treg maskin

[Nieida]

PCen er utrolig treg. Den har 186Gb hardisk og 77% er ledig kapasitet. Kjører virus program. Har også kjøpt "Regcure" som skal gjøre maskinen kvikkere, har ikke hjulpet. må jeg formattere harddisken?

[Polly Ester]

Har du sjekket om du trenger å defragmentere disken?

[Nieida]

Har du sjekket om du trenger å defragmentere disken?

Det hjelper ikke. Har nå avinstallert office 2007 fordi noen mener at det kan være grunnen til tregheten. Skal sette inn office 2003

[Gjest *.*]

Hvorfor maskinen er treg er vanskelig å svare på uten mer informasjon.

Hvor mye minne har du?

Hvilket OS kjører du?

Hvilken prosessor (CPU) er i maskinen?

Er det mange programmer som kjøres når du starter maskinen?

Når maskinen er maskinen treg:

Jobber disken kontinuerlig?

Hvor mye av prosessoren brukes?

Hvor mye minne er ledig?

La oss starte der...

[Night]

PCen er utrolig treg. Den har 186Gb hardisk og 77% er ledig kapasitet. Kjører virus program. Har også kjøpt "Regcure" som skal gjøre maskinen kvikkere, har ikke hjulpet. må jeg formattere harddisken?

Heisann!

Treig maskin ja...det er kjedelig det.

Sånn helt innledningsvis må du fortelle litt om hvilken antivirus,anti-spyware og brannmur du bruker. Er det lenge siden du formatterte sist?

Kommer med mere forklaring/svar når du har svart på overnevnte

[Gjest Gjest]

Følg veiledningen min på http://itpro.no/supportforum/index.php?showtopic=64908 og post loggene her i tråden din, så skal jeg se på det

[Nieida]

Følg veiledningen min på http://itpro.no/supportforum/index.php?showtopic=64908 og post loggene her i tråden din, så skal jeg se på det

Her er loggen

1.

Malwarebytes' Anti-Malware 1.30

Database versjon: 1340

Windows 5.1.2600 Service Pack 2

30.10.2008 21:46:19

mbam-log-2008-10-30 (21-46-19).txt

Skanntype: Rask Skann

Objekter skannet: 51590

Tid tilbakelagt: 4 minute(s), 47 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b6eec (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot.

2.

ComboFix 08-10-30.09 - XXX XXXXXXXXX 2008-10-30 22:18:32.1 - NTFSx86

Running from: C:\Documents and Settings\XXX XXXXXXXXX\Skrivebord\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))

.

2008-10-30 21:55 . 2008-10-30 21:55 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-10-30 21:55 . 2008-10-30 21:55 <DIR> d-------- C:\Documents and Settings\xxx xxxxxxxxx\Programdata\SUPERAntiSpyware.com

2008-10-30 21:55 . 2008-10-30 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-10-30 21:39 . 2008-10-30 21:39 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-10-30 21:39 . 2008-10-30 21:39 <DIR> d-------- C:\Documents and Settings\xxx xxxxxxxxx\Programdata\Malwarebytes

2008-10-30 21:39 . 2008-10-30 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-30 21:39 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-30 21:39 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-30 21:35 . 2008-10-30 21:35 <DIR> dr-h----- C:\Documents and Settings\xxx xxxxxxxxx\Siste

2008-10-30 21:33 . 2008-10-30 21:33 <DIR> d-------- C:\Programfiler\CCleaner

2008-10-30 15:41 . 2008-10-30 15:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-10-30 15:41 . 2008-10-30 15:41 1,409 --a------ C:\WINDOWS\QTFont.for

2008-10-25 14:48 . 2008-10-25 14:48 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-10-25 14:47 . 2008-10-25 14:47 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-10-25 14:44 . 2008-10-25 14:44 <DIR> dr-h----- C:\MSOCache

2008-10-14 15:53 . 2008-10-20 15:34 <DIR> d-------- C:\Documents and Settings\xxx xxxxxxxxx\Programdata\Move Networks

2008-10-13 17:57 . 2008-10-13 17:57 <DIR> d-------- C:\Documents and Settings\xxx xxxxxxxxx\Programdata\Duplo Data as

2008-10-13 17:53 . 2008-10-13 17:53 <DIR> d-------- C:\Programfiler\Duplo Data as

2008-10-09 20:55 . 2008-10-09 20:55 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny

2008-10-09 12:02 . 2008-10-09 12:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Start-meny

2008-10-07 15:48 . 2008-10-07 15:48 <DIR> d--hs---- C:\found.001

2008-10-05 18:54 . 2008-10-07 16:00 <DIR> d-------- C:\Programfiler\RegCure

2008-09-28 20:23 . 2008-10-19 12:00 <DIR> d-------- C:\ODA

2008-09-28 12:32 . 2008-09-28 12:43 <DIR> d-------- C:\Documents and Settings\xxx xxxxxxxxx\Programdata\U3

2008-09-03 07:02 . 2008-09-03 07:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-30 20:54 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-10-30 13:41 --------- d-----w C:\Programfiler\Mozilla Thunderbird

2008-10-27 02:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-10-22 06:16 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-10-19 10:59 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLdw.DAT

2008-10-19 10:57 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLdu.DAT

2008-10-02 19:48 --------- d-----w C:\Programfiler\Fellesfiler\Nikon

2008-10-02 19:48 --------- d-----w C:\Documents and Settings\xxx xxxxxxxxx\Programdata\Nikon

2008-09-15 15:42 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-06 16:54 --------- d-----w C:\Programfiler\EA GAMES

2008-09-03 14:44 --------- d-----w C:\Programfiler\Java

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-26 08:30 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:48 2,182,144 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:48 2,059,520 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-18 18:38 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-04 08:28 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL

2007-07-17 15:57 25,984 ----a-w C:\Documents and Settings\xxx xxxxxxxxx\Programdata\GDIPFONTCACHEV1.DAT

2006-02-10 16:37 41,367,118 ----a-w C:\Programfiler\bluecom_sikkerhet.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Ventelo Sikkerhet.lnk - C:\Programfiler\BlueCom Sikkerhet\backweb\3330271\Program\fspex.exe [2007-05-16 32807]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Ventelo Sikkerhet.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Ventelo Sikkerhet.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^VersionTracker Pro.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Eva Nedrejord^Start-meny^Programmer^Oppstart^Nikon Monitor.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-06-06 23:46 57344 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

--a------ 2005-10-26 02:51 122929 C:\Programfiler\BlueCom Sikkerhet\Common\FSM32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]

--a------ 2005-10-18 09:29 372736 C:\Programfiler\BlueCom Sikkerhet\FSGUI\fssw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]

--a------ 2005-07-18 15:51 700416 C:\Programfiler\BlueCom Sikkerhet\TNB\tnbutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-07-27 19:14 271672 C:\Programfiler\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

--a------ 2007-10-01 11:29 3104768 C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 05:24 286720 C:\Programfiler\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]

--a------ 2007-01-30 11:40 94208 C:\Programfiler\SimpleCenter\bin\win\sclauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

--a------ 2002-04-17 09:42 69632 c:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 18:20 866584 C:\Programfiler\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

--a------ 2004-10-01 16:31 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

--a------ 2004-06-22 02:57 143360 C:\WINDOWS\system32\VTTrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\StubInstaller.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\BlueCom Sikkerhet\\backweb\\3330271\\Program\\fspex.exe"= C:\\Programfiler\\BlueCom Sikkerhet\\backweb\\3330271\\program\\fspex.exe

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

*Newly Created Service* - PROCEXP90

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

Contents of the 'Scheduled Tasks' folder

2008-10-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-10-30 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-10-30 C:\WINDOWS\Tasks\RegCure Program Check.job

- C:\Programfiler\RegCure\RegCure.exe [2008-04-21 22:21]

2008-10-27 C:\WINDOWS\Tasks\RegCure.job

- C:\Programfiler\RegCure\RegCure.exe [2008-04-21 22:21]

2008-10-30 C:\WINDOWS\Tasks\Scheduled scanning task.job

- C:\PROGRA~1\BLUECO~1\ANTI-V~1\fsav.exe [2005-06-15 20:56]

2008-10-30 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-A00F211EB4D - (no file)

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Eva Nedrejord\Programdata\Mozilla\Firefox\Profiles\ncrom039.Standardbruker\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.startsiden.no

FF -: plugin - c:\Programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\Programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\npitunes.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-30 22:22:32

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-10-30 22:30:03

ComboFix-quarantined-files.txt 2008-10-30 21:29:58

Pre-Run: 154 457 563 136 byte ledig

Post-Run: 154,452,676,608 byte ledig

174 --- E O F --- 2008-10-27 02:03:55

3.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:51:58, on 30.10.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\BLUECO~1\backweb\3330271\Program\SERVIC~1.EXE

C:\Programfiler\BlueCom Sikkerhet\Anti-Virus\fsgk32st.exe

C:\Programfiler\BlueCom Sikkerhet\backweb\3330271\program\fsbwsys.exe

C:\Programfiler\BlueCom Sikkerhet\Anti-Virus\FSGK32.EXE

C:\Programfiler\BlueCom Sikkerhet\Common\FSMA32.EXE

C:\Programfiler\BlueCom Sikkerhet\backweb\3330271\Program\fspex.exe

C:\Programfiler\BlueCom Sikkerhet\Anti-Virus\fssm32.exe

C:\Programfiler\BlueCom Sikkerhet\Common\FSMB32.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\BlueCom Sikkerhet\Common\FCH32.EXE

C:\Programfiler\BlueCom Sikkerhet\Common\FAMEH32.EXE

C:\Programfiler\BlueCom Sikkerhet\Anti-Virus\fsqh.exe

C:\Programfiler\BlueCom Sikkerhet\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\BlueCom Sikkerhet\FWES\Program\fsdfwd.exe

C:\Programfiler\BlueCom Sikkerhet\Anti-Virus\fsav32.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\test.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-21-821707162-3599038749-1678210374-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-821707162-3599038749-1678210374-1005\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Ventelo Sikkerhet.lnk = C:\Programfiler\BlueCom Sikkerhet\backweb\3330271\Program\fspex.exe

O8 - Extra context menu item: &Blokker dette popup-vinduet - C:\Programfiler\BlueCom Sikkerhet\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?542a259792e54e11855f22a23a4ad1bd

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?542a259792e54e11855f22a23a4ad1bd

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: IE-skjold - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\BlueCom Sikkerhet\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-skjold... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\BlueCom Sikkerhet\Anti-Spyware\ieshield.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ventelo Sikkerhet (BackWeb Plug-in - 3330271) - BlueCom Sikkerhet - C:\PROGRA~1\BLUECO~1\backweb\3330271\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Programfiler\BlueCom Sikkerhet\Anti-Virus\fsgk32st.exe

O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Programfiler\BlueCom Sikkerhet\backweb\3330271\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\BlueCom Sikkerhet\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Programfiler\BlueCom Sikkerhet\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Nokia\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: (no name) - http://www.rockside.net/swe/bildportfolio/vinterlandskap.jpg

O24 - Desktop Component 1: (no name) - http://images.google.no/images?q=tbn:knr7D...R100/Double.jpg

--

End of file - 8417 bytes

[Gjest Gjest]

Greit, ser på den i kveld

[Gjest Gjest]

Ad-aware trenger du ikke lenger, nå som du har fått deg SUPERAntiSpyware og Malwarebytes som gjør en mye bedre jobb.

Loggene ser rene ut. MBAM tok med seg et par trojanere. Hvordan opplever du maskinen nå?

[Gjest Hoxi]

Simpelt, Hva heter prosessoren din,hvor mange ghz har den ,pg hvor mye ram har du? At dett finer du ut (Hvis du har windows vista) ved å gå kontrollpanel > System

Der skal alt stå... send det så kan vi hjeloe ser u...

[Nieida]

Ad-aware trenger du ikke lenger, nå som du har fått deg SUPERAntiSpyware og Malwarebytes som gjør en mye bedre jobb.

Loggene ser rene ut. MBAM tok med seg et par trojanere. Hvordan opplever du maskinen nå?

Maskinen er mye bedre, tusen takk! :-)

[Gjest Gjest_gjesteline_*]

Følg veiledningen min på http://itpro.no/supportforum/index.php?showtopic=64908 og post loggene her i tråden din, så skal jeg se på det

Denne skal jammen jeg åsså kjøre:)

Takk for tipset.

[Gjest Gjest]

Bare hyggelig du

Men husk å opprette en ny tråd, og gjør det tydlig i emnetittelen at tråden har med virus/malware å gjøre...

Du kan også sende meg PM til r2d290 hvis jeg ikke svarer

[r2d290]

forresten, Nieida bør gjøre følgende:

Combofix må avinstalleres.

Gå til Start > Kjør

Skriv følgende i boksen:

• combofix /u
  

PS: legg merke til mellomrommet mellom X og /u

Trykk Enter.

Denne kommandoen vil:

• Fjerne følgende:
  • ComboFix og dets tilhørende filer og mapper.
    VundoFix backups, hvis de eksisterer.
    Mappen C:\Deckard, hvis den eksisterer
    Mappen C:\OtMoveIt, hvis den eksisterer
    

  [*] Nullstille klokke-instillingene.

  [*] Skjule filetternavn hvis det er nødvendig.

  [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

  [*] Nullstille systemgjennoprettingspunkter.