prusik Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 (endret) Hei, Har hatt en del problemer som jeg har fått ryddet opp i etter å ha lest tips på forumet. Det har fungert fint i flere uker men nå har internett blitt veldig tregt igjen. Første forsøk på innlegg var mislykket fordi siden ikke ville laste.. CPU jobber også svært mye. Peaker mot 100 % når jeg laster IE. Siste SAS log viste ingenting men har lagt ved den gamle. Noen tips? Morten Combofix: ComboFix 08-05-24.1 - Morten 2008-06-05 10:17:10.3 - NTFSx86 Running from: C:\Documents and Settings\Morten\Mine dokumenter\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))) . 2008-06-05 08:32 . 2008-06-05 08:33 <DIR> d-------- C:\Merete USB stick 2008-06-04 22:05 . 2008-06-05 10:16 <DIR> dr-h----- C:\Documents and Settings\Morten\Siste 2008-06-04 18:08 . 2008-06-04 18:08 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\LaCie 2008-06-04 18:06 . 2008-06-04 18:06 <DIR> d-------- C:\Programfiler\LaCie 2008-06-04 15:49 . 2008-06-04 15:49 <DIR> d-------- C:\Programfiler\PC Inspector File Recovery 2008-06-04 15:49 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD 2008-06-04 06:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-04 06:22 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-04 06:22 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-03 20:12 . 2008-06-03 20:13 <DIR> d-------- C:\Programfiler\Windows Live 2008-06-03 20:12 . 2008-06-03 20:12 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-06-03 20:12 . 2008-06-03 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-06-03 20:05 . 2008-06-03 20:10 <DIR> d-------- C:\Documents and Settings\Morten\Contacts 2008-06-02 10:55 . 2008-06-02 10:55 <DIR> d-------- C:\Programfiler\uTorrent 2008-06-02 10:55 . 2008-06-02 14:22 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\uTorrent 2008-05-26 21:16 . 2008-05-26 21:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-26 21:16 . 2008-05-26 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab 2008-05-26 20:55 . 2008-05-26 20:55 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-05-26 20:55 . 2008-05-26 20:55 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\Malwarebytes 2008-05-26 20:55 . 2008-05-26 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-05-26 20:55 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-26 20:55 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-26 17:14 . 2008-05-26 22:44 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-05-26 16:42 . 2008-06-05 08:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-05-26 16:42 . 2008-05-26 16:42 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-26 16:42 . 2008-05-26 16:42 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-05-26 16:42 . 2008-05-26 16:42 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-05-26 16:42 . 2008-05-26 16:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-05-26 16:41 . 2008-05-26 16:41 <DIR> d-------- C:\Programfiler\AVG 2008-05-26 16:41 . 2008-05-26 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8 2008-05-26 15:48 . 2008-05-26 15:48 <DIR> d-------- C:\Programfiler\Windows Defender 2008-05-25 13:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-25 13:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-25 13:40 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-25 13:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-25 13:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-25 13:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-25 13:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-25 13:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-25 13:40 . 2008-05-25 13:56 5,414 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-25 11:55 . 2008-05-25 11:55 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\SUPERAntiSpyware.com 2008-05-24 21:30 . 2008-05-24 21:30 <DIR> d-------- C:\Programfiler\Live_TV 2008-05-24 21:30 . 2008-05-24 21:30 <DIR> d-------- C:\Programfiler\Conduit 2008-05-24 20:33 . 2008-05-24 20:33 <DIR> d-------- C:\Programfiler\Photodex Presenter 2008-05-24 20:33 . 2008-05-24 20:56 <DIR> d-------- C:\Programfiler\Photodex 2008-05-24 20:33 . 2008-05-24 20:56 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\Photodex 2008-05-24 20:33 . 2008-05-24 20:33 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\Netscape . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 20:04 --------- d-----w C:\Programfiler\DC++ 2008-06-04 17:40 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-06-04 13:49 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-05-26 21:59 --------- d-----w C:\Programfiler\Google 2008-05-26 19:41 --------- d-----w C:\Programfiler\Fellesfiler\Real 2008-05-26 19:38 --------- d-----w C:\Programfiler\FreeMind 2008-05-26 19:37 --------- d-----w C:\Programfiler\Canon 2008-05-25 14:20 --------- d-----w C:\Programfiler\Cisco Systems 2008-05-25 09:55 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-24 15:37 --------- d-----w C:\Programfiler\Fellesfiler\ACD Systems 2008-05-24 15:37 --------- d-----w C:\Programfiler\ACD Systems 2008-05-24 15:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\ACD Systems 2008-04-28 10:29 --------- d-----w C:\Programfiler\Windows Media Connect 2 2008-04-01 11:23 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-04-01 11:23 118,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-25_16.34.23.79 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-26 11:50:13 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll - 2008-05-25 14:29:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-04 17:37:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2003-07-14 21:43:20 87,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL + 2003-07-15 02:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE + 2003-07-25 17:57:20 75,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL + 2003-07-23 21:32:32 121,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL + 2003-06-18 16:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL + 2003-07-14 21:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL + 2002-12-17 18:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL + 2002-12-17 18:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL + 2002-04-09 19:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL + 2002-12-17 18:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL + 2003-06-18 16:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL + 2003-07-15 02:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OIS.EXE + 2003-07-15 02:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL + 2003-07-14 21:44:32 88,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL + 2003-07-14 21:43:18 64,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL + 2003-07-15 02:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL + 2003-08-03 09:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL + 2003-07-14 22:00:22 99,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL + 2005-03-17 12:36:34 161,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.7969\IETAG.DLL + 2004-03-22 22:17:02 765,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.7969\MDIGRAPH.DLL + 2004-03-22 22:17:05 24,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.7969\MDIMON.DLL + 2004-03-22 22:17:06 25,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.7969\MDIPPR.DLL + 2004-03-22 22:17:08 42,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.7969\MDIUI.DLL + 2005-07-22 15:47:14 12,242,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.7969\MSO.DLL + 2005-06-28 17:15:24 6,146,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.7969\POWERPNT.EXE + 2004-05-25 02:45:09 2,482,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.7969\VBE6.DLL + 2003-07-02 20:30:00 572,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040F10900063D11C8EF10054038389C\11.0.5614\MSSTKO32.DLL - 2005-03-01 19:10:41 135,168 -c--a-r C:\WINDOWS\Installer\{901F0409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-06-05 08:09:14 135,168 ----a-r C:\WINDOWS\Installer\{901F0409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2005-08-23 19:58:04 593,920 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-06-05 08:16:48 593,920 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2005-08-23 19:58:04 12,288 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-06-05 08:16:48 12,288 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2005-08-23 19:58:04 135,168 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-06-05 08:16:48 135,168 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2005-08-23 19:58:04 11,264 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-06-05 08:16:48 11,264 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2005-08-23 19:58:04 27,136 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-06-05 08:16:48 27,136 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2005-08-23 19:58:04 4,096 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-06-05 08:16:48 4,096 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2005-08-23 19:58:04 794,624 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-06-05 08:16:48 794,624 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2005-08-23 19:58:04 249,856 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-06-05 08:16:48 249,856 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2005-08-23 19:58:04 61,440 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-06-05 08:16:48 61,440 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2005-08-23 19:58:04 23,040 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-06-05 08:16:48 23,040 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2005-08-23 19:58:03 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-06-05 08:16:48 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2005-08-23 19:58:03 409,600 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-06-05 08:16:48 409,600 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-06-03 18:13:14 29,926 ----a-r C:\WINDOWS\Installer\{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}\MsblIco.Exe + 2008-02-26 12:01:53 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll + 2008-05-26 14:42:42 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys - 2004-03-11 22:13:13 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL + 2005-03-17 12:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL + 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2005-11-04 15:27:24 534,280 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL + 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL - 2004-08-04 09:03:16 294,400 ----a-w C:\WINDOWS\system32\msctf.dll + 2008-02-26 12:01:53 294,912 ----a-w C:\WINDOWS\system32\msctf.dll + 2007-10-18 09:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll + 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-06-05 12:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2006-06-05 12:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 12:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edfd7cc-63db-46ac-bef8-3b31a15ea618}] C:\WINDOWS\system32\ngvxmtpn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:03 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 19:40 1506544] "ibmmessages"="C:\Programfiler\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 12:10 442368] "LaCie Backup"="C:\Programfiler\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 10:30 2596864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "S3TRAY2"="S3Tray2.exe" [2001-10-12 09:32 69632 C:\WINDOWS\system32\S3Tray2.exe] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 20:53 110592] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 20:53 512000] "TPKMAPHELPER"="C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 04:39 897024] "TpShocks"="TpShocks.exe" [2007-09-28 14:28 181544 C:\WINDOWS\system32\TpShocks.exe] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "ControlCenter"="C:\Programfiler\IBM fingerprint software\ctlcntr.exe" [2004-09-25 02:11 284254] "TP4EX"="tp4ex.exe" [2002-09-04 11:05 53248 C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 03:33 243248] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 11:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 11:05 127035] "ibmmessages"="C:\Programfiler\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 12:10 442368] "IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-03-19 22:12 90112] "BMMLREF"="C:\Programfiler\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 11:37 20480] "BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 11:37 394752] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2003-04-07 03:16 631364] "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 12:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "ecc"="C:\Programfiler\Telenor\ecc\ecc.exe" [2005-11-05 20:05 286720] "ACTray"="C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 15:58 413696] "ACWLIcon"="C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 15:51 126976] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 22:00 344064] "Adobe Version Cue CS2"="c:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58 856064] "TVT Scheduler Proxy"="C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 12:07 540672] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440] "pdfSaver3"="" [] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-26 16:42 1177368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:03 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-01-14 22:22:43 25214] Color Calibration.lnk - C:\Programfiler\SEC\MagicTune 2.5\GammaTray.exe [2005-01-19 19:40:19 36864] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-12-30 17:11:05 24576] NaturalColorLoad.lnk - C:\Programfiler\SEC\Natural Color\NaturalColorLoad.exe [2005-01-19 19:39:46 155715] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll 2007-07-05 15:52 32768 C:\Programfiler\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Programfiler\IBM fingerprint software\psfus.dll 2004-09-25 02:15 108636 C:\Programfiler\IBM fingerprint software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] notifyf2.dll 2005-07-06 00:45 28672 C:\WINDOWS\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2005-11-30 21:16 24576 C:\WINDOWS\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Programfiler\\DC++\\DCPlusPlus.exe"= "C:\\Program Files\\IBM\\Java141\\jre\\bin\\javaw.exe"= "C:\\Programfiler\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "C:\\Programfiler\\Java\\jre1.5.0_04\\bin\\javaw.exe"= "C:\\Programfiler\\Java\\jre1.5.0_01\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Telenor\\ecc\\ecc.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "2012:TCP"= 2012:TCP:Kaaza "49155:TCP"= 49155:TCP:torrent R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-26 16:42] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 17:29] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 17:28] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-26 16:42] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 12:24] R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-07-29 11:37] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-26 16:42] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-26 16:42] R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2004-09-24 03:39] R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2004-09-25 02:16] S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [] S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 12:50] . Contents of the 'Scheduled Tasks' folder "2008-06-03 15:07:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-06-05 08:22:52 C:\WINDOWS\Tasks\BMMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE "2008-06-05 00:00:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 10:21:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tphklock.dll . Completion time: 2008-06-05 10:23:29 ComboFix-quarantined-files.txt 2008-06-05 08:23:01 ComboFix2.txt 2008-06-04 17:09:28 ComboFix3.txt 2008-05-25 14:34:42 Pre-Run: 19,200,966,656 byte ledig Post-Run: 19,190,005,760 byte ledig 296 --- E O F --- 2008-06-05 08:16:54 HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:12:55, on 05.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Fellesfiler\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe c:\programfiler\lenovo\system update\suservice.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe c:\Programfiler\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\IBM\Messages By IBM\ibmmessages.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Telenor\ecc\ecc.exe C:\Programfiler\Logitech\MouseWare\system\em_exec.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\LaCie\Backup Software\LaCieBackup.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\SEC\MagicTune 2.5\GammaTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Programfiler\SEC\Natural Color\NaturalColorLoad.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE C:\Documents and Settings\Morten\Skrivebord\PC helse\This.exe C:\WINDOWS\system32\MsiExec.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file) O2 - BHO: {816ae51a-13b3-8feb-ca64-bd36cc7dfde0} - {0edfd7cc-63db-46ac-bef8-3b31a15ea618} - C:\WINDOWS\system32\ngvxmtpn.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [ControlCenter] "C:\Programfiler\IBM fingerprint software\ctlcntr.exe" /startup O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ibmmessages] C:\Programfiler\IBM\Messages By IBM\\ibmmessages.exe O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [bMMLREF] C:\Programfiler\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Adobe Version Cue CS2] c:\Programfiler\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ibmmessages] C:\Programfiler\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [LaCie Backup] C:\Programfiler\LaCie\Backup Software\\LaCieBackup.exe /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Color Calibration.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\Morten\Programdata\RssBandit\iecontext_subscribefeed.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://probio.osl.bedsys.net/XTSAC.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://probio.osl.bedsys.net/msrdp.cab O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp06.photoprintit.de/microsite/18/...IPSUploader.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - c:\Programfiler\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programfiler\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Programfiler\Fellesfiler\Virtual Token\vtserver.exe -- End of file - 14819 bytes SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/25/2008 at 01:20 PM Application Version : 4.1.1046 Core Rules Database Version : 3468 Trace Rules Database Version: 1459 Scan type : Complete Scan Total Scan Time : 01:21:44 Memory items scanned : 524 Memory threats detected : 4 Registry items scanned : 5882 Registry threats detected : 13 File items scanned : 25628 File threats detected : 81 Trojan.Vundo-Variant/Small C:\WINDOWS\SYSTEM32\YAYVWPOL.DLL C:\WINDOWS\SYSTEM32\YAYVWPOL.DLL C:\WINDOWS\SYSTEM32\BYXPHAYO.DLL C:\WINDOWS\SYSTEM32\BYXPHAYO.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{440FCCBC-8E98-480F-91B9-CE6E5C8D61F4} HKCR\CLSID\{440FCCBC-8E98-480F-91B9-CE6E5C8D61F4} HKCR\CLSID\{440FCCBC-8E98-480F-91B9-CE6E5C8D61F4}\InprocServer32 HKCR\CLSID\{440FCCBC-8E98-480F-91B9-CE6E5C8D61F4}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16} HKCR\CLSID\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16} HKCR\CLSID\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}\InprocServer32 HKCR\CLSID\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{B6E95516-27C0-443D-9BA9-ABD8C12BAE16} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\byXPHaYO Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\KHFFULEC.DLL C:\WINDOWS\SYSTEM32\KHFFULEC.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\NGVXMTPN.DLL C:\WINDOWS\SYSTEM32\NGVXMTPN.DLL Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-1948441581-1529685836-686197634-1005\Software\Microsoft\rdfa Endret 5. juni 2008 av prusik Lenke til kommentar
norbat Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: {816ae51a-13b3-8feb-ca64-bd36cc7dfde0} - {0edfd7cc-63db-46ac-bef8-3b31a15ea618} - C:\WINDOWS\system32\ngvxmtpn.dll (file missing) O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) Klikk: Start->Kjør Skriv: services.msc Finn tjenesten Symantec Core LC Stopp den om den kjører Dobbeltklikk på tjenesten og under oppstartstype, setter du Deaktivert. Oppdater Java: http://java.com/en/download/index.jsp Fjern temp-filer etc.: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med Register. Si ja til å ta backup. Hvis det fortsatt er høy cpu bruk - sjekk i oppgavebehandlingen (høyreklikk på oppgavelinja) og se hvilken prosess som evt. bruker mye cpu. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå