07 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-03-01 17:39 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition

2008-03-01 17:31 . 2008-03-02 23:01 <DIR> d-------- C:\Programfiler\Windows Live

2008-03-01 17:31 . 2008-03-01 17:38 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-03-01 17:31 . 2008-03-01 17:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\WLInstaller

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-18 23:42 --------- d-----w C:\Programfiler\BearShare

2008-03-14 17:19 --------- d-----w C:\Documents and Settings\Nina Skjelbred\Programdata\Lavasoft

2008-03-12 22:30 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-11 14:14 --------- d-----w C:\Documents and Settings\Nina Skjelbred\Programdata\AVG7

2008-03-11 14:14 --------- d-----w C:\DOCUME~1\ALLUSE~1\PROGRA~1\avg7

2008-03-10 17:39 --------- d-----w C:\Programfiler\iFinger

2008-03-09 21:57 --------- d-----w C:\Documents and Settings\Nina Skjelbred\Programdata\SmartFTP

2008-02-18 14:21 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-02-08 19:41 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7

2008-02-08 19:02 --------- d-----w C:\DOCUME~1\ALLUSE~1\PROGRA~1\Lavasoft

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-01-04 15:07 30,336 ----a-w C:\Documents and Settings\Nina Skjelbred\Programdata\wklnhst.dat

2007-12-19 22:58 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-08-24 12:34 23,115,048 ----a-w C:\Programfiler\AdbeRdr810_nb_NO.exe

2005-09-19 21:23 3,759,800 ----a-w C:\Programfiler\MSReaderSetupUSA.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 09:49 67128]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 09:46 204288]

"OE"="C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-09-27 00:04 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]

"LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2003-08-29 13:17 188416]

"LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2003-08-29 13:20 77824]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"WinampAgent"="C:\Programfiler\Winamp3\winampa.exe" [ ]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26 217088]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"pccguide.exe"="C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe" [2006-09-29 07:49 3112960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ]

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\

Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-28 13:28:56 113664]

Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 09:49:40 67128]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-12-12 09:13:01 784912]

Post-it© Software Notes Lite.lnk - C:\Programfiler\3M\PSNLite\PsnLite.exe [2004-10-15 13:26:54 2080768]

WinZip Quick Pick.lnk - C:\Programfiler\WinZip\WZQKPICK.EXE [2005-10-09 22:47:03 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

--a------ 2003-05-08 12:00 49152 C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Programfiler\\SmartFTP\\SmartFTP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2005-01-13 10:28]

R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 07:43]

S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 11:03]

S3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2571.sys [2004-06-21 10:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5973427-921b-11d9-bae0-806d6172696f}]

\Shell\AutoRun\command - E:\SETUP.EXE /AUTORUN

\Shell\configure\command - E:\SETUP.EXE

\Shell\install\command - E:\SETUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-19 13:09:13

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-19 13:11:51

ComboFix-quarantined-files.txt 2008-03-19 12:11:39

ComboFix2.txt 2008-03-18 23:57:02

.

2008-03-14 16:29:03 --- E O F ---

ComboFix.txt

Endret 28. april 2008 av NinaSkj

snippsat · 19. mars 2008

Bearshare denne dra som regel med seg en del grums.

Tenke på om du må ha den.

Logitech\Desktop Messenger fjern denne ligger og søker i bakgrunn.

Husk du kan kun ha et antivirus programm på pcen.

Flere skaper konflikt.

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Post logg c:\combofix.

Folder::

C:\Programfiler\AntiSpywareApp

C:\Programfiler\Fellesfiler\Symantec Shared

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"=-

Restart og en HijackThis logg.

Endret 19. mars 2008 av SNIPPSAT

NinaSkj · 19. mars 2008

Bearshare denne dra som regel med seg en del grums.
Tenke på om du må ha den.

Logitech\Desktop Messenger fjern denne ligger og søker i bakgrunn.

Husk du kan kun ha et antivirus programm på pcen.

Flere skaper konflikt.

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Post logg c:\combofix.

Folder::

C:\Programfiler\AntiSpywareApp

C:\Programfiler\Fellesfiler\Symantec Shared

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"=-

Restart og en HijackThis logg.

NinaSkj · 19. mars 2008

Ehm - OK - og TUSEN takk for hjelp (genialt forum dette!)

Jeg trodde jeg hadde avinstallert alt av gammel antivirus jeg men det ligger kanskje igjen rester?

Legger ved ny combo-fix logg - og avinstallerte de tingene du sa. Nå skal jeg prøve sånn Hijack-greier.... Et lite øyeblikk bare ....

ComboFix.txt

NinaSkj · 19. mars 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:43:43, on 19.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Programfiler\Logitech\Video\LogiTray.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe

C:\WINDOWS\system32\LVComS.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\3M\PSNLite\PsnLite.exe

C:\Programfiler\WinZip\WZQKPICK.EXE

C:\PROGRA~1\3M\PSNLite\PSNGive.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.covenstead.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Programfiler\iFinger\plugins\IE.ifp

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [OE] "C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programfiler\3M\PSNLite\PsnLite.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programfiler\Fellesfiler\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107952050215

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://foto.aftenposten.no/uploader/ImageUploader4.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Unknown owner - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Spionprogrambeskyttelse fra Trend Micro (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--

End of file - 9888 bytes

2ball_ · 19. mars 2008

velkommen til forumet.. du børr lære deg å bruke 'spoiler..

det gjør du slik:

merk den teksten som skal i spoiler. velg 'sett inn spesialelement' og velg 'sett inn: spoiler'...trykk ok..voila du har en spoiler..

vist du ikke vet hva jeg mener med spoiler, så bare prøv det.. (bruk 'full editor')

Mvh. 2all(s)

Endret 19. mars 2008 av 2ball(s)

NinaSkj · 19. mars 2008

[quote Ja takk jeg leste det nettopp i en annen tråd. Tusen takk - og unnskyld :roll:

snippsat · 19. mars 2008

Loggen er ren :thumbup:

Du har rester fra både norton og avg7 som kjører.

Disse må fjernes.

Norton-Removal-Tool kjør denne.

For avg7 se om du har noe uninstall verktøy.

Kan ta det maunelt det er tjenester som kjører.

Kjør norton remove tool restart og en ny hjt-logg.

NinaSkj · 19. mars 2008

TUSEN TAKK for all hjelp - dere er makaløse, altså!

Hilsen Sandefjord

tester ut spoiler.....

tusen takk tusen takk tusen takk tusen takk tusen takk tusen takk tusen takk tusen takk tusen takk tusen takktusen takk tusen takk tusen takk tusen takk tusen takktusen takk tusen takk tusen takk tusen takk tusen takktusen takk tusen takk tusen takk tusen takk tusen takk

NinaSkj · 19. mars 2008

Ny HJT-logg...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:34:24, on 19.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Programfiler\Logitech\Video\LogiTray.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\LVComS.exe

C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\3M\PSNLite\PsnLite.exe

C:\Programfiler\WinZip\WZQKPICK.EXE

C:\PROGRA~1\3M\PSNLite\PSNGive.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE