Treg data. Lagt med logger.

Undrern · 18. juni 2008

Hei. Syns datamaskinen min har vært noget treg i lang tid og lurer derfor på om det er noe muffens som jeg ikke merker selv.

Legger ved logg fra HijackThis og Combofix

ComboFix-logg

ComboFix 08-06-16.2 - Siemens 2008-06-17 1:56:10.1 - NTFSx86

Running from: C:\Documents and Settings\Siemens\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Programfiler\p2pnetworks

C:\Programfiler\winsupdater

C:\Programfiler\winsupdater\a.zip

C:\Programfiler\winupdates

C:\Programfiler\winupdates\a.zip

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NSESVC

-------\Service_nsesvc

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))

.

2008-06-17 00:37 . 2008-06-17 00:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-06-17 00:36 . 2008-06-17 00:36 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-06-17 00:36 . 2008-06-17 00:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-06-17 00:36 . 2008-06-17 00:36 <DIR> d-------- C:\Documents and Settings\Siemens\Programdata\SUPERAntiSpyware.com

2008-06-13 15:29 . 2008-06-13 15:30 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-06-13 13:02 . 2008-04-14 17:54 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-05-25 19:32 . 2008-06-13 14:12 <DIR> dr-h----- C:\Documents and Settings\Siemens\Siste

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-16 23:53 5 ----a-w C:\NPF_USER.DAT

2008-06-16 23:47 --------- d-----w C:\Programfiler\fsupport

2008-05-25 20:08 --------- d-----w C:\Documents and Settings\Siemens\Programdata\Screenshot Sender

2008-05-25 19:13 --------- d-----w C:\Documents and Settings\Siemens\Programdata\BearShare

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-24 14:28 --------- d-----w C:\Programfiler\Data Design Interactive

2006-09-16 11:57 57,544 ----a-w C:\Documents and Settings\Siemens\Programdata\GDIPFONTCACHEV1.DAT

2006-01-08 14:03 13,195 ----a-w C:\Documents and Settings\Siemens\ZGUICFGW.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 08:19 172032]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-03-23 15:34 58992]

"csr"="csrrs.exe" []

"SoundMan"="SOUNDMAN.EXE" [2003-08-05 14:59 57344 C:\WINDOWS\SOUNDMAN.EXE]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2008-06-02 14:46 273520]

"DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2003-12-27 20:43 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"csr"="csrrs.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.MJPG"= m3jpeg32.dll

"vidc.dmb1"= m3jpeg32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk

backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^InterVideo WinCinema Manager.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 20:51 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

--a------ 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

--a------ 2002-12-02 20:56 40960 C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-16 23:11 49152 C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2003-09-15 15:58 1212466 C:\Programfiler\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-07-10 09:18 270648 C:\Programfiler\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPipe P2P Loader]

C:\Programfiler\p2pnetworks\mpp2pl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

--a------ 2002-07-25 07:20 28672 C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

-ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 06:24 286720 C:\Programfiler\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"InCDsrv"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Documents and Settings\\Siemens\\Shared\\2_[PC Game] Worms World Party\\Worms World Party\\WWP\\wwp.exe"=

"C:\\Programfiler\\CCleaner\\ccleaner.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\StubInstaller.exe"=

"C:\\Documents and Settings\\Siemens\\Shared\\[ PC Games ] - Age of Empires II(FULL)(2)\\age2_x1.exe"=

"C:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"C:\\Programfiler\\BitLord\\BitLord.exe"=

"C:\\Sierra\\Counter-Strike\\cstrike.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Siemens\\Skrivebord\\Mats\\Spill\\Battlefield Vietnam\\BfVietnam.exe"=

.

Contents of the 'Scheduled Tasks' folder

"2008-05-05 18:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-17 02:03:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Norman\npm\bin\elogsvc.exe

C:\Norman\npm\bin\Zanda.exe

C:\Norman\Nse\Bin\Nse.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCSETMGR.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\CCEVTMGR.EXE

C:\Norman\Npf\Bin\Npfsvice.exe

C:\Norman\npm\bin\Njeeves.exe

C:\Norman\Nvc\Bin\Nvcoas.exe

C:\Norman\Nvc\Bin\Nvcsched.exe

C:\Norman\Nvc\Bin\Nip.exe

C:\Norman\Npf\Bin\Npfmsg2.exe

C:\Norman\Nse\Bin\Nse.exe

.

**************************************************************************

.

Completion time: 2008-06-17 2:29:45 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-17 00:29:19

Pre-Run: 67,561,074,688 byte ledig

Post-Run: 67,262,316,544 byte ledig

164 --- E O F --- 2008-06-13 13:32:34

HijackThis-logg

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:35:16, on 18.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Norman\Npm\bin\ZLH.EXE

C:\Norman\Npf\BIN\NPFSVICE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\nse\bin\NSESVC.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Npf\BIN\npfmsg2.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Trend Micro\test\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [csr] csrrs.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\RunServices: [csr] csrrs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

Håper noen kan se på dette. Settes stor pris på.

snippsat · 18. juni 2008

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

---

Restart

---

Kjør full scann med sas som du har.

Finner den noe ta med loggen(preferences->statistics/logs)

---

Lag en ny hijackthis logg,denne gangen ta med hele loggen

---

Combofix slettet noe grums.

Undrern · 19. juni 2008

SAS logg:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 06/19/2008 at 01:26 AM

Application Version : 4.15.1000

Core Rules Database Version : 3482

Trace Rules Database Version: 1473

Scan type : Complete Scan

Total Scan Time : 00:28:01

Memory items scanned : 329

Memory threats detected : 0

Registry items scanned : 4732

Registry threats detected : 0

File items scanned : 16519

File threats detected : 1

Adware.180solutions/Seekmo/Zango

C:\SYSTEM VOLUME INFORMATION\_RESTORE{84F971DE-DEF6-48C5-BE9F-2AB82DEE98C5}\RP640\A0352620.EXE

HijackThis logg

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:28:45, on 20.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Norman\Npm\bin\ZLH.EXE

C:\Programfiler\D-Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Norman\Npf\BIN\NPFSVICE.EXE

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\nse\bin\NSESVC.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Npf\BIN\npfmsg2.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Programfiler\Trend Micro\test\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [csr] csrrs.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\RunServices: [csr] csrrs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.c2i.net/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.piczo.com/images/uploader/ssiPictureUploader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)

O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

--

End of file - 6073 bytes

snippsat · 20. juni 2008

Steng nettleser.

---

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O4 - HKLM\..\Run: [csr] csrrs.exe

O4 - HKLM\..\RunServices: [csr] csrrs.exe

---

Du kan ikke ha 2 antivirus program,velge mellom norman og norton.

Dette kan føre til treg pc.

Fjerner du norton bruker du denne Norton-Removal-Tool

---

Kjør dette etter.

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser"svar ja til og reparere"(kjør en par ganger til alle feil er borte)

---

Ellers ser det bra ut.

Kjør dette og gi tilbakemelding om pcen er blitt raskere.

Auslogics Disk Defrag + Free Registry Defrag + Pagedefrag

Endret 20. juni 2008 av SNIPPSAT

Undrern · 21. juni 2008

Hmm. Norton har jeg ikke kjørt på 2-3 år. Må være noe som henger igjen da.

Skal se på det ande og gi tilbakemelding.

Takk.

snippsat · 21. juni 2008

Ja det henger igjen mye fra norton så kjør remove tool.

Post en ny hijackthis logg etter du har gjort det på listen

Endret 21. juni 2008 av SNIPPSAT

Undrern · 23. juni 2008

Gjort alt du sa nå og det virker som den går lettere og raskere.

HijackThis-logg

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:53:51, on 23.06.2008