StartupList report, 17.10.2007, 20:08:59 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Øystein\Mine dokumenter\Downloads\hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16544) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\EPSON\EBAPI\SAgent2.exe C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Programfiler\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Programfiler\F-Secure Internet Security\Common\FSMA32.EXE C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\F-Secure Internet Security\Common\FCH32.EXE C:\Programfiler\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Programfiler\F-Secure Internet Security\Common\FAMEH32.EXE C:\Programfiler\F-Secure Internet Security\FSPC\fspc.exe C:\Programfiler\PDF Complete\pdfsty.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\F-Secure Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Programfiler\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Programfiler\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Øystein\Mine dokumenter\Downloads\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart] EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray = C:\WINDOWS\system32\igfxtray.exe HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe Persistence = C:\WINDOWS\system32\igfxpers.exe PDF Complete = "C:\Programfiler\PDF Complete\pdfsty.exe" SetRefresh = C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe DLA = C:\WINDOWS\System32\DLA\DLACTRLW.EXE ISUSPM Startup = C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ISUSScheduler = "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install P17Helper = Rundll32 P17.dll,P17Helper NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit Recguard = C:\WINDOWS\Sminst\Recguard.exe Reminder = C:\WINDOWS\Creator\Remind_XP.exe Scheduler = C:\WINDOWS\SMINST\Scheduler.exe Telenor Online Start = "C:\Programfiler\Telenor\Online Start\Telenor.exe" ccApp = "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" osCheck = "C:\Programfiler\Norton Internet Security\osCheck.exe" Symantec PIF AlertEng = "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" QuickTime Task = "C:\Programfiler\QuickTime\QTTask.exe" -atboottime PCSuiteTrayApplication = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup iTunesHelper = "C:\Programfiler\iTunes\iTunesHelper.exe" F-Secure Manager = "C:\Programfiler\F-Secure Internet Security\Common\FSM32.EXE" /splash F-Secure TNB = "C:\Programfiler\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe swg = C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSMSGS = "C:\Programfiler\Messenger\msmsgs.exe" /background SUPERAntiSpyware = C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe PcSync = C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job Norton Internet Security Online - Kjør fullstendig systemsøk - Øystein.job -------------------------------------------------- Enumerating Download Program Files: [Office Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL CODEBASE = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab [Trend Micro ActiveX Scan Agent 6.6] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll CODEBASE = http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [BDSCANONLINE Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160745114140 [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160749061125 [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc4.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll -------------------------------------------------- End of report, 9 322 bytes Report generated in 0,031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only