tkm Skrevet 30. mai 2009 Del Skrevet 30. mai 2009 Har fått meg et stygt virus eller en trojaner. Den gjør at jeg ikke kommer inn på antivirus-sider eller får oppdatert antivirus (bruker norton 2009). I tillegg henger malwarebytes seg etter en stund i scanningen, og combofix vil ikke la seg installere. Hva gjør jeg. Er eneste alternativ å formatere? Legger inn HJT-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:05:54, on 30.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe C:\Programfiler\PDF Complete\pdfsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Programfiler\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\AccelerometerSt.Exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\Programfiler\UnHackMe\hackmon.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://liverpool.no/CDA/homepg.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programfiler\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PDF Complete] C:\Programfiler\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [HP Software Update] c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [HPCam_Menu] "c:\Programfiler\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Programfiler\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [unHackMe Monitor] C:\Programfiler\UnHackMe\hackmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send til Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Symantec Eraser Service (EraserSvc10822) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Programfiler\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programfiler\PDF Complete\pdfsvc.exe -- End of file - 9885 bytes Lenke til kommentar
tkm Skrevet 30. mai 2009 Forfatter Del Skrevet 30. mai 2009 Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.37Databaseversjon: 2182 Windows 5.1.2600 Service Pack 3 30.05.2009 13:32:46 mbam-log-2009-05-30 (13-32-46).txt Skanntype: Rask Skann Objekter skannet: 76738 Tid tilbakelagt: 3 minute(s), 46 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: c:\documents and settings\thor-kenneth maarnes\skrivebord\VirusRemover.log (Rogue.VirusRemove) -> Quarantined and deleted successfully. c:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Klarte å kjøre malwarebytes i sikker modus. Skal prøve combofix nå Lenke til kommentar
snippsat Skrevet 30. mai 2009 Del Skrevet 30. mai 2009 Du må poste combofix loggen,viss dju får kjørt den. Viss du ikke får kjørt den,kjør denne. Last ned OTViewIt til skrivebordet. Steng alle vinduer dobbelklikk på OTviewlt. Merk av på "scan all user" boks. KLikk på "Run Scan" la programmet kjøre. Ferdig vil den lage to logger,post OTViewIt.txt og Extras.txt i din neste post. Lenke til kommentar
tkm Skrevet 30. mai 2009 Forfatter Del Skrevet 30. mai 2009 Her er de: OTViewIt Extras logfile created on: 31.05.2009 00:58:20 - Run 3 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 1015,36 Mb Total Physical Memory | 801,23 Mb Available Physical Memory | 78,91% Memory free 2,39 Gb Paging File | 2,30 Gb Available in Paging File | 96,47% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 149,04 Gb Total Space | 116,65 Gb Free Space | 78,27% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC325527994237 Current User Name: Thor-Kenneth Maarnes Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 "FirewallDisableNotify"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=0 "DisableNotifications"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008.04.14 18:23:10 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008.04.14 18:23:10 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008.04.14 18:23:17 | 00,506,880 | ---- | M] (Microsoft Corporation) -- \??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1 [2009.02.06 19:52:38 | 03,885,400 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2009.05.26 13:20:00 | 01,283,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries00000000004 [mdnsNSP] -- C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.) ========== HKEY_LOCAL_MACHINE Protocol Defaults ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols myrm -- 2 = Trusted sites (Not a Default Protocol) myui -- 2 = Trusted sites (Not a Default Protocol) ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007.08.29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2009.02.06 19:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007.08.29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007.08.29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2006.10.26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2009.02.06 19:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2009.02.06 19:53:40 | 00,791,392 | ---- | M] (Microsoft Corporation) C:\Programfiler\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2006.10.26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01B3D254-6843-412A-BBF1-02D5C70DF920}"=HP User Guides 0120 "{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour "{082702D5-5DD8-4600-BCE5-48B15174687F}"=HP Doc Viewer "{0A77B7A0-B953-4E39-B4B2-A0181AB9AB06}"=OGA Notifier 1.7.0105.35.0 "{162B71B8-8464-4680-A086-601D555B331D}"=Apple Mobile Device Support "{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Opplastingsverktøy for Windows Live "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT "{2614F54E-A828-49FA-93BA-45A3F756BFAA}"=32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216012FF}"=Java 6 Update 12 "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}"=Sony Ericsson PC Suite 4.010.00 "{33FE4D58-2D62-4969-8B0F-7F7ACBB7BD23}"=Windows Live Messenger "{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.40 L1 "{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}"=HP Webcam "{3B4A0DDA-2AAE-4467-A803-BF2520CD3D06}"=Påloggingsassistent for Windows Live "{3B4E636E-9D65-4D67-BA61-189800823F52}"=Windows Live Communications Platform "{3EAC35F4-FF26-4123-9404-0B5B93DAB570}"=Microsoft .NET Framework 1.1 Norwegian Language Pack "{448D1E2D-AAEA-470E-BDF1-A326B48327F3}"=Windows Live Writer "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}"=Junk Mail filter update "{5D97A4A7-C274-4B63-86D9-07A33435F505}"=InterVideo DVD Check "{6198FF39-F52B-ABB5-9466-44D925CCD1DA}"=Facebook Desktop for AIR "{63C8FE88-478F-4E14-ADD0-B55227CC3234}"=Tour Your PC "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update "{69DAC00A-7665-4E9B-B441-093D40736429}"=HP BatteryCheck 1.00 A7 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin "{70CEFEBA-F757-4DBE-8A21-027C326137CE}"=HP Software Setup 5.00.A.9 "{70E33958-B160-4AC5-BFD8-93AF1845B282}"=HP Wallpaper "{716B866A-C4D3-4D58-9DE7-3780A5017344}"=Windows Live Essentials "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{732A3F80-008B-4350-BD58-EC5AE98707B8}"=HP Common Access Service Library "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}"=Avanquest update "{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}"=HP User Guide Bluetooth Addendum 0062 "{84814E6B-2581-46EC-926A-823BD1C670F6}"=HP Integrated Module with Bluetooth wireless technology "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard "{90120000-0010-0414-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Norwegian (Bokmål)) 12 "{90120000-0015-0414-0000-0000000FF1CE}"=Microsoft Office Access MUI (Norwegian (Bokmål)) 2007 "{90120000-0015-0414-0000-0000000FF1CE}_PROHYBRIDR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0414-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 "{90120000-0016-0414-0000-0000000FF1CE}_PROHYBRIDR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0414-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 "{90120000-0018-0414-0000-0000000FF1CE}_PROHYBRIDR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0414-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007 "{90120000-0019-0414-0000-0000000FF1CE}_PROHYBRIDR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0414-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007 "{90120000-001A-0414-0000-0000000FF1CE}_PROHYBRIDR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0414-0000-0000000FF1CE}"=Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 "{90120000-001B-0414-0000-0000000FF1CE}_PROHYBRIDR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0414-0000-0000000FF1CE}"=Microsoft Office Proof (Norwegian (Bokmål)) 2007 "{90120000-001F-0414-0000-0000000FF1CE}_PROHYBRIDR_{3FE135E8-2B21-44ED-99CA-87C782C4F5F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0814-0000-0000000FF1CE}"=Microsoft Office Proof (Norwegian (Nynorsk)) 2007 "{90120000-001F-0814-0000-0000000FF1CE}_PROHYBRIDR_{63BBC1EA-E390-403D-BFDE-B53E1D23FF46}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0414-0000-0000000FF1CE}"=Microsoft Office Proofing (Norwegian (Bokmål)) 2007 "{90120000-006E-0414-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 "{90120000-006E-0414-0000-0000000FF1CE}_PROHYBRIDR_{3CC75FEB-8AA6-43F5-958E-0D074633CB2E}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager "{91120000-0031-0000-0000-0000000FF1CE}"=Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting "{9C599387-6BAF-49CF-8BBB-67256FB2AF4B}"=HP 3D DriveGuard "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}"=Adobe AIR "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy "{C26B06A9-27BB-45B0-9873-9C623EC2BA38}"=iTunes "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CCA238D3-4FFC-4B3E-B34F-3AD78AD11523}"=Windows Live Mail "{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX "{F639E2A2-FE6B-4527-B8BE-C1C423B81844}"=HP Webcam "Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR"=Adobe AIR "Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin "HDMI"=Intel® Graphics Media Accelerator Driver "HijackThis"=HijackThis 2.0.2 "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "ie7"=Windows Internet Explorer 7 "InstallShield_{F639E2A2-FE6B-4527-B8BE-C1C423B81844}"=HP Webcam "LastFM_is1"=Last.fm 1.5.2.38918 "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "Mozilla Firefox (3.0.10)"=Mozilla Firefox (3.0.10) "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP "NAV"=Norton AntiVirus "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "PDF Complete"=PDF Complete "PROHYBRIDR"=2007 Microsoft Office system "Spotify"=Spotify "SynTPDeinstKey"=Synaptics Pointing Device Driver "UnHackMe_is1"=UnHackMe 5.00 release "VLC media player"=VLC media player 0.9.9 "Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "Windows XP Service Pack"=Windows XP Service Pack 3 "WinLiveSuite_Wave3"=Windows Live Essentials "WinRAR archiver"=WinRAR Arkiverer "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent"=µTorrent ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-546346446-1237425010-2293000336-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent"=µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27.04.2009 14:58:22 | Computer Name = PC325527994237 | Source = Application Error | ID = 1000 Description = Feilende program vlc.exe, versjon 0.9.8.1, feilende modul libvlccore.dll, versjon 0.9.8.1, feiladresse 0x00073fc7. Error - 29.04.2009 07:18:44 | Computer Name = PC325527994237 | Source = Application Error | ID = 1000 Description = Feilende program firefox.exe, versjon 1.9.0.3399, feilende modul xul.dll, versjon 1.9.0.3399, feiladresse 0x0047c035. Error - 05.05.2009 14:11:17 | Computer Name = PC325527994237 | Source = WindowsLiveMessenger | ID = 15728647 Description = Error - 07.05.2009 17:32:10 | Computer Name = PC325527994237 | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.05.2009 18:31:22 | Computer Name = PC325527994237 | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.05.2009 18:36:09 | Computer Name = PC325527994237 | Source = JavaQuickStarterService | ID = 1 Description = Error - 08.05.2009 05:41:58 | Computer Name = PC325527994237 | Source = JavaQuickStarterService | ID = 1 Description = Error - 08.05.2009 07:00:16 | Computer Name = PC325527994237 | Source = Windows Live Messenger | ID = 1000 Description = [ Application Events ] Error - 27.04.2009 14:58:22 | Computer Name = PC325527994237 | Source = Application Error | ID = 1000 Description = Feilende program vlc.exe, versjon 0.9.8.1, feilende modul libvlccore.dll, versjon 0.9.8.1, feiladresse 0x00073fc7. Error - 29.04.2009 07:18:44 | Computer Name = PC325527994237 | Source = Application Error | ID = 1000 Description = Feilende program firefox.exe, versjon 1.9.0.3399, feilende modul xul.dll, versjon 1.9.0.3399, feiladresse 0x0047c035. Error - 05.05.2009 14:11:17 | Computer Name = PC325527994237 | Source = WindowsLiveMessenger | ID = 15728647 Description = Error - 07.05.2009 17:32:10 | Computer Name = PC325527994237 | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.05.2009 18:31:22 | Computer Name = PC325527994237 | Source = JavaQuickStarterService | ID = 1 Description = Error - 07.05.2009 18:36:09 | Computer Name = PC325527994237 | Source = JavaQuickStarterService | ID = 1 Description = Error - 08.05.2009 05:41:58 | Computer Name = PC325527994237 | Source = JavaQuickStarterService | ID = 1 Description = Error - 08.05.2009 07:00:16 | Computer Name = PC325527994237 | Source = Windows Live Messenger | ID = 1000 Description = [ OSession Events ] Error - 28.05.2009 15:59:42 | Computer Name = PC325527994237 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 30.05.2009 18:55:10 | Computer Name = PC325527994237 | Source = DCOM | ID = 10005 Description = DCOM fikk feilen "%1084" ved forsøk på å starte tjenesten netman med argument "" for å kunne kjøre server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 30.05.2009 18:55:21 | Computer Name = PC325527994237 | Source = Service Control Manager | ID = 7001 Description = Tjenesten DHCP Client er avhengig av tjenesten NetBios over TCP/IP, som ikke kunne startes på grunn av feilen %%31 Error - 30.05.2009 18:55:21 | Computer Name = PC325527994237 | Source = Service Control Manager | ID = 7001 Description = Tjenesten DNS Client er avhengig av tjenesten Driver for TCP/IP-protokoll, som ikke kunne startes på grunn av feilen %%31 Error - 30.05.2009 18:55:21 | Computer Name = PC325527994237 | Source = Service Control Manager | ID = 7001 Description = Tjenesten TCP/IP NetBIOS Helper er avhengig av tjenesten AFD, som ikke kunne startes på grunn av feilen %%31 Error - 30.05.2009 18:55:21 | Computer Name = PC325527994237 | Source = Service Control Manager | ID = 7001 Description = Tjenesten Apple Mobile Device er avhengig av tjenesten Driver for TCP/IP-protokoll, som ikke kunne startes på grunn av feilen %%31 Error - 30.05.2009 18:55:21 | Computer Name = PC325527994237 | Source = Service Control Manager | ID = 7001 Description = Tjenesten Bonjour-tjeneste er avhengig av tjenesten Driver for TCP/IP-protokoll, som ikke kunne startes på grunn av feilen %%31 Error - 30.05.2009 18:55:21 | Computer Name = PC325527994237 | Source = Service Control Manager | ID = 7001 Description = Tjenesten IPSEC Services er avhengig av tjenesten IPSEC-driver, som ikke kunne startes på grunn av feilen %%31 Error - 30.05.2009 18:55:21 | Computer Name = PC325527994237 | Source = Service Control Manager | ID = 7026 Description = Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn: AFD BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SYMTDI Tcpip Error - 30.05.2009 18:57:15 | Computer Name = PC325527994237 | Source = DCOM | ID = 10005 Description = DCOM fikk feilen "%1084" ved forsøk på å starte tjenesten netman med argument "" for å kunne kjøre server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 30.05.2009 18:57:42 | Computer Name = PC325527994237 | Source = DCOM | ID = 10005 Description = DCOM fikk feilen "%1084" ved forsøk på å starte tjenesten StiSvc med argument "" for å kunne kjøre server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} < End of report > OTViewIt logfile created on: 31.05.2009 00:58:20 - Run 3 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 1015,36 Mb Total Physical Memory | 801,23 Mb Available Physical Memory | 78,91% Memory free 2,39 Gb Paging File | 2,30 Gb Available in Paging File | 96,47% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 149,04 Gb Total Space | 116,65 Gb Free Space | 78,27% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC325527994237 Current User Name: Thor-Kenneth Maarnes Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2009.05.31 00:44:07 | 00,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\OTViewIt.exe [2009.05.28 20:20:18 | 00,248,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe ========== (O23) Win32 Services ========== [2009.03.06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped]) [2005.09.23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programfiler\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped]) [2008.03.31 15:32:40 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Stopped]) [2005.09.23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008.11.19 10:14:06 | 00,222,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Stopped]) [2009.05.28 19:53:32 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Programfiler\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe -- (EraserSvc10822 [Auto | Stopped]) [2008.10.23 13:46:02 | 00,243,712 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex [On_Demand | Stopped]) [2008.10.03 12:16:12 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Programfiler\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Stopped]) [2004.10.22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2009.03.12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) [2009.03.19 15:22:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped]) [2009.05.28 19:53:32 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Programfiler\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe -- (Norton AntiVirus [Auto | Stopped]) [2007.08.24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2008.08.08 08:47:02 | 00,777,240 | ---- | M] (PDF Complete Inc) -- C:\Programfiler\PDF Complete\pdfsvc.exe -- (pdfcDispatcher [Auto | Stopped]) [2006.11.15 11:46:18 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008.05.23 15:50:16 | 00,028,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer [On_Demand | Running]) [2008.10.16 15:58:00 | 00,338,944 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Stopped]) [2007.07.13 12:26:12 | 00,094,976 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio [On_Demand | Stopped]) [2001.08.17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running]) [2008.11.03 11:48:36 | 01,391,104 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Stopped]) [2009.05.28 19:53:32 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys -- (BHDrvx86 [system | Stopped]) [2008.04.03 18:40:44 | 00,539,512 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Stopped]) [2008.04.03 18:40:44 | 00,037,424 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Stopped]) [2008.04.03 18:40:44 | 00,879,624 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Stopped]) [2008.04.03 18:40:44 | 00,182,656 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped]) [2008.04.03 18:40:44 | 00,037,280 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand | Stopped]) [2008.04.03 18:40:44 | 00,074,688 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped]) [2009.05.28 19:53:33 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys -- (ccHP [system | Stopped]) [2009.05.28 02:18:50 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Stopped]) [2009.05.28 02:18:50 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Stopped]) [2009.01.15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped]) [2008.04.28 15:22:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand | Running]) [2008.04.13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2008.05.23 15:51:02 | 00,024,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt [boot | Running]) [2007.06.18 17:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running]) [2008.02.15 15:12:06 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Stopped]) [2008.09.12 14:32:56 | 00,327,192 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [boot | Running]) [2009.05.28 19:53:33 | 00,274,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys -- (IDSxpx86 [system | Stopped]) [2008.04.14 17:50:11 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running]) [2008.07.14 11:21:28 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\MfeAVFK.sys -- (MfeAVFK [On_Demand | Stopped]) [2008.07.14 11:21:34 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\MfeBOPK.sys -- (MfeBOPK [On_Demand | Stopped]) [2008.07.14 11:21:50 | 00,207,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [system | Stopped]) [2008.07.14 11:22:20 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\MfeRKDK.sys -- (MfeRKDK [On_Demand | Stopped]) [2008.07.14 11:22:40 | 00,055,176 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik [system | Stopped]) [2009.05.28 02:18:50 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090528.003\naveng.sys -- (NAVENG [On_Demand | Stopped]) [2009.05.28 02:18:50 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090528.003\navex15.sys -- (NAVEX15 [On_Demand | Stopped]) [2009.05.28 19:57:16 | 00,182,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [boot | Running]) [2009.05.29 16:50:43 | 00,034,760 | ---- | M] (Greatis Software) -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan [boot | Stopped]) [2004.08.04 10:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Stopped]) [2008.04.13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2008.03.28 12:14:02 | 00,024,064 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO [boot | Running]) [2001.10.06 14:45:14 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped]) [2008.10.09 12:32:46 | 01,810,856 | ---- | M] () -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC [On_Demand | Stopped]) [2009.05.28 19:53:34 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\srtsp.sys -- (SRTSP [On_Demand | Stopped]) [2009.05.28 19:53:34 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\srtspx.sys -- (SRTSPX [system | Stopped]) [2009.05.28 19:53:34 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symdns.sys -- (SYMDNS [On_Demand | Stopped]) [2009.05.28 19:53:34 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\SymEFA.sys -- (SymEFA [boot | Running]) [2009.05.28 19:53:43 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped]) [2009.05.28 19:53:35 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symfw.sys -- (SYMFW [On_Demand | Stopped]) [2009.05.28 19:53:35 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symids.sys -- (SYMIDS [On_Demand | Stopped]) [2009.05.28 19:53:35 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped]) [2009.05.28 19:53:35 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Stopped]) [2009.05.28 19:53:35 | 00,182,656 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symndis.sys -- (SYMNDIS [On_Demand | Stopped]) [2009.05.28 19:53:35 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symredrv.sys -- (SYMREDRV [On_Demand | Stopped]) [2009.05.28 19:53:35 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symtdi.sys -- (SYMTDI [system | Stopped]) [2008.06.20 18:04:34 | 00,225,696 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running]) [2009.03.05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) [2006.11.02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running]) [2008.04.13 20:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [system | Running]) [2008.11.23 22:57:00 | 00,296,320 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=91&bd=all&pf=cmnb "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://liverpool.no/CDA/homepg.aspx [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-21-546346446-1237425010-2293000336-1007\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=91&bd=all&pf=cmnb "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://liverpool.no/CDA/homepg.aspx [HKEY_USERS\S-1-5-21-546346446-1237425010-2293000336-1007\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-546346446-1237425010-2293000336-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local ========== (O1) Hosts File ========== Hosts file not found ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Programfiler\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.dll (Symantec Corporation) {9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Programfiler\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{0BF43445-2F28-4351-9252-17FE6E806AA0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.Exe (Hewlett-Packard Corporation) "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) "HP Software Update"=c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) "HPCam_Menu"="c:\Programfiler\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Programfiler\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0" (CyberLink Corp.) "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" (Apple Inc.) "IAAnotif"=C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) "PDF Complete"=C:\Programfiler\PDF Complete\pdfsty.exe (PDF Complete Inc) "Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) "QlbCtrl.exe"=C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.) "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime (Apple Inc.) "SoundMAX"=C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.) "SoundMAXPnP"=C:\Programfiler\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) "SunJavaUpdateSched"="C:\Programfiler\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) "SynTPEnh"=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) "WatchDog"=C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) "UnHackMe Monitor"=C:\Programfiler\UnHackMe\hackmon.exe (Greatis Software) [HKEY_USERS\S-1-5-21-546346446-1237425010-2293000336-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) "UnHackMe Monitor"=C:\Programfiler\UnHackMe\hackmon.exe (Greatis Software) ========== (O4) Startup Folders ========== [2008.03.31 15:32:42 | 00,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk = C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2008.05.23 18:23:22 | 00,197,904 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "disableregistrytools"=0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-546346446-1237425010-2293000336-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "disableregistrytools"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] E&ksporter til Microsoft Excel: C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE [2009.02.26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation) Send til &Bluetooth-enhet...: C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006.08.16 09:16:32 | 00,002,773 | ---- | M] () Send til Bluetooth: C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008.03.27 14:44:32 | 00,005,601 | ---- | M] () [HKEY_USERS\S-1-5-21-546346446-1237425010-2293000336-1007\Software\Microsoft\Internet Explorer\MenuExt\] E&ksporter til Microsoft Excel: C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE [2009.02.26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation) Send til &Bluetooth-enhet...: C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006.08.16 09:16:32 | 00,002,773 | ---- | M] () Send til Bluetooth: C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008.03.27 14:44:32 | 00,005,601 | ---- | M] () ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blogg dette -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2009.02.06 19:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation) {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blogg dette i Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2009.02.06 19:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006.10.26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) {CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008.03.27 14:44:32 | 00,005,601 | ---- | M] () {CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008.03.27 14:44:32 | 00,005,601 | ---- | M] () {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009.01.26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited) {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008.04.13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008.04.14 18:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008.04.14 18:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [blogg dette] -> [2009.02.06 19:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006.10.26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 18:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [blogg dette] -> [2009.02.06 19:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006.10.26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 18:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [blogg dette] -> [2009.02.06 19:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006.10.26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 18:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-546346446-1237425010-2293000336-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [blogg dette] -> [2009.02.06 19:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006.10.26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation) CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 18:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 49 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 48 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 48 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 48 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-546346446-1237425010-2293000336-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 48 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/C/0...heckControl.cab -- Windows Genuine Advantage Validation Tool {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12 {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12 ========== (O17) DNS Name Servers ========== {0583CAAD-18F7-45F6-8B6C-FB15DA8652DA} (Servers: | Description: Broadcom 4322AG 802.11a/b/g/draft-n Wi-Fi Adapter) {38E3CEC0-3234-498D-8FEA-CD928C7FFD2C} (Servers: | Description: ) {39413483-F0F7-4C15-8CFC-8F3B40CDFD28} (Servers: | Description: ) {B56AE187-441B-442F-A52C-13EE8446C58E} (Servers: | Description: Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Controller) ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] Unable to read "AutoRun" value or value not present! ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\*.tmp files] [2009.05.31 00:44:03 | 00,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\OTViewIt.exe [2009.05.30 15:57:47 | 26,586,243 | ---- | C] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\20090529-041-v5i32.exe [2009.05.29 20:55:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009.05.29 20:19:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Thor-Kenneth Maarnes\Programdata\Malwarebytes [2009.05.29 20:19:26 | 00,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk [2009.05.29 20:19:23 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009.05.29 20:19:20 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009.05.29 20:19:20 | 00,000,000 | ---D | C] -- C:\Programfiler\Malwarebytes' Anti-Malware [2009.05.29 20:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Malwarebytes [2009.05.29 19:37:11 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\HijackThis.lnk [2009.05.29 19:36:59 | 00,000,000 | ---D | C] -- C:\Programfiler\Trend Micro [2009.05.29 16:50:43 | 00,034,760 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2009.05.29 16:50:43 | 00,032,480 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2009.05.29 16:50:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\RegRun2 [2009.05.29 16:50:07 | 00,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys [2009.05.29 16:50:07 | 00,000,625 | ---- | C] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\UnHackMe.lnk [2009.05.29 16:50:01 | 00,000,000 | ---D | C] -- C:\Programfiler\UnHackMe [2009.05.29 15:58:51 | 00,000,000 | ---D | C] -- C:\Programfiler\Spybot - Search & Destroy [2009.05.29 15:58:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy [2009.05.29 15:20:13 | 00,002,881 | ---- | C] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Sharedaccess.reg [2009.05.29 14:34:52 | 02,986,872 | ---- | C] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\FixVirut.com [2009.05.29 00:06:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009.05.28 22:17:22 | 02,734,080 | ---- | C] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\rmvirut.exe [2009.05.28 20:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Thor-Kenneth Maarnes\Lokale innstillinger\Programdata\Symantec [2009.05.28 19:57:15 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys [2009.05.28 19:54:03 | 00,612,014 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\Cat.DB [2009.05.28 19:53:51 | 00,035,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys [2009.05.28 19:53:43 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2009.05.28 19:53:43 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2009.05.28 19:53:43 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2009.05.28 19:53:43 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2009.05.28 19:53:43 | 00,000,000 | ---D | C] -- C:\Programfiler\Symantec [2009.05.28 19:53:43 | 00,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Symantec Shared [2009.05.28 19:53:35 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symtdi.sys [2009.05.28 19:53:35 | 00,182,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndis.sys [2009.05.28 19:53:35 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symfw.sys [2009.05.28 19:53:35 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndisv.sys [2009.05.28 19:53:35 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symids.sys [2009.05.28 19:53:35 | 00,024,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symredrv.sys [2009.05.28 19:53:34 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.sys [2009.05.28 19:53:34 | 00,305,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.sys [2009.05.28 19:53:34 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.sys [2009.05.28 19:53:34 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symdns.sys [2009.05.28 19:53:32 | 00,254,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.sys [2009.05.28 19:53:09 | 00,003,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.inf [2009.05.28 19:53:09 | 00,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.inf [2009.05.28 19:53:09 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.inf [2009.05.28 19:53:09 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.inf [2009.05.28 19:53:09 | 00,000,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.inf [2009.05.28 19:53:09 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\isolate.ini [2009.05.28 19:52:56 | 00,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.cat [2009.05.28 19:52:56 | 00,010,659 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.cat [2009.05.28 19:52:56 | 00,010,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.cat [2009.05.28 19:52:56 | 00,010,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.cat [2009.05.28 19:52:56 | 00,010,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.CAT [2009.05.28 19:52:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1000000.07D [2009.05.28 19:52:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV [2009.05.28 19:52:53 | 00,000,000 | ---D | C] -- C:\Programfiler\Norton AntiVirus [2009.05.28 19:52:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Norton [2009.05.28 19:49:44 | 00,000,000 | ---D | C] -- C:\Programfiler\NortonInstaller [2009.05.28 19:49:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\NortonInstaller [2009.05.28 16:42:16 | 85,541,976 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\NAV2009_16.0_Build_0000001_OEM90_Microsoft.exe [2009.05.28 15:56:04 | 00,000,434 | ---- | C] () -- C:\WINDOWS\myClean.bat [2009.05.28 14:25:44 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\CURRICULUM VITAE.doc [2009.05.20 23:14:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Thor-Kenneth Maarnes\Programdata\vlc [2009.05.20 23:13:42 | 00,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\VLC media player.lnk [2009.05.07 23:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Thor-Kenneth Maarnes\Lokale innstillinger\Programdata\IsolatedStorage [2009.05.01 13:08:03 | 00,008,522 | R--- | C] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\ticket-application-form.pdf ========== Files - Modified Within 30 Days ========== [3 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2009.05.31 00:57:52 | 00,959,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009.05.31 00:57:52 | 00,407,576 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat [2009.05.31 00:57:52 | 00,403,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009.05.31 00:57:52 | 00,071,700 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat [2009.05.31 00:57:52 | 00,063,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009.05.31 00:53:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.05.31 00:52:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.05.31 00:51:30 | 03,770,196 | -H-- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Lokale innstillinger\Programdata\IconCache.db [2009.05.31 00:44:07 | 00,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\OTViewIt.exe [2009.05.30 23:44:34 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.30 16:01:56 | 26,586,243 | ---- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\20090529-041-v5i32.exe [2009.05.29 20:19:26 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk [2009.05.29 19:37:11 | 00,001,725 | ---- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\HijackThis.lnk [2009.05.29 19:16:03 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009.05.29 16:50:43 | 00,034,760 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2009.05.29 16:50:43 | 00,032,480 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2009.05.29 16:50:07 | 00,000,625 | ---- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\UnHackMe.lnk [2009.05.29 15:26:50 | 00,000,722 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090529-161955.backup [2009.05.29 15:20:13 | 00,002,881 | ---- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Sharedaccess.reg [2009.05.29 15:12:53 | 00,432,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe [2009.05.29 15:12:17 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcimlby.exe [2009.05.29 15:12:05 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2009.05.29 15:11:59 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe [2009.05.29 14:35:17 | 02,986,872 | ---- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\FixVirut.com [2009.05.28 22:17:30 | 02,734,080 | ---- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\rmvirut.exe [2009.05.28 22:03:50 | 00,612,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\Cat.DB [2009.05.28 21:29:21 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe [2009.05.28 21:29:05 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe [2009.05.28 21:28:56 | 00,136,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe [2009.05.28 21:28:49 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe [2009.05.28 21:28:07 | 00,677,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe [2009.05.28 21:27:53 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe [2009.05.28 21:27:48 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe [2009.05.28 21:27:10 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe [2009.05.28 21:27:08 | 00,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe [2009.05.28 21:27:06 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe [2009.05.28 20:20:18 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe [2009.05.28 20:03:13 | 00,000,722 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn [2009.05.28 19:57:16 | 00,182,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys [2009.05.28 19:57:15 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys [2009.05.28 19:53:43 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2009.05.28 19:53:43 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2009.05.28 19:53:43 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2009.05.28 19:53:43 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2009.05.28 19:53:35 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symtdi.sys [2009.05.28 19:53:35 | 00,182,656 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndis.sys [2009.05.28 19:53:35 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symfw.sys [2009.05.28 19:53:35 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndisv.sys [2009.05.28 19:53:35 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys [2009.05.28 19:53:35 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symids.sys [2009.05.28 19:53:35 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symredrv.sys [2009.05.28 19:53:34 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.sys [2009.05.28 19:53:34 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.sys [2009.05.28 19:53:34 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.sys [2009.05.28 19:53:34 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symdns.sys [2009.05.28 19:53:32 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.sys [2009.05.28 19:53:09 | 00,003,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.inf [2009.05.28 19:53:09 | 00,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.inf [2009.05.28 19:53:09 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.inf [2009.05.28 19:53:09 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.inf [2009.05.28 19:53:09 | 00,000,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.inf [2009.05.28 19:53:09 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\isolate.ini [2009.05.28 19:52:56 | 00,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.cat [2009.05.28 19:52:56 | 00,010,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.cat [2009.05.28 19:52:56 | 00,010,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.cat [2009.05.28 19:52:56 | 00,010,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.cat [2009.05.28 19:52:56 | 00,010,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.CAT [2009.05.28 16:46:42 | 85,541,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\NAV2009_16.0_Build_0000001_OEM90_Microsoft.exe [2009.05.28 14:25:44 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\CURRICULUM VITAE.doc [2009.05.26 23:12:28 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Kamper.doc [2009.05.26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009.05.26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009.05.20 23:13:42 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\VLC media player.lnk [2009.05.07 09:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009.05.01 13:07:19 | 00,008,522 | R--- | M] () -- C:\Documents and Settings\Thor-Kenneth Maarnes\Skrivebord\ticket-application-form.pdf < End of report > Lenke til kommentar
tkm Skrevet 1. juni 2009 Forfatter Del Skrevet 1. juni 2009 Noen som gidder å se over loggene? Lenke til kommentar
norbat Skrevet 1. juni 2009 Del Skrevet 1. juni 2009 (endret) Prøv følgende: 1. Last ned og pakk ut følgende program på skrivebordet: RootRepeal 2. Start programmet, velg arkfanen Files, klikk Scan 3. Det vil dukke opp div. filer, både legale og forhåpentligvis malwaren vi er ute etter. Du skal se etter en fil med .sys-endelse og med navn som starter med følgende tegn etterfulgt med tilfeldige bokstaver: TDSS Seneka GAOPDX UAC gxv 4. Hvis du finner aktuelle driver, høyreklikk og velg wipe file. 5. Restart pc'n 6. Last ned ny combofix og prøv og kjør programmet. Endret 1. juni 2009 av norbat Lenke til kommentar
tkm Skrevet 1. juni 2009 Forfatter Del Skrevet 1. juni 2009 Prøv følgende:1. Last ned og pakk ut følgende program på skrivebordet: RootRepeal 2. Start programmet, velg arkfanen Files, klikk Scan 3. Det vil dukke opp div. filer, både legale og forhåpentligvis malwaren vi er ute etter. Du skal se etter en fil med .sys-endelse og med navn som starter med følgende tegn etterfulgt med tilfeldige bokstaver: TDSS Seneka GAOPDX UAC gxv 4. Hvis du finner aktuelle driver, høyreklikk og velg wipe file. 5. Restart pc'n 6. Last ned ny combofix og prøv og kjør programmet. Da har jeg kjørt RootRepeal, men fant ingen filer som startet med de tegnene. Legger ved loggen. Skal sies at jeg har hatt problemer med en ndis.sys fil på et annet scanneprogram jeg har prøvd. Det stoppet helt opp på en slik fil... Path: C:\WINDOWS\system32\config\software.LOG Status: Size mismatch (API: 20480, Raw: 1024) Path: C:\WINDOWS\system32\config\system.LOG Status: Size mismatch (API: 8192, Raw: 1024) Path: C:\WINDOWS\system32\dllcache\ndis.sys Status: Size mismatch (API: 182656, Raw: 212224) Path: C:\WINDOWS\system32\dllcache\zclientm.exe Status: Allocation size mismatch (API: 61440, Raw: 40960) Path: C:\WINDOWS\system32\drivers\ndis.sys Status: Size mismatch (API: 182656, Raw: 212224) Path: C:\WINDOWS\system32\drivers\btwdndis.sys Status: Size mismatch (API: 182656, Raw: 156392) Path: C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdndis.sys Status: Size mismatch (API: 182656, Raw: 156392) Path: C:\SWSetup\Btooth\Win32\drivers\btwdndis.sys Status: Size mismatch (API: 182656, Raw: 156392) Path: C:\SWSetup\Btooth\Win64\drivers\btwdndis.sys Status: Size mismatch (API: 182656, Raw: 156456) Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Status: Allocation size mismatch (API: 8192, Raw: 4096) Path: C:\WINDOWS\system32\drivers\NAV\1000000.07D\symndis.sys Status: Size mismatch (API: 182656, Raw: 37424) Path: C:\Documents and Settings\All Users\Programdata\Sony Ericsson\Sony Ericsson PC Suite\document\rcv0011r.SMS Status: Allocation size mismatch (API: 16, Raw: 0) Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Min musikk\babyshambles complete discography\Babyshambles - Singles Sessions EPs Part 2\2006 - Beg, steal and borrow - Get Loaded Free CD\Babyshambles - Beg, Steal And Borrow (Acoustic Version).mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Min musikk\babyshambles complete discography\Babyshambles - Singles Sessions EPs Part 2\Featuring Peter Doherty\2004 - Client - Down To The Underground\client & pete doherty - down to the underground.mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Min musikk\babyshambles complete discography\Babyshambles - Singles Sessions EPs Part 2\Featuring Peter Doherty\2005 - Littl'ans feat. Pete Doherty - Their Way\(the_littl'ans)_andrew_aveiling_feat_pete_doherty_-_their_way_(part_2).mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Min musikk\babyshambles complete discography\Babyshambles - Singles Sessions EPs Part 2\Featuring Peter Doherty\2005 - Littl'ans feat. Pete Doherty - Their Way5 littl 'ans feat. peter doherty - their way.mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Min musikk\babyshambles complete discography\Babyshambles - Singles Sessions EPs Part 2\Featuring Peter Doherty\2006 - The Streets feat. Pete Doherty - Prangin' Out1 Prangin' Out - Pete And Mike's Version (Radio Edit 3.41).mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Min musikk\babyshambles complete discography\Babyshambles - Singles Sessions EPs Part 2\Featuring Peter Doherty\2006 - The Streets feat. Pete Doherty - Prangin' Out\Prangin' Out - Pete and Mike's version (3.54).mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Min musikk\babyshambles complete discography\Babyshambles - Singles Sessions EPs Part 2\Featuring Peter Doherty\2006 - The Streets feat. Pete Doherty - Prangin' Out\Prangin' Out - Pete Doherty's version (4.08).mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Min musikk\babyshambles complete discography\Babyshambles - Singles Sessions EPs Part 2\Featuring Peter Doherty\2006 - The Streets feat. Pete Doherty - Prangin' Out\The_Streets_51aTHVJJ20L._SS500.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Mine dokumenter\Min musikk\babyshambles complete discography\Babyshambles - Singles Sessions EPs Part 2\_Part 1 Upgrade\_Misc\Babyshambles_-_Killamangiro_(Discarded_from_Single_Sessions)_-_Unknown_Album_(27-04-2004_19-01-34).wma Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Programdata\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys Status: Size mismatch (API: 182656, Raw: 0) Path: C:\Documents and Settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090528.003\EraserUtilRebootDrv.sys Status: Locked to the Windows API! Path: C:\Documents and Settings\Thor-Kenneth Maarnes\Lokale innstillinger\Programdata\Microsoft\Silverlight\is\pqc2rru4.mny\jpvnlpon.54e\1\s Status: Size mismatch (API: 182656, Raw: 0) Path: C:\WINDOWS\system32\config\systemprofile\Programdata\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys Status: Size mismatch (API: 182656, Raw: 0) Lenke til kommentar
norbat Skrevet 1. juni 2009 Del Skrevet 1. juni 2009 Får du kjørt combofix fra sikker modus? Lenke til kommentar
tkm Skrevet 1. juni 2009 Forfatter Del Skrevet 1. juni 2009 Nei. Kommer bare opp en dialogboks der det står feil, og så lukkes det Lenke til kommentar
norbat Skrevet 1. juni 2009 Del Skrevet 1. juni 2009 Får du oppdatert malwarebytes - hvis, kjør en ny rask skann. Lenke til kommentar
tkm Skrevet 2. juni 2009 Forfatter Del Skrevet 2. juni 2009 Får ikke oppdatert malwarebytes... Lenke til kommentar
tkm Skrevet 2. juni 2009 Forfatter Del Skrevet 2. juni 2009 Får du oppdatert malwarebytes - hvis, kjør en ny rask skann. Etter litt prøving, så fikk jeg oppdatert den.. Combofik fungerer fortsatt ikke. Her er loggen: Malwarebytes' Anti-Malware 1.37 Databaseversjon: 2213 Windows 5.1.2600 Service Pack 3 02.06.2009 15:48:15 mbam-log-2009-06-02 (15-48-15).txt Skanntype: Rask Skann Objekter skannet: 78439 Tid tilbakelagt: 3 minute(s), 54 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
norbat Skrevet 3. juni 2009 Del Skrevet 3. juni 2009 Last ned ny combofix. Endre programnavnet til noe annet, eks. tkm Restart i sikker modus og se om du ikke nå får kjørt 'combofix' Lenke til kommentar
tkm Skrevet 4. juni 2009 Forfatter Del Skrevet 4. juni 2009 Funket ikke det heller... Det rare er at programmet slettes etter dialogboksen med "feil" kommer opp Lenke til kommentar
dozer22 Skrevet 12. juni 2009 Del Skrevet 12. juni 2009 Funket ikke det heller... Det rare er at programmet slettes etter dialogboksen med "feil" kommer opp Kjør Gmer (www.gmer.net) Trykk Scan og vent så til programmet viser scan igjen (står stop mens programmet scanner) Lagre logg (Save as...) og send som PM til meg. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå