ssssss Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 (endret) Her er loggfilene fra RSIT.exe: Logg: Klikk for å se/fjerne innholdet nedenfor Logfile of random's system information tool 1.05 (written by random/random)Run by Susanne at 2008-12-20 16:05:12 Microsoft Windows XP Professional Service Pack 3 System drive C: has 90 GB (79%) free of 114 GB Total RAM: 1023 MB (44% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:05:25, on 20.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Hotkey Management\FuncKey.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Norman\Npm\bin\ZLH.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\Program Files\Apoint2K\Apntex.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe E:\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\Susanne.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188123444750 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/5026/...PSUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 13143 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Se etter oppdateringer for Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Koblingshjelpeprogram for Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Påloggingshjelp for Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-13 2419776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-13 2419776] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7585792] "nwiz"=nwiz.exe /install [] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-10-02 151552] "PowerManager"=C:\Program Files\Power Manager\PM.exe [2006-10-09 151552] "FuncKey"=C:\Program Files\Hotkey Management\FuncKey.exe [2006-10-09 139264] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-04-15 45056] "Norman ZANDA"=C:\Norman\Npm\bin\ZLH.EXE [2008-06-02 273520] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] ""= [] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280] "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472] "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728] "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144] "IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2006-10-26 132704] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-14 68856] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-07 67128] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Documents and Settings\Susanne\Start Menu\Programs\Startup OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2008-12-20 16:05:12 ----D---- C:\rsit 2008-12-20 16:05:12 ----D---- C:\Program Files\trend micro 2008-12-15 22:14:52 ----D---- C:\Documents and Settings\Susanne\Application Data\Malwarebytes 2008-12-15 22:14:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-15 22:14:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-12-15 18:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-12-15 18:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-12-15 14:46:57 ----SHD---- C:\Config.Msi 2008-12-14 23:21:01 ----D---- C:\WINDOWS\Prefetch 2008-12-14 23:16:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-12-14 23:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-12-14 23:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-12-14 23:15:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-12-14 23:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-12-14 23:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-12-14 23:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-12-14 23:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-14 23:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-12-14 23:14:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-12-14 23:14:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-12-14 23:14:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-12-14 23:14:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-12-14 23:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-12-14 23:13:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-12-14 23:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-12-14 23:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-12-14 23:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-12-14 23:12:59 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-12-14 23:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-12-14 23:01:57 ----D---- C:\WINDOWS\system32\scripting 2008-12-14 23:01:56 ----D---- C:\WINDOWS\l2schemas 2008-12-14 23:01:54 ----D---- C:\WINDOWS\system32\en 2008-12-14 23:01:53 ----D---- C:\WINDOWS\system32\bits 2008-12-14 22:50:56 ----D---- C:\WINDOWS\ServicePackFiles 2008-12-14 22:24:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-12-10 17:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-10 17:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-10 17:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$ 2008-12-10 17:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$ 2008-12-05 17:18:41 ----A---- C:\Documents and Settings\All Users\Application Data\ISx16.tmp 2008-12-05 17:12:31 ----A---- C:\Documents and Settings\All Users\Application Data\ISx12.tmp 2008-12-05 17:10:47 ----A---- C:\Documents and Settings\All Users\Application Data\ISx11.tmp 2008-11-29 15:55:25 ----D---- C:\Program Files\iPod 2008-11-29 15:55:20 ----D---- C:\Program Files\iTunes 2008-11-29 15:55:20 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-29 15:51:59 ----D---- C:\Program Files\QuickTime 2008-11-27 19:02:47 ----D---- C:\Program Files\MPD ======List of files/folders modified in the last 1 months====== 2008-12-20 16:05:12 ----RD---- C:\Program Files 2008-12-20 16:01:53 ----D---- C:\WINDOWS\Temp 2008-12-20 16:01:51 ----AD---- C:\WINDOWS\system32 2008-12-20 16:01:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-12-20 16:00:54 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-20 16:00:48 ----SD---- C:\WINDOWS\Tasks 2008-12-20 15:58:21 ----D---- C:\WINDOWS\system32\drivers 2008-12-20 15:58:15 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt 2008-12-20 15:57:54 ----D---- C:\WINDOWS 2008-12-20 15:57:37 ----D---- C:\WINDOWS\Registration 2008-12-20 15:57:29 ----D---- C:\Norman 2008-12-17 19:07:29 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-15 21:44:07 ----HD---- C:\WINDOWS\inf 2008-12-15 21:26:13 ----D---- C:\Program Files\Bonjour 2008-12-15 18:06:46 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-12-15 18:03:55 ----A---- C:\WINDOWS\imsins.BAK 2008-12-15 14:49:44 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-15 14:47:19 ----SHD---- C:\WINDOWS\Installer 2008-12-15 14:44:17 ----A---- C:\WINDOWS\OEWABLog.txt 2008-12-14 23:21:26 ----A---- C:\WINDOWS\setuplog.txt 2008-12-14 23:20:20 ----D---- C:\WINDOWS\system32\Setup 2008-12-14 23:20:20 ----D---- C:\Program Files\Messenger 2008-12-14 23:20:19 ----D---- C:\WINDOWS\system32\wbem 2008-12-14 23:20:19 ----D---- C:\WINDOWS\AppPatch 2008-12-14 23:20:18 ----RSD---- C:\WINDOWS\Fonts 2008-12-14 23:19:15 ----D---- C:\WINDOWS\security 2008-12-14 23:16:51 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-14 23:08:38 ----RSD---- C:\WINDOWS\assembly 2008-12-14 23:03:21 ----D---- C:\WINDOWS\WinSxS 2008-12-14 23:02:41 ----D---- C:\WINDOWS\system32\inetsrv 2008-12-14 23:02:40 ----D---- C:\WINDOWS\network diagnostic 2008-12-14 23:02:40 ----D---- C:\WINDOWS\ime 2008-12-14 23:02:40 ----D---- C:\WINDOWS\Help 2008-12-14 23:02:04 ----D---- C:\WINDOWS\system32\en-US 2008-12-14 23:02:04 ----AD---- C:\WINDOWS\system32\oobe 2008-12-14 23:02:03 ----D---- C:\WINDOWS\system32\usmt 2008-12-14 23:01:53 ----D---- C:\WINDOWS\PeerNet 2008-12-14 23:01:53 ----D---- C:\Program Files\Movie Maker 2008-12-14 22:50:08 ----D---- C:\WINDOWS\system32\Restore 2008-12-14 22:50:07 ----D---- C:\WINDOWS\system32\npp 2008-12-14 22:50:06 ----D---- C:\WINDOWS\mui 2008-12-14 22:49:50 ----D---- C:\WINDOWS\msagent 2008-12-14 22:49:35 ----D---- C:\WINDOWS\srchasst 2008-12-14 22:49:26 ----D---- C:\Program Files\NetMeeting 2008-12-14 22:49:16 ----D---- C:\WINDOWS\system32\Com 2008-12-14 22:48:59 ----D---- C:\Program Files\Windows NT 2008-12-14 22:48:59 ----D---- C:\Program Files\Outlook Express 2008-12-14 22:48:49 ----D---- C:\Program Files\Common Files\System 2008-12-14 22:47:14 ----D---- C:\WINDOWS\system 2008-12-14 22:35:37 ----D---- C:\Programfiler 2008-12-14 22:34:07 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-12-14 22:24:35 ----D---- C:\WINDOWS\ehome 2008-12-14 21:24:55 ----D---- C:\Documents and Settings\Susanne\Application Data\Google 2008-12-14 21:15:52 ----D---- C:\Documents and Settings\Susanne\Application Data\CD-LabelPrint 2008-12-14 21:15:52 ----D---- C:\Documents and Settings\Susanne\Application Data\Canon 2008-12-14 21:15:52 ----D---- C:\Documents and Settings\Susanne\Application Data\ArcSoft 2008-12-14 21:15:52 ----D---- C:\Documents and Settings\Susanne\Application Data\Apple Computer 2008-12-14 21:15:52 ----D---- C:\Documents and Settings\Susanne\Application Data\AdobeUM 2008-12-14 21:15:52 ----D---- C:\Documents and Settings\Susanne\Application Data\AdobeAUM 2008-12-14 18:03:04 ----D---- C:\WINDOWS\Minidump 2008-12-12 21:13:42 ----D---- C:\Program Files\Paint.NET 2008-12-10 17:53:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-12-10 17:52:08 ----D---- C:\Program Files\Internet Explorer 2008-12-10 17:51:56 ----D---- C:\WINDOWS\ie7updates 2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe 2008-12-08 17:22:20 ----D---- C:\Documents and Settings\Susanne\Application Data\LimeWire 2008-12-07 17:59:04 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-12-07 11:44:55 ----D---- C:\Documents and Settings\Susanne\Application Data\gtk-2.0 2008-11-29 15:55:24 ----D---- C:\Program Files\Common Files\Apple 2008-11-27 18:59:01 ----SD---- C:\Documents and Settings\Susanne\Application Data\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520] R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 WINIO;WINIO; \??\C:\WINDOWS\system32\WinIo.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544] R2 Ndiskio;Ndiskio; \??\C:\Norman\Nse\bin\NDISKIO.SYS [] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2006-09-25 113152] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2006-02-07 935424] R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-02-07 196608] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184] R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592] R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys [] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3687008] R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-09 34176] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-09 13184] R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 11136] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-07-03 217600] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2006-02-07 672256] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-12-06 14080] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys [] S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys [] S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2005-12-06 2010240] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-06 39424] S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-12-06 1103488] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nvcfsr;nvcfsr; \??\C:\Norman\Nvc\bin\nvcfsr.sys [] S3 nvcoafl51;nvcoafl51; \??\C:\Norman\Nvc\bin\nvcoafl51.sys [] S3 nvcoaft51;nvcoaft51; \??\C:\Norman\Nvc\bin\nvcoaft51.sys [] S3 nvcoarc51;nvcoarc51; \??\C:\Norman\Nvc\bin\nvcoarc51.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Bonjour-tjeneste; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-06-29 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 eLoggerSvc6;Norman eLogger service 6; C:\Norman\Npm\bin\ELOGSVC.EXE [2007-08-30 150584] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 Norman ZANDA;Norman ZANDA; C:\Norman\Npm\Bin\Zanda.exe [2008-04-23 408696] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-16 143426] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 iPod Service;iPod-tjeneste; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] R3 Norman NJeeves;Norman NJeeves; C:\Norman\Npm\bin\NJEEVES.EXE [2008-03-27 150584] R3 nsesvc;Norman Scanner Engine Service; C:\Norman\nse\bin\NSESVC.EXE [2008-06-19 322616] R3 nvcoas;Norman Virus Control on-access component; C:\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352] R3 NVCScheduler;Norman Virus Control Scheduler; C:\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-13 138168] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader-tjeneste; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- Info: info.txt logfile of random's system information tool 1.05 2008-12-20 16:05:28 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0414-0000-0000000FF1CE} /uninstall {3FE135E8-2B21-44ED-99CA-87C782C4F5F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0814-0000-0000000FF1CE} /uninstall {63BBC1EA-E390-403D-BFDE-B53E1D23FF46} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0414-0000-0000000FF1CE} /uninstall {3CC75FEB-8AA6-43F5-958E-0D074633CB2E} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0414-0000-0000000FF1CE} /uninstall {7C86509D-1CB7-48BE-813E-6585CD97626B} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A81200000003} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9 Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Brukerregistrering for Canon MP600R-->C:\Program Files\Canon\IJEREG\MP600R\UNINST.EXE Canon IJ Network Scan Utility-->C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE Canon IJ Network Tool-->C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP600R-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600R\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600R /L0x0014 Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9} Drivrutiner for Logitech® Camera-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Feed-detektor for Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{20E4FE32-6A56-4CD3-8DDE-56C360D3727A} Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001\HXFSETUP.EXE -U -IPDAZLCMpK.inf High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotkey 1.1.7-->"C:\Program Files\Hotkey Management\unins000.exe" iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe" Localization Pack for Microsoft Windows XP Media Center Edition-->MsiExec.exe /I{075443E5-5426-4B1E-B8E7-CC23A0BB87E6} Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x14 UNINSTALL Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x14 Macromedia Flash Player 8-->MsiExec.exe /X{0A28C610-EE06-4A33-BB56-A2155B524916} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Mat på Data 5.0-->"C:\Program Files\MPD\unins000.exe" MCE Software Encoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1 Norwegian Language Pack-->MsiExec.exe /X{3EAC35F4-FF26-4123-9404-0B5B93DAB570} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NOR-->MsiExec.exe /I{8BFBADC2-C108-3153-8097-8F8C27743D36} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NOR-->MsiExec.exe /I{D588BCF9-803F-3E89-AC4F-BE04C9D39E3D} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - nor-->MsiExec.exe /I{91142D56-7A29-37FE-AA96-A76BA0D8BC26} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0016-0414-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-00A1-0414-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0018-0414-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (Norwegian (Bokmål))-->MsiExec.exe /X{95120000-00AF-0414-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE} Microsoft Office Proof (Norwegian (Nynorsk)) 2007-->MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE} Microsoft Office Proofing (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-002C-0414-0000-0000000FF1CE} Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-006E-0414-0000-0000000FF1CE} Microsoft Office Word MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001B-0414-0000-0000000FF1CE} Microsoft Works-->MsiExec.exe /I{F22E8D16-0D5E-4B25-A630-F1361E6B02D2} MobileMe-kontrollpanel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658} MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Nikon FotoShare-->C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL Norman Virus Control-->C:\Norman\NVC\BIN\DelNVC5.exe NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{3A905228-1093-4625-BCB0-0A71DEDE83BB} Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E} PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL Popup-blokkering (Windows Live Toolbar)-->MsiExec.exe /X{4F4913A9-700B-4C4F-8170-FDB145FF2E11} Power Manager 2.1.4-->"C:\Program Files\Power Manager\unins000.exe" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Påloggingsassistent for Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Smartmenyer (Windows Live Toolbar)-->MsiExec.exe /X{12841457-E894-476B-B4AA-09F403E7B7C6} Sony Ericsson PC Suite-->MsiExec.exe /I{26B5D684-75D6-44B9-BBFF-D4100F43092A} Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL Språkpakke for Microsoft .NET Framework 3.5 – NOR-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - nor\setup.exe Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Utvidelse for Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{DC752A56-5572-454C-9695-154ED6C1A5AB} Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{4218D9DC-282B-4596-BEA5-F20560C14400} Windows Live Messenger-->MsiExec.exe /X{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6} Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{9CD62AAC-122D-4B9A-A46C-7EC2F566307B} Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C887E8F1-6500-46EA-BF73-3EF636159444} Windows Live Toolbar-->MsiExec.exe /X{C887E8F1-6500-46EA-BF73-3EF636159444} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Media Center Edition 2005 KB919803-->"C:\WINDOWS\$NtUninstallKB919803$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Security center information====== AV: Norman Virus Control ver. 5.99 (outdated) System event log Computer Name: PC2 Event Code: 7036 Message: Tjenesten Windows Image Acquisition (WIA) gikk inn i tilstanden Kjører. Record Number: 33465 Source Name: Service Control Manager Time Written: 20081127153147.000000+060 Event Type: Informasjon User: Computer Name: PC2 Event Code: 4201 Message: Fant at nettverkskortet \DEVICE\TCPIP_{947091C3-E28A-4CC6-B567-BDF7DF2ECFA0} var koblet til nettverket, og har startet normal operasjon over nettverkskortet. Record Number: 33464 Source Name: Tcpip Time Written: 20081127153144.000000+060 Event Type: Informasjon User: Computer Name: PC2 Event Code: 18 Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device. Record Number: 33463 Source Name: BTHUSB Time Written: 20081127153142.000000+060 Event Type: Advarsel User: Computer Name: PC2 Event Code: 4201 Message: Fant at nettverkskortet \DEVICE\TCPIP_{947091C3-E28A-4CC6-B567-BDF7DF2ECFA0} var koblet til nettverket, og har startet normal operasjon over nettverkskortet. Record Number: 33462 Source Name: Tcpip Time Written: 20081126234730.000000+060 Event Type: Informasjon User: Computer Name: PC2 Event Code: 7036 Message: Tjenesten Windows Image Acquisition (WIA) gikk inn i tilstanden Kjører. Record Number: 33461 Source Name: Service Control Manager Time Written: 20081126234725.000000+060 Event Type: Informasjon User: Application event log Computer Name: PC2 Event Code: 103 Message: MsnMsgr (2928) \\.\C:\Documents and Settings\Susanne\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4868_A3F4_68A3_DEC6\dfsr.db: The database engine stopped the instance (0). Record Number: 7406 Source Name: ESENT Time Written: 20081009232008.000000+120 Event Type: Informasjon User: Computer Name: PC2 Event Code: 102 Message: MsnMsgr (2928) \\.\C:\Documents and Settings\Susanne\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4868_A3F4_68A3_DEC6\dfsr.db: The database engine started a new instance (0). Record Number: 7405 Source Name: ESENT Time Written: 20081009201445.000000+120 Event Type: Informasjon User: Computer Name: PC2 Event Code: 100 Message: MsnMsgr (2928) The database engine 5.01.2600.2780 started. Record Number: 7404 Source Name: ESENT Time Written: 20081009201445.000000+120 Event Type: Informasjon User: Computer Name: PC2 Event Code: 101 Message: MsnMsgr (2928) The database engine stopped. Record Number: 7403 Source Name: ESENT Time Written: 20081009201038.000000+120 Event Type: Informasjon User: Computer Name: PC2 Event Code: 103 Message: MsnMsgr (2928) \\.\C:\Documents and Settings\Susanne\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_4868_A3F4_68A3_DEC6\dfsr.db: The database engine stopped the instance (0). Record Number: 7402 Source Name: ESENT Time Written: 20081009201038.000000+120 Event Type: Informasjon User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%NpmLib%;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4802 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "NpmLib"=C:\Norman\Npm\Bin "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- Endret 20. desember 2008 av Zeph Lenke til kommentar
raWrz Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 (endret) Last ned Combofix (av sUBs), og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du får et spørsmål om at "Roughly 1/100 machines failed to make it through the disinfection process!! Are you sure you want to do this??" - Svar Yes Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Hva gjør ComboFix: - ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre. PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det. Post loggfilen fra Combofix (c:\combofix.txt) ------------------------------------------------ Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt. [*]Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig. La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies Endret 20. desember 2008 av Submit Lenke til kommentar
ssssss Skrevet 20. desember 2008 Forfatter Del Skrevet 20. desember 2008 (endret) Har kjørt ComboFix. Her er loggen som kom opp: På forhånd takk for hjelpen Klikk for å se/fjerne innholdet nedenfor ComboFix 08-12-18.03 - Susanne 2008-12-20 18:04:24.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.452 [GMT 1:00] Running from: E:\ComboFix2.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . The following files were disabled during the run: c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Susanne\Application Data\Google\fhexj6825097.exe c:\documents and settings\Susanne\Application Data\Google\mjkdpl.dll c:\windows\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 ))))))))))))))))))))))))))))))) . 2008-12-20 18:00 . 2008-12-20 18:00 <DIR> d-------- c:\windows\LastGood 2008-12-20 16:05 . 2008-12-20 16:05 <DIR> d-------- C:\rsit 2008-12-20 16:05 . 2008-12-20 16:05 <DIR> d-------- c:\program files\trend micro 2008-12-20 16:01 . 2008-12-13 07:40 3,593,216 --a------ c:\windows\system32\SET9.tmp 2008-12-15 22:14 . 2008-12-15 22:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-15 22:14 . 2008-12-15 22:14 <DIR> d-------- c:\documents and settings\Susanne\Application Data\Malwarebytes 2008-12-15 22:14 . 2008-12-15 22:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-15 22:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-15 22:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-14 23:01 . 2008-12-14 23:01 <DIR> d-------- c:\windows\system32\scripting 2008-12-14 23:01 . 2008-12-14 23:01 <DIR> d-------- c:\windows\system32\en 2008-12-14 23:01 . 2008-12-14 23:01 <DIR> d-------- c:\windows\system32\bits 2008-12-14 23:01 . 2008-12-14 23:01 <DIR> d-------- c:\windows\l2schemas 2008-12-14 22:50 . 2008-12-14 23:03 <DIR> d-------- c:\windows\ServicePackFiles 2008-11-29 15:55 . 2008-11-29 15:55 <DIR> d-------- c:\program files\iTunes 2008-11-29 15:55 . 2008-11-29 15:55 <DIR> d-------- c:\program files\iPod 2008-11-29 15:55 . 2008-11-29 15:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-29 15:51 . 2008-11-29 15:52 <DIR> d-------- c:\program files\QuickTime 2008-11-27 19:02 . 2008-11-27 21:34 <DIR> d-------- c:\program files\MPD . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-15 20:26 --------- d-----w c:\program files\Bonjour 2008-12-14 20:15 --------- d-----w c:\documents and settings\Susanne\Application Data\CD-LabelPrint 2008-12-14 20:15 --------- d-----w c:\documents and settings\Susanne\Application Data\Canon 2008-12-14 20:15 --------- d-----w c:\documents and settings\Susanne\Application Data\ArcSoft 2008-12-14 20:15 --------- d-----w c:\documents and settings\Susanne\Application Data\Apple Computer 2008-12-14 20:15 --------- d-----w c:\documents and settings\Susanne\Application Data\AdobeUM 2008-12-14 20:15 --------- d-----w c:\documents and settings\Susanne\Application Data\AdobeAUM 2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-12 20:13 --------- d-----w c:\program files\Paint.NET 2008-12-10 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-08 16:22 --------- d-----w c:\documents and settings\Susanne\Application Data\LimeWire 2008-12-07 10:44 --------- d-----w c:\documents and settings\Susanne\Application Data\gtk-2.0 2008-12-05 16:10 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2008-11-29 14:55 --------- d-----w c:\program files\Common Files\Apple 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-05-08 19:54 272 ----a-w c:\documents and settings\Susanne\Application Data\wklnhst.dat 2008-05-05 16:15 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2007-08-26 14:02 0 ----a-w c:\documents and settings\Toril\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 68856] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-07 67128] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7585792] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-10-02 151552] "PowerManager"="c:\program files\Power Manager\PM.exe" [2006-10-09 151552] "FuncKey"="c:\program files\Hotkey Management\FuncKey.exe" [2006-10-09 139264] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056] "Norman ZANDA"="c:\norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280] "LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472] "LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-10-26 132704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "nwiz"="nwiz.exe" [2006-08-16 c:\windows\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\Susanne\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-07 67128] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-13 118784] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2007-08-26 20448] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-07-02 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-08-26 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\norman\Nvc\bin\nvcoas.exe" [2008-01-29 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE [2007-08-26 146488] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2006-10-24 217600] S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys [2007-08-26 6712] S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl51.sys [2007-08-26 30264] S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft51.sys [2007-08-26 129848] S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc51.sys [2007-08-26 23224] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2007-12-25 32000] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-12-20 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHANS REMOVED - - - - HKLM-RunOnce-<NO NAME> - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.no/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader4.ocx O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxps://asp.photoprintit.de/microsite/5026/defaults/activex/ips/IPSUploader4.cab c:\windows\Downloaded Program Files\IPSUploader4.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-20 18:08:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-12-20 18:10:01 ComboFix-quarantined-files.txt 2008-12-20 17:09:56 Pre-Run: 94 861 647 872 bytes free Post-Run: 95,297,282,048 byte ledig 195 --- E O F --- 2008-12-20 17:02:43 Endret 20. desember 2008 av Zeph Lenke til kommentar
Zeph Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 (endret) Eg har slått saman to trådar, det blir lettast om du held all informasjon i same tråd. Har også putta logger i skjult-tag, då blir det mykje lettare å halde oversikten. Endret 20. desember 2008 av Zeph Lenke til kommentar
raWrz Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 (endret) Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: c:\windows\system32\SET9.tmp c:\windows\system32\drivers\lvuvc.hs Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. edit: og kjør combofix fra skriverborde neste gang Endret 20. desember 2008 av Submit Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå