Axl91 Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 hallo. trenger hjelp med å fjerne noen trojanere ComboFix 08-05-21.3 - Axl 2008-05-22 22:06:46.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1328 [GMT 2:00] Running from: C:\Users\Axl\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))) . 2008-05-19 14:42 . 2008-05-19 14:42 <DIR> d-------- C:\Users\All Users\PC Drivers HeadQuarters 2008-05-19 14:42 . 2008-05-19 14:42 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters 2008-05-18 23:28 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-05-18 18:14 . 2008-05-18 18:14 <DIR> d-------- C:\Program Files\Alwil Software 2008-05-08 21:49 . 2008-05-08 21:52 139,386 --a------ C:\Windows\hpoins18.dat 2008-05-08 19:37 . 2008-05-08 19:37 <DIR> d-------- C:\Users\All Users\Hewlett-Packard 2008-05-08 19:27 . 2006-12-16 08:19 897,024 --a------ C:\Windows\System32\hpotiop1.dll 2008-05-08 19:27 . 2006-12-16 08:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll 2008-05-08 19:27 . 2006-12-16 08:19 303,104 --a------ C:\Windows\System32\hpovst01.dll 2008-05-08 19:26 . 2007-02-01 10:24 258,048 --a------ C:\Windows\System32\hpzids01.dll 2008-05-08 19:26 . 2007-02-02 11:27 117,760 --a------ C:\Windows\System32\hpz3l4v2.dll 2008-05-08 19:25 . 2008-05-08 19:25 <DIR> d-------- C:\Program Files\HP 2008-05-08 19:25 . 2006-06-06 14:20 241,721 --a------ C:\Windows\System32\HPBMINI.DLL 2008-05-08 19:25 . 2005-06-20 14:33 163,840 --a------ C:\Windows\System32\HPJCMN2U.DLL 2008-05-08 19:25 . 2005-06-20 14:33 94,208 --a------ C:\Windows\System32\HPJIPX1U.DLL 2008-05-08 19:25 . 2005-06-20 14:33 49,152 --a------ C:\Windows\System32\HPBNRAC2.DLL 2008-05-08 19:25 . 2006-11-16 19:16 38,912 --a------ C:\Windows\System32\HPBPRO.DLL 2008-05-08 19:25 . 2006-11-16 19:15 25,600 --a------ C:\Windows\System32\HPBOID.DLL 2008-05-08 19:25 . 2006-11-16 19:16 24,576 --a------ C:\Windows\System32\HPBMIAPI.DLL 2008-05-08 19:25 . 2006-11-02 19:32 18,747 --a------ C:\Windows\System32\HPCEAC06.HPI 2008-05-08 19:25 . 2006-11-16 19:16 7,680 --a------ C:\Windows\System32\HPBPROPS.DLL 2008-05-08 19:25 . 2006-11-16 19:16 7,680 --a------ C:\Windows\System32\HPBOIDPS.DLL 2008-05-08 19:18 . 2008-05-08 19:18 <DIR> d-------- C:\Users\All Users\HP 2008-05-04 17:25 . 2008-05-04 17:31 <DIR> d-------- C:\Program Files\WildWestStarter 2008-04-23 18:19 . 2008-04-23 18:19 54,156 --ah----- C:\Windows\QTFont.qfn 2008-04-23 18:19 . 2008-04-23 18:19 1,409 --a------ C:\Windows\QTFont.for 2008-04-23 18:18 . 2008-04-23 18:18 <DIR> d-------- C:\Program Files\iTunes 2008-04-23 18:18 . 2008-04-23 18:18 <DIR> d-------- C:\Program Files\iPod 2008-04-23 18:16 . 2008-04-23 18:17 <DIR> d-------- C:\Program Files\QuickTime 2008-04-23 18:13 . 2008-04-23 18:13 <DIR> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-22 15:16 --------- d-----w C:\Users\Axl\AppData\Roaming\OpenOffice.org2 2008-05-19 16:08 --------- d-----w C:\Program Files\Steam 2008-05-19 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-19 05:59 --------- d-----w C:\Program Files\Avira 2008-05-04 15:30 99,904 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-04-28 15:59 --------- d-----w C:\Users\Axl\AppData\Roaming\FrostWire 2008-04-22 15:21 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-21 20:59 99,840 ----a-w C:\Windows\System32\poqexec.exe 2008-04-20 14:54 --------- d-----w C:\Users\Axl\AppData\Roaming\dvdcss 2008-04-12 13:38 51,349 ----a-w C:\Users\Axl\AppData\Roaming\nvModes.dat 2008-04-12 13:25 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2007-11-26 20:46 22,328 ----a-w C:\Users\Axl\AppData\Roaming\PnkBstrK.sys 2007-11-23 19:12 22 ----a-w C:\Program Files\Adobe Photoshop CS3.zip 2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-01-24 19:28 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-24 19:28 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 23:36 36864] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-24 00:40 857648] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 22:19 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 22:19 8478720] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 22:19 81920] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184] "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400] "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 14:06 741376] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-04 17:51 1481984] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1515F550-6BEA-48CB-BD5B-1777684A1AB1}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports "{D03FECFC-910B-4828-9EA0-33E700398499}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7E978C50-6F66-4B13-ABEC-DAEC07E7B59B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{985D4718-DAC3-4473-8FD3-1301030B0691}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B0F7904D-AD7E-41BE-8A4D-C89122E58BAB}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{D557A1DA-FA6D-41B0-8A0B-801A77E704DE}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{198104C0-C421-4775-8FAE-6F3C20F5B020}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{C0F39383-924C-41E3-9AE5-E7E73AC0840A}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "{C34D7435-DA58-4244-8EDC-2F581D78E768}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{FE532357-929C-40A0-BE2E-11C544CDC267}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{759F7063-50E0-4C34-A408-4FF7BF83556F}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{C3AF83CE-1B29-48A4-BA4B-72E3D85AC141}C:\\program files\\steam\\steamapps\\ivittie\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\ivittie\counter-strike source\hl2.exe:hl2 "UDP Query User{3F96369F-73FB-41EE-AA09-4FB4437C932A}C:\\program files\\steam\\steamapps\\ivittie\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\ivittie\counter-strike source\hl2.exe:hl2 "TCP Query User{8AB30DBA-F780-4E47-8EFD-E3D231F3B256}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{7DD49513-ADF4-406A-AA5E-C2FB63224AED}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{9C86ED50-C691-4431-871B-B53207078F8E}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{357432EF-DA2B-4723-B056-F968A1BCE8F8}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{48FFDD47-3D60-4710-A253-487042704AF8}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{FF89A1AF-FD2C-4F74-9731-8F57D237FC51}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "TCP Query User{8BE678BB-C55F-4AAD-9B83-A2ABD2203A72}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{038B0FF8-FBE3-4931-BED3-9065D990EE72}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{A068E67C-3037-419D-9C66-FA1E770FD3F3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E7F4EC1B-2453-4BD3-AFCA-21A7AC0AAC8E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{31118918-1894-4D33-9239-492F96AD79EB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{B324CB0D-A0AB-4A39-9711-54DC99F0116C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{8B2C17DD-BA27-473B-9FA0-08BA1B8CD27F}C:\\program files\\wildweststarter\\wolfmp.exe"= UDP:C:\program files\wildweststarter\wolfmp.exe:WolfMP "UDP Query User{D8B8493A-D04C-4A85-84F2-34246BEDBED5}C:\\program files\\wildweststarter\\wolfmp.exe"= TCP:C:\program files\wildweststarter\wolfmp.exe:WolfMP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2007-12-04 17:51] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2007-12-04 17:51] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 14:38] R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 11:31] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-09 11:00] S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-26 10:22] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-19 11:59] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8db40118-9c57-11dc-9dcd-806e6f6e6963}] \shell\AutoRun\command - D:\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-05-22 20:00:00 C:\Windows\Tasks\Recovery DVD Creator.job" - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe "2008-05-22 20:00:00 C:\Windows\Tasks\Utvidet garanti.job" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-22 22:12:12 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-22 22:13:52 ComboFix-quarantined-files.txt 2008-05-22 20:13:43 Pre-Run: 56,119,427,072 byte ledig Post-Run: 60,146,442,240 byte ledig 158 --- E O F --- 2008-05-22 01:22:27 Takker for all hjelp Lenke til kommentar
norbat Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Det er ikke noen trojanere der Post en ny hjt-logg Lenke til kommentar
Axl91 Skrevet 23. mai 2008 Forfatter Del Skrevet 23. mai 2008 vel. dataen er vel ikke direkte infisert. men det som er, er at avast! fant trojanere skjult i andre filer. så kunne velge mellom slett og putt i karantene. syntes slett virket for enkelt så måtte finne litt mer ut av det. Men ved å putte dem i karantene er de jo ikke borte Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:54, on 23.05.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Funcom\Age of Conan\ConanPatcher.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Axl\Desktop\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7168 bytes Lenke til kommentar
r2d290 Skrevet 23. mai 2008 Del Skrevet 23. mai 2008 (endret) Avast eller avira. Bestem deg for et antivirusprogram, og avinstaller det andre. Start hijackthis. Velg "Do a systemscan only" Sett hake foran følgende linjer hvis du ikke ønsker denne toolbar: O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL lukk alle programmer, og tryff "fix checked" Denne toolbaren er et adware som ofte kommer sammen med andre installerte program. Dersom du selv har installert den, og ønsker å ha den, er det greit. Utenom dette, ser jeg ikke noe galt. edit: merker du noe mer til problemene? Endret 23. mai 2008 av r2d290 Lenke til kommentar
.thumb.jpg.5c1404f6d6b4e73a286060bb86003289.jpg)
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå