brickhead Skrevet 2. januar 2009 Del Skrevet 2. januar 2009 Det er minst ett åpenbart tilfelle av malware i rapporten fra HijackThis: ORZ.EXE http://www.prevx.com/filenames/22450980194...X1/ORZ.EXE.html Vil du at jeg skal laste det ned? Jeg kan ikke anbefale et verktøy jeg ikke kjenner (det er ofte sånn man skaffer seg problemer i utgangspunktet). Informasjonen på den siden kan derimot være interessant. Lenke til kommentar
droll Skrevet 2. januar 2009 Del Skrevet 2. januar 2009 (endret) Vil du at jeg skal laste det ned? Det vil'n sikker ikke siden det ikke er en nedlastings link,du kan trygt klikke på linken .....se igjennom scan loggen din, står litt om fila ( orz.exe )her også . Arne Kjetil Endret 2. januar 2009 av droll Lenke til kommentar
Pentumsmart Skrevet 3. januar 2009 Forfatter Del Skrevet 3. januar 2009 Leste litt av den linken du gav meg nå. Sto veldig mye. og det er jo tydelivis et slags virus. Jeg skulle googla meg frem til svar om hvordan fjerne det osv, men nå funker faktisk ikke google i det hele tatt. Alt endre med møkka linker. Rart, jeg trodde mange ville kjenne dette problemet og at jeg faktisk fikk løsning fort Så alvorlig! Må virkelig skaffe meg ny PC snart (bærbar). Lenke til kommentar
snippsat Skrevet 3. januar 2009 Del Skrevet 3. januar 2009 (endret) Start->kjør->cmd Skriv inn fet tekst sc stop ServerTime sc delete ServerTime Last ned Avenger Kopiere fet tekst,start avenger lim tekst inn i "input script here" Trykk på execute knappen. Files to delete: C:\DOCUME~1\Sami\LOKALE~1\Temp\orz.exe C:\DOCUME~1\Sami\LOKALE~1\Temp\nslA.tmp\NM.exe Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: (no name) - {23810E41-E9B0-4743-B8B6-1E4344568D69} - C:\WINDOWS\system32\ergewb.dll (file missing) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programfiler\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\Sami\LOKALE~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKCU\..\Run: [KimPossibleSetup.exe] C:\DOWNLO~1\KIMPOS~1.EXE /r O20 - Winlogon Notify: qvtjwnmg - qvtjwnmg.dll (file missing) O20 - Winlogon Notify: urqommn - urqommn.dll (file missing) O23 - Service: ServerTime - Unknown owner - C:\DOCUME~1\Sami\LOKALE~1\Temp\orz.exe Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Last ned OTViewIt til skrivebordet. Steng alle vinduer dobbelklikk på OTviewlt. Merk av på "scan all user" boks. KLikk på "Run Scan" la programmet kjøre. Ferdig vil den lage to logger,post OTViewIt.txt og Extras.txt i din neste post. Endret 3. januar 2009 av SNIPPSAT Lenke til kommentar
Pentumsmart Skrevet 3. januar 2009 Forfatter Del Skrevet 3. januar 2009 Før jeg går videre til HijackThis, når jeg skal trykke Execute i avenger, kommer meldinen: A valid script must begin with a command directive. Aborting execution! Hva gjør jeg galt? Lenke til kommentar
snippsat Skrevet 3. januar 2009 Del Skrevet 3. januar 2009 (endret) Mulig den ikke greier dos-navn DOCUME~1 = Documents and Settings Finn filene og skriv inn korrekt path(vei) Alternativ last ned Killbox bla deg frem og slett de filene. Endret 3. januar 2009 av SNIPPSAT Lenke til kommentar
Pentumsmart Skrevet 3. januar 2009 Forfatter Del Skrevet 3. januar 2009 Finner ingen "LOKALE~1\Temp" i Documents and settings>Sami. Bare noe som heter Local settings. Og der bare application data og inni der RcIncidents som er en mappe og ikke inneholder noe. Lenke til kommentar
snippsat Skrevet 3. januar 2009 Del Skrevet 3. januar 2009 Du må gjøre dette for og se alt. Kontrolpanel->mappealternativer->vis-> Sett hake på "vis skjulte filer og mapper" Fjern hake på "skjul beskyttede oprativsystem filer" Lenke til kommentar
Nytelse Skrevet 3. januar 2009 Del Skrevet 3. januar 2009 (endret) Hva med følgende: Start i safe mode. Start-kjør-cmd.exe og ok. i DOS prompt skriver du cd %temp% skriv så dir da skal det stå C:\DOCUME~1\Sami\LOKALE~1\Temp\ eller C:\DOCUMENTS AND SETTINGS\Sami\LOKALE INNSTILLINGER\Temp\ så skriver du del . og svarer Y eller J avhengig av norsk engelsk. Da blir filen borte. mvh Nytelse Endret 3. januar 2009 av Nytelse Lenke til kommentar
Pentumsmart Skrevet 3. januar 2009 Forfatter Del Skrevet 3. januar 2009 (endret) brickhead: Prøvde å lete etter C:\DOCUME~1\Sami\LOKALE~1\Temp\orz.exe og C:\DOCUME~1\Sami\LOKALE~1\Temp\nslA.tmp\NM.exe selv, men fant det ikke. Lastet ned Killbox som du gav meg link til og den fant jeg det nesten med en gang. Fjernet enkelt og greit. Kjørte HijackThis og slettet alt du sa, men det var en som ikke var der: O23 - Service: ServerTime - Unknown owner - C:\DOCUME~1\Sami\LOKALE~1\Temp\orz.exe Kanskje fordi jeg allerede hadde slettet orz.exe? Kjørte CCleaner og krysset av de du ba om, og til slutt var alt slettet. Men alt av nederste ting under avanasert der man skulle krysse av under "Windows" var ikke krysset av fra før, bare "IIS loggfiler". vet ikke om det har noe å si, bare en note. ble heller ikke spurt om ta backup etter. Kjørte OTViewIt og gjorde det du sa. Loggene: Extras.Txt: OTViewIt Extras logfile created on: 03.01.2009 15:30:45 - Run OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sami\Lokale innstillinger\Temporary Internet Files\Content.IE5\MLQ0CWF0 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 63,37% Memory free 2,11 Gb Paging File | 1,66 Gb Available in Paging File | 78,83% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 145,46 Gb Total Space | 21,74 Gb Free Space | 14,95% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SAMI Current User Name: Sami Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days "Use My Stylesheet"= ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DisableNotifications"=0 "DoNotAllowExceptions"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2004.08.04 09:03:36 | 00,140,288 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2006.07.06 09:49:52 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2007.10.18 11:34:28 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007.07.16 17:14:40 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2004.08.04 09:03:36 | 00,140,288 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found -- C:\Programfiler\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe File not found -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer [2008.03.26 18:30:52 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Programfiler\LimeWire\LimeWire.exe:*:Enabled:LimeWire [2008.04.20 21:24:19 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Programfiler\Azureus\Azureus.exe:*:Enabled:Azureus File not found -- C:\TvNoo.exe:*:Enabled:TvNoo File not found -- C:\Documents and Settings\Sami\Lokale innstillinger\Temporary Internet Files\Content.IE5\LQBH56KA\viviplay[1].exe:*:Enabled:ViViMediaPlay [2004.08.04 09:03:36 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-programdeling [2004.08.04 09:03:31 | 00,768,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Fjernhjelp - Windows Messenger og Stemme File not found -- C:\Programfiler\Sports Interactive\Football Manager 2006\fm.exe:*:Enabled:Football Manager 2006 [2008.10.15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer File not found -- C:\Programfiler\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home File not found -- C:\utorrent.exe:*:Enabled:µTorrent [2008.11.11 16:29:18 | 00,086,077 | ---- | M] (Valve) -- C:\Programfiler\Steam\steamapps\pentumsmart\condition zero\hl.exe:*:Enabled:Half-Life Launcher File not found -- C:\Documents and Settings\Sami\Lokale innstillinger\Temporary Internet Files\Content.IE5\MZ84PT3Q\TvNoo[1].exe:*:Enabled:TvNoo[1] File not found -- C:\Programfiler\TVAnts\Tvants.exe:*:Enabled:TVAnts File not found -- C:\Programfiler\PPLive\PPLive.exe:*:Enabled:PPLive File not found -- C:\Documents and Settings\Sami\Lokale innstillinger\Temporary Internet Files\Content.IE5\4D4JCZWZ\ViViPlay[1].exe:*:Enabled:ViViMediaPlay File not found -- C:\Documents and Settings\Sami\Lokale innstillinger\Temporary Internet Files\Content.IE5\4KWI9ZSH\TvNoo[1].exe:*:Enabled:TvNoo[1] File not found -- C:\TvNoo-.105.exe:*:Enabled:TvNoo-.105 File not found -- C:\Programfiler\SopCast\SopCast.exe:*:Enabled:SopCast [2008.11.09 19:34:01 | 00,086,077 | ---- | M] (Valve) -- C:\Programfiler\Steam\steamapps\pentumsmart\counter-strike\hl.exe:*:Enabled:Half-Life Launcher File not found -- C:\Programfiler\Steam\steamapps\pentumsmart\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher [2006.07.06 09:49:52 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 File not found -- C:\Programfiler\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s File not found -- C:\Programfiler\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 File not found -- C:\Documents and Settings\Sami\Programdata\SopCast\adv\SopAdver.exe:*:Enabled:SopAdver File not found -- C:\Programfiler\iTunesORGINALE\iTunes.exe:*:Enabled:iTunes File not found -- C:\Programfiler\PPStream\PPStream.exe:*:Enabled:PPStream File not found -- C:\Programfiler\PPMate\PPMate\ppmate.exe:*:Enabled:PPMate File not found -- C:\Programfiler\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found -- C:\Programfiler\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe [2008.05.21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook [2007.08.28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove [2008.05.21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote File not found -- C:\Programfiler\Counter-Strike Source\hl2.exe:*:Enabled:hl2 File not found -- C:\Programfiler\Steam\steamapps\pentumsmart\Counter-Strike Source\hl2.exe:*:Enabled:hl2 File not found -- C:\Programfiler\PS3Portal\hfs.exe:*:Enabled:hfs [2004.08.04 09:03:29 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® [2008.10.20 13:38:40 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Programfiler\utorrent\utorrent.exe:*:Enabled:µTorrent File not found -- C:\Programfiler\utorrent.exe:*:Enabled:µTorrent File not found -- C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep [2007.09.14 08:59:56 | 15,997,752 | ---- | M] (Apple Inc.) -- C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes [2008.10.08 13:59:36 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Programfiler\Steam\steam.exe:*:Enabled:Steam [2004.08.04 09:03:29 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test [2004.08.04 09:03:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Kjør en DLL som et program File not found -- C:\Programfiler\Xfire\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst File not found -- C:\Programfiler\Steam\steamapps\madslovas\condition zero\hl.exe:*:Enabled:Half-Life Launcher File not found -- C:\Programfiler\Steam\steamapps\madslovas\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher File not found -- C:\Programfiler\Steam\steamapps\madslovas\counter-strike\hl.exe:*:Enabled:Half-Life Launcher File not found -- C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client [2007.10.18 11:34:28 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007.07.16 17:14:40 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [2004.10.13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger File not found -- C:\Programfiler\PPMate\ppmate.exe:*:Enabled:PPMate File not found -- C:\Programfiler\PPMate\ppmnet.exe:*:Enabled:PPMate [2008.08.29 13:27:18 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe [2007.02.09 16:00:48 | 25,388,584 | ---- | M] (Skype Technologies S.A.) -- C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype [2008.04.16 15:40:02 | 01,361,152 | ---- | M] (Sony Creative Software Inc.) -- C:\Programfiler\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== HKEY_USERS Protocol Defaults ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols shell -- shell protocol not assigned ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.08.24 06:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007.08.28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2008.07.11 23:54:46 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Programfiler\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.10.18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Programfiler\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007.08.28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007.08.28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2006.10.26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.10.18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Programfiler\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.01.12 12:50:48 | 01,828,440 | R--- | M] (Skype Technologies) C:\Programfiler\Fellesfiler\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [iEProtocolHandler Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.10.23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Programfiler\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2006.10.26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java 6 Update 11 "{29CB1674-DE1D-4D39-A871-FA0194FC58E9}"=Windows Live Mail "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}"=EPSON Scan Assistant "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}"=Sony Ericsson PC Suite 4.005.00 "{3248F0A8-6813-11D6-A77B-00B0D0150070}"=J2SE Runtime Environment 5.0 Update 7 "{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7 "{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}"=Skype Plugin Manager "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth "{4218D9DC-282B-4596-BEA5-F20560C14400}"=Windows Live installer "{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0 "{55F502E5-6E86-4321-8D35-D9F9C794E58E}"=SunPlus PMP Transcoding "{67EDD823-135A-4D59-87BD-950616D6E857}"=EPSON Copy Utility 3 "{6F7614CC-F33A-4877-8814-49856F441F3C}"=Stardock MyColors "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}"=Avanquest update "{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}"=Zune Desktop Theme "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}"=EPSON Web-To-Page "{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}"=iTunes "{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}"=QuickTime "{97A96172-A963-4A37-9FFB-DA6805BB915A}"=VeohTV BETA "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Påloggingsassistent for Windows Live "{B2F5D5EC-C3DD-4A8B-8E9B-C4426FCF19E6}"=Windows Live Writer "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update "{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}"=EPSON Easy Photo Print "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}"=B57Inst "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}"=WinZip 11.2 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition "{CF7C2683-9FBE-4223-84E7-43FED4912CD5}"=Microsoft .NET Framework 2.0 Language Pack - NOR "{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2 "{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}"=Windows Live Messenger "{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware "{E86BC406-944E-41F6-ADE6-2C136734C96B}"=EPSON File Manager "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0 "{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU] "{F8A982AA-8114-4293-BE8E-0DC07D96134E}"=Windows Live Fotogalleri "{FF298D14-EF25-4E3F-B3D5-D82D72A35207}"=Sony Ericsson Media Manager 1.2 "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX "Adobe Flash Player Plugin"=Adobe Flash Player Plugin "Adobe Shockwave Player"=Adobe Shockwave Player "AVG8Uninstall"=AVG Free 8.0 "AviSynth"=AviSynth 2.5 "Azureus"=Azureus "BearShare"=BearShare "BootSkin"=BootSkin "CCleaner"=CCleaner (remove only) "CEDP Stealer 6.0 for Messenger"=CEDP Stealer 6.0 for Messenger "CloneCD"=CloneCD "CursorXP"=CursorXP "DVD Creator3"=DVD Creator3 "DVD Decrypter"=DVD Decrypter (Remove Only) "ENTERPRISE"=Microsoft Office Enterprise 2007 "EPSON Printer and Utilities"=EPSON-skriverprogramvare "EPSON Scanner"=EPSON Scan "ESDX4000_4050_CX3900"=ESDX4000_4050_CX3900 "Folder Lock 6"=Folder Lock 6 "Fraps"=Fraps "HijackThis"=HijackThis 2.0.2 "Hotspot_Shield Toolbar"=Hotspot_Shield Toolbar "HotspotShield"=Hotspot Shield 1.10 "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "ie7"=Windows Internet Explorer 7 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}"=Broadcom Driver Installer "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2 "JetStartAppID_is1"=JetStart 4.4 Freeware "KLiteCodecPack_is1"=K-Lite Codec Pack 3.3.0 Full "LimeWire"=LimeWire PRO 4.17.6 "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Messenger Plus! Live"=Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - NOR"=Microsoft .NET Framework 2.0 Language Pack - NOR "Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14) "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP "MSN Toolbar"=MSN-verktøylinje "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "NudgeMania 4.0 for Messenger"=NudgeMania 4.0 for Messenger "NVIDIA Drivers"=NVIDIA Drivers "ObjectDock"=ObjectDock "ppmate"=PPMate Network TV 2.2.1.48 "PROSet"=Intel® PRO Network Adapters and Drivers "RealPlayer 6.0"=RealPlayer "Skype_is1"=Skype 3.0 "Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20 "Stardock MyColors"=Stardock MyColors "Steam"=Steam "ToolBand.SkypeIEToolbarToolbar"=Skype add-on for IE "twxp_is1"=TweakXP Tweaking Utility 2 "Vista Start Menu"=Vista Start Menu "VLC media player"=VideoLAN VLC media player 0.8.6h "WIC"=Windows Imaging Component "WinAVI Video Converter_is1"=WinAVI Video Converter "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "Windows XP Service Pack"=Windows XP Service Pack 2 "WinRAR archiver"=WinRAR archiver "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome"=Google Chrome "Steam App 7710"=Bioshock Demo "uTorrent"=µTorrent ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome"=Google Chrome "Steam App 7710"=Bioshock Demo "uTorrent"=µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27.12.2008 18:37:02 | Computer Name = SAMI | Source = Application Hang | ID = 1002 Description = Hengende program iexplore.exe, versjon 7.0.6000.16762, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000. Error - 30.12.2008 19:43:03 | Computer Name = SAMI | Source = Application Error | ID = 1000 Description = Feilende program ad-aware.exe, versjon 7.1.0.11, feilende modul , versjon 0.0.0.0, feiladresse 0x00000000. Error - 30.12.2008 19:43:06 | Computer Name = SAMI | Source = Application Error | ID = 1000 Description = Feilende program ad-aware.exe, versjon 7.1.0.11, feilende modul ad-aware.exe, versjon 7.1.0.11, feiladresse 0x0014b4ec. Error - 30.12.2008 19:43:08 | Computer Name = SAMI | Source = Application Error | ID = 1001 Description = Feil i minneområdet 931756807. Error - 30.12.2008 19:43:14 | Computer Name = SAMI | Source = Application Error | ID = 1000 Description = Feilende program ad-aware.exe, versjon 7.1.0.11, feilende modul ad-aware.exe, versjon 7.1.0.11, feiladresse 0x0014b4ec. Error - 30.12.2008 19:43:21 | Computer Name = SAMI | Source = Application Error | ID = 1000 Description = Feilende program ad-aware.exe, versjon 7.1.0.11, feilende modul ad-aware.exe, versjon 7.1.0.11, feiladresse 0x0014b4ec. Error - 01.01.2009 13:08:17 | Computer Name = SAMI | Source = Application Hang | ID = 1002 Description = Hengende program iexplore.exe, versjon 7.0.6000.16762, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000. Error - 01.01.2009 13:08:23 | Computer Name = SAMI | Source = Application Hang | ID = 1001 Description = Feil i minneområdet 1015682910. Error - 01.01.2009 13:10:33 | Computer Name = SAMI | Source = Application Hang | ID = 1002 Description = Hengende program iexplore.exe, versjon 7.0.6000.16762, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000. Error - 01.01.2009 13:10:35 | Computer Name = SAMI | Source = Application Hang | ID = 1001 Description = Feil i minneområdet 1015682910. [ System Events ] Error - 30.12.2008 08:47:03 | Computer Name = SAMI | Source = Service Control Manager | ID = 7023 Description = Tjenesten Remote TCP/IP ble avbrutt med feilkode %%126 Error - 31.12.2008 09:22:19 | Computer Name = SAMI | Source = Service Control Manager | ID = 7023 Description = Tjenesten Remote TCP/IP ble avbrutt med feilkode %%126 Error - 31.12.2008 12:46:55 | Computer Name = SAMI | Source = Service Control Manager | ID = 7023 Description = Tjenesten Remote TCP/IP ble avbrutt med feilkode %%126 Error - 31.12.2008 20:49:46 | Computer Name = SAMI | Source = Dhcp | ID = 1002 Description = IP-adresseleasingavtalen 192.168.1.101 for nettverkskortet med nettverksadressen 00111120130A ble avslått av DHCP-serveren 192.168.1.254 (DHCP-serveren sendte en DHCPNACK-melding). Error - 01.01.2009 09:31:38 | Computer Name = SAMI | Source = Service Control Manager | ID = 7023 Description = Tjenesten Remote TCP/IP ble avbrutt med feilkode %%126 Error - 01.01.2009 17:41:31 | Computer Name = SAMI | Source = Service Control Manager | ID = 7023 Description = Tjenesten Remote TCP/IP ble avbrutt med feilkode %%126 Error - 02.01.2009 08:27:21 | Computer Name = SAMI | Source = Service Control Manager | ID = 7023 Description = Tjenesten Remote TCP/IP ble avbrutt med feilkode %%126 Error - 02.01.2009 15:41:24 | Computer Name = SAMI | Source = Dhcp | ID = 1001 Description = Datamaskinen fikk ikke tilordnet en adresse fra nettverket (av DHCP-serveren) for nettverkskortet med nettverksadressen 00095BBFCC55. Følgende feil oppstod: %%1223. Datamaskinen vil fortsette å prøve å hente en adresse på egen hånd fra nettverksadresseserveren (DHCP). Error - 02.01.2009 22:45:42 | Computer Name = SAMI | Source = MRxSmb | ID = 8003 Description = Hovedsøkeren har mottatt en servermelding fra maskin ROLFIDAL som tror at den er hovedsøker i domenet NetBT_Tcpip_{5ED75B02-8651-4DEA-. Hovedsøkeren stanser, eller et valg blir tvunget gjennom. Error - 03.01.2009 09:47:09 | Computer Name = SAMI | Source = Service Control Manager | ID = 7023 Description = Tjenesten Remote TCP/IP ble avbrutt med feilkode %%126 < End of report > OTViewIt.Txt: OTViewIt logfile created on: 03.01.2009 15:30:45 - Run OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sami\Lokale innstillinger\Temporary Internet Files\Content.IE5\MLQ0CWF0 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 63,37% Memory free 2,11 Gb Paging File | 1,66 Gb Available in Paging File | 78,83% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 145,46 Gb Total Space | 21,74 Gb Free Space | 14,95% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SAMI Current User Name: Sami Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008.07.07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe [2007.08.24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe [2007.09.14 09:00:06 | 00,267,064 | ---- | M] (Apple Inc.) -- C:\Programfiler\iTunes\iTunesHelper.exe [2008.11.27 14:25:50 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgtray.exe [2008.11.10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jusched.exe [2008.12.14 17:47:13 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe [2007.10.18 11:34:28 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\msnmsgr.exe [2005.01.19 16:34:16 | 00,128,000 | ---- | M] ( ) -- C:\Programfiler\CursorXP\CursorXP.exe [2008.09.06 10:42:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sami\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2007.02.05 14:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2008.08.30 02:15:52 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgwdsvc.exe [2008.11.25 20:41:50 | 00,088,024 | ---- | M] () -- C:\Programfiler\Hotspot Shield\bin\openvpnas.exe [2008.11.10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jqs.exe [2005.05.11 23:34:00 | 00,127,042 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [2008.07.11 23:54:33 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgrsx.exe [2007.02.05 14:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe [2007.09.14 08:59:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe [2008.10.16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2007.10.18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\usnsvc.exe [2007.09.20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe [2009.01.03 15:30:23 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sami\Lokale innstillinger\Temporary Internet Files\Content.IE5\MLQ0CWF0\OTViewIt[1].exe ========== (O23) Win32 Services ========== [2008.07.07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running]) [2007.10.24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008.08.30 02:15:52 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) [2007.10.24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008.03.22 15:09:43 | 00,138,168 | ---- | M] (Google) -- C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) [2008.11.25 20:41:50 | 00,088,024 | ---- | M] () -- C:\Programfiler\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService [Auto | Running]) [2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2007.09.14 08:59:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) [2008.11.10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2007.08.24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) [2005.05.11 23:34:00 | 00,127,042 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2007.08.24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2007.10.18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running]) [2007.10.25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006.11.15 10:46:18 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [2007.02.05 14:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running]) ========== Driver Services ========== [2002.04.01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running]) [2008.08.30 02:15:41 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running]) [2008.07.11 23:54:32 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running]) [2007.05.11 16:35:16 | 00,163,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\vidstub.sys -- (BootScreen [boot | Running]) [2003.03.04 11:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running]) [2007.02.16 01:57:04 | 00,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running]) [2007.08.07 20:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [system | Running]) [2006.09.19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2005.03.09 19:50:16 | 00,033,792 | ---- | M] () -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0 [On_Demand | Stopped]) [2003.12.02 15:32:32 | 00,360,704 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\drivers\netwg311.sys -- (netwg311 [On_Demand | Running]) [2005.05.11 23:34:00 | 03,189,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2001.08.22 07:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [system | Running]) [2003.09.02 17:13:40 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2006.08.25 04:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) [2006.08.12 19:21:38 | 00,008,320 | ---- | M] () -- C:\WINDOWS\system32\RenameMe.sys -- (RenameMe [On_Demand | Stopped]) [2008.05.27 10:41:46 | 00,090,536 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus [On_Demand | Stopped]) [2008.05.27 10:41:46 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl [On_Demand | Stopped]) [2008.05.27 10:41:46 | 00,122,152 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm [On_Demand | Stopped]) [2008.05.27 10:41:44 | 00,115,496 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt [On_Demand | Stopped]) [2008.05.27 10:41:46 | 00,111,912 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex [On_Demand | Stopped]) [2008.05.27 10:41:46 | 00,117,672 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic [On_Demand | Stopped]) [2008.12.22 11:06:00 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running]) [2008.12.22 11:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running]) [2008.12.22 11:05:58 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running]) [2007.11.13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running]) [2003.05.06 08:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running]) [2008.07.03 15:00:51 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running]) [2008.01.23 22:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn [On_Demand | Running]) [2004.08.04 08:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped]) [2006.09.27 18:19:03 | 00,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi [On_Demand | Stopped]) [2008.11.02 14:22:49 | 00,016,384 | ---- | M] () -- C:\WINDOWS\system32\WinFl32.sys -- (WinFl32 [Auto | Running]) [2008.11.02 14:22:49 | 00,180,064 | ---- | M] () -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32 [Auto | Running]) [2003.09.02 17:22:11 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"= [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.google.com "Start Page"=http://www.google.no/ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c95a4e8e-816d-4655-8c79-d736da1adb6d}" (HKLM) -- C:\Programfiler\Hotspot_Shield\tbHot1.dll (Conduit Ltd.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.google.com "Start Page"=http://www.google.no/ [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c95a4e8e-816d-4655-8c79-d736da1adb6d}" (HKLM) -- C:\Programfiler\Hotspot_Shield\tbHot1.dll (Conduit Ltd.) [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (259251 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 127.0.0.1 204.13.11.27 127.0.0.1 audio-surf.com 127.0.0.1 www.audio-surf.com 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.1001-search.info 127.0.0.1 1001-search.info 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 9027 more lines... ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Programfiler\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) {3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Programfiler\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Programfiler\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.) {c95a4e8e-816d-4655-8c79-d736da1adb6d} (HKLM) -- C:\Programfiler\Hotspot_Shield\tbHot1.dll (Conduit Ltd.) {DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Programfiler\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (HKLM) -- C:\Programfiler\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (HKLM) -- C:\Programfiler\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{c95a4e8e-816d-4655-8c79-d736da1adb6d}" (HKLM) -- C:\Programfiler\Hotspot_Shield\tbHot1.dll (Conduit Ltd.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" (HKLM) -- C:\Programfiler\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Programfiler\MSN Toolbar1.01.2607.0\no\msntb.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}" (HKLM) -- C:\Programfiler\Hotspot_Shield\tbHot1.dll (Conduit Ltd.) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" (HKLM) -- C:\Programfiler\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}" (HKLM) -- C:\Programfiler\Hotspot_Shield\tbHot1.dll (Conduit Ltd.) [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}" (HKLM) -- C:\Programfiler\Hotspot_Shield\tbHot1.dll (Conduit Ltd.) [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.) [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Programfiler\MSN Toolbar1.01.2607.0\no\msntb.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}" (HKLM) -- C:\Programfiler\Hotspot_Shield\tbHot1.dll (Conduit Ltd.) [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" (HKLM) -- C:\Programfiler\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) "EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SA64.tmp" /EF "HKLM" (SEIKO EPSON CORPORATION) "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation) "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" (Apple Inc.) "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe File not found "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) "nwiz"=nwiz.exe /install (NVIDIA Corporation) "ppmate"=C:\Programfiler\PPMate\PPMate\ppmate.exe -autoplay File not found "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime (Apple Inc.) "SunJavaUpdateSched"="C:\Programfiler\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ""= File not found "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" File not found "CursorXP"=C:\Programfiler\CursorXP\CursorXP.exe ( ) "Google Update"="C:\Documents and Settings\Sami\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c (Google Inc.) "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation) "SUPERAntiSpyware"=C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ""= File not found "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" File not found "CursorXP"=C:\Programfiler\CursorXP\CursorXP.exe ( ) "Google Update"="C:\Documents and Settings\Sami\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c (Google Inc.) "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation) "SUPERAntiSpyware"=C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) ========== (O4) Startup Folders ========== [1999.11.04 14:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005.02.20 01:13:05 | 00,450,560 | ---- | M] (Logitech) -- C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007.02.05 14:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\PC-søk i Windows.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2007.02.05 14:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\Windows Desktop Search.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [1999.11.04 14:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Sami\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe File not found -- C:\Documents and Settings\Sami\Start-meny\Programmer\Oppstart\Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 "NoViewOnDrive"=0 "NoLogoff"=0 "NoBandCustomize"=0 "NoMovingBands"=0 "NoCloseDragDropBands"=0 "NoSetTaskbar"=0 "NoToolbarsOnTaskbar"=0 "NoSaveSettings"=0 "NoActiveDesktop"=0 "ClassicShell"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"=0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 "NoViewOnDrive"=0 "NoLogoff"=0 "NoBandCustomize"=0 "NoMovingBands"=0 "NoCloseDragDropBands"=0 "NoSetTaskbar"=0 "NoToolbarsOnTaskbar"=0 "NoSaveSettings"=0 "NoActiveDesktop"=0 "ClassicShell"=0 [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE [2008.10.18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation) [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE [2008.10.18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE [2008.10.18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE [2008.10.18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blogg dette -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007.10.26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blogg dette i Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007.10.26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007.12.13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007.12.13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation) {77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [2007.02.09 15:58:02 | 00,751,144 | ---- | M] (Skype Technologies S.A.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006.10.26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008.09.15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006.07.06 09:49:52 | 00,557,568 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004.10.13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004.10.13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004.10.13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004.10.13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004.10.13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004.10.13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 44 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] : msn in My Computer 43 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 43 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 43 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-1078081533-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] : msn in My Computer 43 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool {166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control {17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool {233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab -- Reg Error: Key does not exist or could not be opened. {39D420B3-E0EB-424C-89AA-C24F8DE7EF79}: http://www.mpw.no/TvNorge/KooPlayer.ocx -- KooPlayer Control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab -- MSN Photo Upload Tool {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1}: http://www.tvlution.com/KooPlayer.ocx -- KooPlayer Control {6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1145817727203 -- WUWebControl Class {67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1161269449109 -- MUWebControl Class {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened. {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class {B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab -- MSN Games - Installer {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}: http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab -- IWinAmpActiveX Class ========== (O17) DNS Name Servers ========== {34D467F4-CEAA-4F24-B8A7-0423DEAF10B2} (Servers: | Description: ) {54809B5E-5F14-4361-8567-0F68BC0869E9} (Servers: | Description: NETGEAR WG311v2 802.11g Wireless PCI Adapter) {5ED75B02-8651-4DEA-B304-F1EF402B0A2D} (Servers: | Description: Intel® PRO/100 VE Network Connection) {C7452095-7260-431D-97EE-A9D21B6EF435} (Servers: | Description: ) ========== (O19) User Style Sheets ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles] ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] !SASWinLogon: "DllName" = C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll -- C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) WB: "DllName" = C:\Programfiler\Stardock\MyColors\fastload.dll -- C:\Programfiler\Stardock\MyColors\fastload.dll (Stardock) ========== (O21) SSODL Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "0aMCPClient"={F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} (HKLM) -- C:\Programfiler\Fellesfiler\Stardock\mcpcore.dll (Stardock) ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ========== LSA *Authentication Packages* ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=msv1_0,C:\WINDOWS\system32\ergewb, >File not found -- ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2006.04.23 16:52:59 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c798ecc-4f9c-11dd-899d-00111120130a}\Shell\AutoRun\command] ""=F:\RavMon.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c798ecc-4f9c-11dd-899d-00111120130a}\Shell\explore\Command] ""=F:\RavMon.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c798ecc-4f9c-11dd-899d-00111120130a}\Shell\open\Command] ""=F:\RavMon.exe -- File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5df1e5-c834-11dc-88e4-00111120130a}\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5df1e5-c834-11dc-88e4-00111120130a}\Shell\Auto\command] ""=auto.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5df1e5-c834-11dc-88e4-00111120130a}\Shell\AutoRun\command] ""=C:\WINDOWS\system32\shell32.dll -- [2007.10.25 17:44:36 | 08,466,432 | ---- | M] (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2009.01.03 15:14:32 | 00,000,000 | ---D | C] -- C:\!KillBox [2009.01.03 03:52:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sami\Mine dokumenter\avenger [2009.01.03 03:52:18 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Sami\Mine dokumenter\avenger.zip [2009.01.03 03:32:09 | 00,001,579 | ---- | C] () -- C:\Documents and Settings\Sami\Skrivebord\LimeWire PRO 4.17.6.lnk [2009.01.02 01:21:07 | 00,388,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2770.exe [2009.01.02 01:20:56 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009.01.02 01:18:16 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\Sami\Skrivebord\HijackThis.lnk [2009.01.02 01:18:14 | 00,000,000 | ---D | C] -- C:\Programfiler\Trend Micro [2009.01.02 01:17:50 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Programfiler\HJTInstall.exe [2009.01.02 00:56:36 | 00,388,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30737.exe [2009.01.02 00:32:32 | 00,388,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26019.exe [2009.01.01 21:28:51 | 00,000,691 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivebord\Malwarebytes' Anti-Malware.lnk [2009.01.01 18:13:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sami\Mine dokumenter\Downloads [2008.12.31 15:50:18 | 00,000,773 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivebord\SUPERAntiSpyware Free Edition.lnk [2008.12.31 15:50:15 | 00,000,000 | ---D | C] -- C:\Programfiler\SUPERAntiSpyware [2008.12.30 18:05:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP @Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP:05EE1EEF [2008.12.30 18:04:58 | 00,000,478 | ---- | C] () -- C:\Documents and Settings\Sami\Skrivebord\Fraps.lnk [2008.12.30 18:04:57 | 00,000,000 | ---D | C] -- C:\Fraps [2008.12.30 03:18:18 | 02,154,937 | ---- | C] () -- C:\Documents and Settings\Sami\Mine dokumenter\MOV00077.MP4 [2008.12.25 13:29:53 | 00,000,020 | ---- | C] () -- C:\WINDOWS\syscheck [2008.12.20 00:30:00 | 00,081,920 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll [2008.12.16 15:20:10 | 00,000,787 | ---- | C] () -- C:\Documents and Settings\Sami\Skrivebord\Windows Media Player.lnk [2008.12.15 22:30:30 | 06,898,574 | -H-- | C] () -- C:\Documents and Settings\Sami\Lokale innstillinger\Programdata\IconCache.db [2008.12.14 17:47:47 | 00,000,881 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivebord\RealPlayer.lnk [2008.12.14 17:47:20 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2008.12.14 17:47:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sami\Programdata\Real [2008.12.14 14:16:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sami\Lokale innstillinger\Programdata\WinAVI [2008.12.14 14:16:04 | 00,000,683 | ---- | C] () -- C:\Documents and Settings\Sami\Skrivebord\WinAVI Video Converter .lnk [2008.12.14 14:16:01 | 00,000,000 | ---D | C] -- C:\Programfiler\WinAVI Video Converter [2008.12.14 14:15:20 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\Sami\Skrivebord\ImTOO DVD Creator.lnk [2008.12.14 14:15:15 | 00,000,000 | ---D | C] -- C:\Programfiler\ImTOO [2008.12.08 21:00:57 | 00,001,467 | ---- | C] () -- C:\Documents and Settings\Sami\Skrivebord\DivX Movies.lnk [2008.12.08 21:00:57 | 00,000,000 | ---D | C] -- C:\Programfiler\DivX [2008.12.04 19:24:47 | 00,021,018 | ---- | C] () -- C:\Documents and Settings\Sami\Mine dokumenter\Best of Michael Jackson.wpl ========== Files - Modified Within 30 Days ========== [5 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2009.01.03 14:49:13 | 00,000,567 | ---- | M] () -- C:\Documents and Settings\Sami\Mine dokumenter\Mine delte mapper.lnk [2009.01.03 14:47:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.01.03 14:46:18 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009.01.03 14:46:15 | 00,022,571 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009.01.03 14:46:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.01.03 14:46:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.01.03 03:52:21 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Sami\Mine dokumenter\avenger.zip [2009.01.03 03:32:09 | 00,001,579 | ---- | M] () -- C:\Documents and Settings\Sami\Skrivebord\LimeWire PRO 4.17.6.lnk [2009.01.02 21:01:29 | 31,457,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009.01.02 01:21:02 | 00,388,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2770.exe [2009.01.02 01:18:16 | 00,001,725 | ---- | M] () -- C:\Documents and Settings\Sami\Skrivebord\HijackThis.lnk [2009.01.02 00:56:32 | 00,388,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30737.exe [2009.01.02 00:32:27 | 00,388,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF26019.exe [2009.01.01 22:24:41 | 00,014,903 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009.01.01 21:28:51 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivebord\Malwarebytes' Anti-Malware.lnk [2009.01.01 01:16:53 | 00,021,018 | ---- | M] () -- C:\Documents and Settings\Sami\Mine dokumenter\Best of Michael Jackson.wpl [2008.12.31 15:50:18 | 00,000,773 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivebord\SUPERAntiSpyware Free Edition.lnk [2008.12.30 18:04:58 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\Sami\Skrivebord\Fraps.lnk [2008.12.30 03:39:13 | 06,898,574 | -H-- | M] () -- C:\Documents and Settings\Sami\Lokale innstillinger\Programdata\IconCache.db [2008.12.30 03:12:17 | 02,154,937 | ---- | M] () -- C:\Documents and Settings\Sami\Mine dokumenter\MOV00077.MP4 [2008.12.25 13:29:53 | 00,000,020 | ---- | M] () -- C:\WINDOWS\syscheck [2008.12.22 16:23:05 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2008.12.20 00:30:00 | 00,081,920 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll [2008.12.14 17:47:47 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivebord\RealPlayer.lnk [2008.12.14 17:47:21 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll [2008.12.14 17:47:20 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2008.12.14 17:41:42 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\Sami\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.14 14:16:04 | 00,000,683 | ---- | M] () -- C:\Documents and Settings\Sami\Skrivebord\WinAVI Video Converter .lnk [2008.12.14 14:15:20 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\Sami\Skrivebord\ImTOO DVD Creator.lnk [2008.12.13 16:57:04 | 00,012,807 | ---- | M] () -- C:\Documents and Settings\Sami\Mine dokumenter\Ønskeliste for jul 2008.docx [2008.12.13 07:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2008.12.13 07:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2008.12.10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008.12.08 21:00:57 | 00,001,467 | ---- | M] () -- C:\Documents and Settings\Sami\Skrivebord\DivX Movies.lnk < End of report > Edit: Google fungerer fortsatt ikke... Hvor har denne tråden blitt flyttet til? Endret 3. januar 2009 av Pentumsmart Lenke til kommentar
Pentumsmart Skrevet 4. januar 2009 Forfatter Del Skrevet 4. januar 2009 Finner ingen wdmaud.sys fil eller noen wdmaud når jeg søker på PC'n. Lenke til kommentar
norbat Skrevet 4. januar 2009 Del Skrevet 4. januar 2009 Har du satt mappealt. til å vise skjulte filer og mapper samt vise beskyttede operativsystemfiler? (Kontrollpanel->Mappealternativer->Vis Sett merke framfor "Vis skjulte filer og mapper" Fjern merket framfor "Skjul beskyttede operativsystemfiler".) I tillegg til wdmaud.sys kan du sjekke om sysaudio.sys finnes. Lenke til kommentar
Pentumsmart Skrevet 4. januar 2009 Forfatter Del Skrevet 4. januar 2009 (endret) Ja, gjorde det i går, men er visst tilbakestilt. Så jeg gjorde det på nytt, men finner fortsatt ikke filene du vil ha. Edit: Jeg tror ikke det er mulig å søke den fram på maskinen. Kan ihvertfall ikke søke fram andre ting som tilhører WINDOWS mappen og sånne skjulte greier. Er det en måte å finne det manuelt? Endret 4. januar 2009 av Pentumsmart Lenke til kommentar
norbat Skrevet 4. januar 2009 Del Skrevet 4. januar 2009 Oppdater Malwarebytes og kjør en ny rask skann Se om du får lastet ned og kjørt combofix. Lenke til kommentar
Pentumsmart Skrevet 4. januar 2009 Forfatter Del Skrevet 4. januar 2009 Oppdaterte, kjørte hurtig scan, logg: Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1612 Windows 5.1.2600 Service Pack 2 04.01.2009 20:42:56 mbam-log-2009-01-04 (20-42-56).txt Skanntype: Rask Skann Objekter skannet: 79577 Tid tilbakelagt: 5 minute(s), 31 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Ingenting som sist. Lenke til kommentar
norbat Skrevet 4. januar 2009 Del Skrevet 4. januar 2009 (endret) La oss prøve dette: Gå til http://eric.71.mespages.googlepages.com/lop.sd.en. Klikk Download (venstre marg) og lagre fila på skrivebordet. Kjør fila, tast e (engelsk), klikk Enter. Velg 3 (Fix - Hosts), klikk Enter Skanningen vil kjøre Det vil lages en logg (C:lopR.txt) som du poster. I Thorsen sin tråd sjekket han kildekoden på google.com og google.no og fant et script som var satt inn i toppen (script src=//7.7.7.0). Hvis problemet ditt er det samme, burde det være noe liknende hos deg. Kunne du ha sjekket det? Endret 4. januar 2009 av norbat Lenke til kommentar
Pentumsmart Skrevet 4. januar 2009 Forfatter Del Skrevet 4. januar 2009 Logg: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 2.80GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A10 USER : Sami ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:145 Go (Free:21 Go) D:\ (CD or DVD) I:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [3] ( 04.01.2009|21:57 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX Deleted! - C:\DOCUME~1\Sami\Cookies\sami@adultfriendfinder[1].txt Deleted! - C:\DOCUME~1\Sami\Cookies\sami@advertising[1].txt Deleted! - C:\DOCUME~1\Sami\Cookies\sami@advertising[2].txt Deleted! - C:\DOCUME~1\Sami\Cookies\sami@partypoker[2].txt \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing folders in PROGRA~1 [08.06.2005|14:09] C:\DOCUME~1\ALLUSE~1\PROGRA~1\Adobe [26.06.2005|19:09] C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft [09.03.2005|16:23] C:\DOCUME~1\ALLUSE~1\PROGRA~1\MSN6 [13.02.2005|12:04] C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy [0|fil(er)] C:\DOCUME~1\ALLUSE~1\PROGRA~1\byte [6|mappe®] C:\DOCUME~1\ALLUSE~1\PROGRA~1\byte ledig [23.04.2006|17:03] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\{70FE9869-8D38-4EB3-8541-A735C2285CF7} [06.09.2008|09:40] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\{B159C29F-4EA9-4DB1-AB62-6E36285A00B0} [04.09.2008|19:57] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Adobe [02.07.2007|11:36] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Apple [03.11.2006|13:47] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Apple Computer [03.07.2008|18:21] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\avg8 [16.08.2007|17:49] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\AVS4YOU [13.08.2007|22:36] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Azureus [05.11.2008|15:16] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\BVRP Software [15.08.2007|20:23] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Elaborate Bytes [17.01.2008|18:10] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Google [25.04.2008|15:26] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Grisoft [18.07.2008|14:20] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Lavasoft [22.07.2008|23:20] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Malwarebytes [07.09.2007|14:41] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Messenger Plus! [05.11.2008|15:08] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Microsoft [11.12.2008|23:08] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Microsoft Help [27.04.2006|16:51] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\MSN6 [29.04.2007|19:21] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\nView_Profiles [22.09.2008|11:13] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Office Genuine Advantage [27.06.2008|15:23] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\PTBSync [21.02.2007|20:22] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Skype [05.11.2008|15:20] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Sony [05.11.2008|15:14] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Sony Ericsson [23.08.2008|12:03] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Spybot - Search & Destroy [18.07.2008|18:15] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\SUPERAntiSpyware.com [30.12.2008|18:08] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\TEMP [26.12.2006|11:37] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\UDL [23.04.2006|19:47] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Windows Genuine Advantage [31.05.2007|16:09] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\WindowsLiveInstaller [29.08.2008|19:19] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\WinZip [22.02.2008|13:25] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\WLInstaller [0|fil(er)] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\byte [34|mappe®] C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\byte ledig [13.02.2005|00:59] C:\DOCUME~1\DEFAUL~1\PROGRA~1\Microsoft [0|fil(er)] C:\DOCUME~1\DEFAUL~1\PROGRA~1\byte [3|mappe®] C:\DOCUME~1\DEFAUL~1\PROGRA~1\byte ledig [28.11.2007|23:39] C:\DOCUME~1\DEFAUL~1.WIN\PROGRA~1\Microsoft [0|fil(er)] C:\DOCUME~1\DEFAUL~1.WIN\PROGRA~1\byte [3|mappe®] C:\DOCUME~1\DEFAUL~1.WIN\PROGRA~1\byte ledig [28.05.2005|07:36] C:\DOCUME~1\Gjest\PROGRA~1\Identities [28.05.2005|07:37] C:\DOCUME~1\Gjest\PROGRA~1\Macromedia [28.05.2005|07:36] C:\DOCUME~1\Gjest\PROGRA~1\Microsoft [0|fil(er)] C:\DOCUME~1\Gjest\PROGRA~1\byte [5|mappe®] C:\DOCUME~1\Gjest\PROGRA~1\byte ledig [13.02.2005|01:03] C:\DOCUME~1\LOCALS~1\PROGRA~1\Microsoft [0|fil(er)] C:\DOCUME~1\LOCALS~1\PROGRA~1\byte [3|mappe®] C:\DOCUME~1\LOCALS~1\PROGRA~1\byte ledig [15.06.2005|13:34] C:\DOCUME~1\LOCALS~1.NT-\PROGRA~1\AVG7 [07.12.2005|15:28] C:\DOCUME~1\LOCALS~1.NT-\PROGRA~1\Microsoft [0|fil(er)] C:\DOCUME~1\LOCALS~1.NT-\PROGRA~1\byte [4|mappe®] C:\DOCUME~1\LOCALS~1.NT-\PROGRA~1\byte ledig [02.12.2008|20:20] C:\DOCUME~1\LOCALS~1.000\PROGRA~1\Google [02.12.2008|20:20] C:\DOCUME~1\LOCALS~1.000\PROGRA~1\Microsoft [0|fil(er)] C:\DOCUME~1\LOCALS~1.000\PROGRA~1\byte [4|mappe®] C:\DOCUME~1\LOCALS~1.000\PROGRA~1\byte ledig [13.02.2005|01:03] C:\DOCUME~1\NETWOR~1\PROGRA~1\Microsoft [0|fil(er)] C:\DOCUME~1\NETWOR~1\PROGRA~1\byte [3|mappe®] C:\DOCUME~1\NETWOR~1\PROGRA~1\byte ledig [07.12.2005|15:28] C:\DOCUME~1\NETWOR~1.NT-\PROGRA~1\Microsoft [0|fil(er)] C:\DOCUME~1\NETWOR~1.NT-\PROGRA~1\byte [3|mappe®] C:\DOCUME~1\NETWOR~1.NT-\PROGRA~1\byte ledig [07.09.2007|14:34] C:\DOCUME~1\NETWOR~1.000\PROGRA~1\Identities [03.07.2008|18:22] C:\DOCUME~1\NETWOR~1.000\PROGRA~1\Microsoft [0|fil(er)] C:\DOCUME~1\NETWOR~1.000\PROGRA~1\byte [4|mappe®] C:\DOCUME~1\NETWOR~1.000\PROGRA~1\byte ledig [02.11.2008|14:30] C:\DOCUME~1\Sami\PROGRA~1\.# [18.02.2008|11:33] C:\DOCUME~1\Sami\PROGRA~1\Adobe [15.08.2006|11:11] C:\DOCUME~1\Sami\PROGRA~1\Ahead [02.07.2007|12:27] C:\DOCUME~1\Sami\PROGRA~1\Apple Computer [30.04.2006|11:39] C:\DOCUME~1\Sami\PROGRA~1\ArcSoft [25.04.2008|15:38] C:\DOCUME~1\Sami\PROGRA~1\AVGTOOLBAR [16.08.2007|17:49] C:\DOCUME~1\Sami\PROGRA~1\AVSMedia [24.11.2008|11:17] C:\DOCUME~1\Sami\PROGRA~1\Azureus [25.08.2007|15:06] C:\DOCUME~1\Sami\PROGRA~1\Bioshock [14.08.2007|19:34] C:\DOCUME~1\Sami\PROGRA~1\DivX [07.12.2008|13:21] C:\DOCUME~1\Sami\PROGRA~1\dvdcss [08.08.2007|10:06] C:\DOCUME~1\Sami\PROGRA~1\EPSON [25.08.2006|13:16] C:\DOCUME~1\Sami\PROGRA~1\Gearbox Software [05.01.2007|23:11] C:\DOCUME~1\Sami\PROGRA~1\GetRightToGo [27.10.2006|16:41] C:\DOCUME~1\Sami\PROGRA~1\Google [09.06.2006|15:08] C:\DOCUME~1\Sami\PROGRA~1\Help [23.04.2006|17:00] C:\DOCUME~1\Sami\PROGRA~1\Identities [17.01.2008|18:08] C:\DOCUME~1\Sami\PROGRA~1\IGN_DLM [05.11.2008|15:14] C:\DOCUME~1\Sami\PROGRA~1\InstallShield [19.02.2008|12:30] C:\DOCUME~1\Sami\PROGRA~1\JetStart [19.06.2006|19:45] C:\DOCUME~1\Sami\PROGRA~1\Lavasoft [28.04.2006|20:37] C:\DOCUME~1\Sami\PROGRA~1\Macromedia [22.07.2008|23:20] C:\DOCUME~1\Sami\PROGRA~1\Malwarebytes [26.04.2008|17:52] C:\DOCUME~1\Sami\PROGRA~1\Microsoft [09.08.2006|14:03] C:\DOCUME~1\Sami\PROGRA~1\Mozilla [27.04.2006|16:51] C:\DOCUME~1\Sami\PROGRA~1\MSN6 [07.02.2007|16:08] C:\DOCUME~1\Sami\PROGRA~1\OpenOffice.org2 [07.02.2007|09:57] C:\DOCUME~1\Sami\PROGRA~1\Opera [17.09.2006|19:00] C:\DOCUME~1\Sami\PROGRA~1\PPLive [12.11.2006|20:53] C:\DOCUME~1\Sami\PROGRA~1\PPMate [23.04.2008|20:54] C:\DOCUME~1\Sami\PROGRA~1\ppstream [14.12.2008|17:50] C:\DOCUME~1\Sami\PROGRA~1\Real [12.07.2008|23:51] C:\DOCUME~1\Sami\PROGRA~1\Skype [07.02.2007|19:57] C:\DOCUME~1\Sami\PROGRA~1\Sonic [05.11.2008|15:20] C:\DOCUME~1\Sami\PROGRA~1\Sony [23.04.2008|21:04] C:\DOCUME~1\Sami\PROGRA~1\SopCast [14.10.2006|18:44] C:\DOCUME~1\Sami\PROGRA~1\Sports Interactive [25.05.2006|10:22] C:\DOCUME~1\Sami\PROGRA~1\Sun [31.12.2008|15:50] C:\DOCUME~1\Sami\PROGRA~1\SUPERAntiSpyware.com [05.01.2007|22:35] C:\DOCUME~1\Sami\PROGRA~1\Talkback [24.01.2007|21:40] C:\DOCUME~1\Sami\PROGRA~1\Teleca [14.12.2008|18:04] C:\DOCUME~1\Sami\PROGRA~1\uTorrent [21.12.2007|17:12] C:\DOCUME~1\Sami\PROGRA~1\Ventrilo [19.02.2008|12:25] C:\DOCUME~1\Sami\PROGRA~1\Vista Start Menu [29.04.2006|11:26] C:\DOCUME~1\Sami\PROGRA~1\vlc [08.09.2007|07:40] C:\DOCUME~1\Sami\PROGRA~1\Windows Desktop Search [07.10.2007|14:39] C:\DOCUME~1\Sami\PROGRA~1\WinRAR [0|fil(er)] C:\DOCUME~1\Sami\PROGRA~1\byte [49|mappe®] C:\DOCUME~1\Sami\PROGRA~1\byte ledig --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [04.01.2009 21:14][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1757981266-839522115-1004.job [21.04.2008 06:54][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [04.01.2009 14:30][--ah-----] C:\WINDOWS\tasks\SA.DAT [02.09.2003 17:10][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Programfiler [04.09.2008|19:57] C:\Programfiler\Adobe [13.02.2005|01:33] C:\Programfiler\Analog Devices [05.11.2008|15:16] C:\Programfiler\Avanquest update [25.04.2008|15:25] C:\Programfiler\AVG [07.02.2007|19:08] C:\Programfiler\AviSub [01.07.2008|22:39] C:\Programfiler\Azureus [25.11.2008|16:51] C:\Programfiler\BearShare Applications [13.12.2006|20:36] C:\Programfiler\Broadcom [07.02.2007|10:04] C:\Programfiler\CCleaner [01.03.2008|17:00] C:\Programfiler\CEDP Stealer 6.0 for Messenger [10.04.2005|22:32] C:\Programfiler\Codec Pack - All In 1 [10.11.2008|22:31] C:\Programfiler\Conduit [20.05.2007|15:00] C:\Programfiler\CursorXP [13.12.2006|20:35] C:\Programfiler\Dell 720 [08.12.2008|21:00] C:\Programfiler\DivX [13.12.2006|20:35] C:\Programfiler\DVD Decrypter [16.08.2007|18:00] C:\Programfiler\Elaborate Bytes [26.12.2006|11:36] C:\Programfiler\epson [05.11.2008|15:17] C:\Programfiler\Fellesfiler [02.11.2008|14:22] C:\Programfiler\Folder Lock 6 [23.03.2008|14:42] C:\Programfiler\Google [17.03.2008|14:10] C:\Programfiler\Grisoft [03.12.2008|14:36] C:\Programfiler\Hotspot Shield [10.11.2008|22:31] C:\Programfiler\Hotspot_Shield [14.12.2008|14:15] C:\Programfiler\ImTOO [05.11.2008|15:16] C:\Programfiler\InstallShield Installation Information [13.02.2005|01:32] C:\Programfiler\Intel [11.12.2008|14:28] C:\Programfiler\Internet Explorer [22.09.2007|16:54] C:\Programfiler\iPod [11.10.2008|12:29] C:\Programfiler\iPodFolder [22.09.2007|16:54] C:\Programfiler\iTunes [13.12.2008|13:02] C:\Programfiler\Java [17.08.2007|14:33] C:\Programfiler\K-Lite Codec Pack [18.07.2008|14:22] C:\Programfiler\Lavasoft [03.01.2009|03:32] C:\Programfiler\LimeWire [13.02.2005|11:10] C:\Programfiler\Logitech [01.01.2009|21:28] C:\Programfiler\Malwarebytes' Anti-Malware [15.07.2008|20:07] C:\Programfiler\Messenger [05.10.2008|16:32] C:\Programfiler\Messenger Plus! Live [13.02.2005|01:01] C:\Programfiler\microsoft frontpage [07.02.2007|16:26] C:\Programfiler\Microsoft Office [07.09.2007|14:34] C:\Programfiler\Microsoft SQL Server Compact Edition [07.02.2007|16:26] C:\Programfiler\Microsoft Visual Studio [07.02.2007|16:26] C:\Programfiler\Microsoft Works [07.02.2007|16:24] C:\Programfiler\Microsoft.NET [07.02.2007|20:13] C:\Programfiler\Morpheus Ultra [16.08.2007|18:00] C:\Programfiler\Movie DVD Creator [05.01.2007|21:37] C:\Programfiler\Movie Maker [10.11.2008|22:32] C:\Programfiler\Mozilla Firefox [07.02.2007|16:26] C:\Programfiler\MSBuild [13.02.2005|00:57] C:\Programfiler\MSN Gaming Zone [14.03.2007|16:16] C:\Programfiler\MSN Messenger [24.04.2006|14:08] C:\Programfiler\MSN Toolbar [02.01.2007|14:01] C:\Programfiler\MSN-Patch [15.08.2007|22:59] C:\Programfiler\MSXML 4.0 [24.01.2007|17:29] C:\Programfiler\NETGEAR WG311v2 Adapter [25.04.2007|19:20] C:\Programfiler\NetMeeting [22.02.2008|13:55] C:\Programfiler\NudgeMania [12.12.2005|20:49] C:\Programfiler\NVIDIA [07.02.2007|18:59] C:\Programfiler\OpenOffice.org 2.1 [13.06.2007|22:22] C:\Programfiler\Outlook Express [22.09.2007|16:46] C:\Programfiler\QuickTime [07.02.2007|19:57] C:\Programfiler\SafeDisc4Hiderv1.1Eng [21.02.2007|20:22] C:\Programfiler\Skype [05.11.2008|15:17] C:\Programfiler\Sony [05.11.2008|15:17] C:\Programfiler\Sony Ericsson [31.12.2008|14:21] C:\Programfiler\Spybot - Search & Destroy [06.09.2008|09:40] C:\Programfiler\Stardock [26.11.2008|14:30] C:\Programfiler\Steam [11.12.2007|17:43] C:\Programfiler\SteamPentumsmart [13.12.2006|20:36] C:\Programfiler\SunPlus [31.12.2008|15:50] C:\Programfiler\SUPERAntiSpyware [02.01.2009|01:18] C:\Programfiler\Trend Micro [31.03.2007|14:29] C:\Programfiler\TweakXP 2 [13.02.2005|01:04] C:\Programfiler\Uninstall Information [17.09.2007|17:19] C:\Programfiler\Usability Sciences [28.06.2007|11:59] C:\Programfiler\utorrent [07.02.2007|19:08] C:\Programfiler\Valve [03.04.2006|15:32] C:\Programfiler\VideoLAN [14.12.2008|14:16] C:\Programfiler\WinAVI Video Converter [31.03.2007|14:49] C:\Programfiler\WinCustomize [07.09.2007|14:35] C:\Programfiler\Windows Desktop Search [17.04.2005|21:51] C:\Programfiler\Windows Journal Viewer [27.02.2008|23:10] C:\Programfiler\Windows Live [28.02.2005|16:26] C:\Programfiler\Windows Media Bonus Pack for Windows XP [05.01.2007|22:25] C:\Programfiler\Windows Media Connect 2 [28.01.2007|16:19] C:\Programfiler\Windows Media Player [23.04.2006|20:28] C:\Programfiler\Windows NT [13.02.2005|02:03] C:\Programfiler\WindowsUpdate [07.10.2007|14:39] C:\Programfiler\WinRAR [29.08.2008|19:19] C:\Programfiler\WinZip [13.02.2005|01:01] C:\Programfiler\xerox [17.01.2008|18:25] C:\Programfiler\Xvid [0|fil(er)] C:\Programfiler\byte [95|mappe®] C:\Programfiler\byte ledig --------------------\\ Listing Folders in C:\Programfiler\Fellesfiler [04.09.2008|19:57] C:\Programfiler\Fellesfiler\Adobe [24.12.2005|22:46] C:\Programfiler\Fellesfiler\ArcSoft [17.01.2008|18:05] C:\Programfiler\Fellesfiler\AVSMedia [07.02.2007|16:26] C:\Programfiler\Fellesfiler\DESIGNER [21.06.2005|20:55] C:\Programfiler\Fellesfiler\Google [26.12.2006|11:38] C:\Programfiler\Fellesfiler\InstallShield [17.02.2005|18:09] C:\Programfiler\Fellesfiler\Java [13.02.2005|11:10] C:\Programfiler\Fellesfiler\Logitech [17.01.2008|18:30] C:\Programfiler\Fellesfiler\Maven [30.08.2008|02:03] C:\Programfiler\Fellesfiler\Microsoft Shared [13.02.2005|00:57] C:\Programfiler\Fellesfiler\MSSoap [10.05.2007|15:47] C:\Programfiler\Fellesfiler\NSV [17.04.2007|16:08] C:\Programfiler\Fellesfiler\Nullsoft [13.02.2005|00:54] C:\Programfiler\Fellesfiler\ODBC [09.04.2006|11:46] C:\Programfiler\Fellesfiler\Real [21.02.2007|20:22] C:\Programfiler\Fellesfiler\Skype [05.11.2008|15:17] C:\Programfiler\Fellesfiler\Sony Shared [13.02.2005|00:54] C:\Programfiler\Fellesfiler\SpeechEngines [06.09.2008|09:50] C:\Programfiler\Fellesfiler\Stardock [07.10.2007|13:36] C:\Programfiler\Fellesfiler\Symantec Shared [17.09.2006|11:00] C:\Programfiler\Fellesfiler\Synacast [13.06.2007|22:22] C:\Programfiler\Fellesfiler\System [31.03.2007|14:11] C:\Programfiler\Fellesfiler\Teleca Shared [13.02.2005|00:57] C:\Programfiler\Fellesfiler\Tjenester [22.02.2008|13:27] C:\Programfiler\Fellesfiler\WindowsLiveInstaller [31.12.2008|15:49] C:\Programfiler\Fellesfiler\Wise Installation Wizard [09.04.2006|11:46] C:\Programfiler\Fellesfiler\xing shared [0|fil(er)] C:\Programfiler\Fellesfiler\byte [29|mappe®] C:\Programfiler\Fellesfiler\byte ledig --------------------\\ Process ( 41 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\Sami\Cookies\sami@advertising[2].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-04 22:01:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 32 --------------------\\ Searching for other infections C:\WINDOWS\system32\bwegre.ini C:\WINDOWS\system32\bwegre.ini2 ==> VUNDO <== --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Sami\Mine dokumenter\LimeWire musikk\Showtek - Brain Crackin.mp3 C:\DOCUME~1\Sami\Programdata\Azureus\torrents\Photoshop_CS2_Keygen.3589173.TPB[1].torrent C:\DOCUME~1\Sami\Programdata\Azureus\torrents\Winamp v5[1].24 Pro incl. Keygen -^mininova.org^-.torrent C:\DOCUME~1\Sami\Programdata\Azureus\torrents\Winamp_5.3___Keygen.3534997.TPB[1].torrent [F:346][D:7]-> C:\DOCUME~1\Sami\LOKALE~1\Temp [F:97][D:0]-> C:\DOCUME~1\Sami\Cookies [F:4774][D:12]-> C:\DOCUME~1\Sami\LOKALE~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 04.01.2009|22:03 - Option : [3] --------------------\\ Scan completed at 22:03:50 Kan gjerne sjekke det med script, men vet ikke hvordan jeg gjør det. Google.no / .com og høyre klikk, vis kilde? I dont know. Lenke til kommentar
Thorsen Skrevet 4. januar 2009 Del Skrevet 4. januar 2009 (endret) Gå inn på nettsiden og velg vis - kildekode, i din nettleser. (eller høyreklikk som du sier) I IE heter det bare kilde. Endret 4. januar 2009 av Thorsen Lenke til kommentar
norbat Skrevet 4. januar 2009 Del Skrevet 4. januar 2009 (endret) La oss ta en titt i registeret (NB! Ikke slett noe) Klikk start->kjør. Skriv: regedit Gå til HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 Når du har klikket på drivers32, vil du i høyre felt få noen oppføringer. Hva heter fila som står bak aux2? Ang. Combofix: Last den denne: Combo-fix til skrivebordet Start programmet ved å kopiere og lim inn følgende linje i kjør-feltet (start->kjør) "%userprofile%\desktop\combo-fix.exe" /killall NB! Har du ikke Gjenopprettingskonsollen installert, vil du bli spurt om å installere den når combofix kjører. Det sier du ja til. Endret 4. januar 2009 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå