zyx Skrevet 9. oktober 2008 Del Skrevet 9. oktober 2008 (endret) Hei, min fetter har hatt litt problemer med PCen som jeg regner meg skyldes noe malware av noe slag, i tillegg til popus så får man feilmeldinger fra bl.a. generic host processes for win32 og svchost når maskinen startet. Har kjørt guiden til Norbat og her er loggfilene, fint om noen kan ta en titt. MBAM Logg: Malwarebytes' Anti-Malware 1.28 Database versjon: 1248 Windows 5.1.2600 Service Pack 2 09.10.2008 18:52:56 mbam-log-2008-10-09 (18-52-51).txt Skanntype: Rask Skann Objekter skannet: 56654 Tid tilbakelagt: 1 minute(s), 20 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: C:\WINDOWS\system32\rs32net.exe (Trojan.Dropper) -> No action taken. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> No action taken. Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\rs32net.exe (Trojan.FakeAlert.H) -> No action taken. Combofix ComboFix 08-10-08.05 - gorana 2008-10-09 18:59:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1411 [GMT 2:00] Running from: C:\Documents and Settings\gorana\Skrivebord\Anti\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll C:\WINDOWS\system32\x64 E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 ))))))))))))))))))))))))))))))) . 2008-10-09 18:41 . 2008-10-09 18:52 <DIR> dr-h----- C:\Documents and Settings\gorana\Siste 2008-10-09 18:36 . 2008-10-09 18:36 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-09 18:36 . 2008-10-09 18:36 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-09 18:36 . 2008-10-09 18:36 <DIR> d-------- C:\Documents and Settings\gorana\Programdata\Malwarebytes 2008-10-09 18:36 . 2008-10-09 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-09 18:36 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-09 18:36 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-07 22:08 . 2008-10-07 22:08 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData 2008-10-07 21:51 . 2008-10-07 21:51 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter 2008-10-03 10:33 . 2008-10-03 10:33 <DIR> d-------- C:\Programfiler\iTunes 2008-10-03 10:33 . 2008-10-03 10:33 <DIR> d-------- C:\Programfiler\iPod 2008-10-03 10:33 . 2008-10-03 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-12 10:35 . 2008-09-12 10:35 <DIR> d-------- C:\Programfiler\Bonjour 2008-09-12 10:34 . 2008-09-12 10:35 <DIR> d-------- C:\Programfiler\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 17:04 --------- d-----w C:\Programfiler\Symantec AntiVirus 2008-10-01 11:01 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-12 08:34 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-09-10 09:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-08-21 14:04 --------- d-----w C:\Programfiler\Apple Software Update . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "LightScribe Control Panel"="C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="C:\Programfiler\PDF Complete\pdfsty.exe" [2007-05-08 331552] "PTHOSTTR"="C:\Programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 138008] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 162584] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 138008] "hpWirelessAssistant"="C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840] "CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 1187840] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 806912] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 697976] "HP Software Update"="c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 124928] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 125632] "SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576] "MsmqIntCert"="mqrt.dll" [2007-07-06 C:\WINDOWS\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2008-01-02 192512] PC-s›k i Windows.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1708537768-2146749427-839522115-1147\Scripts\Logon\0\0] "Script"=nopopup.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1708537768-2146749427-839522115-1185\Scripts\Logon\0\0] "Script"=nopopup.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1708537768-2146749427-839522115-1185\Scripts\Logon\1\0] "Script"=nopopup.vbs [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1wexx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2hoxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2xfxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3pwxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4bixx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6kxxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6wgxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7jqxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\WINDOWS\\SMINST\\Scheduler.exe"= "C:\\WINDOWS\\system32\\mstsc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-04-22 100095] R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 44720] R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 13696] R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-22 5808] R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 HpFkCryptService;Drive Encryption Service;c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184] R2 pdfcDispatcher;PDF Document Manager;C:\Programfiler\PDF Complete\pdfsvc.exe [2007-05-08 540448] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608] S2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-10-01 32000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Programfiler\Fellesfiler\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-10-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.vg.no/ R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O16 -: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab C:\WINDOWS\Downloaded Program Files\navigram.inf . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 19:04:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe?????????T??????????????|?M?|?????M?|&?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="C:\Programfiler\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\msdtc.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Symantec AntiVirus\SavRoam.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\searchindexer.exe C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Hewlett-Packard\Shared\HpqToaster.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\WINDOWS\system32\scardsvr.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2008-10-09 19:08:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-09 17:08:44 Pre-Run: 77 446 549 504 byte ledig Post-Run: 77,679,599,616 byte ledig 200 --- E O F --- 2008-09-16 09:00:30 Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:10, on 2008-10-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\PDF Complete\pdfsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programfiler\PDF Complete\pdfsty.exe C:\Programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\AccelerometerSt.exe C:\Programfiler\Hewlett-Packard\Shared\HpqToaster.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programfiler\Windows Desktop Search\WindowsSearch.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\gorana\Skrivebord\Anti\jiytrd.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [PDF Complete] "C:\Programfiler\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grim.intra O17 - HKLM\Software\..\Telephony: DomainName = grim.intra O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grim.intra O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grim.intra O20 - AppInit_DLLs: APSHook.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programfiler\PDF Complete\pdfsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe -- End of file - 10988 bytes Endret 9. oktober 2008 av zyx Lenke til kommentar
norbat Skrevet 9. oktober 2008 Del Skrevet 9. oktober 2008 Ser greit ut dette. Hvordan kjører pc'n? Lenke til kommentar
zyx Skrevet 9. oktober 2008 Forfatter Del Skrevet 9. oktober 2008 Nå ser det ut til å fungere ganske bra, feilmeldingene og pop-ups er borte er borte Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå