virus, hjelp til å fjerne(Combofix-logg)

[Axl91]

hallo. trenger hjelp med å fjerne noen trojanere

 

ComboFix 08-05-21.3 - Axl 2008-05-22 22:06:46.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1328 [GMT 2:00]

Running from: C:\Users\Axl\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))

.

 

2008-05-19 14:42 . 2008-05-19 14:42 <DIR> d-------- C:\Users\All Users\PC Drivers HeadQuarters

2008-05-19 14:42 . 2008-05-19 14:42 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters

2008-05-18 23:28 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys

2008-05-18 18:14 . 2008-05-18 18:14 <DIR> d-------- C:\Program Files\Alwil Software

2008-05-08 21:49 . 2008-05-08 21:52 139,386 --a------ C:\Windows\hpoins18.dat

2008-05-08 19:37 . 2008-05-08 19:37 <DIR> d-------- C:\Users\All Users\Hewlett-Packard

2008-05-08 19:27 . 2006-12-16 08:19 897,024 --a------ C:\Windows\System32\hpotiop1.dll

2008-05-08 19:27 . 2006-12-16 08:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll

2008-05-08 19:27 . 2006-12-16 08:19 303,104 --a------ C:\Windows\System32\hpovst01.dll

2008-05-08 19:26 . 2007-02-01 10:24 258,048 --a------ C:\Windows\System32\hpzids01.dll

2008-05-08 19:26 . 2007-02-02 11:27 117,760 --a------ C:\Windows\System32\hpz3l4v2.dll

2008-05-08 19:25 . 2008-05-08 19:25 <DIR> d-------- C:\Program Files\HP

2008-05-08 19:25 . 2006-06-06 14:20 241,721 --a------ C:\Windows\System32\HPBMINI.DLL

2008-05-08 19:25 . 2005-06-20 14:33 163,840 --a------ C:\Windows\System32\HPJCMN2U.DLL

2008-05-08 19:25 . 2005-06-20 14:33 94,208 --a------ C:\Windows\System32\HPJIPX1U.DLL

2008-05-08 19:25 . 2005-06-20 14:33 49,152 --a------ C:\Windows\System32\HPBNRAC2.DLL

2008-05-08 19:25 . 2006-11-16 19:16 38,912 --a------ C:\Windows\System32\HPBPRO.DLL

2008-05-08 19:25 . 2006-11-16 19:15 25,600 --a------ C:\Windows\System32\HPBOID.DLL

2008-05-08 19:25 . 2006-11-16 19:16 24,576 --a------ C:\Windows\System32\HPBMIAPI.DLL

2008-05-08 19:25 . 2006-11-02 19:32 18,747 --a------ C:\Windows\System32\HPCEAC06.HPI

2008-05-08 19:25 . 2006-11-16 19:16 7,680 --a------ C:\Windows\System32\HPBPROPS.DLL

2008-05-08 19:25 . 2006-11-16 19:16 7,680 --a------ C:\Windows\System32\HPBOIDPS.DLL

2008-05-08 19:18 . 2008-05-08 19:18 <DIR> d-------- C:\Users\All Users\HP

2008-05-04 17:25 . 2008-05-04 17:31 <DIR> d-------- C:\Program Files\WildWestStarter

2008-04-23 18:19 . 2008-04-23 18:19 54,156 --ah----- C:\Windows\QTFont.qfn

2008-04-23 18:19 . 2008-04-23 18:19 1,409 --a------ C:\Windows\QTFont.for

2008-04-23 18:18 . 2008-04-23 18:18 <DIR> d-------- C:\Program Files\iTunes

2008-04-23 18:18 . 2008-04-23 18:18 <DIR> d-------- C:\Program Files\iPod

2008-04-23 18:16 . 2008-04-23 18:17 <DIR> d-------- C:\Program Files\QuickTime

2008-04-23 18:13 . 2008-04-23 18:13 <DIR> d-------- C:\Program Files\Apple Software Update

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-22 15:16 --------- d-----w C:\Users\Axl\AppData\Roaming\OpenOffice.org2

2008-05-19 16:08 --------- d-----w C:\Program Files\Steam

2008-05-19 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-19 05:59 --------- d-----w C:\Program Files\Avira

2008-05-04 15:30 99,904 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-04-28 15:59 --------- d-----w C:\Users\Axl\AppData\Roaming\FrostWire

2008-04-22 15:21 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-21 20:59 99,840 ----a-w C:\Windows\System32\poqexec.exe

2008-04-20 14:54 --------- d-----w C:\Users\Axl\AppData\Roaming\dvdcss

2008-04-12 13:38 51,349 ----a-w C:\Users\Axl\AppData\Roaming\nvModes.dat

2008-04-12 13:25 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2007-11-26 20:46 22,328 ----a-w C:\Users\Axl\AppData\Roaming\PnkBstrK.sys

2007-11-23 19:12 22 ----a-w C:\Program Files\Adobe Photoshop CS3.zip

2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini

.

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-01-24 19:28 267592]

 

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-24 19:28 267592]

 

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 23:36 36864]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-24 00:40 857648]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 22:19 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 22:19 8478720]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 22:19 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]

"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400]

"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 14:06 741376]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-04 17:51 1481984]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{1515F550-6BEA-48CB-BD5B-1777684A1AB1}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports

"{D03FECFC-910B-4828-9EA0-33E700398499}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{7E978C50-6F66-4B13-ABEC-DAEC07E7B59B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{985D4718-DAC3-4473-8FD3-1301030B0691}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{B0F7904D-AD7E-41BE-8A4D-C89122E58BAB}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{D557A1DA-FA6D-41B0-8A0B-801A77E704DE}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{198104C0-C421-4775-8FAE-6F3C20F5B020}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{C0F39383-924C-41E3-9AE5-E7E73AC0840A}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"{C34D7435-DA58-4244-8EDC-2F581D78E768}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{FE532357-929C-40A0-BE2E-11C544CDC267}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{759F7063-50E0-4C34-A408-4FF7BF83556F}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{C3AF83CE-1B29-48A4-BA4B-72E3D85AC141}C:\\program files\\steam\\steamapps\\ivittie\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\ivittie\counter-strike source\hl2.exe:hl2

"UDP Query User{3F96369F-73FB-41EE-AA09-4FB4437C932A}C:\\program files\\steam\\steamapps\\ivittie\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\ivittie\counter-strike source\hl2.exe:hl2

"TCP Query User{8AB30DBA-F780-4E47-8EFD-E3D231F3B256}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{7DD49513-ADF4-406A-AA5E-C2FB63224AED}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{9C86ED50-C691-4431-871B-B53207078F8E}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire

"UDP Query User{357432EF-DA2B-4723-B056-F968A1BCE8F8}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire

"{48FFDD47-3D60-4710-A253-487042704AF8}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{FF89A1AF-FD2C-4F74-9731-8F57D237FC51}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"TCP Query User{8BE678BB-C55F-4AAD-9B83-A2ABD2203A72}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire

"UDP Query User{038B0FF8-FBE3-4931-BED3-9065D990EE72}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire

"{A068E67C-3037-419D-9C66-FA1E770FD3F3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{E7F4EC1B-2453-4BD3-AFCA-21A7AC0AAC8E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{31118918-1894-4D33-9239-492F96AD79EB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{B324CB0D-A0AB-4A39-9711-54DC99F0116C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{8B2C17DD-BA27-473B-9FA0-08BA1B8CD27F}C:\\program files\\wildweststarter\\wolfmp.exe"= UDP:C:\program files\wildweststarter\wolfmp.exe:WolfMP

"UDP Query User{D8B8493A-D04C-4A85-84F2-34246BEDBED5}C:\\program files\\wildweststarter\\wolfmp.exe"= TCP:C:\program files\wildweststarter\wolfmp.exe:WolfMP

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2007-12-04 17:51]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2007-12-04 17:51]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 14:38]

R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 11:31]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-09 11:00]

S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-26 10:22]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-19 11:59]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8db40118-9c57-11dc-9dcd-806e6f6e6963}]

\shell\AutoRun\command - D:\setup.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-05-22 20:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"

- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe

"2008-05-22 20:00:00 C:\Windows\Tasks\Utvidet garanti.job"

- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 22:12:12

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-22 22:13:52

ComboFix-quarantined-files.txt 2008-05-22 20:13:43

 

Pre-Run: 56,119,427,072 byte ledig

Post-Run: 60,146,442,240 byte ledig

 

158 --- E O F --- 2008-05-22 01:22:27

 

 

 

Takker for all hjelp

[norbat]

Det er ikke noen trojanere der

 

Post en ny hjt-logg

[Axl91]

vel. dataen er vel ikke direkte infisert. men det som er, er at avast! fant trojanere skjult i andre filer. så kunne velge mellom slett og putt i karantene. syntes slett virket for enkelt så måtte finne litt mer ut av det. Men ved å putte dem i karantene er de jo ikke borte

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:21:54, on 23.05.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Funcom\Age of Conan\ConanPatcher.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Axl\Desktop\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 7168 bytes

 

 

[r2d290]

Avast eller avira. Bestem deg for et antivirusprogram, og avinstaller det andre.

 

Start hijackthis. Velg "Do a systemscan only"

Sett hake foran følgende linjer hvis du ikke ønsker denne toolbar:

 

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

 

lukk alle programmer, og tryff "fix checked"

 

Denne toolbaren er et adware som ofte kommer sammen med andre installerte program. Dersom du selv har installert den, og ønsker å ha den, er det greit.

 

 

Utenom dette, ser jeg ikke noe galt.

 

edit: merker du noe mer til problemene?

Endret 23. mai 2008 av r2d290