SSSMonkey Skrevet 17. august 2008 Del Skrevet 17. august 2008 (endret) Har fått endel popups i det siste, så lurer på om noen kan se på loggene mine og finne ut hva det kan være. ComboFix.txt hijackthis.txt SAS.txt Endret 17. august 2008 av Nesset Lenke til kommentar
r2d290 Skrevet 17. august 2008 Del Skrevet 17. august 2008 (endret) Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: C:\Programfiler\powertoys\fast.exe Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: C:\sqmnoopt07.sqm C:\sqmdata07.sqm C:\sqmnoopt06.sqm C:\sqmdata06.sqm C:\WINDOWS\system32\5j4bY3oi.exe.a_a Les gjerne Hvordan stoppe Windows Live Messenger i å lage sqm-filer Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet, sammen med en ny HijackThis-logg Fortell også hvordan maskinen fungerer nå Endret 17. august 2008 av r2d290 Lenke til kommentar
SSSMonkey Skrevet 17. august 2008 Forfatter Del Skrevet 17. august 2008 (endret) Fra virusscan: File: Fast.exe Status: OK MD5: 1be84e434200cbcc51da6b3aae5f2330 Packers detected: - Scan taken on 17 Aug 2008 14:53:35 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Combofix log: ComboFix 08-08-16.01 - 2008-08-17 16:43:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.64.1044.18.2380 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\sqmdata06.sqm C:\sqmdata07.sqm C:\sqmnoopt06.sqm C:\sqmnoopt07.sqm C:\WINDOWS\system32\5j4bY3oi.exe.a_a . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\sqmdata06.sqm C:\sqmdata07.sqm C:\sqmnoopt06.sqm C:\sqmnoopt07.sqm C:\WINDOWS\system32\5j4bY3oi.exe.a_a . ((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))) . 2008-08-17 14:13 . 2008-08-17 16:36 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-08-17 14:06 . 2008-08-17 14:06 <DIR> d-------- C:\Programfiler\Trend Micro 2008-08-17 13:38 . 2008-08-17 13:38 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-17 13:38 . 2008-08-17 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-17 13:38 . 2008-08-17 13:38 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-08-17 13:16 . 2008-08-17 13:17 153 --a------ C:\WINDOWS\wininit.ini 2008-08-16 21:17 . 2008-08-16 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\vsosdk 2008-08-16 20:31 . 2008-08-16 20:31 <DIR> d-------- C:\Programfiler\VSO 2008-08-16 20:31 . 2008-08-17 00:34 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Vso 2008-08-16 20:31 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll 2008-08-16 20:31 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll 2008-08-16 20:31 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-08-16 20:31 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-08-16 20:31 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-08-16 20:31 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll 2008-08-16 20:31 . 2008-08-16 20:31 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-08-16 20:31 . 2008-08-16 20:31 47,360 --a------ C:\Documents and Settings\Administrator\Programdata\pcouffin.sys 2008-08-16 20:19 . 2008-08-16 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NCH Swift Sound 2008-08-10 15:07 . 2008-08-10 15:07 23 --a------ C:\WINDOWS\BlendSettings.ini 2008-08-08 17:55 . 2008-08-17 12:09 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-04 01:23 . 2008-08-17 12:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-04 01:23 . 2008-08-04 01:23 <DIR> d-------- C:\Programfiler\AVG 2008-08-04 01:23 . 2008-08-14 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8 2008-08-04 01:23 . 2008-08-04 01:23 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-04 01:23 . 2008-08-04 01:23 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-04 01:23 . 2008-08-04 01:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-17 12:13 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-08-17 12:12 --------- d-----w C:\Programfiler\CCleaner 2008-08-17 12:06 --------- d-----w C:\Programfiler\Java 2008-08-17 11:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-17 11:01 --------- d-----w C:\Documents and Settings\Administrator\Programdata\OpenOffice.org2 2008-08-17 10:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-08-17 10:34 --------- d-----w C:\Programfiler\Lavasoft 2008-08-09 11:59 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-20 13:58 --------- d-----w C:\Documents and Settings\Administrator\Programdata\gtk-2.0 2008-07-20 13:49 --------- d-----w C:\Programfiler\Avidemux 2.4 2008-06-21 12:08 --------- d-----w C:\Programfiler\Tunatic 2008-06-21 11:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\nView_Profiles 2008-06-19 15:32 --------- d-----w C:\Programfiler\Google 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-17_14.22.57.26 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-17 11:54:14 72,160 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-17 12:23:18 72,160 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-08-17 11:54:14 80,736 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-08-17 12:23:18 80,736 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-08-17 11:54:14 442,826 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-17 12:23:18 442,826 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-08-17 11:54:14 445,694 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-08-17 12:23:18 445,694 ----a-w C:\WINDOWS\system32\perfh014.dat - 2008-08-17 12:19:14 16,384 ----a-w C:\WINDOWS\temp\Cookies\index.dat + 2008-08-17 14:47:21 16,384 ----a-w C:\WINDOWS\temp\Cookies\index.dat - 2008-08-17 12:19:18 32,768 ----a-w C:\WINDOWS\temp\Logg\History.IE5\index.dat + 2008-08-17 14:47:21 32,768 ----a-w C:\WINDOWS\temp\Logg\History.IE5\index.dat - 2008-08-17 12:19:18 32,768 ----a-w C:\WINDOWS\temp\Logg\History.IE5\MSHist012008081720080818\index.dat + 2008-08-17 14:47:22 32,768 ----a-w C:\WINDOWS\temp\Logg\History.IE5\MSHist012008081720080818\index.dat - 2008-08-17 12:19:14 32,768 ----a-w C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat + 2008-08-17 14:47:21 32,768 ----a-w C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-03-28 20:59 2953216 --a------ C:\Programfiler\Protector Suite QL\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-03-28 20:59 2953216 --a------ C:\Programfiler\Protector Suite QL\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264] "CTSyncU.exe"="C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 14:06 8462336] "WLSS"="C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 19:55 190000] "snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 12:48 569344] "PSQLLauncher"="C:\Programfiler\Protector Suite QL\launcher.exe" [2007-03-28 20:23 49168] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848] "FastUser"="C:\Programfiler\powertoys\fast.exe" [2001-10-08 13:59 49216] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872] "CTCheck"="C:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 397312] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-04 01:23 1232152] "nwiz"="nwiz.exe" [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "RTHDCPL"="RTHDCPL.EXE" [2007-11-30 19:42 16858624 C:\WINDOWS\RTHDCPL.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Gamma Loader.exe.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-21 16:53:54 113664] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-28 20:46 90112 C:\WINDOWS\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2007-12-23 04:28 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2006-02-14 13:00 8704 C:\WINDOWS\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Spill\\Hellgate London\\Launcher.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "D:\\Spill\\Call Of Duty 4\\iw3mp.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 11:16] R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-04 01:23] R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-04 01:23] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-04 01:23] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-04 01:23] R3 CamFilter;CamFilter;C:\WINDOWS\system32\Drivers\CamFilter.sys [2007-05-11 16:56] S3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-18 03:55] S4 Smart Watchdog;Smart Watchdog Service;C:\Programfiler\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe [2007-05-15 00:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\SETUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 16:47:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\Programfiler\Protector Suite QL\psqltray.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2008-08-17 16:51:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-17 14:51:11 ComboFix2.txt 2008-08-17 12:23:20 Pre-Run: 7,254,065,152 byte ledig Post-Run: 7,237,443,584 byte ledig 203 --- E O F --- 2008-01-15 19:09:45 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:27:28, on 17.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programfiler\powertoys\Fast.exe C:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe C:\WINDOWS\vsnp2uvc.exe C:\Programfiler\Protector Suite QL\psqltray.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\powertoys\fast.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\Unlocker\UnlockerAssistant.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winfuture.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WLSS] C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Programfiler\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [FastUser] C:\Programfiler\powertoys\fast.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CTCheck] C:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Programfiler\StreamingStar\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Programfiler\StreamingStar\HiDownload\HDGet.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Programfiler\StreamingStar\HiDownload\hidownload.exe (HKCU) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programfiler\Symantec\pcAnywhere\awhost32.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 9730 bytes Har ikke sett noe til popups ennå. Endret 17. august 2008 av Nesset Lenke til kommentar
r2d290 Skrevet 17. august 2008 Del Skrevet 17. august 2008 (endret) Fint å høre. Gi tilbakemelding i morgen på hvordan det går med maskinen, så fortsetter vi med veiledningen da Endret 17. august 2008 av r2d290 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå