CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede pikak1 Nybegynder
04. november 2007 - 09:08 Der er 9 kommentarer

Langsom opstart fra den ene dag til den anden

Hej,
Jeg har en pc der er 3 år gammel, men med masser af kræfter og ram, samt godt grafikkort.
Her for 2 uger siden begyndte den efter winXP splashbilledet og fremkomsten af skrivebordet, at stå stille i 2-3 minutter inden den ville tage imod nogen kommando eller museklik.
Jeg har prøvet ar kigge på processorerne i taskmanager og kan kun se nvcoas som skurk i cpu-forbrug.
Men jeg poster lig HJT loggen

Logfile of HijackThis v1.99.1
Scan saved at 09:01:00, on 04-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Executive Software\Diskeeper\DkService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Norman\npm\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\npm\bin\NJEEVES.EXE
C:\Norman\npc\bin\npcsvc32.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\npc\bin\nuaa.exe
C:\Norman\npm\bin\ZLH.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Norman\nvc\BIN\NIP.EXE
C:\Programmer\GetRight\getright.exe
C:\Norman\nvc\bin\cclaw.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Piet Kakkar\Skrivebord\Spywarefri\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.59.20.228:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmer\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NPCTray] C:\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (Snapfish Drag and Drop upload plugin) - http://www.pixaco.dk/static/download/pixacodndupload.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programmer\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
Avatar billede arlet Juniormester
04. november 2007 - 09:52 #1
Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

derudover skal du hente:
Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.
Avatar billede pikak1 Nybegynder
04. november 2007 - 11:44 #2
her loggen fra Superantispyware

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2007 at 11:17 AM

Application Version : 3.7.1018

Core Rules Database Version : 3222
Trace Rules Database Version: 1233

Scan type      : Complete Scan
Total Scan Time : 00:33:38

Memory items scanned      : 524
Memory threats detected  : 0
Registry items scanned    : 8155
Registry threats detected : 0
File items scanned        : 40396
File threats detected    : 4

Adware.Tracking Cookie
    C:\Documents and Settings\Piet Kakkar\Cookies\piet_kakkar@bs.serving-sys[1].txt
    C:\Documents and Settings\Piet Kakkar\Cookies\piet_kakkar@track.adform[2].txt
    C:\Documents and Settings\Piet Kakkar\Cookies\piet_kakkar@serving-sys[2].txt
    C:\Documents and Settings\Piet Kakkar\Cookies\piet_kakkar@adtech[1].txt

her er combofix loggen




ComboFix 07-11-01.1** - Piet Kakkar 2007-11-04 11:32:45.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1177 [GMT 1:00]
Running from: C:\Documents and Settings\Piet Kakkar\Skrivebord\Spywarefri\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\hosts
C:\WINDOWS\setup.exe

.
(((((((((((((((((((((((((  Files Created from 2007-10-04 to 2007-11-04  )))))))))))))))))))))))))))))))
.

2007-11-04 11:32    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-11-04 09:58    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-04 09:57    <DIR>    d--------    C:\Programmer\CCleaner
2007-10-29 19:41    <DIR>    d--------    C:\Documents and Settings\Piet Kakkar\Application Data\vlc
2007-10-29 19:37    32,000,138    --a------    C:\WINDOWS\Screen Saver Pontet-Canet.scr
2007-10-25 19:35    <DIR>    d--------    C:\Ny mappe
2007-10-24 21:13    <DIR>    d--------    C:\Documents and Settings\LocalService\Application Data\Media Player Classic
2007-10-23 16:41    <DIR>    d--------    C:\Programmer\K-Lite Codec Pack
2007-10-23 16:41    <DIR>    d--------    C:\Documents and Settings\Piet Kakkar\Application Data\Media Player Classic
2007-10-21 14:30    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-20 07:56    <DIR>    d--------    C:\WINDOWS\system32\C
2007-10-17 13:05    <DIR>    d--------    C:\Programmer\DAEMON Tools

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 09:43    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2007-11-04 09:10    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 09:06    ---------    d-----w    C:\Programmer\GetRight
2007-10-26 09:26    ---------    d-----w    C:\Documents and Settings\Piet Kakkar\Application Data\SUPERAntiSpyware.com
2007-10-21 13:31    ---------    d-----w    C:\Documents and Settings\Piet Kakkar\Application Data\CyberLink
2007-10-21 13:29    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-10-21 13:28    ---------    d-----w    C:\Programmer\CyberLink
2007-10-21 13:20    ---------    d-----w    C:\Documents and Settings\Piet Kakkar\Application Data\proDAD
2007-10-17 12:02    685,816    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2007-10-10 22:20    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-30 18:28    ---------    d-----w    C:\Programmer\Fælles filer\xing shared
2007-09-30 18:28    ---------    d-----w    C:\Programmer\Fælles filer\Real
2007-09-30 18:11    ---------    d-----w    C:\Programmer\TomTom HOME
2007-09-24 07:16    ---------    d-----w    C:\Programmer\DivX
2007-09-22 14:07    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-09-21 18:23    ---------    d-----w    C:\Documents and Settings\Piet Kakkar\Application Data\LinkedIn
2007-09-13 18:09    ---------    d-----w    C:\Programmer\Electronic Arts
2007-09-13 18:08    ---------    d-----w    C:\Programmer\AGEIA Technologies
2007-09-11 20:18    ---------    d-----w    C:\Programmer\iTunes
2007-09-11 20:17    ---------    d-----w    C:\Programmer\iPod
2007-09-11 20:14    ---------    d-----w    C:\Programmer\Apple Software Update
2007-08-21 06:17    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2006-12-17 01:30    1,428    ----a-w    C:\Programmer\INSTALL.LOG
2006-10-17 14:47    81,920    ----a-w    C:\Documents and Settings\Piet Kakkar\Application Data\ezpinst.exe
2006-10-17 14:47    47,360    ----a-w    C:\Documents and Settings\Piet Kakkar\Application Data\pcouffin.sys
2005-01-07 21:23:59    61    --sh--w    C:\WINDOWS\cnerolf.dat
2004-08-27 12:00:00    94,800    --sh--w    C:\WINDOWS\twain.dll
2004-08-27 12:00:00    50,688    --sh--w    C:\WINDOWS\twain_32.dll
2004-08-27 12:00:00    1,028,096    --sh--w    C:\WINDOWS\system32\mfc42.dll
2004-08-27 12:00:00    54,784    --sh--w    C:\WINDOWS\system32\msvcirt.dll
2004-08-27 12:00:00    413,696    --sh--w    C:\WINDOWS\system32\msvcp60.dll
2004-08-27 12:00:00    343,040    --sh--w    C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:29:55    549,376    --sh--w    C:\WINDOWS\system32\oleaut32.dll
2004-08-27 12:00:00    83,456    --sh--w    C:\WINDOWS\system32\olepro32.dll
2004-08-27 12:00:00    11,776    --sh--w    C:\WINDOWS\system32\regsvr32.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\Norman\npm\bin\ZLH.exe" [2006-10-16 10:43]
"DiskeeperSystray"="C:\Programmer\Executive Software\Diskeeper\DkIcon.exe" [2004-12-21 22:29]
"NPCTray"="C:\Norman\npc\bin\npc_tray.exe" [2006-08-30 16:09]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-06-29 05:24]
"CloneCDElbyCDFL"="C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-07 15:55]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24]
"LanguageShortcut"="C:\Programmer\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 14:10]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
GetRight - Tray Icon.lnk - C:\Programmer\GetRight\getright.exe [2006-12-14 22:32:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HPAiODevice(hp officejet d series) - 1.lnk]
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet d series) - 1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^VIA RAID TOOL.lnk]
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Piet Kakkar^Menuen Start^Programmer^Start^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Piet Kakkar^Menuen Start^Programmer^Start^Hewlett-Packard Recorder.lnk]
backup=C:\WINDOWS\pss\Hewlett-Packard Recorder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Piet Kakkar^Menuen Start^Programmer^Start^Screen Clipper and Launcher til OneNote 2007.lnk]
backup=C:\WINDOWS\pss\Screen Clipper and Launcher til OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Programmer\D-Tools\daemon.exe"  -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWH myPrintMileage Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programmer\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHBundle]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools]
C:\Programmer\XP Tools\xptools.exe /min

R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\system32\Drivers\HWFProt.sys
R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R1 TDI_RD;Norman Firewall TDI driver;\??\C:\WINDOWS\system32\drivers\tdi_rd.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Programmer\CyberLink\PowerDVD\000.fcl
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R2 Ndiskio;Ndiskio;\??\c:\norman\nse\bin\ndiskio.sys
R2 NPFSvc32;Norman Personal Firewall Service;"C:\Norman\npf\bin\npfsvc32.exe"
R2 NVOY;Norman V.O.Y.;C:\Norman\npm\bin\nvoy.exe
R2 SQLWriter;SQL Server VSS Writer;"C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 NPC;Norman Parental Control;C:\Norman\npc\bin\npcsvc32.exe
R3 NUAA;Norman User Activity Agent;C:\Norman\npc\bin\nuaa.exe
R3 nvcfsr;nvcfsr;\??\C:\NORMAN\Nvc\BIN\nvcfsr.sys
R3 nvcoafl51;nvcoafl51;\??\C:\NORMAN\Nvc\BIN\nvcoafl51.sys
R3 nvcoaft51;nvcoaft51;\??\C:\NORMAN\Nvc\BIN\nvcoaft51.sys
R3 nvcoarc51;nvcoarc51;\??\C:\NORMAN\Nvc\BIN\nvcoarc51.sys
R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe
R3 pctvnet;Pinnacle PCTV Ethernet Driver;C:\WINDOWS\system32\DRIVERS\pctvnet.sys
S0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys
S0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 12:26:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 11:34:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
Avatar billede arlet Juniormester
04. november 2007 - 18:49 #3
Gå lige ind i C:\WINDOWS\system32\C

Hvad ligger i den mappe??
Avatar billede pikak1 Nybegynder
04. november 2007 - 19:02 #4
der ligger to taomme mapper der hedder hhv. npc og under det en tom bin mappe
Avatar billede pikak1 Nybegynder
04. november 2007 - 19:03 #5
tomme mapper skulle der stå
Avatar billede pikak1 Nybegynder
04. november 2007 - 22:56 #6
nå men min PC er lige gået ned. Jeg ved ikke om det har direkte reference til disse operationer. WIndows XP splash screenen fremkommer kort og maskinen genstarter. Der foreslås fejlsikker tilstand, men den fejlsikre tilstand nås aldrig inden maskinen booter igen. Måske jeg skal oprette en ny tråd til dette spørgsmål?
Avatar billede pikak1 Nybegynder
04. november 2007 - 23:20 #7
jeg har oprettet en ny tråd
Avatar billede arlet Juniormester
05. november 2007 - 07:28 #8
Hold f8 nede, når du starter op, så benyt sidste kendte fungerende konfigutation
Avatar billede pikak1 Nybegynder
05. november 2007 - 08:16 #9
se denne tråd http://www.eksperten.dk/spm/804330
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Windows kategorien

Titel Indlæg Oprettet Seneste aktivitet
driver til platonic 3200, på win 10 Af Novice-1 i Windows 1 20/11/202419:06 20/11/202419:31
Ældre version af windows media player Af absalon i Windows 4 16/11/202422:42 17/11/202420:15
Telefonlink Af jesperodde i Windows 10 14/11/202412:43 I går 16:13
Lenovo bruger strøm selvom den er slukket. Af Magnus Allin i Windows 8 28/10/202411:10 30/10/202414:32
Kan man ændre farve på Proceslinjen ? (Windows 11) ... Af Ikke-ekspert i Windows 4 25/10/202412:00 25/10/202420:57
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
39 min siden Outlook henter ikke mails Af TTA i Office & Kontorpakker
51 min siden vise billeder i kartotek med store ikoner inklusive optagelsesdato Af Malm i Billedbehandling
I dag 13:35 Adobe Elements 2019, Organizer Crasher Af mort1 i Billedbehandling
I går 20:49 pop up black friday Af Malm i Virus
I går 18:31 Hvor finder jeg en netværksdriver? Af jcr18 i Wifi
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Test: Audi Q6 er en super fed SUV - men gør dig selv en tjeneste og kast flere penge efter den
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Stor sag mod Microsoft kan være på vej: Beskyldes for at låse Azure-kunder fast med ulovlige metoder
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
De ansatte elsker det, tech-cheferne hader det – og HP kaster milliarder efter det
Se alle »
White paper
Teaser billede
Er din cybersikkerhed klar til AI-revolutionen?
Læs mere »
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
SMB og cybertrusler: Brug sikkerhedsressourcerne optimalt
Styrk compliance, sikkerhed og overblik med ét hug
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »