CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede pikak1 Nybegynder
04. november 2007 - 09:08 Der er 9 kommentarer

Langsom opstart fra den ene dag til den anden

Hej,
Jeg har en pc der er 3 år gammel, men med masser af kræfter og ram, samt godt grafikkort.
Her for 2 uger siden begyndte den efter winXP splashbilledet og fremkomsten af skrivebordet, at stå stille i 2-3 minutter inden den ville tage imod nogen kommando eller museklik.
Jeg har prøvet ar kigge på processorerne i taskmanager og kan kun se nvcoas som skurk i cpu-forbrug.
Men jeg poster lig HJT loggen

Logfile of HijackThis v1.99.1
Scan saved at 09:01:00, on 04-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Executive Software\Diskeeper\DkService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Norman\npm\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\npm\bin\NJEEVES.EXE
C:\Norman\npc\bin\npcsvc32.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\npc\bin\nuaa.exe
C:\Norman\npm\bin\ZLH.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Norman\nvc\BIN\NIP.EXE
C:\Programmer\GetRight\getright.exe
C:\Norman\nvc\bin\cclaw.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Piet Kakkar\Skrivebord\Spywarefri\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.59.20.228:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmer\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NPCTray] C:\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (Snapfish Drag and Drop upload plugin) - http://www.pixaco.dk/static/download/pixacodndupload.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programmer\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
Avatar billede arlet Juniormester
04. november 2007 - 09:52 #1
Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

derudover skal du hente:
Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.
Avatar billede pikak1 Nybegynder
04. november 2007 - 11:44 #2
her loggen fra Superantispyware

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2007 at 11:17 AM

Application Version : 3.7.1018

Core Rules Database Version : 3222
Trace Rules Database Version: 1233

Scan type      : Complete Scan
Total Scan Time : 00:33:38

Memory items scanned      : 524
Memory threats detected  : 0
Registry items scanned    : 8155
Registry threats detected : 0
File items scanned        : 40396
File threats detected    : 4

Adware.Tracking Cookie
    C:\Documents and Settings\Piet Kakkar\Cookies\piet_kakkar@bs.serving-sys[1].txt
    C:\Documents and Settings\Piet Kakkar\Cookies\piet_kakkar@track.adform[2].txt
    C:\Documents and Settings\Piet Kakkar\Cookies\piet_kakkar@serving-sys[2].txt
    C:\Documents and Settings\Piet Kakkar\Cookies\piet_kakkar@adtech[1].txt

her er combofix loggen




ComboFix 07-11-01.1** - Piet Kakkar 2007-11-04 11:32:45.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1177 [GMT 1:00]
Running from: C:\Documents and Settings\Piet Kakkar\Skrivebord\Spywarefri\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\hosts
C:\WINDOWS\setup.exe

.
(((((((((((((((((((((((((  Files Created from 2007-10-04 to 2007-11-04  )))))))))))))))))))))))))))))))
.

2007-11-04 11:32    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-11-04 09:58    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-04 09:57    <DIR>    d--------    C:\Programmer\CCleaner
2007-10-29 19:41    <DIR>    d--------    C:\Documents and Settings\Piet Kakkar\Application Data\vlc
2007-10-29 19:37    32,000,138    --a------    C:\WINDOWS\Screen Saver Pontet-Canet.scr
2007-10-25 19:35    <DIR>    d--------    C:\Ny mappe
2007-10-24 21:13    <DIR>    d--------    C:\Documents and Settings\LocalService\Application Data\Media Player Classic
2007-10-23 16:41    <DIR>    d--------    C:\Programmer\K-Lite Codec Pack
2007-10-23 16:41    <DIR>    d--------    C:\Documents and Settings\Piet Kakkar\Application Data\Media Player Classic
2007-10-21 14:30    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-20 07:56    <DIR>    d--------    C:\WINDOWS\system32\C
2007-10-17 13:05    <DIR>    d--------    C:\Programmer\DAEMON Tools

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 09:43    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2007-11-04 09:10    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 09:06    ---------    d-----w    C:\Programmer\GetRight
2007-10-26 09:26    ---------    d-----w    C:\Documents and Settings\Piet Kakkar\Application Data\SUPERAntiSpyware.com
2007-10-21 13:31    ---------    d-----w    C:\Documents and Settings\Piet Kakkar\Application Data\CyberLink
2007-10-21 13:29    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-10-21 13:28    ---------    d-----w    C:\Programmer\CyberLink
2007-10-21 13:20    ---------    d-----w    C:\Documents and Settings\Piet Kakkar\Application Data\proDAD
2007-10-17 12:02    685,816    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2007-10-10 22:20    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-30 18:28    ---------    d-----w    C:\Programmer\Fælles filer\xing shared
2007-09-30 18:28    ---------    d-----w    C:\Programmer\Fælles filer\Real
2007-09-30 18:11    ---------    d-----w    C:\Programmer\TomTom HOME
2007-09-24 07:16    ---------    d-----w    C:\Programmer\DivX
2007-09-22 14:07    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-09-21 18:23    ---------    d-----w    C:\Documents and Settings\Piet Kakkar\Application Data\LinkedIn
2007-09-13 18:09    ---------    d-----w    C:\Programmer\Electronic Arts
2007-09-13 18:08    ---------    d-----w    C:\Programmer\AGEIA Technologies
2007-09-11 20:18    ---------    d-----w    C:\Programmer\iTunes
2007-09-11 20:17    ---------    d-----w    C:\Programmer\iPod
2007-09-11 20:14    ---------    d-----w    C:\Programmer\Apple Software Update
2007-08-21 06:17    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2006-12-17 01:30    1,428    ----a-w    C:\Programmer\INSTALL.LOG
2006-10-17 14:47    81,920    ----a-w    C:\Documents and Settings\Piet Kakkar\Application Data\ezpinst.exe
2006-10-17 14:47    47,360    ----a-w    C:\Documents and Settings\Piet Kakkar\Application Data\pcouffin.sys
2005-01-07 21:23:59    61    --sh--w    C:\WINDOWS\cnerolf.dat
2004-08-27 12:00:00    94,800    --sh--w    C:\WINDOWS\twain.dll
2004-08-27 12:00:00    50,688    --sh--w    C:\WINDOWS\twain_32.dll
2004-08-27 12:00:00    1,028,096    --sh--w    C:\WINDOWS\system32\mfc42.dll
2004-08-27 12:00:00    54,784    --sh--w    C:\WINDOWS\system32\msvcirt.dll
2004-08-27 12:00:00    413,696    --sh--w    C:\WINDOWS\system32\msvcp60.dll
2004-08-27 12:00:00    343,040    --sh--w    C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:29:55    549,376    --sh--w    C:\WINDOWS\system32\oleaut32.dll
2004-08-27 12:00:00    83,456    --sh--w    C:\WINDOWS\system32\olepro32.dll
2004-08-27 12:00:00    11,776    --sh--w    C:\WINDOWS\system32\regsvr32.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\Norman\npm\bin\ZLH.exe" [2006-10-16 10:43]
"DiskeeperSystray"="C:\Programmer\Executive Software\Diskeeper\DkIcon.exe" [2004-12-21 22:29]
"NPCTray"="C:\Norman\npc\bin\npc_tray.exe" [2006-08-30 16:09]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-06-29 05:24]
"CloneCDElbyCDFL"="C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-07 15:55]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24]
"LanguageShortcut"="C:\Programmer\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 14:10]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
GetRight - Tray Icon.lnk - C:\Programmer\GetRight\getright.exe [2006-12-14 22:32:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HPAiODevice(hp officejet d series) - 1.lnk]
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet d series) - 1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^VIA RAID TOOL.lnk]
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Piet Kakkar^Menuen Start^Programmer^Start^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Piet Kakkar^Menuen Start^Programmer^Start^Hewlett-Packard Recorder.lnk]
backup=C:\WINDOWS\pss\Hewlett-Packard Recorder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Piet Kakkar^Menuen Start^Programmer^Start^Screen Clipper and Launcher til OneNote 2007.lnk]
backup=C:\WINDOWS\pss\Screen Clipper and Launcher til OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Programmer\D-Tools\daemon.exe"  -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWH myPrintMileage Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programmer\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHBundle]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools]
C:\Programmer\XP Tools\xptools.exe /min

R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\system32\Drivers\HWFProt.sys
R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R1 TDI_RD;Norman Firewall TDI driver;\??\C:\WINDOWS\system32\drivers\tdi_rd.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Programmer\CyberLink\PowerDVD\000.fcl
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R2 Ndiskio;Ndiskio;\??\c:\norman\nse\bin\ndiskio.sys
R2 NPFSvc32;Norman Personal Firewall Service;"C:\Norman\npf\bin\npfsvc32.exe"
R2 NVOY;Norman V.O.Y.;C:\Norman\npm\bin\nvoy.exe
R2 SQLWriter;SQL Server VSS Writer;"C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 NPC;Norman Parental Control;C:\Norman\npc\bin\npcsvc32.exe
R3 NUAA;Norman User Activity Agent;C:\Norman\npc\bin\nuaa.exe
R3 nvcfsr;nvcfsr;\??\C:\NORMAN\Nvc\BIN\nvcfsr.sys
R3 nvcoafl51;nvcoafl51;\??\C:\NORMAN\Nvc\BIN\nvcoafl51.sys
R3 nvcoaft51;nvcoaft51;\??\C:\NORMAN\Nvc\BIN\nvcoaft51.sys
R3 nvcoarc51;nvcoarc51;\??\C:\NORMAN\Nvc\BIN\nvcoarc51.sys
R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe
R3 pctvnet;Pinnacle PCTV Ethernet Driver;C:\WINDOWS\system32\DRIVERS\pctvnet.sys
S0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys
S0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 12:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 11:34:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
Avatar billede arlet Juniormester
04. november 2007 - 18:49 #3
Gå lige ind i C:\WINDOWS\system32\C

Hvad ligger i den mappe??
Avatar billede pikak1 Nybegynder
04. november 2007 - 19:02 #4
der ligger to taomme mapper der hedder hhv. npc og under det en tom bin mappe
Avatar billede pikak1 Nybegynder
04. november 2007 - 19:03 #5
tomme mapper skulle der stå
Avatar billede pikak1 Nybegynder
04. november 2007 - 22:56 #6
nå men min PC er lige gået ned. Jeg ved ikke om det har direkte reference til disse operationer. WIndows XP splash screenen fremkommer kort og maskinen genstarter. Der foreslås fejlsikker tilstand, men den fejlsikre tilstand nås aldrig inden maskinen booter igen. Måske jeg skal oprette en ny tråd til dette spørgsmål?
Avatar billede pikak1 Nybegynder
04. november 2007 - 23:20 #7
jeg har oprettet en ny tråd
Avatar billede arlet Juniormester
05. november 2007 - 07:28 #8
Hold f8 nede, når du starter op, så benyt sidste kendte fungerende konfigutation
Avatar billede pikak1 Nybegynder
05. november 2007 - 08:16 #9
se denne tråd http://www.eksperten.dk/spm/804330
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Windows kategorien

Titel Indlæg Oprettet Seneste aktivitet
Manglende plads Af Prado i Windows 10 16/07/202416:11 17/07/202406:01
Windows 11 problem!!! Af Lion i Windows 9 16/07/202415:05 18/07/202419:43
Reduseret lydstyrke i Windows Af valby i Windows 25 12/07/202419:01 16/07/202415:56
Pixeline cd’er til PC Af Mathilde i Windows 13 05/07/202414:04 16/07/202416:03
Windows 10 - IIS 10 Af bsn i Windows 1 05/07/202401:14 19/07/202421:57
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 20:17 vlc viser kegle-icon Af casablanca i Andet software
I dag 14:01 Oprette / gemme et par fotos i en mappe - Samsung Galaxy A 14 5G ? Af Ikke-ekspert i Mobiltelefoner
I dag 11:14 Bærbar til Sims 3? Af idamarie i PC
I dag 10:49 Adobe til excel Af densortehingst i Andet software
I dag 09:26 Chrome Af fjorbak i Andet netværk
White papers
Flere white papers »


Premium
Teaser billede
5.000 flyafgange i verden blev aflyst som følge af Crowdstrike-nedbrud: Vil Københavns Lufthavn søge erstatning?
Læs mere »
Hackere udnytter CrowdStrike-nedbruddet: Spreder malware ved hjælp af falske løsninger
Microsoft skyder dele af skylden for CrowdStrike-nedbrud på 15 år gammel EU-aftale
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Læs mere »
Sådan får du overblik og beskytter dine cloudapplikationer
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
Det behøver ikke at gøre ondt: Sådan gør du livet lettere for kunder med multicloud
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »