eblth Skrevet 2. april 2008 Del Skrevet 2. april 2008 Hallo! Jeg har en forholdsvis ny bærbar pc, en HP Pavilion dv9000, som har funket strålende de siste månedene. Men for et par dager siden begynte problemene; alt jeg gjorde på pcen var tydeligvis "for mye", så den frøs, og jeg måtte holde inne på/av-knappen for å restarte den. Da dette hadde skjedd et par ganger, begynte det å komme noe windows-sjekk før pcen skrudde seg på (som tydeligvis startet når windows ikke kunne starte pga problemer). Jeg trodde det var et virus eller noen andre slags ulumskheter, så sjekket pcen ved hjelp av norton antivirus og Spybot (sistnevnte hjalp meg da jeg hadde noen virusproblemer forrige gang), men ingen av programmene fant noe, og da kunne ikke den ene dataflinke vennen hjelpe meg heller... Problemene skjer veldig lett, det kan skje bare jeg trykker på "tilbake"-knappen i internet explorer, eller stort sett når jeg spiller musikk (måtte gud forby at jeg startet en sang i wmp). Ellers høres det ut som om pcen jobber hardt omtrent hele tiden, og når den først fryser kommer det kun noen stakkarslige hikst... Har noen hatt samme problemer, eller har noen noen ideer om hva jeg kan gjøre? Takk for svar! Lenke til kommentar
Green_Monster Skrevet 2. april 2008 Del Skrevet 2. april 2008 Er ikke noe ekspert her, men du kan jo ta opp oppgavebehandlingen å se hva maskinen jobber sånn med.. Hvis du finner ut at det ikke er virus så kan du i alle fall få til å stenge programmet som bruker ressurser eller om det er noe du har satt igang som må gjøre seg ferdig elns Lenke til kommentar
snippsat Skrevet 2. april 2008 Del Skrevet 2. april 2008 Kan se om det er noe grums Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Lenke til kommentar
eblth Skrevet 3. april 2008 Forfatter Del Skrevet 3. april 2008 Takk for svar Kjørte hijackthis, og dette er loggen jeg fikk: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:40:03, on 03.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\System32\cleanmgr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O18 - Protocol: bw+0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 22977 bytes Cri: Sjekket hva som tok mye mest minne, men det var stort sett MSN, internet explorer og liknende programmer... Lenke til kommentar
snippsat Skrevet 3. april 2008 Del Skrevet 3. april 2008 Du har noe grums,må ha en logg fra combofix. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Avinnstaler denne ligger og søker i bakrunnen hele tiden. C:\Program Files\Logitech\Desktop Messenger\ Lenke til kommentar
eblth Skrevet 8. april 2008 Forfatter Del Skrevet 8. april 2008 Her er logg fra ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-07.5 - Eivind 2008-04-08 19:04:14.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1287 [GMT 2:00] Running from: C:\Users\Eivind\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Helper . ((((((((((((((((((((((((( Files Created from 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-08 17:06 13,072 ----a-w C:\Users\Eivind\AppData\Roaming\nvModes.dat 2008-04-06 14:51 --------- d-----w C:\Users\Eivind\AppData\Roaming\LimeWire 2008-04-05 13:05 --------- d-----w C:\Program Files\Windows Live 2008-04-05 13:03 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-05 13:02 --------- d-----w C:\ProgramData\WLInstaller 2008-04-03 11:39 --------- d-----w C:\Program Files\Trend Micro 2008-03-31 03:45 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-03-31 03:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-30 16:42 --------- d-----w C:\ProgramData\Symantec 2008-03-29 17:19 --------- d-----w C:\Program Files\Google 2008-03-26 23:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-26 23:35 --------- d-----w C:\Program Files\InterVideo Information Service 2008-03-26 23:34 --------- d-----w C:\Program Files\Corel 2008-03-26 23:14 2,828 --sha-w C:\Users\All Users\KGyGaAvL.sys 2008-03-26 23:14 2,828 --sha-w C:\ProgramData\KGyGaAvL.sys 2008-03-26 22:51 8 --sh--r C:\Users\All Users\CE8F9D3F13.sys 2008-03-26 22:51 8 --sh--r C:\ProgramData\CE8F9D3F13.sys 2008-03-26 22:51 --------- d-----w C:\Users\Eivind\AppData\Roaming\Corel 2008-03-26 21:21 --------- d-----w C:\Program Files\Real 2008-03-26 21:21 --------- d-----w C:\Program Files\Common Files\xing shared 2008-03-26 21:21 --------- d-----w C:\Program Files\Common Files\Real 2008-03-24 18:07 --------- d-----w C:\Users\Eivind\AppData\Roaming\InterVideo 2008-03-24 18:05 --------- d-----w C:\Program Files\Common Files\Ulead 2008-03-24 17:29 --------- d-----w C:\Users\Eivind\AppData\Roaming\dvdcss 2008-03-23 12:31 --------- d-----w C:\Program Files\LimeWire 2008-03-21 13:54 --------- d-----w C:\Users\Eivind\AppData\Roaming\Apple Computer 2008-03-21 02:07 --------- d-----w C:\Program Files\Windows Mail 2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll 2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll 2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll 2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll 2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll 2008-03-03 14:34 400 ----a-w C:\Users\Eivind\AppData\Roaming\wklnhst.dat 2008-02-29 23:52 --------- d-----w C:\Program Files\AdVantage 2008-02-28 22:00 --------- d-----w C:\Program Files\EA GAMES 2008-02-28 20:58 --------- d-----w C:\Program Files\DAEMON Tools 2008-02-28 20:20 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-02-26 15:15 --------- d-----w C:\Program Files\iTunes 2008-02-26 15:15 --------- d-----w C:\Program Files\iPod 2008-02-26 15:14 --------- d-----w C:\Program Files\QuickTime 2008-02-13 02:40 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 02:40 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 02:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 02:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-13 02:34 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 02:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 02:34 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-02-13 02:34 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 02:34 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 02:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 02:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-13 02:34 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-13 02:34 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 02:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 02:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-13 02:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 02:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 02:33 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 02:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 02:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 02:33 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-13 02:30 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 02:30 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 02:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 02:30 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-12 15:12 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-02-12 15:12 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-02-12 15:12 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-02-12 15:12 --------- d-----w C:\Program Files\Symantec 2008-02-05 22:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-08-29 17:24 174 --sha-w C:\Program Files\desktop.ini 2007-08-26 01:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-08-26 01:18 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-08-26 01:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-07 16:37 32768] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 20:09 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 08:02 815104] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816] "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 07:18 22696] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32 472800] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-04 11:51 77824] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 94208 C:\Windows\KHALMNPR.Exe] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-28 19:26 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-28 19:26 7770112] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-28 19:26 81920] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "TkBellExe"="C:\Program Files\Real Alternative\Update_OB\realsched.exe" [2008-03-26 23:21 180269] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-07 16:38:10 450560] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-07 16:35:17 593920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C9B227C4-E925-4F01-A624-3717EF43CE63}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{912BADA2-97BE-49C6-B9F7-6F84C5CD5F86}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{7A3619CA-90C4-4CE4-A17A-067C23F59881}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{19A18290-823D-4B93-ACE8-4B7A9E1F217A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{D67001AD-1CF6-4CE6-8A6E-753C8574D259}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{A77874CD-362E-451B-B019-818056B04357}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "TCP Query User{A26221BC-17D4-45D6-BD4B-877B1E1A4C1F}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger "UDP Query User{7E0F94B4-9740-4B90-8BED-55137F8A0BD6}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger "{43D66E8C-FED3-4E51-A629-3C8CB2A57E0F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{DCE6EEE3-57CF-42A4-BB6B-ABC7266A993F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{65BA082C-A042-4745-8ED0-C5F814C16C31}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{131D216C-FBB8-4EFA-B0E0-0362DB240E67}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{64C4E0BE-05E0-4D4C-B07C-86AB486D13FB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{DBD4CFD8-78D8-496B-9888-5767D8D8E1C9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{0FF3381F-824A-49DC-83E0-4450FCF2480F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071009.001\IDSvix86.sys [2007-09-13 16:49] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 14:03] R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-04 18:54:47 C:\Windows\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - Eivind.job" - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: "2008-04-07 22:04:04 C:\Windows\Tasks\User_Feed_Synchronization-{41A6D055-8F43-4029-8BB8-93B60190A812}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-08 19:07:40 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-08 19:08:23 ComboFix-quarantined-files.txt 2008-04-08 17:08:18 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. . 2008-04-06 09:25:34 --- E O F --- Lenke til kommentar
snippsat Skrevet 9. april 2008 Del Skrevet 9. april 2008 Hei! Klikk for å se/fjerne innholdet nedenfor Kopiere fet tekst->lim inn i notisblokk. Lagre på skrivebordet som CFScript.txt. Gjør som på bildet,Post logg c:\combofix.txt File:: C:\Users\All Users\CE8F9D3F13.sys C:\ProgramData\CE8F9D3F13.sys Folder:: C:\Program Files\AdVantage Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"=- Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Se ettet "AdVantage" på legg til fjern program->slett. Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) Restart og en ny HijackThis logg. Lenke til kommentar
aara Skrevet 9. april 2008 Del Skrevet 9. april 2008 Hallo! Jeg har en forholdsvis ny bærbar pc, en HP Pavilion dv9000, som har funket strålende de siste månedene. Men for et par dager siden begynte problemene; alt jeg gjorde på pcen var tydeligvis "for mye", så den frøs, og jeg måtte holde inne på/av-knappen for å restarte den. Da dette hadde skjedd et par ganger, begynte det å komme noe windows-sjekk før pcen skrudde seg på (som tydeligvis startet når windows ikke kunne starte pga problemer). Jeg trodde det var et virus eller noen andre slags ulumskheter, så sjekket pcen ved hjelp av norton antivirus og Spybot (sistnevnte hjalp meg da jeg hadde noen virusproblemer forrige gang), men ingen av programmene fant noe, og da kunne ikke den ene dataflinke vennen hjelpe meg heller... Problemene skjer veldig lett, det kan skje bare jeg trykker på "tilbake"-knappen i internet explorer, eller stort sett når jeg spiller musikk (måtte gud forby at jeg startet en sang i wmp). Ellers høres det ut som om pcen jobber hardt omtrent hele tiden, og når den først fryser kommer det kun noen stakkarslige hikst... Har noen hatt samme problemer, eller har noen noen ideer om hva jeg kan gjøre? Takk for svar! Hei! Ser at du allerede har blitt hjulpet et stykke på veg men det er en ting jeg vil påpeke, i fara for å påkalle noens vrede her og det er antivirusprogrammet du kjører norton er ofte en stor synder da det gjelder maskiner som fryser det har en tendens til å spise opp all kapasiteten i maskina og resultatet er maskinen stopper. Jeg kastet ut min for flere år siden og ingen vil få meg til å bruke det igjen spesielt da det faktisk finnes menge gode gratisversoner slik som avast, avg med flere. Ville bare påpeke at det også kan være en grunn til at maskinen fryser. -aara Lenke til kommentar
Stigma Skrevet 9. april 2008 Del Skrevet 9. april 2008 jeg vil bare påpeke at det finnes mange andre muligheter utenom bare malware som kan forårsake hard-freeze på maskinen (gitt at jeg har tolket beskrivelsen din riktig altså). Men... siden SNIPPSAT som har som har god erfaring med å hjelpe folk med malware "grums" som han så fint beskriver det som har tilbudt seg å hjelpe deg så kan du jo gjerne utelukke dette først. -Stigma Lenke til kommentar
snippsat Skrevet 9. april 2008 Del Skrevet 9. april 2008 (endret) Ja det mange grunner til at en pc fryser. Det er greit og få virus-spyware veien før videre feilsøk. Norton spesielt eldere versjoner kan kan gjøre systemet tregere og gi frys. Fixer det som regel med og fjerne det helt(norton remove tool) Og installere det igjen. Norton har skerpet ressusbruken på nyere versjoner. For og nevne gratis antivirus bør avira tas med,som jeg mener er den beste av de gratise. Hardware er også greit og teste. Kan ta mere om dette når vi er ferdig med dette. Endret 9. april 2008 av SNIPPSAT Lenke til kommentar
eblth Skrevet 9. april 2008 Forfatter Del Skrevet 9. april 2008 Ny logg:) Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-07.5 - Eivind 2008-04-09 17:04:52.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1289 [GMT 2:00] Running from: C:\Users\Eivind\Desktop\ComboFix.exe Command switches used :: C:\Users\Eivind\Desktop\CFScript.txt..txt * Created a new restore point FILE :: C:\ProgramData\CE8F9D3F13.sys C:\Users\All Users\CE8F9D3F13.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\AdVantage C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc C:\Program Files\AdVantage\user.db C:\ProgramData\CE8F9D3F13.sys C:\Users\All Users\CE8F9D3F13.sys . ((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-09 14:49 13,072 ----a-w C:\Users\Eivind\AppData\Roaming\nvModes.dat 2008-04-06 14:51 --------- d-----w C:\Users\Eivind\AppData\Roaming\LimeWire 2008-04-05 13:05 --------- d-----w C:\Program Files\Windows Live 2008-04-05 13:03 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-05 13:02 --------- d-----w C:\ProgramData\WLInstaller 2008-04-03 11:39 --------- d-----w C:\Program Files\Trend Micro 2008-03-31 03:45 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-03-31 03:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-30 16:42 --------- d-----w C:\ProgramData\Symantec 2008-03-29 17:19 --------- d-----w C:\Program Files\Google 2008-03-26 23:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-26 23:35 --------- d-----w C:\Program Files\InterVideo Information Service 2008-03-26 23:34 --------- d-----w C:\Program Files\Corel 2008-03-26 23:14 2,828 --sha-w C:\Users\All Users\KGyGaAvL.sys 2008-03-26 23:14 2,828 --sha-w C:\ProgramData\KGyGaAvL.sys 2008-03-26 22:51 --------- d-----w C:\Users\Eivind\AppData\Roaming\Corel 2008-03-26 21:21 --------- d-----w C:\Program Files\Real 2008-03-26 21:21 --------- d-----w C:\Program Files\Common Files\xing shared 2008-03-26 21:21 --------- d-----w C:\Program Files\Common Files\Real 2008-03-24 18:07 --------- d-----w C:\Users\Eivind\AppData\Roaming\InterVideo 2008-03-24 18:05 --------- d-----w C:\Program Files\Common Files\Ulead 2008-03-24 17:29 --------- d-----w C:\Users\Eivind\AppData\Roaming\dvdcss 2008-03-23 12:31 --------- d-----w C:\Program Files\LimeWire 2008-03-21 13:54 --------- d-----w C:\Users\Eivind\AppData\Roaming\Apple Computer 2008-03-21 02:07 --------- d-----w C:\Program Files\Windows Mail 2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll 2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll 2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll 2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll 2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll 2008-03-03 14:34 400 ----a-w C:\Users\Eivind\AppData\Roaming\wklnhst.dat 2008-02-28 22:00 --------- d-----w C:\Program Files\EA GAMES 2008-02-28 20:58 --------- d-----w C:\Program Files\DAEMON Tools 2008-02-28 20:20 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-02-26 15:15 --------- d-----w C:\Program Files\iTunes 2008-02-26 15:15 --------- d-----w C:\Program Files\iPod 2008-02-26 15:14 --------- d-----w C:\Program Files\QuickTime 2008-02-13 02:40 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 02:40 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 02:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 02:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-13 02:34 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 02:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 02:34 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-02-13 02:34 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 02:34 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 02:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 02:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-13 02:34 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-13 02:34 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 02:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 02:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-13 02:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 02:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 02:33 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 02:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 02:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 02:33 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-13 02:30 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 02:30 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 02:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 02:30 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-12 15:12 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-02-12 15:12 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-02-12 15:12 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-02-12 15:12 --------- d-----w C:\Program Files\Symantec 2008-02-05 22:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-08-29 17:24 174 --sha-w C:\Program Files\desktop.ini 2007-08-26 01:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-08-26 01:18 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-08-26 01:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-04-08_19.08.00,56 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-08 13:44:25 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-04-09 12:36:16 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-04-08 16:59:48 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-04-09 14:57:43 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-04-08 13:46:32 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-04-09 12:37:00 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-04-08 17:03:32 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-04-09 15:04:17 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-04-08 13:46:38 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-04-09 12:37:31 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-04-08 16:20:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-09 14:04:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-08 16:20:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-09 14:04:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-08 16:20:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-09 14:04:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-03-22 05:11:58 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat + 2008-04-09 12:35:06 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat - 2008-04-08 13:46:46 8,418 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1652779409-875784169-4009966895-1000_UserData.bin + 2008-04-09 12:38:19 8,418 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1652779409-875784169-4009966895-1000_UserData.bin - 2008-04-08 13:46:46 69,820 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-09 12:38:19 69,874 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-07 17:33:08 46,036 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-04-09 12:38:17 46,152 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-03-21 02:07:33 949,017 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-04-09 05:33:21 30,297,085 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-02-13 02:38:39 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe + 2008-02-13 02:38:39 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe + 2007-08-15 18:02:51 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat + 2007-08-15 18:02:51 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-07 16:37 32768] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 20:09 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 08:02 815104] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816] "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 07:18 22696] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32 472800] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-04 11:51 77824] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 94208 C:\Windows\KHALMNPR.Exe] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-28 19:26 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-28 19:26 7770112] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-28 19:26 81920] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "TkBellExe"="C:\Program Files\Real Alternative\Update_OB\realsched.exe" [2008-03-26 23:21 180269] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-07 16:38:10 450560] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-07 16:35:17 593920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C9B227C4-E925-4F01-A624-3717EF43CE63}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{912BADA2-97BE-49C6-B9F7-6F84C5CD5F86}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP "{7A3619CA-90C4-4CE4-A17A-067C23F59881}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{19A18290-823D-4B93-ACE8-4B7A9E1F217A}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{D67001AD-1CF6-4CE6-8A6E-753C8574D259}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{A77874CD-362E-451B-B019-818056B04357}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "TCP Query User{A26221BC-17D4-45D6-BD4B-877B1E1A4C1F}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger "UDP Query User{7E0F94B4-9740-4B90-8BED-55137F8A0BD6}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger "{43D66E8C-FED3-4E51-A629-3C8CB2A57E0F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{DCE6EEE3-57CF-42A4-BB6B-ABC7266A993F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{65BA082C-A042-4745-8ED0-C5F814C16C31}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{131D216C-FBB8-4EFA-B0E0-0362DB240E67}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{64C4E0BE-05E0-4D4C-B07C-86AB486D13FB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{DBD4CFD8-78D8-496B-9888-5767D8D8E1C9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{0FF3381F-824A-49DC-83E0-4450FCF2480F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071009.001\IDSvix86.sys [2007-09-13 16:49] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 14:03] R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-04 18:54:47 C:\Windows\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - Eivind.job" - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK: "2008-04-08 22:36:37 C:\Windows\Tasks\User_Feed_Synchronization-{41A6D055-8F43-4029-8BB8-93B60190A812}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-09 17:08:12 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-09 17:08:58 ComboFix-quarantined-files.txt 2008-04-09 15:08:54 ComboFix2.txt 2008-04-08 17:08:24 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. . 2008-04-06 09:25:34 --- E O F --- Lenke til kommentar
snippsat Skrevet 9. april 2008 Del Skrevet 9. april 2008 Greit så en highjackthis logg. Lenke til kommentar
eblth Skrevet 10. april 2008 Forfatter Del Skrevet 10. april 2008 ta-da: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:24:40, on 10.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\system32\taskeng.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: bw+0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {E94B16C8-739D-4C29-8BB5-5283AE2B3487} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 22701 bytes [/skjul} Lenke til kommentar
snippsat Skrevet 10. april 2008 Del Skrevet 10. april 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing) Fjerne rester fra norton. Norton-Removal-Tool Igjen avinnstalere denne trenger ikke og ligge søke hele tiden. C:\Program Files\Logitech\Desktop Messenger\ Når dette gjort. Restart og en ny HijackThis logg. Endret 10. april 2008 av SNIPPSAT Lenke til kommentar
eblth Skrevet 11. april 2008 Forfatter Del Skrevet 11. april 2008 Ny HijackThis-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:19:15, on 11.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8392 bytes Lenke til kommentar
snippsat Skrevet 11. april 2008 Del Skrevet 11. april 2008 Da er du ren for viurs-spyware Kjører pcen greit kan du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Defragmering kan være greit og gjøre nå. Auslogics Disk Defrag + Free Registry Defrag Surf trygt. Lenke til kommentar
eblth Skrevet 18. mai 2008 Forfatter Del Skrevet 18. mai 2008 Hallo igjen:) PCen funker kjempegreit, så takk igjen for all hjelp. Et lite spørsmål som kanskje noen kan svare på: Etter denne spyware-krigen for en stund siden har jeg ikke hatt mulighet til å se "forhåndsvisning" av bilder. Dvs, bildefiler er helt hvite, selv om de er satt til "store bilder". Alt man ser er en hvit firkant med navnet på fila under. Jeg må altså åpne fila for å se hva slags bilde det er. Bakgrunnsbildet har også blitt svart, uten at jeg kan skifte det... Takk igjen for svar Lenke til kommentar
Green_Monster Skrevet 19. mai 2008 Del Skrevet 19. mai 2008 (endret) Stjeler litt plass i tråden din Mr Fungus i håp om at snippsat ser den Snippsat - Vil/gidder/orker du å hjelpe meg med HJ log og hjelpe meg etter denne være så snill? Endret 19. mai 2008 av Cri Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå