rpcnet.exe, identifisert som Win32.TrojanDownloader.Agent. Hva bør jeg gjøre?

[Thrinduil]

Hei!

 

I det siste så har AdAware kommet opp med noen meldinger om at programmet har stoppet en prosess med rpcnet.exe, og at AdAware har identifisert det med Win32.TrojanDownloader.Agent. Jeg har prøvd å se om jeg kan finne noe på google som kunne være til hjelp, men fant ikke noe særlig.

 

Er det noen som har peiling på hva som forårsaker dette og hvordan en kan fjerne problemet? Har prøvd å kjøre AdAware et par ganger og slette det programmet har funnet, men meldingen kommer fortsatt opp.

[snippsat]

Kjør igjennom Veiledningen loggene poster du her i tråden din.

[Thrinduil]

Ja, lastet ned det Malwarebytes programmet, og kjørte det på pcen. Denne loggen ble lagret på pcen:

 

Malwarebytes' Anti-Malware 1.37

Databaseversjon: 2258

Windows 5.1.2600 Service Pack 3

 

10.06.2009 18:11:34

mbam-log-2009-06-10 (18-11-34).txt

 

Skanntype: Rask Skann

Objekter skannet: 100960

Tid tilbakelagt: 4 minute(s), 28 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\WINDOWS\system32\2052 (Malware.Trace) -> Quarantined and deleted successfully.

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

Prøvde også ut det Combofix, men det kom bare opp sånn feilmelding når jeg skulle prøve å innstalere det på pcen. Håper loggen sier deg noe.

[snippsat]

Last ned RSIT (Random's System Information Tool) til skrivebordet

Start programmet ved å dobbeltklikke på RSIT.exe

Klikk Continue

Etter få strakser vil det lages en logg (log.txt). Den poster du.

[Thrinduil]

Ble ganske lang den loggen, men:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by 91kasfin at 2009-06-10 22:38:31

Microsoft Windows XP Professional Service Pack 3

System drive C: has 2 GB (9%) free of 20 GB

Total RAM: 1918 MB (54% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:38:50, on 10.06.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Novell\XTAgent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

C:\Programfiler\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Novell\ZENworks\nalntsrv.exe

C:\Programfiler\Danware Data\NetOp School\STUDENT\NHOSTS0C.EXE

C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\StacSV.exe

C:\Programfiler\Danware Data\NetOp School\STUDENT\NSTDW32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

C:\Programfiler\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Programfiler\Novell\ZENworks\wm.exe

C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\msdtc.exe

C:\Programfiler\DellTPad\Apoint.exe

C:\Programfiler\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Programfiler\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Programfiler\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\dpmw32.exe

C:\Programfiler\DellTPad\HidFind.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Programfiler\DellTPad\Apntex.exe

C:\Programfiler\Norman\Npm\bin\ZLH.EXE

C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

C:\Programfiler\Norman\nse\bin\NSESVC.EXE

C:\Programfiler\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Programfiler\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\Documents and Settings\91kasfin\Skrivebord\RSIT.exe

C:\Programfiler\trend micro\91kasfin.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13166&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default....;l=no&s=gen

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NBHO1 Class - {53F53E00-4C2B-43E5-8AF0-D3C863E8FC65} - C:\Programfiler\Danware Data\NetOp School\STUDENT\NBHO.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programfiler\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [WavXMgr] C:\Programfiler\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe

O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [EA Core] "D:\Programfiler\Electronic Arts\EADM\Core.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Application Explorer.lnk = C:\Programfiler\Novell\ZENworks\NalView.exe

O4 - Global Startup: AutorunsDisabled

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programfiler\Novell\ZENworks\AxNalServer.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209989281734

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: gemsafe - C:\Programfiler\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\nalntsrv.exe

O23 - Service: NetOp Helper ver. 9.00 (2007058) (NetOp Host for NT Service) - Danware Data A/S - C:\Programfiler\Danware Data\NetOp School\STUDENT\NHOSTS0C.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Programfiler\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

O23 - Service: TdmService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Programfiler\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe

O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Programfiler\Novell\ZENworks\wm.exe

 

--

End of file - 13334 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Norton Security Scan for 91kasfin.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53F53E00-4C2B-43E5-8AF0-D3C863E8FC65}]

NBHO1 Class - C:\Programfiler\Danware Data\NetOp School\STUDENT\NBHO.dll [2007-02-27 160016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Påloggingshjelp for Windows Live - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Programfiler\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Programfiler\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Programfiler\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-10-10 463872]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Apoint"=C:\Programfiler\DellTPad\Apoint.exe [2007-09-23 159744]

"Dell QuickSet"=C:\Programfiler\Dell\QuickSet\quickset.exe [2007-07-20 1228800]

"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]

"WavXMgr"=C:\Programfiler\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 92160]

"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]

"RoxioDragToDisc"=C:\Programfiler\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

"NDPS"=C:\WINDOWS\system32\dpmw32.exe [2004-05-17 32859]

"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]

"ZENRC Tray Icon"=C:\WINDOWS\system32\zentray.exe [2005-05-18 40960]

"Norman ZANDA"=C:\Programfiler\Norman\Npm\bin\ZLH.EXE [2008-06-02 273520]

"Adobe Reader Speed Launcher"=C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"SigmatelSysTrayApp"=C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-12-05 405504]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MsnMsgr"=C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885400]

"DAEMON Tools Lite"=C:\Programfiler\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

"EA Core"=D:\Programfiler\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart

Application Explorer.lnk - C:\Programfiler\Novell\ZENworks\NalView.exe

AutorunsDisabled

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2007-04-24 110592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe]

C:\Programfiler\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetIdentity Notification]

C:\WINDOWS\system32\Novell\XtNotify.dll [2005-01-10 24576]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{763370C4-268E-4308-A60C-D8DA0342BE32}"=C:\Programfiler\Novell\ZENworks\NalShell.dll [2005-08-04 417792]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

"system"=C:\WINDOWS\system32\ziswin.exe [2005-08-01 192512]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

wvauth

nwv1_0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"CompatibleRUPSecurity"=1

"EnableLUA"=0

"ConsentPromptBehaviorAdmin"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\dpmw32.exe"="C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener"

"C:\Programfiler\Danware Data\NetOp School\STUDENT\Nstdw32.exe"="C:\Programfiler\Danware Data\NetOp School\STUDENT\Nstdw32.exe:*:Enabled:NetOp Student"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programfiler\Valve\hl.exe"="C:\Programfiler\Valve\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Programfiler\Warcraft III\Warcraft III.exe"="C:\Programfiler\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\Documents and Settings\91kasfin\Skrivebord\UrbanTerror\ioUrbanTerror.exe"="C:\Documents and Settings\91kasfin\Skrivebord\UrbanTerror\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror"

"C:\Documents and Settings\91kasfin\Skrivebord\Spill ikoner\UrbanTerror\ioUrbanTerror.exe"="C:\Documents and Settings\91kasfin\Skrivebord\Spill ikoner\UrbanTerror\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror"

"D:\Programfiler\Warcraft III\Warcraft III.exe"="D:\Programfiler\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\Program Files\Activision\Rome - Total War\RomeTW.exe"="C:\Program Files\Activision\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War"

"C:\Programfiler\FrostWire\FrostWire.exe"="C:\Programfiler\FrostWire\FrostWire.exe:*:Enabled:LimeWire"

"D:\Programfiler\World of Warcraft\WoW-1.12.0-enGB-downloader.exe"="D:\Programfiler\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"D:\Programfiler\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"="D:\Programfiler\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Documents and Settings\91kasfin\Skrivebord\WoW-BurningCrusade-enGB-Installer-downloader.exe"="C:\Documents and Settings\91kasfin\Skrivebord\WoW-BurningCrusade-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Programfiler\mIRC\mirc.exe"="C:\Programfiler\mIRC\mirc.exe:*:Enabled:mIRC"

"C:\Programfiler\uTorrent\uTorrent.exe"="C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Documents and Settings\91kasfin\Skrivebord\utorrent.exe"="C:\Documents and Settings\91kasfin\Skrivebord\utorrent.exe:*:Enabled:µTorrent"

"C:\Programfiler\GameSpy Arcade\Aphex.exe"="C:\Programfiler\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\Programfiler\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Programfiler\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

"D:\Programfiler\Valve\hl.exe"="D:\Programfiler\Valve\hl.exe:*:Enabled:Half-Life Launcher"

"D:\Programfiler\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Programfiler\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Programfiler\Electronic Arts\EADM\Core.exe"="C:\Programfiler\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"

"D:\AeriaGames\12Sky\TwelveSky.exe"="D:\AeriaGames\12Sky\TwelveSky.exe:*:Enabled:TwelveSky"

"C:\Programfiler\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programfiler\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\Programfiler\Electronic Arts\EADM\Core.exe"="D:\Programfiler\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"

"D:\Program Files\Activision\Rome - Total War\RomeTW.exe"="D:\Program Files\Activision\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War"

"D:\Programfiler\Spotify\spotify.exe"="D:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programfiler\Danware Data\NetOp School\STUDENT\Nstdw32.exe"="C:\Programfiler\Danware Data\NetOp School\STUDENT\Nstdw32.exe:*:Enabled:NetOp Student"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programfiler\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programfiler\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Programfiler\Windows Live\Messenger\msnmsgr.exe"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-06-10 22:38:32 ----D---- C:\Programfiler\trend micro

2009-06-10 22:38:31 ----D---- C:\rsit

2009-06-10 18:21:08 ----D---- C:\WINDOWS\ERDNT

2009-06-10 18:21:07 ----SD---- C:\ComboFix

2009-06-10 18:21:06 ----A---- C:\WINDOWS\system32\CF28631.exe

2009-06-10 18:20:02 ----D---- C:\Qoobox

2009-06-10 18:06:03 ----D---- C:\Documents and Settings\91kasfin\Programdata\Malwarebytes

2009-06-10 18:05:57 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware

2009-06-10 18:05:57 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2009-06-10 18:05:18 ----D---- C:\WINDOWS\LastGood

2009-06-10 08:17:06 ----A---- C:\WINDOWS\system32\rpcnet.exe

2009-05-25 22:07:37 ----D---- C:\Documents and Settings\All Users\Programdata\Blizzard

2009-05-11 18:26:45 ----D---- C:\Documents and Settings\91kasfin\Programdata\Spotify

 

======List of files/folders modified in the last 1 months======

 

2009-06-10 22:38:32 ----RD---- C:\Programfiler

2009-06-10 22:38:11 ----D---- C:\WINDOWS\Prefetch

2009-06-10 22:35:18 ----D---- C:\Documents and Settings\91kasfin\Programdata\uTorrent

2009-06-10 20:42:32 ----D---- C:\WINDOWS\Temp

2009-06-10 19:04:32 ----SHD---- C:\WINDOWS\Installer

2009-06-10 19:04:31 ----HD---- C:\Config.msi

2009-06-10 19:04:04 ----D---- C:\WINDOWS\system32

2009-06-10 18:21:19 ----D---- C:\Programfiler\Mozilla Firefox

2009-06-10 18:21:08 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-10 18:21:08 ----D---- C:\WINDOWS

2009-06-10 18:07:36 ----HD---- C:\WINDOWS\inf

2009-06-10 18:05:58 ----D---- C:\WINDOWS\system32\drivers

2009-06-10 18:05:42 ----HD---- C:\WINDOWS\$hf_mig$

2009-06-10 14:46:14 ----A---- C:\WINDOWS\system32\rpcnetp.exe

2009-06-10 14:46:11 ----A---- C:\WINDOWS\system32\rpcnet.dll

2009-06-10 10:49:35 ----A---- C:\WINDOWS\hpbafd.ini

2009-06-10 09:13:10 ----D---- C:\Documents and Settings\91kasfin\Programdata\OpenOffice.org2

2009-06-10 08:03:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-06-10 08:00:08 ----HD---- C:\NALCache

2009-06-10 07:59:37 ----D---- C:\WINDOWS\Registration

2009-06-10 07:59:22 ----A---- C:\WINDOWS\system32\rpcnetp.dll

2009-06-10 07:59:13 ----D---- C:\Programfiler\Norman

2009-06-09 22:17:17 ----N---- C:\WINDOWS\SchedLgU.Txt

2009-06-09 10:39:03 ----D---- C:\Documents and Settings\91kasfin\Programdata\Vso

2009-06-02 18:27:18 ----RSD---- C:\WINDOWS\Fonts

2009-06-02 17:43:59 ----D---- C:\WINDOWS\Minidump

2009-05-29 18:01:40 ----D---- C:\Programfiler\Fellesfiler\Symantec Shared

2009-05-29 18:00:01 ----D---- C:\Programfiler\Norton Security Scan

2009-05-28 17:46:41 ----A---- C:\WINDOWS\system32\lsdelete.exe

2009-05-27 14:30:13 ----D---- C:\WINDOWS\system32\Restore

2009-05-17 03:44:54 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2009-05-14 12:16:57 ----D---- C:\WINDOWS\Debug

2009-05-14 11:50:43 ----SD---- C:\WINDOWS\Tasks

2009-05-13 14:49:10 ----D---- C:\Programfiler\Fellesfiler

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdPPM;AMD HwPState prosessordriver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]

R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]

R1 NGS;Norman General Security Driver; \??\c:\programfiler\norman\nvc\bin\ngs.sys []

R1 NHostNT1;NetOp Driver 1 ver. 9.00 (2007058); C:\WINDOWS\System32\Drivers\NHOSTNY1.SYS [2007-02-27 92432]

R1 SASDIFSV;SASDIFSV; \??\C:\Programfiler\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Programfiler\SUPERAntiSpyware\SASKUTIL.sys []

R1 WmiAcpi;Microsoft Windows Management-grensesnitt for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R2 BASFND;BASFND; \??\C:\Programfiler\Broadcom\ASFIPMon\BASFND.sys []

R2 BlankScr;HBDevice; C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 6899]

R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]

R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]

R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]

R2 Ndiskio;Ndiskio; \??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS []

R2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\system32\NetWare\nwfs.sys [2007-06-21 513664]

R2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\system32\NetWare\resmgr.sys [2004-06-01 27249]

R2 SRVLOC;Novell Service Location; C:\WINDOWS\system32\NetWare\srvloc.sys [2006-09-25 160209]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 161280]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-09-23 155136]

R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-04-24 1975808]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-20 160256]

R3 BCM43XX;Driver for Dell trådløst WLAN-kort; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]

R3 CmBatt;Driver for batteri med Microsoft ACPI-kontrollmetode; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 Darpan;Darpan; C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-05-23 2773]

R3 HDAudBus;Microsoft UAA-bussdriver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;HID-driver for mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-06 12160]

R3 NHOSTN03;NetOp Driver 3 ver. 9.00 (2007058) (NHOSTN03); C:\WINDOWS\System32\Drivers\NHOSTN03.SYS [2007-02-27 3216]

R3 NIC1394;1394-nettverksdriver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2009-01-22 19512]

R3 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\system32\NetWare\nwdhcp.sys [2005-11-22 18353]

R3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwdns.sys [2006-10-27 43568]

R3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\system32\NetWare\NWHOST.sys [2005-10-12 9297]

R3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwslp.sys [2005-01-03 20332]

R3 NWSNS;Novell Simple Naming Services (NWSNS); C:\WINDOWS\system32\NetWare\NWSNS.sys [2005-10-12 6128]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-05-06 47360]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-05 1222840]

R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 aktivert hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Miniportdriver for Microsoft USB åpen vertskontroller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 WaveFDE;Wave System Power Monitor Device Driver; C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 18176]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\system32\NetWare\nwsipx32.sys [2005-10-27 39731]

S3 amqjfito;amqjfito; C:\WINDOWS\system32\drivers\amqjfito.sys []

S3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]

S3 EL90XBC;Driver for 3Com EtherLink XL 90XB/C-kort; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]

S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]

S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]

S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []

S3 mv2;mv2; C:\WINDOWS\system32\DRIVERS\mv2.sys [2008-10-05 10304]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

S3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\system32\NetWare\NWSAP.sys [2003-02-26 23232]

S3 SASENUM;SASENUM; \??\C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS []

S3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB-skannerdriver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]

S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 agp440;Intel AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]

S4 agpCPQ;Compaq AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]

S4 alim1541;ALI AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]

S4 amdagp;Driver for AMD AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]

S4 sisagp;SIS AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]

S4 viaagp;VIA AGP-bussfilter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-04-24 446464]

R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 eLoggerSvc6;Norman eLogger service 6; C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe [2007-08-30 150584]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-05-28 1005904]

R2 NALNTSERVICE;Novell Application Launcher; C:\Programfiler\Novell\ZENworks\nalntsrv.exe [2005-08-04 112128]

R2 NetOp Host for NT Service;NetOp Helper ver. 9.00 (2007058); C:\Programfiler\Danware Data\NetOp School\STUDENT\NHOSTS0C.EXE [2007-02-27 1372432]

R2 NICCONFIGSVC;NICCONFIGSVC; C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe [2007-07-20 475136]

R2 Norman ZANDA;Norman ZANDA; C:\Programfiler\Norman\Npm\Bin\Zanda.exe [2008-04-23 408696]

R2 Remote Management Agent;Novell ZENworks Remote Management Agent; C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2005-07-11 163840]

R2 SeaPort;SeaPort; C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-12-05 94208]

R2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Programfiler\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384]

R2 TdmService;TdmService; C:\Programfiler\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 737280]

R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]

R2 XTAgent;Novell XTier Agent Services; C:\WINDOWS\System32\Novell\XTAgent.exe [2005-01-10 61440]

R2 ZFDWM;Workstation Manager; C:\Programfiler\Novell\ZENworks\wm.exe [2005-08-01 149024]

R3 Norman NJeeves;Norman NJeeves; C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE [2008-03-27 150584]

R3 nsesvc;Norman Scanner Engine Service; C:\Programfiler\Norman\nse\bin\NSESVC.EXE [2009-05-19 310328]

R3 nvcoas;Norman Virus Control on-access component; C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2009-02-05 183352]

R3 NVCScheduler;Norman Virus Control Scheduler; C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2009-06-10 56680]

S3 aspnet_state;Statustjeneste for ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\system32\cusrvc.exe [2006-08-11 28672]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 fsssvc;Windows Live Tryggere for familien; C:\Programfiler\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 gusvc;Google Updater Service; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-02-22 2839290]

S3 SecureStorageService;SecureStorageService; C:\Programfiler\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400]

S3 stllssvr;stllssvr; C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe [2006-09-14 73728]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WaveEnrollmentService;WaveEnrollmentService; C:\Programfiler\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programfiler\Windows Media Player\WMPNetwk.exe [2006-11-15 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

[snippsat]

Ja loggen ser bra ut.

Kjører pcen greit tror jeg vi stopper her.

Endret 12. juni 2009 av SNIPPSAT

[Thrinduil]

Okey. Så det som jeg fikk melding om ser ut til å være borte?

[snippsat]

I det siste så har AdAware kommet opp med noen meldinger om at programmet har stoppet en prosess med rpcnet.exe, og at AdAware har identifisert det med Win32.TrojanDownloader.Agent. Jeg har prøvd å se om jeg kan finne noe på google som kunne være til hjelp, men fant ikke noe særlig.

 

Råd slett AdAware det er mange år siden den var bra.

Nå er den dårlig,og kan gi flask posetiv meldinger.

Endret 12. juni 2009 av SNIPPSAT