Klikker, pipelyd og skjulte iexplore.exe prosess

adhoc · #1 6te Oct 2008, 23:30

Hei,

Alle hjelpe med dette problemet mye apprecated. SAS, SSD og anti-malware kan ikke synes å finne det noen gang jeg har. Her er hva som skjer:

1) Hvis ikke er koblet til modemet mitt, kommer konstant klikke fra datamaskinen min (jeg antar at det er noe som prøver å åpne iexplorer.exe
2) oppstå et beebing (ett ulikt noe jeg har hørt) piper tre eller fire ganger
3) Hvis koblet til modemet, er iexplorer.exe kjører (selv om jeg aldri bruker Internet Explorer) og når jeg slår av prosessen det åpen rett opp igjen.

Mange takk for alle hjelp, her er HJT loggen:

Logfile of HijackThis v1.99.1
Scan lagret 11:15:50 PM, on 10/6/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ ESRI \ lisens \ arcgis9x \ lmgrd.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ WINDOWS \ system32 \ DVDRAMSV.exe
C: \ PROGRA ~ 1 \ ESRI \ lisens \ arcgis9x \ ARCGIS.exe
C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Programfiler \ Fellesfiler \ SafeNet Sentinel \ Sentinel Protection Server \ WINNT \ spnsrvnt.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Apoint2K \ Apoint.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Programfiler \ TOSHIBA \ touchpad \ TPTray.exe
C: \ progra ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Programfiler \ Apoint2K \ Apntex.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ Initio \ Button Manager v1.836 \ inihid.exe
C: \ Programfiler \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ Programfiler \ Real \ RealPlayer \ RealPlay.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Programfiler \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Programfiler \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Programfiler \ TOSHIBA \ touchpad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ progra ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe / autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Programfiler \ SpyNoMore \ SNM.exe / oppstart
O4 - HKCU \ .. \ Run: [Free Download Manager] C: \ Program Files \ Free Download Manager \ fdm.exe-bilen
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_9-reboot 1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button Manager v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Si Time.lnk = C: \ Programfiler \ Si Time \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Programfiler \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ Programfiler \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ Programfiler \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protokollen er i sonen Min datamaskin, bør Internett-sone (HKLM)
Ø16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
Ø16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ Components \ hidinputmonitorx.ocx
Ø16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ Components \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Ø16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Bilder Easy Opplastingsverktøy Class) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
Ø16 - DPF: (E7DBFB6C-113a-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ PROGRA ~ 1 \ ESRI \ lisens \ arcgis9x \ lmgrd.exe
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - Compal ELECTRONIC INC - C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd - C: \ WINDOWS \ system32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C: \ Programfiler \ Hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Klienten (Norton AntiVirus Server) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Programfiler \ Fellesfiler \ SafeNet Sentinel \ Sentinel Protection Server \ WINNT \ spnsrvnt.exe

**evilfantasy** · #2 7nde Oct 2008, 00:28

Du kjører en gammel versjon av HijackThis. Installer den nye versjonen av HijackThis bortsett ikke kjør den før etter SDFix har avsluttet den prosess.

Laste ned TrendMicro HijackThis.exe (HJT) til skrivebordet.

Dobbeltklikk på HJTInstall.
Klikk på Installer knappen.
Det vil automatisk plass HJT i C: \ Programfiler \ TrendMicro \ HijackThis \ HijackThis.exe.
Ved å installere, HijackThis skal åpne for deg.
Klikk på Gjør et system skanne og lagre en loggfil knappen
HijackThis skanner og deretter en logg åpnes i notepad.
Kopier og lim alt innholdet i loggen i innlegget.
Ikke har HijackThis fikse noe ennå. Det meste av det de finner vil være harmløs eller nødvendig.

----------

Vennligst skriv ut disse instruksjonene som de vil være nødvendig senere når Internett-tilgang er ikke tilgjengelig.

Laste ned SDFix av AndyManchesta og lagre den på skrivebordet.

Når du bruker dette verktøyet, må du bruke Administrator konto eller en konto med Administrative rettigheter

Dobbeltklikk SDFix.exe og det vil pakke ut filene i% systemdrive%
(dette er den stasjonen som inneholder Windows-katalogen, vanligvis C: \ SDFix).
Ikke bruker den ennå.

Start datamaskinen i Sikkermodus bruker F8 metode. Du gjør dette ved å starte datamaskinen, og etter å ha hørt maskinen piper én gang under oppstart (men før Windows ikonet) trykker du F8-tasten gjentatte ganger. En meny vises med flere alternativer. Bruk piltastene til å navigere og velge alternativet for å kjøre Windows i "sikker modus".

Åpne SDFix mappe og dobbeltklikk RunThis.bat å starte skriptet.

Type Y å starte Cleanup prosessen.
Det vil fjerne enhver Trojan Services eller registeroppføringer finnes deretter be deg om å trykke en tast for å starte på nytt.
Trykk på en tast og den vil starte PC.
Når PC-en startes på nytt, det Fixtool vil kjøre igjen og fullføre fjerningen deretter vise Ferdig, Trykker på en tast for å avslutte skriptet og laste desktop ikoner.
Når skrivebordsikonene laste SDFix rapporten åpnes på skjermen, og også lagre i SDFix mappen som Report.txt.
Kopier og lim innholdet av resultatene fil Report.txt i neste svar sammen med en ny HijackThis log.

adhoc · #3 7nde Oct 2008, 02:15

Takk for hjelpen,

Dette er en nasty one! Problemet er fortsatt pågående, selv om datamaskinen min fikk omtrent 20 minutter med frist etter å ha kjørt SDFix.

SDFix og HiJackThis logger følger:

Og igjen mange, mange takk

SD Fix:

SDFix: Versjon 1.230
Kjør av Eier den Man 10/06/2008 kl 11:59

Microsoft Windows XP [Versjon 5.1.2600]
Running Fra: C: \ SDFix

Checking Services :

Navn :
tdssserv

Sti :
\ SystemRoot \ system32 \ drivers \ TDSSserv.sys

tdssserv - Slettede

Gjenopprette Standard Security Verdier
Gjenopprette Default Hosts File

Start

Checking Files :

Trojan Files Found:

C: \ WINDOWS \ SYSTEM32 \ CQVJNG.EXE - Deleted
C: \ WINDOWS \ SYSTEM32 \ FTPUPD.EXE - Deleted
C: \ WINDOWS \ SYSTEM32 \ NTBLTF.EXE - Deleted
C: \ WINDOWS \ SYSTEM32 \ PUOGNR.EXE - Deleted

Fjerne Temp Files

ADS Check :

Final Check :

CatchMe 0.3.1361.2 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 00:20:58
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

skanning skjulte tjenester & Systemstrukturen ...

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services es \ d346prt \ cfg \ 0Jf40]

scanning hidden registeroppføringene ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ (56CA5D3B-3002-4E7B-90FE-071D8FDF3814)]
"DisplayName" = "DAEMON Tools"

skanning skjulte filer ...

skanning er fullført
skjulte prosesser: 0
skjulte tjenester: 0
skjulte filer: 0

Resterende Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ listen]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ \ Programfiler \ \ Internet Explorer \ \ iexplore.exe" = "C: \ \ Programfiler \ \ Internet Explorer \ \ iexplore.exe: *: Disabled: Internet Explorer"
"C: \ \ Programfiler \ \ BitTornado \ \ btdownloadgui.exe" = "C: \ \ Programfiler \ \ BitTornado \ \ btdownloadgui.exe: *: Enabled: Btd ownloadgui"
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ \ Programfiler \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Programfiler \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6.2"
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ \ Programfiler \ \ GameHouse \ \ TextTwist \ \ TextTwist.exe" = "C: \ \ P rogram Files \ \ GameHouse \ \ TextTwist \ \ TextTwist.exe: *: Enabl red: Super TextTwist"
"C: \ \ Program Files \ \ Hexacto Games \ \ Lemonade Tycoon \ \ Lemonade.exe" = "C: \ \ Program Files \ \ Hexacto Games \ \ Lemonade Tycoon \ \ Lemonade.exe: *: Disabled: Lemonade"
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe: *: Enabled: Firefox"
"C: \ \ Programfiler \ \ Global Star \ \ Age of Sail II \ \ privateer.exe" = "C: \ \ Programfiler \ \ Global Star \ \ Age of Sail II \ \ privateer.exe: *: Enabled : pirat "
"C: \ \ Programfiler \ \ Windows Media Player \ \ Wmplayer.exe" = "C: \ \ Programfiler \ \ Windows Media Player \ \ Wmplayer.exe: *: Enabled: Windows Media Player"
"C: \ \ Program Files \ \ Real \ RealPlayer \ \ realplay.exe" = "C: \ \ progra m Files \ \ Real \ RealPlayer \ \ realplay.exe: *: Enabled: Re alPlayer"
"C: \ \ Programfiler \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe" = "C: \ \ Programfiler \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe: *: Enabled: Civ ilization3X "
"C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe" = "C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor leie"
"C: \ \ Programfiler \ \ Kerio \ \ Personal Firewall \ \ PERSFW.exe" = "C: \ \ Programfiler \ \ Kerio \ \ Personal Firewall \ \ PERSFW.exe: *: Enabled: Kerio Personal Firewall Engine"
"C: \ \ Programfiler \ \ TVUPlayer \ \ TVUPlayer.exe" = "C: \ \ Programfiler \ \ TVUPlayer \ \ TVUPlayer.exe: *: Enabled: TVU Spilleren Component"
"C: \ \ Program Files \ \ SopCast \ \ SopCast.exe" = "C: \ \ Program Files \ \ SopCast \ \ SopCast.exe: *: Enabled: SopCast"
"C: \ Documents and Settings \ Eier \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ Documents and Settings \ Eier \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe: *: Enabled: SopAdve r "
"C: \ \ Program Files \ \ QuickTime \ \ QuickTimePlayer.exe" = "C: \ \ Programfiler m Files \ \ QuickTime \ \ QuickTimePlayer.exe: *: Enabled: Qu ickTime Player"
"C: \ \ Program Files \ Veoh Networks \ Veoh \ \ VeohClient.exe" = "C: \ \ Program Files \ Veoh Networks \ Veoh \ \ VeohClient.exe: *: Enabled: Veoh Client"
"C: \ Documents and Settings \ Eier \ Lokale innstillinger \ Temp \ \ Charon.exe" = "C: \ Documents and Settings \ Eier \ Lokale innstillinger \ Temp \ \ Charon.exe: * : Enabled: Charon - En proxy kontroll / skanning programmet. "
"C: \ \ rubin \ \ bin \ \ ruby.exe" = "C: \ \ rubin \ \ bin \ \ ruby.exe: *: Enabled: Ruby interpreter"
"C: \ \ Program Files \ \ Azureus \ \ Azureus.exe" = "C: \ \ Program Files \ \ Azureus \ \ Azureus.exe: *: Enabled: Azureus (2)»
"C: \ \ Program Files \ VideoLAN \ \ VLC \ \ vlc.exe" = "C: \ \ Program Files \ VideoLAN \ \ VLC \ \ vlc.exe: *: Enabled: VLC media player"
"C: \ \ Program Files \ \ Google \ Google Talk \ \ googletalk.exe" = "C: \ \ Program Files \ \ Google \ Google Talk \ \ googletalk.exe: *: Enabled: Google Talk"
"C: \ \ Program Files \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ \ Program Files \ \ SopCast \ \ adv \ \ SopAdver.exe: *: Enabled: SopCas t adver"
"C: \ Documents and Settings \ Eier \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ Documents and Settings \ Eier \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ \ Program Files \ \ Common Files \ \ SafeNet Sentinel \ Sentinel Protection Server \ WinNT \ \ spnsrvnt.exe" = "C: \ \ Program Files \ \ Common Files \ \ SafeNet Sentinel \ Sentinel Protection Server \ \ WINNT \ \ spnsrvnt.exe: *: Disabled: Sentinel Protection Server "
"C: \ \ Programfiler \ \ NHL 2008 \ \ nhl2008.exe" = "C: \ \ Programfiler \ \ NHL 2008 \ \ nhl2008.exe: *: Enabled: nhl2008"
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ Programfiler \ \ KONAMI \ \ Pro Evolution Soccer 2008 kr \ \ PES2008.exe" = "C: \ \ Programfiler \ \ KONAMI \ \ Pro Evolution Soccer 2008 kr \ \ PES2008.exe: *: Enabled : Pro Evolution Soccer 2008 »
"C: \ \ WINDOWS \ \ system32 \ \ drivers \ svchost.exe" = "C: \ \ WINDOWS \ \ system32 \ \ drivers \ svchost.exe: *: Deaktiver d: svchost"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listen]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ \ Programfiler \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Programfiler \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6.2"

Resterende Filer :

Fil sikkerhetskopier: - C: \ SDFix \ backup \ backups.zip

Filer med skjulte attributter :

Onsdag 13 oktober 2004 1.694.208 .. SH. --- "C: \ Programfiler \ Messenger \ msmsgs.exe"
Man 15 september 2008 1562960 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll"
Man 7 juli 2008 1.429.840 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe"
Man 7 juli 2008 4.891.472 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe"
Tirs 16 september 2008 1833296 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe"
Fre 27 januar 2006 4348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Lør 14 juni 2008 50688 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ ~ WRL0001.tmp"
Lør 14 juni 2008 50176 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ ~ WRL1778.tmp"
Man 3 mars 2008 176128 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ Interop.NetworkCore.dll"
Man 3 mars 2008 36864 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ LelaAccount.dll"
Man 3 mars 2008 200704 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ LelaNetwork.dll"
Man 3 mars 2008 143360 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ LelaNetworkLib.dll"
Man 3 mars 2008 20480 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ LelaPrint.dll"
Man 3 mars 2008 176128 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ LelaResource.dll"
Man 3 mars 2008 151552 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ LelaServices.dll"
Man 3 mars 2008 110592 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ Linksys EasyLink Advisor.exe"
Man 3 mars 2008 18.879.808 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ LinksysUpdaterSetup.exe"
Man 3 mars 2008 270336 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ log4net.dll"
Man 3 mars 2008 8353080 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ PlatformSetup.exe"
Man 23 april 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
To 16 august 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv02.tmp"
To 16 august 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv03.tmp"
Lør 20 oktober 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv04.tmp"
Søn 21 oktober 2007 87552 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ analytiker oct2007 \ ~ WRL0029.tmp"
Søn 21 oktober 2007 85504 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ analytiker oct2007 \ ~ WRL0207.tmp"
Søn 21 oktober 2007 88576 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ analytiker oct2007 \ ~ WRL0362.tmp"
Søn 21 oktober 2007 88576 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ analytiker oct2007 \ ~ WRL1369.tmp"
Søn 21 oktober 2007 81920 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ analytiker oct2007 \ ~ WRL1945.tmp"
Søn 21 oktober 2007 84992 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ analytiker oct2007 \ ~ WRL2108.tmp"
Søn 21 oktober 2007 88576 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ analytiker oct2007 \ ~ WRL2659.tmp"
Søn 21 oktober 2007 87552 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ analytiker oct2007 \ ~ WRL2779.tmp"
Søn 21 oktober 2007 86016 ... H. --- "C: \ Documents and Settings \ jen \ Skrivebord \ analytiker oct2007 \ ~ WRL2918.tmp"
Lør 9 juni 2007 33280 ... H. --- "C: \ Documents and Settings \ jen \ Lokale innstillinger \ Temp \ ~ WRL1284.tmp"
Ti 27 desember 2005 33280 ... H. --- "C: \ Documents and Settings \ jen \ Mine dokumenter \ seasmoke \ ~ WRL0003.tmp"
Ti 27 desember 2005 33792 ... H. --- "C: \ Documents and Settings \ jen \ Mine dokumenter \ seasmoke \ ~ WRL0774.tmp"
Ti 27 desember 2005 34816 ... H. --- "C: \ Documents and Settings \ jen \ Mine dokumenter \ seasmoke \ ~ WRL0804.tmp"
Ti 27 desember 2005 33792 ... H. --- "C: \ Documents and Settings \ jen \ Mine dokumenter \ seasmoke \ ~ WRL1393.tmp"
Ti 27 desember 2005 36864 ... H. --- "C: \ Documents and Settings \ jen \ Mine dokumenter \ seasmoke \ ~ WRL1707.tmp"
Ti 27 desember 2005 33280 ... H. --- "C: \ Documents and Settings \ jen \ Mine dokumenter \ seasmoke \ ~ WRL2134.tmp"
Ti 27 desember 2005 35840 ... H. --- "C: \ Documents and Settings \ jen \ Mine dokumenter \ seasmoke \ ~ WRL2768.tmp"
Ti 27 desember 2005 33280 ... H. --- "C: \ Documents and Settings \ jen \ Mine dokumenter \ seasmoke \ ~ WRL3330.tmp"
Ti 27 desember 2005 36352 ... H. --- "C: \ Documents and Settings \ jen \ Mine dokumenter \ seasmoke \ ~ WRL3500.tmp"
Man 3 januar 2005 25088 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ My Scans \ ~ WRL2003.tmp"
Man 3 januar 2005 25088 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ My Scans \ ~ WRL3264.tmp"
Man 17 april 2006 40960 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ~ WRL2617.tmp"
Man 25 september 2006 38400 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ~ WRL2726.tmp"
Søn 24 september 2006 30720 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ~ WRL3228.tmp"
Søn 16 april 2006 38912 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ~ WRL3396.tmp"
Man 3 mars 2008 81920 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ ar \ LelaResource.resources.dll"
Man 3 mars 2008 69632 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ da \ LelaResource.resources.dll"
Man 3 mars 2008 73728 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ de \ LelaResource.resources.dll"
Man 3 mars 2008 94208 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ el \ LelaResource.resources.dll"
Man 3 mars 2008 77824 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ no \ LelaAccount.resources.dll"
Man 3 mars 2008 446464 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ no \ LelaNetwork.resources.dll"
Man 3 mars 2008 11.407.360 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ no \ LelaResource.resources.dll"
Man 3 mars 2008 1916928 A. SHR --- "C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ no \ Linksys EasyLink Advisor.resources.dll"
Ti 25 mars 2008 26112 ... H. --- "C: \ Documents and Settings \ All Users \ Dokumenter \ Happy House Info \ 2008 \ ~ WRL0454.tmp"
To 27 mars 2008 22016 ... H. --- "C: \ Documents and Settings \ All Users \ Dokumenter \ Happy House Info \ 2008 \ ~ WRL1118.tmp"
Fre 7 april 2006 3595264 ... H. --- "C: \ Documents and Settings \ Eier \ Application Data \ Microsoft \ Word \ ~ WRL2168.tmp"
Fre 7 april 2006 3593728 ... H. --- "C: \ Documents and Settings \ Eier \ Application Data \ Microsoft \ Word \ ~ WRL2962.tmp"
Ons 5 april 2006 4252160 ... H. --- "C: \ Documents and Settings \ Eier \ Application Data \ Microsoft \ Word \ ~ WRL3217.tmp"
Fre 27 januar 2006 4348 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Min musikk \ lisens Backup \ drmv1key.bak"
Lør Sep 30 2006 20 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Min musikk \ lisens Backup \ drmv1lic.bak"
Fre 27 januar 2006 400 A.SH. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Min musikk \ lisens Backup \ drmv2key.bak"
Man 18 september 2006 32256 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Biotech 206B \ ~ WRL0004.tmp"
Ti 31 oktober 2006 114688 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Biotech 206B \ ~ WRL1340.tmp"
Søn 17 september 2006 30720 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Biotech 206B \ ~ WRL2439.tmp"
Man 18 september 2006 32256 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Biotech 206B \ ~ WRL3767.tmp"
Ons 21 september 2005 26624 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ chem 120 Labs \ ~ WRL0005.tmp"
Lør 26 november 2005 27136 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ chem 120 Labs \ ~ WRL3662.tmp"
Man Jun 13 2005 30.208 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Eng 150 \ ~ WRL0386.tmp"
Søn 5 juni 2005 25088 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Eng 150 \ ~ WRL0788.tmp"
Søn 5 juni 2005 25600 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Eng 150 \ ~ WRL0794.tmp"
Man Jun 13 2005 30.208 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Eng 150 \ ~ WRL1533.tmp"
Ons 1 juni 2005 24064 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Eng 150 \ ~ WRL1817.tmp"
Man Jun 13 2005 31.232 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Eng 150 \ ~ WRL2720.tmp"
Tirs 14 juni 2005 35840 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Eng 150 \ ~ WRL2966.tmp"
Tirs 14 juni 2005 36864 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Eng 150 \ ~ WRL3073.tmp"
To 9 juni 2005 28160 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Eng 150 \ ~ WRL3453.tmp"
To 2 februar 2006 382,464 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL0003.tmp"
Fre 7 april 2006 3594240 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL0004.tmp"
Ons 5 april 2006 4243968 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL0010.tmp"
Ons 5 april 2006 4254720 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL0303.tmp"
Lør 4 februar 2006 928,256 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL0501.tmp"
Søn 5 februar 2006 591,360 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL0928.tmp"
Ons 5 april 2006 4254720 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL1029.tmp"
Ons 5 april 2006 24064 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL1104.tmp"
Lør 4 februar 2006 384,000 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL1259.tmp"
Ons 5 april 2006 4243456 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL1375.tmp"
Ons 5 april 2006 4244992 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL1969.tmp"
To 6 april 2006 710656 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL2066.tmp"
Fre 31 mars 2006 35840 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL2175.tmp"
Ti 28 mars 2006 185856 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL2368.tmp"
Fre 31 mars 2006 65024 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL2573.tmp"
Ti 4 april 2006 4242944 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL2686.tmp"
Søn 5 februar 2006 891,904 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL2700.tmp"
Lør 4 februar 2006 507,392 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL2881.tmp"
Ons 5 april 2006 4244480 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL2992.tmp"
Ons 5 april 2006 24576 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL3160.tmp"
Ons 5 april 2006 4242432 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL3277.tmp"
Lør 4 februar 2006 928,768 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL3387.tmp"
Ons 5 april 2006 4251648 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL3591.tmp"
Lør 4 februar 2006 383,488 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL3770.tmp"
Ons 5 april 2006 4243456 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL3900.tmp"
Ons 5 april 2006 4243456 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL3905.tmp"
Lør 4 februar 2006 382,976 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ ENVR 253 \ ~ WRL4065.tmp"
To 23 mars 2006 27648 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Envrionmental \ ~ WRL3569.tmp"
Lør 25 november 2006 20480 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Geog 220 \ ~ WRL1016.tmp"
Man 4 desember 2006 27648 ... H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ Geog 220 \ ~ WRL2705.tmp"
Søn 6 mars 2005 56832 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ fysikk 11 \ ~ WRL3235.tmp"
Søn 20 februar 2005 36864 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ fysikk 11 \ ~ WRL3307.tmp"
Søn 13 november 2005 27648 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL0952.tmp"
Søn 13 november 2005 27648 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL1162.tmp"
Søn 13 november 2005 26112 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL1539.tmp"
Søn 13 november 2005 24576 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL1964.tmp"
Søn 13 november 2005 27136 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL2068.tmp"
Søn 13 november 2005 28672 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL3230.tmp"
Søn 13 november 2005 27648 A.. H. --- "C: \ Documents and Settings \ Eier \ Mine dokumenter \ Skole \ chem 120 Labs \ chem teori \ ~ WRL3512.tmp"

Ferdig!

Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret på 2:12:20 AM, on 10/7/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ ESRI \ lisens \ arcgis9x \ lmgrd.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ PROGRA ~ 1 \ ESRI \ lisens \ arcgis9x \ ARCGIS.exe
C: \ WINDOWS \ system32 \ DVDRAMSV.exe
C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Programfiler \ Fellesfiler \ SafeNet Sentinel \ Sentinel Protection Server \ WINNT \ spnsrvnt.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Apoint2K \ Apoint.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Programfiler \ TOSHIBA \ touchpad \ TPTray.exe
C: \ progra ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ Programfiler \ Apoint2K \ Apntex.exe
C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ Initio \ Button Manager v1.836 \ inihid.exe
C: \ Programfiler \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ progra ~ 1 \ WinZIP \ winzip32.exe
C: \ Documents and Settings \ Eier \ Lokale innstillinger \ Temp \ HijackThis.exe
C: \ Program Files \ Windows NT \ Accessories \ WORDPAD.EXE

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Programfiler \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Programfiler \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Programfiler \ TOSHIBA \ touchpad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ progra ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe / autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Programfiler \ SpyNoMore \ SNM.exe / oppstart
O4 - HKCU \ .. \ Run: [Free Download Manager] C: \ Program Files \ Free Download Manager \ fdm.exe-bilen
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_9-reboot 1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User '')
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button Manager v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Programfiler \ Linksys \ Linksys EasyLink Advisor \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Si Time.lnk = C: \ Programfiler \ Si Time \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Programfiler \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ Programfiler \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ Programfiler \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O10 - Unknown fil i Winsock LSP: c: \ windows \ system32 \ nwprovau.dll
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protokollen er i sonen Min datamaskin, bør Internett-sone (HKLM)
Ø16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
Ø16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ Components \ hidinputmonitorx.ocx
Ø16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ Components \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Ø16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Bilder Easy Opplastingsverktøy Class) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
Ø16 - DPF: (E7DBFB6C-113a-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ PROGRA ~ 1 \ ESRI \ lisens \ arcgis9x \ lmgrd.exe
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - Compal ELECTRONIC INC - C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Programfiler \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd - C: \ WINDOWS \ system32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C: \ Programfiler \ Hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Klienten (Norton AntiVirus Server) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Programfiler \ Fellesfiler \ SafeNet Sentinel \ Sentinel Protection Server \ WINNT \ spnsrvnt.exe

--
End of file - 9148 bytes

**evilfantasy** · #4 7 oktober 2008, 09:48

Deaktiver Spybot's TeaTimer

Mens TeaTimer er et utmerket verktøy for forebygging av spyware, det kan også forstyrre HijackThis løser. Deaktiver TeaTimer nå før du er ren.

1. Høyreklikk Spybot i systemstatusfeltet (ser ut som en kalender med et hengelås-symbol). Velge Avslutt Spybot S & D Resident
2. Løpe Spybot S & D
3. Gå til Modus menyen, Og sørg Avansert modus er valgt.
4. På venstre side, velger Verktøy > Resident
avmerk Resident TeaTimer og OK eventuelle spørsmål og Start datamaskinen.

Merk: Hvis TeaTimer gir deg en advarsel etter at noen endringer ble gjort, at dette i stedet for å blokkere den.

Hvis TeaTimer vil ikke slå deretter avinstallere Spybot til vi er ferdig med rengjøring.

----------

Åpne HijackThis og velg Gjør et søk.

Sett et merke ved siden av følgende oppføringer: (hvis det)

O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protokollen er i sonen Min datamaskin, bør Internett-sone (HKLM)

Viktig: Lukk alle åpne vinduer unntatt HijackThis og klikk Fix kontrolleres.

Etter fullført, avslutter HijackThis.

----------

Last ned ComboFix av ubåter fra én av de nedenfor koblinger. Pass på at toppen lagre det til Desktop.

Link # 1
Link # 2

** Merk: Det er viktig at det er lagret direkte til skrivebordet ditt

Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.) før du starter ComboFix.

Midlertidig deaktivere din antivirus, Og eventuelle antispyware sanntid beskyttelse før utføre en skanning. Klikk denne koblingen å se en liste over sikkerhetsprogrammer som skal være deaktivert og hvordan du deaktiverer dem.

Dobbeltklikk combofix.exe og følg instruksjonene.
Når du er ferdig ComboFix vil produsere en logg for deg.
Poste ComboFix logg i neste svaret.

Viktig: Ikke mouseclick ComboFix's vinduet mens den kjører. Det kan føre til stall.

Husk å aktivere din antivirus og antispyware beskyttelse når ComboFix er fullført.

adhoc · #5 7nde Oct 2008, 18:34

Takk EF du rock,

Den ComboFix loggen er stort så det er vedlagt som en zip-fil:
combofixlog.zip

**evilfantasy** · #6 7nde Oct 2008, 18:44

[*] Klikk START så RUN[*] Nå skriver Combofix / u i runbox [*] Kontroller at det er et mellomrom mellom Combofix og / u [*] Deretter hit Angi.

----------

Laste ned OTMoveIt2 av OldTimer og lagre den på Desktop.

Merk: Hvis du kjører på Vista, høyreklikk på OTMoveIt2.exe og velge Kjør som Administrator.

1. Dobbeltklikk OTMoveIt2.exe å kjøre den.
2. Kopier linjene i codebox nedenfor.

Code:

[drepe explorer] "C: \ WINDOWS \ system32 \ xVB47F7a.exe C: \ DOCUME ~ 1 \ Eier \ LOCALS ~ 1 \ Temp \ RGI5.tmp EmptyTemp [start explorer]

3. Gå tilbake til OTMoveIt2, høyreklikk på Lim Liste over filer / mapper til Flytt vinduet (under den gule linjen), og velg Lim
4. Klikk på den røde Moveit! knappen.
5. Kopier alt i resultatene vinduet (under den grønne linjen) og lime den inn i din neste svar.
6. Lukke OTMoveIt2

Merk: Hvis en fil eller mappe som ikke kan flyttes umiddelbart kan du bli bedt om å starte datamaskinen på nytt for å fullføre flyttingen prosessen. Hvis du blir bedt om å starte på nytt, velger Ja. Hvis ikke, reboot uansett.

----------

Etter oppslaget i OTMoveIt2 logg.

1. Dobbeltklikk OTMoveIt2.exe å lansere den.
Vista-brukere høyreklikk og velg Kjør som Administrator
2. Klikk på CleanUp! knappen.
3. OTMoveIt2 vil laste ned fra Internett, hvis brannmuren eller andre defensive programmer varsler deg, at den tilgang.
4. Klikk JA ved neste ledeteksten (listen er lastet ned, vil du begynne Cleanup prosessen?)

Når du er ferdig avkjøring ut OTMoveIt2

----------

Kjør CCleaner.

----------

Kjør dette online scan.

Denne skanneren krever Internet Explorer

Bruk ESET nod32 Online Scanner

1. Merk av for Ja, jeg godtar vilkårene for bruk.
2. Klikk Start
3. Når de blir spurt, at ActiveX-kontrollen til å installere
4. Klikk Start
5. Sørg for at alternativet Fjern funnet trusler og valget Scan uønskede programmer er å kontrollere merket.
6. Klikk Scan
7. Vent på skanning for å fullføre
8. Bruk Notisblokk til å åpne logfile plassert på C: \ Programfiler \ EsetOnlineScanner \ Log.txt
9. Legge til den, det C: \ Programfiler \ EsetOnlineScanner \ Log.txt Modchip neste svar.

Lignende Tråder
Tråd	Tråd startet	Forum	Svar	Siste innlegg
Virus: iexplore.exe som system prosess	mkjuan	Virus, spionprogrammer og sikkerhet	14	7 november 2008 00:14
Datamaskinen ikke fungerer-det piper!	PyroTails	General Hardware Chat	8	15nde sep 2008 13:08
Stange piper støy	sam182666	General Hardware Chat	6	26 april 2008 12:23
Problemer med popups og iexplore kjører prosessen	1carly1	Virus, spionprogrammer og sikkerhet	3	15 februar 2008 10:36
Piper på Boot Up	nuteck	CPUer, Hovedkort & RAM	11	21 januar 2008 05:55