TheKims Skrevet 29. mars 2008 Del Skrevet 29. mars 2008 klarte å få virus på maskinen for 2 dager siden. fikk beskjed fra norman at filene er puttet i karantene men maskinen oppfører seg skikkelig merkelig. bruker en evighet på å starte opp å feilmeldinger og reklame popper opp hele tiden. kan noen hjelpe? scannet med hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:04, on 29.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\bin\NVCSCHED.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\rundll32.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Winamp\winampa.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Messenger\msmsgs.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Audio Web Cam 31 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [a0e9c4ba] rundll32.exe "C:\WINDOWS\system32\cqxkqpxs.dll",b O4 - HKLM\..\Run: [bMa3daf726] Rundll32.exe "C:\WINDOWS\system32\gltsdrie.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_13\bin\npjpi142_13.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_13\bin\npjpi142_13.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programfiler\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programfiler\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O22 - SharedTaskScheduler: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - (no file) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8903 bytes Lenke til kommentar
snippsat Skrevet 29. mars 2008 Del Skrevet 29. mars 2008 Ja du har litt grums som må fixes opp i. Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
TheKims Skrevet 29. mars 2008 Forfatter Del Skrevet 29. mars 2008 her er loggen fra sas: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/29/2008 at 02:46 PM Application Version : 4.0.1154 Core Rules Database Version : 3427 Trace Rules Database Version: 1419 Scan type : Complete Scan Total Scan Time : 01:20:47 Memory items scanned : 525 Memory threats detected : 4 Registry items scanned : 3446 Registry threats detected : 33 File items scanned : 15931 File threats detected : 75 Trojan.Unclassified/AffiliateBundle C:\WINDOWS\SYSTEM32\DDCCDAB.DLL C:\WINDOWS\SYSTEM32\DDCCDAB.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddccdab Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\GEBCC.DLL C:\WINDOWS\SYSTEM32\GEBCC.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\ATIDOFBR.DLL C:\WINDOWS\SYSTEM32\ATIDOFBR.DLL C:\WINDOWS\SYSTEM32\HMVXBIAC.DLL C:\WINDOWS\SYSTEM32\HMVXBIAC.DLL Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{337C54C9-80C1-4de2-93CD-AAA510834074} HKLM\Software\Classes\CLSID\{8329660f-e248-4872-98cc-fb9c4fec7ba8} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{8329660f-e248-4872-98cc-fb9c4fec7ba8} HKCR\CLSID\{337C54C9-80C1-4DE2-93CD-AAA510834074} HKCR\CLSID\{8329660F-E248-4872-98CC-FB9C4FEC7BA8} Adware.Vundo Variant HKLM\Software\Classes\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}\InprocServer32 HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} Trojan.WinFixer HKLM\Software\Classes\CLSID\{5A9A44AE-7C08-4957-8F3F-D9BC950C603B} HKCR\CLSID\{5A9A44AE-7C08-4957-8F3F-D9BC950C603B} HKCR\CLSID\{5A9A44AE-7C08-4957-8F3F-D9BC950C603B}\InprocServer32 HKCR\CLSID\{5A9A44AE-7C08-4957-8F3F-D9BC950C603B}\InprocServer32#ThreadingModel HKLM\Software\Classes\CLSID\{60B3142F-26E5-4652-8606-382525A25ED4} HKCR\CLSID\{60B3142F-26E5-4652-8606-382525A25ED4} HKCR\CLSID\{60B3142F-26E5-4652-8606-382525A25ED4}\InprocServer32 HKCR\CLSID\{60B3142F-26E5-4652-8606-382525A25ED4}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A9A44AE-7C08-4957-8F3F-D9BC950C603B} Adware.Vundo-Variant/Small-A HKLM\Software\Classes\CLSID\{87c747a6-daf3-48c1-be64-4af0b7c1f3a5} HKCR\CLSID\{87C747A6-DAF3-48C1-BE64-4AF0B7C1F3A5} HKCR\CLSID\{87C747A6-DAF3-48C1-BE64-4AF0B7C1F3A5}\InprocServer32 HKCR\CLSID\{87C747A6-DAF3-48C1-BE64-4AF0B7C1F3A5}\InprocServer32#ThreadingModel HKLM\Software\Classes\CLSID\{c008dd4e-3e30-4d7c-b38b-38dde09d347e} HKCR\CLSID\{C008DD4E-3E30-4D7C-B38B-38DDE09D347E} HKCR\CLSID\{C008DD4E-3E30-4D7C-B38B-38DDE09D347E}\InprocServer32 HKCR\CLSID\{C008DD4E-3E30-4D7C-B38B-38DDE09D347E}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87c747a6-daf3-48c1-be64-4af0b7c1f3a5} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c008dd4e-3e30-4d7c-b38b-38dde09d347e} C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B1F70D0-10EE-4971-B72C-4EC6B6010032}\RP354\A0147087.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B1F70D0-10EE-4971-B72C-4EC6B6010032}\RP354\A0147089.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B1F70D0-10EE-4971-B72C-4EC6B6010032}\RP355\A0151087.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B1F70D0-10EE-4971-B72C-4EC6B6010032}\RP355\A0152108.DLL C:\WINDOWS\SYSTEM32\MTMQXKME.DLL C:\WINDOWS\SYSTEM32\PESDUJYO.DLL C:\WINDOWS\SYSTEM32\WDGICEJW.DLL C:\WINDOWS\SYSTEM32\WNGYMCWP.DLL Trojan.Media-Codec HKLM\Software\Microsoft\Internet Explorer\Toolbar#{84938242-5C5B-4A55-B6B9-A1507543B418} C:\Programfiler\Video Access ActiveX Object\ot.ico C:\Programfiler\Video Access ActiveX Object\ts.ico C:\Programfiler\Video Access ActiveX Object Adware.Tracking Cookie C:\Documents and Settings\Kim-stian\Cookies\[email protected][2].txt C:\Documents and Settings\Kim-stian\Cookies\[email protected][1].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@zedo[1].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@interclick[2].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@doubleclick[1].txt C:\Documents and Settings\Kim-stian\Cookies\[email protected][2].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@statcounter[2].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@adtech[1].txt C:\Documents and Settings\Kim-stian\Cookies\[email protected][1].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@partypoker[2].txt C:\Documents and Settings\Kim-stian\Cookies\[email protected][1].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@indextools[2].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@adnetserver[1].txt C:\Documents and Settings\Kim-stian\Cookies\[email protected][1].txt C:\Documents and Settings\Kim-stian\Cookies\[email protected][2].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@tradedoubler[1].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@advertising[2].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@atdmt[2].txt C:\Documents and Settings\Kim-stian\Cookies\[email protected][2].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@mediaplex[1].txt C:\Documents and Settings\Kim-stian\Cookies\[email protected][2].txt C:\Documents and Settings\Kim-stian\Cookies\kim-stian@imrworldwide[2].txt C:\Documents and Settings\dez\Cookies\dez@adnetserver[1].txt C:\Documents and Settings\dez\Cookies\[email protected][1].txt C:\Documents and Settings\Monica\Cookies\[email protected][1].txt C:\Documents and Settings\Monica\Cookies\[email protected][1].txt C:\Documents and Settings\Monica\Cookies\monica@xiti[1].txt C:\Documents and Settings\Monica\Cookies\[email protected][1].txt C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Cookies\monica@cpvfeed[2].txt C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Cookies\[email protected][2].txt Trojan.ErrorSafe C:\DOCUMENTS AND SETTINGS\MONICA\LOKALE INNSTILLINGER\TEMP\ERRORSAFESCANNERSETUP.EXE Trojan.Unclassified/FukuRuku-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B1F70D0-10EE-4971-B72C-4EC6B6010032}\RP323\A0111679.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B1F70D0-10EE-4971-B72C-4EC6B6010032}\RP347\A0144750.DLL Trojan.Downloader-Gen/FotoMoto-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B1F70D0-10EE-4971-B72C-4EC6B6010032}\RP325\A0112749.DLL Adware.AdRotator/RightOnz C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B1F70D0-10EE-4971-B72C-4EC6B6010032}\RP348\A0144757.DLL C:\WINDOWS\SYSTEM32\RIGHTONADZ-UNINST.EXE Adware.Vundo-Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B1F70D0-10EE-4971-B72C-4EC6B6010032}\RP354\A0147088.DLL Trojan.Downloader-Gen/MROFIN C:\WINDOWS\MROFINU1535.EXE Adware.AdRotator/AdsSite C:\WINDOWS\SYSTEM32\ADSSITE-REMOVE.EXE Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\CCBEG.INI C:\WINDOWS\SYSTEM32\CCBEG.INI2 Trace.Known Threat Sources C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\OD2NS9AB\checksoft[1].js C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\SPAVKPQZ\ico2[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\SPAVKPQZ\logo2[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\OHARGPYR\ico4[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\DK0JX9WH\cpay[1].htm C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\OD2NS9AB\star2[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\DK0JX9WH\logo[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\OD2NS9AB\styles[1].css C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\DK0JX9WH\errorsafe_banner[1].swf C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\OD2NS9AB\arrow[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\OD2NS9AB\ico3[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\SPAVKPQZ\top1[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\OHARGPYR\styles1[1].css C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\SPAVKPQZ\ico5[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\DK0JX9WH\order[1].htm C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\OHARGPYR\button2[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\SPAVKPQZ\cards[1].gif C:\Documents and Settings\Monica\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\OHARGPYR\bg_star[1].gif Lenke til kommentar
r2d290 Skrevet 29. mars 2008 Del Skrevet 29. mars 2008 (endret) fint, SUPERantispyware tok med seg en del, og går ut ifra at pc-en alerede har blitt mye raskere? fortsett med en combofix-logg (se post 2), og deretter en ny hijackthis-logg Endret 29. mars 2008 av r2d290 Lenke til kommentar
TheKims Skrevet 29. mars 2008 Forfatter Del Skrevet 29. mars 2008 (endret) ComboFix 08-03-27.5 - Kim-stian 2008-03-29 14:53:46.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.272 [GMT 1:00] Running from: C:\Documents and Settings\Kim-stian\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . -- Script messages for sUBs -- "C:\Programfiler\Internet Explorer\iexplore.exe" "C:\Programfiler\Internet Explorer\iexplore.exe" "C:\Programfiler\Internet Explorer\iexplore.exe" "C:\Programfiler\Internet Explorer\iexplore.exe" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Monica\Programdata\macromedia\Flash Player\#SharedObjects\MWLQ5CYS\www.broadcaster.com C:\Documents and Settings\Monica\Programdata\macromedia\Flash Player\#SharedObjects\MWLQ5CYS\www.broadcaster.com\played_list.sol C:\Documents and Settings\Monica\Programdata\macromedia\Flash Player\#SharedObjects\MWLQ5CYS\www.broadcaster.com\video_queue.sol C:\Documents and Settings\Monica\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Monica\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Programfiler\Adssite Games Collection C:\Programfiler\Adssite Games Collection\BattlesOfHelicopters.exe C:\Programfiler\Adssite Games Collection\BobAndBill.exe C:\Programfiler\Adssite Games Collection\CrazyBlocks.exe C:\Programfiler\Adssite Games Collection\Lines.exe C:\Programfiler\Adssite Games Collection\uninstall.exe C:\Programfiler\Adssite Games Collection\VideoPool.exe C:\WINDOWS\BMa3daf726.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\atidofbr.dll C:\WINDOWS\system32\ccbeg.ini C:\WINDOWS\system32\ccbeg.ini2 C:\WINDOWS\system32\ddccdab.dll C:\WINDOWS\system32\gebcc.dll C:\WINDOWS\system32\gltsdrie.dll C:\WINDOWS\system32\hmvxbiac.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))) . 2008-03-29 13:22 . 2008-03-29 13:22 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-29 13:22 . 2008-03-29 13:22 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\SUPERAntiSpyware.com 2008-03-29 13:22 . 2008-03-29 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-29 12:44 . 2008-03-29 12:44 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-28 16:34 . 2008-03-28 21:48 1,584,079 ---hs---- C:\WINDOWS\system32\sxpqkxqc.ini 2008-03-28 15:33 . 2008-03-28 15:33 1,588,346 ---hs---- C:\WINDOWS\system32\wjecigdw.ini 2008-03-27 19:12 . 2008-03-27 19:12 <DIR> d-------- C:\Documents and Settings\dez\Programdata\Norman 2008-03-27 18:51 . 2008-03-28 15:34 1,588,695 ---hs---- C:\WINDOWS\system32\agygbtak.ini 2008-03-27 18:07 . 2008-03-27 18:47 1,587,703 ---hs---- C:\WINDOWS\system32\ciwnuylp.ini 2008-03-27 18:02 . 2008-03-27 18:02 <DIR> d-------- C:\Documents and Settings\dez\Programdata\Intel 2008-03-27 18:00 . 2007-02-05 18:36 <DIR> dr------- C:\Documents and Settings\dez\Start-meny 2008-03-27 18:00 . 2008-03-27 18:00 <DIR> d-------- C:\Documents and Settings\dez\Skrivebord 2008-03-27 18:00 . 2008-03-27 18:01 <DIR> dr-h----- C:\Documents and Settings\dez\Siste 2008-03-27 18:00 . 2008-03-27 19:12 <DIR> dr-h----- C:\Documents and Settings\dez\Programdata 2008-03-27 18:00 . 2008-03-27 18:45 <DIR> dr------- C:\Documents and Settings\dez\Mine dokumenter 2008-03-27 18:00 . 2007-02-05 17:45 <DIR> d--h----- C:\Documents and Settings\dez\Maler 2008-03-27 18:00 . 2008-03-29 15:09 <DIR> d--h----- C:\Documents and Settings\dez\Lokale innstillinger 2008-03-27 18:00 . 2008-03-27 18:01 <DIR> dr------- C:\Documents and Settings\dez\Favoritter 2008-03-27 17:17 . 2008-03-28 22:18 <DIR> dr-h----- C:\Documents and Settings\Kim-stian\Siste 2008-03-27 16:58 . 2008-03-27 16:59 <DIR> d-------- C:\Programfiler\Yahoo! 2008-03-27 16:58 . 2008-03-27 16:59 <DIR> d-------- C:\Programfiler\CCleaner 2008-03-27 15:04 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr 2008-03-27 15:00 . 2008-01-23 15:01 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys 2008-03-27 10:10 . 2008-03-27 18:02 1,586,553 ---hs---- C:\WINDOWS\system32\ytnnvurv.ini 2008-03-24 11:42 . 2008-03-24 11:42 <DIR> d-------- C:\Programfiler\uTorrent 2008-03-24 11:42 . 2008-03-27 09:03 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\uTorrent 2008-03-23 20:41 . 2008-03-23 20:41 <DIR> d-------- C:\WINDOWS\Sun 2008-03-15 03:43 . 2008-03-15 03:43 <DIR> d--h----- C:\Documents and Settings\Kim-stian\AndrMask 2008-03-14 21:27 . 2008-03-14 21:27 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\Leadertech 2008-03-14 21:25 . 2008-03-14 21:25 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\AdobeUM 2008-03-07 03:03 . 2008-03-07 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AVS4YOU 2008-03-07 02:54 . 2008-03-07 02:54 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2008-03-04 13:25 . 2008-03-04 13:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Start-meny 2008-03-01 11:22 . 2008-03-01 11:22 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-03-01 11:22 . 2008-03-01 11:22 <DIR> d-------- C:\Programfiler\AGEIA Technologies 2008-03-01 11:22 . 2008-03-01 11:22 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\Ascaron Entertainment 2008-03-01 01:15 . 2008-03-01 01:15 <DIR> d-------- C:\Programfiler\LIUtilities 2008-03-01 01:15 . 2008-03-01 01:15 <DIR> d-------- C:\Documents and Settings\All Users\Maler 2008-03-01 01:14 . 2008-03-29 13:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-01 00:59 . 2008-03-27 17:26 <DIR> d-------- C:\Programfiler\AusLogics BoostSpeed . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 16:40 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-27 16:33 --------- d-----w C:\Programfiler\Tales of Pirates Online 2008-03-27 16:23 --------- d-----w C:\Programfiler\Sierra 2008-03-27 16:18 --------- d-----w C:\Programfiler\Arovax AntiSpyware 2008-03-27 08:44 5 ----a-w C:\NPF_USER.DAT 2008-03-18 00:16 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-03-07 02:03 --------- d-----w C:\Programfiler\Fellesfiler\AVSMedia 2008-03-02 11:09 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-03-01 18:45 --------- d-----w C:\Programfiler\TrackMania Nations ESWC 2008-03-01 17:45 --------- d-----w C:\Documents and Settings\Kim-stian\Programdata\DivX 2008-03-01 00:14 --------- d-----w C:\Programfiler\DivX 2008-03-01 00:14 --------- d-----w C:\Programfiler\Dell 2008-03-01 00:14 --------- d-----w C:\Documents and Settings\Kim-stian\Programdata\VoipCheapCom 2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-02-06 21:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Super X Studios 2008-02-06 21:46 --------- d-----w C:\Programfiler\Ubisoft . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-12-17 14:37 273520] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 11:00 110592 C:\WINDOWS\system32\bthprops.cpl] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-05-14 23:22 35328] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 08:19 40960] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-12-19 21:27 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-01-24 11:23] R1 NPROSEC;Norman Security driver;C:\Norman\Ngs\bin\nprosec.sys [2007-09-06 08:37] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\tdi_rd.sys [2007-05-14 10:51] R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55] R2 NPFSvc32;Norman Personal Firewall Service;"C:\Norman\npf\bin\npfsvc32.exe" [2008-01-28 10:21] R2 NPROSECSVC;Norman Security service;"C:\Norman\Ngs\bin\NPROSEC.EXE" [2007-11-27 15:13] R2 NVOY;Norman's Very Own supplY of resources;"C:\Norman\npm\bin\nvoy.exe" [2008-01-22 15:04] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;"C:\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 13:25] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 13:25] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 13:25] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 13:25] S3 ZSMC302;Audio Web Cam 31;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-03-22 09:22] . Contents of the 'Scheduled Tasks' folder "2008-03-29 14:17:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 15:15:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Norman\Npm\bin\ELOGSVC.EXE C:\Programfiler\Windows Defender\MsMpEng.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\npf\bin\npfuser.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe . ************************************************************************** . Completion time: 2008-03-29 15:19:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-29 14:19:16 Pre-Run: 23,637,745,664 byte ledig Post-Run: 24,382,742,528 byte ledig . 2008-03-28 12:51:48 --- E O F --- hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:22:19, on 29.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\bin\NVCSCHED.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Norman\npf\bin\npfuser.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Winamp\winampa.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\explorer.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Audio Web Cam 31 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_13\bin\npjpi142_13.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_13\bin\npjpi142_13.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programfiler\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programfiler\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9097 bytes Endret 29. mars 2008 av kimstianp Lenke til kommentar
TheKims Skrevet 29. mars 2008 Forfatter Del Skrevet 29. mars 2008 tusen takk for all hjelp.. pcn virker 10 gang bedre + at internett har blitt raskere. Lenke til kommentar
snippsat Skrevet 29. mars 2008 Del Skrevet 29. mars 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post logg c:\combofix File:: C:\WINDOWS\system32\sxpqkxqc.ini C:\WINDOWS\system32\wjecigdw.ini C:\WINDOWS\system32\agygbtak.ini C:\WINDOWS\system32\ciwnuylp.ini C:\WINDOWS\system32\ytnnvurv.ini Restart og en ny HijackThis logg. Endret 29. mars 2008 av SNIPPSAT Lenke til kommentar
TheKims Skrevet 29. mars 2008 Forfatter Del Skrevet 29. mars 2008 ComboFix 08-03-27.5 - Kim-stian 2008-03-29 18:35:48.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.483 [GMT 1:00] Running from: C:\Documents and Settings\Kim-stian\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Kim-stian\Skrivebord\CFScript.txt..txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\agygbtak.ini C:\WINDOWS\system32\ciwnuylp.ini C:\WINDOWS\system32\sxpqkxqc.ini C:\WINDOWS\system32\wjecigdw.ini C:\WINDOWS\system32\ytnnvurv.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\agygbtak.ini C:\WINDOWS\system32\ciwnuylp.ini C:\WINDOWS\system32\sxpqkxqc.ini C:\WINDOWS\system32\wjecigdw.ini C:\WINDOWS\system32\ytnnvurv.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))) . 2008-03-29 16:47 . 2007-08-21 09:58 146,944 --a------ C:\WINDOWS\system32\st325602.dll 2008-03-29 13:22 . 2008-03-29 13:22 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-29 13:22 . 2008-03-29 13:22 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\SUPERAntiSpyware.com 2008-03-29 13:22 . 2008-03-29 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-29 12:44 . 2008-03-29 12:44 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-27 19:12 . 2008-03-27 19:12 <DIR> d-------- C:\Documents and Settings\dez\Programdata\Norman 2008-03-27 18:02 . 2008-03-27 18:02 <DIR> d-------- C:\Documents and Settings\dez\Programdata\Intel 2008-03-27 18:00 . 2007-02-05 18:36 <DIR> dr------- C:\Documents and Settings\dez\Start-meny 2008-03-27 18:00 . 2008-03-27 18:00 <DIR> d-------- C:\Documents and Settings\dez\Skrivebord 2008-03-27 18:00 . 2008-03-27 18:01 <DIR> dr-h----- C:\Documents and Settings\dez\Siste 2008-03-27 18:00 . 2008-03-27 19:12 <DIR> dr-h----- C:\Documents and Settings\dez\Programdata 2008-03-27 18:00 . 2008-03-27 18:45 <DIR> dr------- C:\Documents and Settings\dez\Mine dokumenter 2008-03-27 18:00 . 2007-02-05 17:45 <DIR> d--h----- C:\Documents and Settings\dez\Maler 2008-03-27 18:00 . 2008-03-29 15:19 <DIR> d--h----- C:\Documents and Settings\dez\Lokale innstillinger 2008-03-27 18:00 . 2008-03-27 18:01 <DIR> dr------- C:\Documents and Settings\dez\Favoritter 2008-03-27 17:17 . 2008-03-29 18:34 <DIR> dr-h----- C:\Documents and Settings\Kim-stian\Siste 2008-03-27 16:58 . 2008-03-27 16:59 <DIR> d-------- C:\Programfiler\Yahoo! 2008-03-27 16:58 . 2008-03-27 16:59 <DIR> d-------- C:\Programfiler\CCleaner 2008-03-27 15:04 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr 2008-03-27 15:00 . 2008-01-23 15:01 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys 2008-03-24 11:42 . 2008-03-24 11:42 <DIR> d-------- C:\Programfiler\uTorrent 2008-03-24 11:42 . 2008-03-27 09:03 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\uTorrent 2008-03-23 20:41 . 2008-03-23 20:41 <DIR> d-------- C:\WINDOWS\Sun 2008-03-15 03:43 . 2008-03-15 03:43 <DIR> d--h----- C:\Documents and Settings\Kim-stian\AndrMask 2008-03-14 21:27 . 2008-03-14 21:27 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\Leadertech 2008-03-14 21:25 . 2008-03-14 21:25 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\AdobeUM 2008-03-07 03:03 . 2008-03-07 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AVS4YOU 2008-03-07 02:54 . 2008-03-07 02:54 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2008-03-04 13:25 . 2008-03-04 13:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Start-meny 2008-03-01 11:22 . 2008-03-01 11:22 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-03-01 11:22 . 2008-03-01 11:22 <DIR> d-------- C:\Programfiler\AGEIA Technologies 2008-03-01 11:22 . 2008-03-01 11:22 <DIR> d-------- C:\Documents and Settings\Kim-stian\Programdata\Ascaron Entertainment 2008-03-01 01:15 . 2008-03-01 01:15 <DIR> d-------- C:\Programfiler\LIUtilities 2008-03-01 01:15 . 2008-03-01 01:15 <DIR> d-------- C:\Documents and Settings\All Users\Maler 2008-03-01 01:14 . 2008-03-29 13:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-01 00:59 . 2008-03-27 17:26 <DIR> d-------- C:\Programfiler\AusLogics BoostSpeed . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 16:40 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-27 16:33 --------- d-----w C:\Programfiler\Tales of Pirates Online 2008-03-27 16:23 --------- d-----w C:\Programfiler\Sierra 2008-03-27 16:18 --------- d-----w C:\Programfiler\Arovax AntiSpyware 2008-03-27 08:44 5 ----a-w C:\NPF_USER.DAT 2008-03-18 00:16 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-03-07 02:03 --------- d-----w C:\Programfiler\Fellesfiler\AVSMedia 2008-03-02 11:09 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-03-01 18:45 --------- d-----w C:\Programfiler\TrackMania Nations ESWC 2008-03-01 17:45 --------- d-----w C:\Documents and Settings\Kim-stian\Programdata\DivX 2008-03-01 00:14 --------- d-----w C:\Programfiler\DivX 2008-03-01 00:14 --------- d-----w C:\Programfiler\Dell 2008-03-01 00:14 --------- d-----w C:\Documents and Settings\Kim-stian\Programdata\VoipCheapCom 2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-02-06 21:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Super X Studios 2008-02-06 21:46 --------- d-----w C:\Programfiler\Ubisoft . ((((((((((((((((((((((((((((( snapshot@2008-03-29_15.18.41.42 ))))))))))))))))))))))))))))))))))))))))) . - 2006-03-24 16:30:44 282,624 ----a-w C:\WINDOWS\stsystra.exe + 2007-05-10 09:22:32 405,504 ----a-w C:\WINDOWS\stsystra.exe - 2004-08-03 21:08:00 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys + 2004-08-03 22:08:00 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys - 2004-08-03 21:08:04 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys + 2004-08-03 22:08:04 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys - 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys + 2004-08-03 22:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys - 2006-03-24 16:34:30 1,156,648 ----a-w C:\WINDOWS\system32\drivers\sthda.sys + 2007-05-10 09:24:34 1,222,840 ----a-w C:\WINDOWS\system32\drivers\sthda.sys - 2004-08-03 21:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys + 2004-08-03 22:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys - 2006-03-24 16:31:50 208,896 ----a-w C:\WINDOWS\system32\stacapi.dll + 2007-05-10 09:23:02 270,336 ----a-w C:\WINDOWS\system32\stacapi.dll - 2006-03-22 16:52:58 1,052,672 ----a-w C:\WINDOWS\system32\stlang.dll + 2007-04-10 16:02:00 1,601,536 ----a-w C:\WINDOWS\system32\stlang.dll + 2008-03-29 17:41:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_614.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-12-17 14:37 273520] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 11:00 110592 C:\WINDOWS\system32\bthprops.cpl] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-05-14 23:22 35328] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 08:19 40960] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-12-19 21:27 282624] "SigmatelSysTrayApp"="C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 10:22 405504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Documents and Settings\\All Users\\Dokumenter\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-01-24 11:23] R1 NPROSEC;Norman Security driver;C:\Norman\Ngs\bin\nprosec.sys [2007-09-06 08:37] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\tdi_rd.sys [2007-05-14 10:51] R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55] R2 NPFSvc32;Norman Personal Firewall Service;"C:\Norman\npf\bin\npfsvc32.exe" [2008-01-28 10:21] R2 NPROSECSVC;Norman Security service;"C:\Norman\Ngs\bin\NPROSEC.EXE" [2007-11-27 15:13] R2 NVOY;Norman's Very Own supplY of resources;"C:\Norman\npm\bin\nvoy.exe" [2008-01-22 15:04] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;"C:\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 13:25] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 13:25] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 13:25] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 13:25] S3 ZSMC302;Audio Web Cam 31;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-03-22 09:22] . Contents of the 'Scheduled Tasks' folder "2008-03-29 17:44:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 18:42:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Norman\Npm\bin\ELOGSVC.EXE C:\Programfiler\Windows Defender\MsMpEng.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\npf\bin\npfuser.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\rundll32.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\MSN Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2008-03-29 18:46:34 - machine was rebooted [Kim-stian] ComboFix-quarantined-files.txt 2008-03-29 17:46:28 ComboFix2.txt 2008-03-29 14:19:27 Pre-Run: 24,347,418,624 byte ledig Post-Run: 24,337,289,216 byte ledig . 2008-03-28 12:51:48 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:49:56, on 29.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\bin\NVCSCHED.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Norman\npf\bin\npfuser.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Norman\Npm\bin\ZLH.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Winamp\winampa.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\explorer.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Audio Web Cam 31 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_13\bin\npjpi142_13.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_13\bin\npjpi142_13.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programfiler\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programfiler\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9138 bytes Lenke til kommentar
r2d290 Skrevet 29. mars 2008 Del Skrevet 29. mars 2008 (endret) Tenk over om du har noe nytte av SweetIM. Dette er et program der du har mulighet til å se/sende forskjellige smilyer. Dette verktøyet følger det med en del rusk. Hvis du ikke ønsker det, kan du fjerne det fra legg til/fjern programmer, og så avslutte med en ny hijackthis-log for å fjerne eventuelle rester Har du også behov for yahoo toolbar? Det er ikke no galt med den (så vidt jeg vet), men er ikke noe poeng i å ha den hvis den ikke er i bruk. Yahoo toolbar kan også fjernes fra legg til/fjern programmer Gi tilbakemelding på hvordan pc-en fungerer nå. Tror hijackthis-loggen er ren nå (utenom det jeg har nevnt i denne posten) Endret 29. mars 2008 av r2d290 Lenke til kommentar
TheKims Skrevet 29. mars 2008 Forfatter Del Skrevet 29. mars 2008 finner ikke det under legg til eller fjern programmer. har sikkert fulgt med diverse programmer jeg har lastet ned Lenke til kommentar
snippsat Skrevet 29. mars 2008 Del Skrevet 29. mars 2008 (endret) Kjør kun hjt. Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) Trenger ikke logg. Da ser det bra ut Bruk pcen litt,kjører den greit kan du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. SAS og ccleaner forsetter du og bruke. Defragmering kan være greit og gjøre. Auslogics Disk Defrag + Free Registry Defrag Surf trygt. Endret 29. mars 2008 av SNIPPSAT Lenke til kommentar
r2d290 Skrevet 29. mars 2008 Del Skrevet 29. mars 2008 (endret) mener å huske at sweetIM har et navn foran sweetIM. tror det var noe på "M"... hvis du ikke finner det, kan du prøve å avinstallere det med ccleaner (start ccleaner, velg verktøy.) Finner du det heller ikke her, kan du bruke hijackthis, velg "none of the above, just start the program", trykk config, trykk misc tools, trykk "open uninstall mananger..." og se om du finner det her... hvis du får det til, poster du en ny hijackthis-logg... edit: for sen... følg rådet til snippsat Endret 29. mars 2008 av r2d290 Lenke til kommentar
TheKims Skrevet 29. mars 2008 Forfatter Del Skrevet 29. mars 2008 legger ut en siste hijackthis logg for å være sikker på at alt grumset er borte. takker for all hjelp:) virker som om pcn er helt bra nu. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:35:57, on 29.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\bin\NVCSCHED.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hkcmd.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Winamp\winampa.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Norman\npf\bin\npfuser.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Audio Web Cam 31 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_13\bin\npjpi142_13.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_13\bin\npjpi142_13.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Linksys\Bluetooth Utility\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programfiler\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programfiler\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Linksys\Bluetooth Utility\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8910 bytes Lenke til kommentar
TheKims Skrevet 29. mars 2008 Forfatter Del Skrevet 29. mars 2008 pcn er omtrent som ny... takker enda en gang for all hjelp:) en fryd å bruke pcn nå Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå