bokhylle Skrevet 2. mai 2008 Del Skrevet 2. mai 2008 Hei! Kan noen være så snill å ta en titt på loggene mine? HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:46:09, on 02.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\OneStepSearch\onestep.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\OneStepSearch\onestep.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\system32\CTPdeSrv.exe C:\Programfiler\Mozilla Firefox 3 Beta 5\firefox.exe C:\Documents and Settings\Administrator\Skrivebord\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Programfiler\OneStepSearch\onestep.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 7520 bytes ComboFix: ComboFix 08-05-01.1 - Administrator 2008-05-02 14:43:45.1 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Programdata\inst.exe C:\WINDOWS\system32\d22sx4d6.dll . ((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))) . 2008-05-02 13:39 . 2008-05-02 13:39 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-02 13:39 . 2008-05-02 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-02 13:39 . 2008-05-02 13:39 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-05-02 12:03 . 2008-05-02 14:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-05-02 12:02 . 2008-05-02 12:02 <DIR> d-------- C:\Programfiler\CCleaner 2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Programfiler\IconTweaker 2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\IconTweaker 2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\IconTweaker 2008-04-27 07:00 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2008-04-27 07:00 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf 2008-04-27 06:53 . 2008-04-27 06:53 <DIR> d-------- C:\WINDOWS\icons 2008-04-27 06:53 . 2008-05-02 14:38 <DIR> d-------- C:\Programfiler\OneStepSearch 2008-04-27 06:53 . 2008-04-27 06:53 <DIR> d-------- C:\Programfiler\FileSubmit 2008-04-27 06:53 . 2008-04-27 06:55 <DIR> d-------- C:\Programfiler\AdVantage 2008-04-27 02:36 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll 2008-04-27 02:36 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll 2008-04-27 02:36 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll 2008-04-27 02:36 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-04-27 02:36 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-04-27 02:36 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-04-27 02:36 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll 2008-04-27 02:10 . 2008-04-27 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\vsosdk 2008-04-27 01:24 . 2008-04-27 01:24 47,360 --a------ C:\Documents and Settings\Administrator\Programdata\pcouffin.sys 2008-04-24 19:21 . 2008-04-24 19:21 <DIR> d-------- C:\Programfiler\Razer 2008-04-24 19:21 . 2006-11-23 05:55 73,728 --a------ C:\WINDOWS\system32\DeathAdder.cpl 2008-04-23 21:01 . 2008-04-23 21:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-23 21:01 . 2008-04-23 21:01 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-23 20:56 . 2008-04-23 20:56 <DIR> d-------- C:\Programfiler\TVUPlayer 2008-04-23 20:56 . 2008-04-23 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TVU Networks 2008-04-23 20:56 . 2008-04-23 20:56 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\TVU Networks 2008-04-23 20:56 . 2008-04-23 20:56 <DIR> d-------- C:\Documents and Settings\Administrator\LocalLow 2008-04-23 20:52 . 2008-04-23 20:52 <DIR> d-------- C:\Programfiler\SopCast 2008-04-19 11:58 . 2008-05-02 13:57 <DIR> d-------- C:\Programfiler\Mozilla Firefox 3 Beta 5 2008-04-08 15:08 . 2008-04-08 15:08 <DIR> d-------- C:\Programfiler\Activision 2008-04-06 13:14 . 2008-04-06 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Logishrd . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-02 12:55 --------- d-----w C:\Documents and Settings\Administrator\Programdata\uTorrent 2008-05-02 12:38 --------- d-----w C:\Programfiler\DAEMON Tools 2008-05-02 11:38 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-01 23:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2008-05-01 23:28 62,209 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-05-01 16:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater 2008-04-29 17:39 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Azureus 2008-04-27 01:21 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Vso 2008-04-27 00:36 --------- d-----w C:\Programfiler\VSO 2008-04-26 23:24 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-04-26 20:00 --------- d-----w C:\Programfiler\HLSW 2008-04-24 19:23 --------- d-----w C:\Programfiler\World of Warcraft 2008-04-24 19:22 --------- d-----w C:\Programfiler\Ubisoft 2008-04-24 17:21 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-23 17:23 --------- d-----w C:\Programfiler\Mozilla Thunderbird 2008-04-18 13:38 --------- d-----w C:\Documents and Settings\Administrator\Programdata\mIRC 2008-04-17 13:13 --------- d-----w C:\Documents and Settings\Administrator\Programdata\LimeWire 2008-04-11 12:45 --------- d-----w C:\Programfiler\Picasa2 2008-04-10 06:39 --------- d-----w C:\Programfiler\uTorrent 2008-04-06 11:15 --------- d-----w C:\Programfiler\Fellesfiler\logishrd 2008-04-06 11:14 --------- d-----w C:\Programfiler\Logitech 2008-04-06 00:58 --------- d-----w C:\Programfiler\LimeWire 2008-04-04 22:35 --------- d-----w C:\Programfiler\Opera 2008-04-01 15:28 --------- d-----w C:\Documents and Settings\Administrator\Programdata\AVG7 2008-03-28 15:02 --------- d-----w C:\Programfiler\RayV 2008-03-28 14:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\PC Drivers HeadQuarters 2008-03-23 06:22 --------- d-----w C:\Programfiler\DC++ 2008-03-23 04:21 --------- d-----w C:\Documents and Settings\Administrator\Programdata\dvdcss 2008-03-23 04:01 --------- d-----w C:\Programfiler\Funcom 2008-03-23 03:56 --------- d-----w C:\Programfiler\Ny mappe 2008-03-22 19:02 --------- d-----w C:\Programfiler\Unreal Tournament 3 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 16:17 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Ventrilo 2008-03-19 12:25 --------- d--h--w C:\Documents and Settings\Administrator\Programdata\IFViewer 2008-03-17 22:48 --------- d-----w C:\Programfiler\Fellesfiler\Thraex Software 2008-03-13 16:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\nView_Profiles 2008-03-06 14:44 --------- d-----w C:\Programfiler\A123 All to mp3 Converter 2008-03-06 14:36 --------- d-----w C:\Programfiler\AML Products 2008-03-05 14:24 --------- d-----w C:\Programfiler\Google 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:05 658,944 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20 81920] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Svchost Services"="mssvcs.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 19:49 16269312 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-17 14:52 579584] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "DeathAdder"="C:\Programfiler\Razer\DeathAdder\razerhid.exe" [2007-09-07 15:54 159744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Svchost Services"="mssvcs.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 14:35 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^MagicDisc.lnk] path=C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^OpenOffice.org 2.2.lnk] path=C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\OpenOffice.org 2.2.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] --a------ 2007-11-05 11:12 884176 C:\Programfiler\AdVantage\AdVantage.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 09:27 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2007-04-10 09:15 868352 C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-04 00:29 165784 C:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-08-15 20:15 271672 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2007-10-25 16:33 563984 C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-10-25 16:37 2178832 C:\Programfiler\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Corporation Svchost Services] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] C:\Programfiler\Eset\nod32kui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] --a------ 2006-02-13 18:33 214648 C:\Programfiler\Octoshape Streaming Services\Administrator\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-02-26 03:23 443968 C:\Programfiler\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip] --a------ 2006-11-06 14:35 722176 c:\programfiler\powerstrip\pstrip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-07 02:05 200704 C:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV] --a------ 2008-03-25 18:21 4558848 C:\Programfiler\RayV\RayV\RayV.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] C:\Programfiler\Save\Save.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-05-15 00:22 35328 C:\Programfiler\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG Free\\avgemc.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Cyanide\\GameCenter\\GameCenter.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"= "C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"= "C:\\Programfiler\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"= "C:\\Programfiler\\Ubisoft\\Lost Via Domus\\gu.exe"= "C:\\Programfiler\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"= "C:\\Programfiler\\RayV\\RayV\\RayV.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21] R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 12:35] S2 SPF4;Sunbelt Personal Firewall 4;"C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21] S3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32] S3 PciCon;PciCon;D:\PciCon.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9af752c1-f5ac-11dc-944f-00301b43d25d}] \Shell\AutoRun\command - M:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3b29dbc-b937-11dc-9408-00301b43d25d}] \Shell\AutoRun\command - L:\wd_windows_tools\setup.exe *Newly Created Service* - CATCHME *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-02 14:54:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-02 14:59:05 ComboFix-quarantined-files.txt 2008-05-02 12:58:52 Pre-Run: 191,428,706,304 byte ledig Post-Run: 191,436,390,400 byte ledig 231 --- E O F --- 2008-04-11 17:06:13 SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/02/2008 at 02:10 PM Application Version : 4.0.1154 Core Rules Database Version : 3451 Trace Rules Database Version: 1443 Scan type : Complete Scan Total Scan Time : 00:29:25 Memory items scanned : 511 Memory threats detected : 2 Registry items scanned : 6300 Registry threats detected : 39 File items scanned : 20201 File threats detected : 13 Adware.OneStepSearch C:\PROGRAMFILER\ONESTEPSEARCH\ONESTEP.EXE C:\PROGRAMFILER\ONESTEPSEARCH\ONESTEP.EXE C:\PROGRAMFILER\ONESTEPSEARCH\ONESTEP.DLL C:\PROGRAMFILER\ONESTEPSEARCH\ONESTEP.DLL HKLM\Software\OneStepSearch HKLM\Software\OneStepSearch#Primary HKLM\Software\OneStepSearch#DllPath HKLM\Software\OneStepSearch#Version HKLM\Software\OneStepSearch#Partner HKLM\Software\OneStepSearch#Src HKLM\Software\OneStepSearch#ShowToolbarButton HKLM\Software\OneStepSearch#ShowBarSign HKLM\Software\OneStepSearch#UpdateTimeH HKLM\Software\OneStepSearch#UpdateTimeL HKLM\Software\OneStepSearch#Cid HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE�00\Control#ActiveService HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch#UninstallString HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Type HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Start HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Description HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Security HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#NextInstance C:\Programfiler\OneStepSearch\home.js C:\Programfiler\OneStepSearch\osopt.exe C:\Programfiler\OneStepSearch\readme.html C:\Programfiler\OneStepSearch\uninstall.exe C:\Programfiler\OneStepSearch C:\WINDOWS\Prefetch\ONESTEP.EXE-01EF41B4.pf Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt Adware.WhenU C:\PROGRAMFILER\DAEMON TOOLS\SETUPDTSB.EXE Spyware.RelevantKnowledge C:\SYSTEM VOLUME INFORMATION\_RESTORE{5535F31B-E2A4-4BD2-AAAA-BA14CD032371}\RP274\A0094625.EXE Trojan.Unclassified-Packed/Suspicious C:\WINDOWS\SYSTEM32\B4FM.DLL Trace.Known Threat Sources C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5XO5JSMQ\upgrade[1].cab Takk Lenke til kommentar
norbat Skrevet 2. mai 2008 Del Skrevet 2. mai 2008 Kunne du ha postet en ny hjt-logg (den som ligger der er kjørt før combofix og sas). Lenke til kommentar
bokhylle Skrevet 2. mai 2008 Forfatter Del Skrevet 2. mai 2008 Kjørte en ny akkurat nå: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:07:03, on 02.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\Mozilla Firefox 3 Beta 5\firefox.exe C:\Documents and Settings\Administrator\Skrivebord\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 7652 bytes Lenke til kommentar
norbat Skrevet 2. mai 2008 Del Skrevet 2. mai 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe Bruk utforsker og slett, hvis tilstede, følgende mappe: C:\Programfiler\OneStepSearch Ut over dette ser loggene greie ut. Hvordan kjører PC-en? Lenke til kommentar
bokhylle Skrevet 2. mai 2008 Forfatter Del Skrevet 2. mai 2008 Gjort. Fant ikke OneStepSearch, men PC-en kjører egentlig ganske bra nå. Takk. Lenke til kommentar
norbat Skrevet 2. mai 2008 Del Skrevet 2. mai 2008 Da kan du fjerne combofix ved å skrive combofix /u fra kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingsmappa slik at du ikke blir infisert ved en evt. sys.gjenoppretting senere. Surf trygt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå