krikol Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 noen som kan skjekke disse loggene? dataen har kjørt litt tregt i det siste.... på forhånd, takk:) ComboFix 09-02-12.03 - Arnstein 2009-02-14 20:02:14.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2046.1037 [GMT 1:00] Kjører fra: I:\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-14 til 2009-02-14 ))))))))))))))))))))))))))))))))) . 2009-02-14 19:52 . 2009-02-14 19:52 <DIR> d-------- c:\users\Arnstein\AppData\Roaming\Malwarebytes 2009-02-14 19:52 . 2009-02-14 19:52 <DIR> d-------- c:\programdata\Malwarebytes 2009-02-14 19:52 . 2009-02-14 19:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-14 19:52 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-14 19:52 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-14 19:46 . 2009-02-14 19:46 <DIR> d-------- c:\program files\CCleaner 2009-02-12 21:38 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-12 21:38 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-01 19:50 . 2009-02-01 20:38 <DIR> d-------- c:\users\Arnstein\AppData\Roaming\Apple Computer 2009-02-01 19:49 . 2009-02-01 19:49 <DIR> d----c--- c:\windows\System32\DRVSTORE 2009-02-01 19:49 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2009-02-01 19:49 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2009-02-01 19:48 . 2009-02-01 19:48 <DIR> d-------- c:\program files\iPod 2009-02-01 19:47 . 2009-02-01 19:49 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-01 19:47 . 2009-02-01 19:49 <DIR> d-------- c:\program files\iTunes 2009-02-01 19:43 . 2009-02-01 19:47 <DIR> d-------- c:\programdata\Apple Computer 2009-02-01 19:43 . 2009-02-01 19:45 <DIR> d-------- c:\program files\QuickTime 2009-02-01 19:41 . 2009-02-01 19:41 <DIR> d-------- c:\program files\Apple Software Update 2009-02-01 19:39 . 2009-02-01 19:39 <DIR> d-------- c:\programdata\Apple 2009-02-01 19:39 . 2009-02-01 19:48 <DIR> d-------- c:\program files\Common Files\Apple 2009-01-21 23:26 . 2009-01-21 23:26 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos 2009-01-21 23:26 . 2009-01-21 23:26 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches 2009-01-21 23:26 . 2009-01-21 23:26 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games 2009-01-21 23:26 . 2009-01-21 23:26 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures 2009-01-21 23:26 . 2009-01-21 23:26 <DIR> dr------- c:\windows\System32\config\systemprofile\Links 2009-01-21 23:26 . 2009-01-21 23:26 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads 2009-01-21 23:26 . 2009-01-21 23:26 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents 2009-01-18 19:09 . 2009-01-18 19:09 <DIR> d-------- c:\users\Arnstein\{df1ece52-1ca2-4166-8eb5-9687ac87b7be} 2009-01-18 17:12 . 2009-01-18 17:12 <DIR> d-------- c:\users\Arnstein\AppData\Roaming\Maxtor Quick Start 2009-01-18 17:11 . 2009-01-18 17:12 <DIR> d-------- c:\program files\Maxtor 2009-01-18 13:18 . 2009-01-18 14:22 <DIR> d-------- c:\users\Arnstein\AppData\Roaming\TeamViewer 2009-01-18 13:18 . 2009-02-13 22:36 <DIR> d-------- c:\program files\TeamViewer 2009-01-18 13:17 . 2009-01-18 13:17 <DIR> d-------- c:\users\Arnstein\temp 2009-01-18 05:43 . 2009-01-18 05:43 107,888 --a------ c:\windows\System32\CmdLineExt.dll 2009-01-18 05:43 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll 2009-01-18 05:39 . 2009-01-18 05:39 2,250,024 --a------ c:\windows\System32\pbsvc.exe 2009-01-18 05:39 . 2009-01-18 05:39 107,832 --a------ c:\windows\System32\PnkBstrB.exe 2009-01-18 05:39 . 2009-01-18 05:39 66,872 --a------ c:\windows\System32\PnkBstrA.exe 2009-01-18 05:39 . 2009-01-18 05:39 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys 2009-01-18 05:39 . 2009-01-18 05:39 22,328 --a------ c:\users\Arnstein\AppData\Roaming\PnkBstrK.sys 2009-01-14 11:23 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-14 02:07 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-13 21:36 --------- d-----w c:\program files\Microsoft Games 2009-02-13 21:31 --------- d-----w c:\program files\Ubisoft 2009-02-13 21:24 --------- d-----w c:\programdata\Skype 2009-02-13 19:09 --------- d-----w c:\program files\Windows Mail 2009-02-01 18:45 --------- d-----w c:\program files\Bonjour 2009-01-21 22:24 --------- d-----w c:\programdata\Symantec 2009-01-21 22:24 --------- d-----w c:\program files\Symantec 2009-01-21 22:24 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-18 18:43 --------- d-----w c:\program files\MSN Messenger 2009-01-18 18:18 70,818 ----a-w c:\users\Arnstein\AppData\Roaming\nvModes.dat 2009-01-14 19:57 --------- d-----w c:\program files\VLC 2008-12-26 23:28 --------- d-----w c:\users\Arnstein\AppData\Roaming\skypePM 2008-10-23 16:42 13,448 ----a-w c:\users\Eksamens konto\AppData\Roaming\nvModes.dat 2008-06-27 18:51 174 --sha-w c:\program files\desktop.ini 2008-01-06 19:18 32 ----a-w c:\programdata\ezsid.dat 2007-12-12 09:47 116 ----a-w c:\users\Arnstein\AppData\Roaming\wklnhst.dat 2008-11-15 13:57 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-11-15 13:57 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-11-15 13:57 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-11-15 13:57 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-11-15 13:57 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-02-06 10:44 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-06 10:44 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-02-06 10:44 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2008-11-10 20:37 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-11-10 20:37 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-11-10 20:37 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-13 136136] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "MaxBackSchedule"="c:\program files\Maxtor\MSS Backup\maxbackservice.exe" [2006-09-08 188416] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920] "mssSort"="c:\program files\Maxtor\ManagerApp\msssort.exe" [2006-08-11 1400832] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-29 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-29 81920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128] c:\users\Arnstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] Ubisoft register.lnk - c:\program files\Ubisoft\Register\schedule.exe [2008-10-17 28672] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1B94FFBA-C9DA-48D6-9E1F-04DC6F78766F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{007FD111-AD9A-4D17-B2DC-26AB0209DAA2}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{80E6AF45-D906-4023-AB8A-68242856F88A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{AAAA3A99-B49C-4603-BAF5-9CBC27950CD6}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{709C3655-4616-43C9-BD82-CA2D863B59BC}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord "{0CD4232A-E198-426A-8A21-B07800A9C29D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E8EF8D06-1EBC-4457-809D-05E56BAA7EE8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D33AE3F4-8CA1-4EEE-9FE8-21F5286E2212}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6950FE3E-F1C5-46D6-8197-1AF8B6B7704D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{BEAED18F-B058-4B7F-8F6F-2FF192B71FA6}"= c:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.2\cnc3game.dat:Command & Conquer 3 Tiberium Wars "TCP Query User{0BBA9F4B-8B45-4CD1-8A0C-7481D4EED891}c:\\users\\arnstein\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\arnstein\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "UDP Query User{1254719B-A93F-4DC7-8EB6-4811E4B3588D}c:\\users\\arnstein\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\arnstein\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "TCP Query User{2CB816CA-25BD-4A51-A979-E8078817A2A5}c:\\windows\\system32\\mstsc.exe"= UDP:c:\windows\system32\mstsc.exe:Tilkobling til eksternt skrivebord "UDP Query User{C6F62CE9-52F4-47F4-82CB-A13E13FF16DE}c:\\windows\\system32\\mstsc.exe"= TCP:c:\windows\system32\mstsc.exe:Tilkobling til eksternt skrivebord "TCP Query User{A946DAC2-22B8-4CA8-BB26-F94A9414F31C}c:\\program files\\maxtor\\managerapp\\maxutilities.exe"= UDP:c:\program files\maxtor\managerapp\maxutilities.exe:Maxtor EasyManage™ "UDP Query User{F01B548C-28EA-4C15-80FA-B4F75BD204FB}c:\\program files\\maxtor\\managerapp\\maxutilities.exe"= TCP:c:\program files\maxtor\managerapp\maxutilities.exe:Maxtor EasyManage™ "TCP Query User{CE32EE8B-36B1-4C80-B2E1-C9351ED9F1AB}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{5DE7DDBA-55CE-4398-8836-B2ABA981A6C9}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{13E7E05E-8415-4FE6-8C84-BCD9C92FF792}c:\\emule0.48a-mephisto_v1.1-bin\\emule.exe"= UDP:c:\emule0.48a-mephisto_v1.1-bin\emule.exe:eMule "UDP Query User{40EEF1FC-F79C-41FF-BBB3-C8A4C0270E17}c:\\emule0.48a-mephisto_v1.1-bin\\emule.exe"= TCP:c:\emule0.48a-mephisto_v1.1-bin\emule.exe:eMule "TCP Query User{3DB9A1D1-6A34-4D27-91E9-8C07787C83B3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus "UDP Query User{8098CE54-BB09-40A6-95E0-048949CBAADE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus "{7E6814A0-DF0F-437B-A097-77A2A968791F}"= Disabled:UDP:e:\setup\HPZnui01.exe:hpznui01.exe "{5C53055F-438A-4333-B1E3-1DE406A3A104}"= Disabled:TCP:e:\setup\HPZnui01.exe:hpznui01.exe "TCP Query User{39758822-962D-4506-84A4-7FA3E1239D78}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= UDP:c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "UDP Query User{23DEC63A-A1DD-47D1-9339-6EA5FF306319}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= TCP:c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™ "{EAC9745A-1E42-4758-B372-93C685F7CE4D}"= UDP:c:\program files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "{F1E23F71-8675-4BC3-B7A5-EA7F1D99024C}"= TCP:c:\program files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "TCP Query User{4C6E508C-81F7-4E6C-9513-53F2C37E8E7E}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{9B515E98-7D41-4A21-A8D6-958441ECAFD9}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{D30D091D-60F2-40BC-9172-7ABCDA3D7F8D}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= UDP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat "UDP Query User{8BD6E66F-958A-4F48-96D8-F191E00A2D72}c:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= TCP:c:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat "TCP Query User{61B48E53-8FEA-43D6-85CA-C9C76073EB1D}c:\\program files\\ea games\\command and conquer generals\\game.dat"= UDP:c:\program files\ea games\command and conquer generals\game.dat:game.dat "UDP Query User{964B86B5-9F6A-435D-B8AC-7EFE49AC3C79}c:\\program files\\ea games\\command and conquer generals\\game.dat"= TCP:c:\program files\ea games\command and conquer generals\game.dat:game.dat "TCP Query User{2A9CC112-594E-4578-846E-B35799C4ED4A}c:\\users\\arnstein\\desktop\\warcraft iii\\war3.exe"= UDP:c:\users\arnstein\desktop\warcraft iii\war3.exe:war3.exe "UDP Query User{BC6414E3-377C-4905-A363-E9887D929458}c:\\users\\arnstein\\desktop\\warcraft iii\\war3.exe"= TCP:c:\users\arnstein\desktop\warcraft iii\war3.exe:war3.exe "TCP Query User{624BFE7C-FFA2-4DF6-9003-A9615EEBA5DC}c:\\users\\arnstein\\saved games\\warcraft iii\\war3.exe"= UDP:c:\users\arnstein\saved games\warcraft iii\war3.exe:war3.exe "UDP Query User{CE24D28F-FD1B-4B50-9CB4-BCF9AECE19F9}c:\\users\\arnstein\\saved games\\warcraft iii\\war3.exe"= TCP:c:\users\arnstein\saved games\warcraft iii\war3.exe:war3.exe "TCP Query User{0869233A-D608-405C-8CBF-485A9E8B0721}c:\\users\\arnstein\\saved games\\warcraft iii\\war3.exe"= UDP:c:\users\arnstein\saved games\warcraft iii\war3.exe:war3.exe "UDP Query User{C3FB3C38-32C8-4F34-8632-1B775CB3EF35}c:\\users\\arnstein\\saved games\\warcraft iii\\war3.exe"= TCP:c:\users\arnstein\saved games\warcraft iii\war3.exe:war3.exe "TCP Query User{EB5BB758-4860-43FA-9FD1-8DE27D9BF41B}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s "UDP Query User{F60AD269-7AD5-4A6C-83E5-6CEE4CCFA422}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s "TCP Query User{6796C96E-D219-4F62-B154-F381B7F00DA8}c:\\users\\arnstein\\desktop\\return to castle wolfenstein\\wolfmp.exe"= UDP:c:\users\arnstein\desktop\return to castle wolfenstein\wolfmp.exe:wolfmp.exe "UDP Query User{DF2861D2-2BA6-4DCF-AC0A-7513510AD255}c:\\users\\arnstein\\desktop\\return to castle wolfenstein\\wolfmp.exe"= TCP:c:\users\arnstein\desktop\return to castle wolfenstein\wolfmp.exe:wolfmp.exe "TCP Query User{A1BF2C2B-CE25-42CF-89FF-0F0603F75940}c:\\program files\\call of duty\\codmp.exe"= UDP:c:\program files\call of duty\codmp.exe:CoDMP "UDP Query User{1984BE57-6FE6-44E8-872C-3BEA1C16AA6E}c:\\program files\\call of duty\\codmp.exe"= TCP:c:\program files\call of duty\codmp.exe:CoDMP "TCP Query User{553DE315-5A06-4AD3-915C-76B453A534DF}c:\\users\\arnstein\\desktop\\warcraft iii på kristoffers (kristoffer)\\war3.exe"= UDP:c:\users\arnstein\desktop\warcraft iii på kristoffers (kristoffer)\war3.exe:war3.exe "UDP Query User{846A4A4F-90B1-43F6-AFDC-73E28788744C}c:\\users\\arnstein\\desktop\\warcraft iii på kristoffers (kristoffer)\\war3.exe"= TCP:c:\users\arnstein\desktop\warcraft iii på kristoffers (kristoffer)\war3.exe:war3.exe "TCP Query User{0DA55956-F0FE-4EA8-94B3-E81CB0AAAAD8}c:\\users\\arnstein\\desktop\\warcraft iii på kristoffers (kristoffer)\\war3.exe"= UDP:c:\users\arnstein\desktop\warcraft iii på kristoffers (kristoffer)\war3.exe:war3.exe "UDP Query User{D4C74E16-0489-4481-8761-6EC9932168DA}c:\\users\\arnstein\\desktop\\warcraft iii på kristoffers (kristoffer)\\war3.exe"= TCP:c:\users\arnstein\desktop\warcraft iii på kristoffers (kristoffer)\war3.exe:war3.exe "TCP Query User{DD49EED0-BDE2-4226-87E2-57C9FD0164D4}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion "UDP Query User{D067FA72-8558-4A2A-A7C0-077D9317BBEF}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion "TCP Query User{D2187981-BC75-4F39-B09A-C01CE1D625CF}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{62EDB364-9EE3-4F03-B81F-3D24EA42EA13}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "TCP Query User{3B763634-BFF0-44DE-94D4-744A9B7317FE}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion "UDP Query User{55070443-1FEA-48D2-9254-7DA36485B2BC}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion "TCP Query User{987454A0-F94C-4A9F-AC10-2CF6FC93D004}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{9249EB41-20F1-440F-9CB5-8EE6349C45EC}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "TCP Query User{C01705D2-C1B5-4A2F-A18F-A4ADCF00269E}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II "UDP Query User{61433DE7-C0E3-4E7F-8A4B-BEC9EFD6529B}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II "TCP Query User{3A993E43-52BB-48DA-9853-ED16366B45C6}c:\\program files\\electronic arts\\kampen om midgard ii\\game.dat"= UDP:c:\program files\electronic arts\kampen om midgard ii\game.dat:The Battle for Middle-earth™ II "UDP Query User{8DE91BFF-B1C1-4199-87A4-DD4EFA8B1DA3}c:\\program files\\electronic arts\\kampen om midgard ii\\game.dat"= TCP:c:\program files\electronic arts\kampen om midgard ii\game.dat:The Battle for Middle-earth™ II "{C23055EA-E295-44D9-8F10-06FABF8F0C94}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{A1BBA5A2-7044-47C5-B0AF-5558FE789561}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3AC0AE40-D889-4316-9A37-E6006D021F33}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2FC43955-5CA0-414B-B76A-B2B47C492698}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{394FD5D9-3BD4-4615-AD71-269A3233583B}c:\\program files\\maxtor\\managerapp\\maxutilities.exe"= UDP:c:\program files\maxtor\managerapp\maxutilities.exe:Maxtor EasyManage™ "UDP Query User{754C1C50-6958-423D-9F1A-1101B8A85234}c:\\program files\\maxtor\\managerapp\\maxutilities.exe"= TCP:c:\program files\maxtor\managerapp\maxutilities.exe:Maxtor EasyManage™ "TCP Query User{1CD54136-318D-4449-92DF-2C5BE49A81BE}c:\\windows\\system32\\mstsc.exe"= UDP:c:\windows\system32\mstsc.exe:Tilkobling til eksternt skrivebord "UDP Query User{CC3FC719-0F9E-4CAB-BE8C-4BB231D2573A}c:\\windows\\system32\\mstsc.exe"= TCP:c:\windows\system32\mstsc.exe:Tilkobling til eksternt skrivebord "{872B10BE-3C0D-462E-BC02-BF169C151275}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{2D5C59E5-9EDA-4567-8B9D-8F25BF081DF9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{14AB45E8-6586-447F-8A0F-7B82F4C05CFF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{0EDA56E1-EDE1-485E-B248-5FCC1822FA46}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{73A135AE-EA09-40F9-B80B-7C462EB62635}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{51C8359F-221A-469A-A6D3-6D09EC0247A1}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2 "UDP Query User{14190450-70FC-4713-876A-5420450C14DA}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2 "{5314C8EB-B171-4021-ABA4-F0617EF15D71}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{AD2AD3C1-29EB-4C08-B0F2-BC13A4F7F0AB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{C31E2647-7B1A-4CAD-BDC6-C048168D1409}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C06D124B-0DCA-4227-BAF9-6785C81DFDFC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-06-27 21504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-06-27 21504] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{031bd7a9-e8a9-11dd-9d0f-001e3706dc8a}] \shell\AutoRun\command - j:\wd_windows_tools\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f14566c-c912-11dd-afc8-001e3706dc8a}] \shell\AutoRun\command - I:\setup.exe AUTORUN=1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f145729-c912-11dd-afc8-001e3706dc8a}] \shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f14573c-c912-11dd-afc8-9cbca0452c24}] \shell\AutoRun\command - I:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f14575b-c912-11dd-afc8-9cbca0452c24}] \shell\AutoRun\command - I:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f25d04c-937a-11dd-9803-001e3706dc8a}] \shell\AutoRun\command - I:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8850af-858f-11dd-a843-001e3706dc8a}] \shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8850b3-858f-11dd-a843-001e3706dc8a}] \shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8850cd-858f-11dd-a843-001e3706dc8a}] \shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a251385d-d044-11dd-8cf3-001e3706dc8a}] \shell\AutoRun\command - I:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5d066ac-b3da-11dc-a018-0016d3f9df60}] \shell\AutoRun\command - G:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a78d96e6-ba49-11dc-9876-001e3706dc8a}] \shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edca35d6-ce01-11dd-88d6-001e3706dc8a}] \shell\AutoRun\command - I:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edca35f7-ce01-11dd-88d6-001e3706dc8a}] \shell\AutoRun\command - I:\AutoRun.exe . - - - - TOMME PEKERE FJERNET - - - - ShellIconOverlayIdentifiers-{b75ab0c8-03d5-4592-9821-a48d54d66b14} - MssShellExt.dll . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Arnstein\AppData\Roaming\Mozilla\Firefox\Profiles\57pjyzea.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2009-02-14 20:35:16 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(780) c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll - - - - - - - > 'Explorer.exe'(5756) c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll c:\windows\system32\MssShellExt.dll c:\windows\system32\ieframe.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\PnkBstrA.exe c:\windows\System32\PnkBstrB.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\System32\WUDFHost.exe c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\rundll32.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Tidspunkt ferdig: 2009-02-14 20:39:40 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-02-14 19:39:32 Pre-Run: 96 340 594 688 byte ledig Post-Run: 95,880,007,680 byte ledig 347 --- E O F --- 2009-02-13 19:13:44 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:52:54, on 14.02.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\system32\conime.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\Program Files\Maxtor\MSS Backup\MaxBackService.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\Maxtor\ManagerApp\msssort.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.startsiden.no/"]http://www.startsiden.no/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=Pavilion&pf=laptop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [MaxBackSchedule] "C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/2008.1...toUploader5.cab[/url] O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab"]http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{AF051AD8-61E5-4D43-A969-FEDD0BC17D98}: NameServer = 212.169.123.67 212.45.188.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: APSHook.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10746 bytes Lenke til kommentar
raWrz Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 du har rester igjen etter et Symantec Antivirus (norton?) kjør dette programmet http://service1.symantec.com/support/tsgen...c=tranus_con_sl Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå