får ikke opp alle programmene som kjører ve klokka

[norbat]

HJT-loggen viser ingen spesielle ting.

 

Last ned Silent Runner.vbs og kjør scriptet. Det lages en logg som du poster (loggen kan bli lang så legg den inn i SKJUL-tagger.)

[simsimi]

sånn vettu!

Klikk for å se/fjerne innholdet nedenfor

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "F:\WINDOWS\system32\ctfmon.exe" [MS]

"BitTorrent" = ""G:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized" [null data]

"Chronograph" = ""G:\Programfiler\Chronograph\chrono.exe" /autorun" ["AltrixSoft"]

"Uniblue SpeedUpMyPC" = "G:\Programfiler\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s" ["Uniblue Software"]

"Steam" = ""g:\programfiler\valve\steam\steam.exe" -silent" ["Valve Corporation"]

"Uniblue RegistryBooster 2" = "G:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe /S" ["Uniblue Software"]

"Uniblue SpyEraser" = ""G:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe" -m" ["Uniblue Software"]

"WeatherAloud" = "G:\Programfiler\WeatherAloud\WeatherAloud.exe -auto" ["nextuptech.com"]

"pb_scheduler_agent" = "G:\Programfiler\Premium Booster\scheduler.exe" [null data]

"Webaroo" = "F:\Programfiler\Webaroo\WebarooClient.exe DONT_OPEN_HOME_PAGE" [null data]

"AdobeUpdater" = "F:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" ["Adobe Systems Incorporated"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"DAEMON Tools" = ""G:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

"SunJavaUpdateSched" = ""F:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"Telenor Online Start" = "F:\Programfiler\Telenor\Online Start\Telenor.exe" ["Telenor"]

"PWRISOVM.EXE" = "G:\Programfiler\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]

"EPSON Stylus CX3200" = "F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB002" /M "Stylus CX3200"" ["SEIKO EPSON CORPORATION"]

"NeroCheck" = "F:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"NvCplDaemon" = "RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"GrooveMonitor" = "G:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [MS]

"ccApp" = ""F:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"osCheck" = ""F:\Programfiler\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]

"Adobe Reader Speed Launcher" = ""G:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"PrevxOne" = ""F:\Programfiler\Prevx2\PXConsole.exe"" ["Prevx"]

"QuickTime Task" = ""F:\Programfiler\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

"nmapp" = ""G:\Programfiler\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash" ["Pure Networks, Inc."]

"iTunesHelper" = ""G:\Programfiler\iTunes\iTunesHelper.exe"" ["Apple Inc."]

"LocalCooling" = ""G:\Programfiler\LocalCooling\localcooling.exe" -s" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Koblingshjelpeprogram for Adobe PDF Reader"

\InProcServer32\(Default) = "F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "F:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll" ["Symantec Corporation"]

{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\(Default) = "Malicious Scripts Scanner"

-> {HKLM...CLSID} = "URLDetector Class"

\InProcServer32\(Default) = "F:\Documents and Settings\All Users\Programdata\Prevx\pxbho.dll" ["Prevx Ltd."]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Groove GFS Browser Helper"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "F:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

\InProcServer32\(Default) = "F:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "f:\programfiler\google\googletoolbar2.dll" ["Google Inc."]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar Helper"

\InProcServer32\(Default) = "F:\Programfiler\Windows Live Toolbar\msntb.dll" [MS]

{DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Online Start Plugin"

\InProcServer32\(Default) = "F:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll" ["Telenor"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Ikonutvidelse for HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "F:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "G:\Programfiler\WinRAR\rarext.dll" [null data]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Mine delte mapper"

\InProcServer32\(Default) = "F:\Programfiler\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"

-> {HKLM...CLSID} = "Groove GFS Browser Helper"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"

-> {HKLM...CLSID} = "Groove Folder Synchronization"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"

-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"

-> {HKLM...CLSID} = "Groove XML Icon Handler"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "G:\Programfiler\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "F:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "F:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "G:\Programfiler\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "F:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "F:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "F:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "F:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug and Play-enheter"

-> {HKLM...CLSID} = "Universelle Plug and Play-enheter"

\InProcServer32\(Default) = "F:\WINDOWS\system32\upnpui.dll" [MS]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "F:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"

-> {HKLM...CLSID} = "CMenuExtender"

\InProcServer32\(Default) = "F:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]

"{AB0DFD4E-9145-4412-85E4-D1EC5F4F1B1F}" = "FFSJ"

-> {HKLM...CLSID} = "FFSJ"

\InProcServer32\(Default) = "F:\WINDOWS\system32\FFSJ\FFSJSHL.dll" [null data]

"{C55C499D-3518-44a1-998E-796AC5FC989D}" = "NetworkMagic"

-> {HKLM...CLSID} = "Network Magic Folders"

\InProcServer32\(Default) = "G:\Programfiler\Pure Networks\Network Magic\nmspce2.dll" ["Pure Networks, Inc."]

"{33F85093-44BB-4587-B25B-FFD05D5B9916}" = "NetworkMagic"

-> {HKLM...CLSID} = "Network Magic Folders"

\InProcServer32\(Default) = "G:\Programfiler\Pure Networks\Network Magic\nmspce2.dll" ["Pure Networks, Inc."]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "G:\Programfiler\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "F:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

 

HKLM\System\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> fsp_abwl\DLLName = "fsp_abwl.dll" ["FSPro Labs"]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "F:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "F:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

FFSJ\(Default) = "{AB0DFD4E-9145-4412-85E4-D1EC5F4F1B1F}"

-> {HKLM...CLSID} = "FFSJ"

\InProcServer32\(Default) = "F:\WINDOWS\system32\FFSJ\FFSJSHL.dll" [null data]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "G:\Programfiler\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

RenegadeShellExt\(Default) = "{784FF9C1-946C-4452-8702-0D0ABEBA7E5B}"

-> {HKLM...CLSID} = "RenegadeShellExt Class"

\InProcServer32\(Default) = "F:\Programfiler\Telenor Sikker Lagring\STGSHELL.DLL" ["Netlife Backup Solutions AS"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "F:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "G:\Programfiler\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"

-> {HKLM...CLSID} = "CMenuExtender"

\InProcServer32\(Default) = "F:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "G:\Programfiler\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

RenegadeShellExt\(Default) = "{784FF9C1-946C-4452-8702-0D0ABEBA7E5B}"

-> {HKLM...CLSID} = "RenegadeShellExt Class"

\InProcServer32\(Default) = "F:\Programfiler\Telenor Sikker Lagring\STGSHELL.DLL" ["Netlife Backup Solutions AS"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "G:\Programfiler\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "G:\Programfiler\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "F:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "G:\Programfiler\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

 

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoResolveSearch" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

 

"NoUpdateCheck" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "F:\WINDOWS\BricoPack Wallpaper.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "F:\Documents and Settings\Ivar\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "Ivar" & "All Users" startup folders:

------------------------------------------------------

 

F:\Documents and Settings\Ivar\Start-meny\Programmer\Oppstart

"Adobe Gamma" -> shortcut to: "F:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"RocketDock" -> shortcut to: "F:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]

"Telenor Sikker Lagring" -> shortcut to: "F:\Programfiler\Telenor Sikker Lagring\safestorage.exe" [null data]

 

F:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart

"Adobe Gamma Loader" -> shortcut to: "F:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Belkin Wireless Utility" -> shortcut to: "F:\Programfiler\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe" ["Belkin"]

"Microsoft Works Calendar Reminders" -> shortcut to: "F:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]

 

 

Enabled Scheduled Tasks:

------------------------

 

"8A472AD998F4C5E1" -> launches: "f:\docume~1\ivar\progra~1\option~1\licensecomppop.exe" [null data]

"Advanced WindowsCare V2 Pro" -> launches: "G:\Programfiler\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe /care" ["IObit"]

"AppleSoftwareUpdate" -> launches: "F:\Programfiler\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]

"AwcProUpdate" -> launches: "G:\Programfiler\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe /schedule" ["IObit"]

"Norton Internet Security Online - Kjør fullstendig systemsøk - Ivar" -> launches: "F:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"F:\Documents and Settings\All Users\Programdata\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"Se etter oppdateringer for Windows Live Toolbar" -> launches: "F:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE" [MS]

"Uniblue SpeedUpMyPC Nag" -> launches: "G:\Programfiler\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s" ["Uniblue Software"]

"Uniblue SpeedUpMyPC" -> launches: "G:\Programfiler\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s" ["Uniblue Software"]

"Uniblue SpyEraser" -> launches: "G:\Programfiler\Uniblue\SpyEraser\SpyEraser.exe -s" ["Uniblue Software"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "F:\Programfiler\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "Windows Live Toolbar"

\InProcServer32\(Default) = "F:\Programfiler\Windows Live Toolbar\msntb.dll" [MS]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "f:\programfiler\google\googletoolbar2.dll" ["Google Inc."]

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

-> {HKLM...CLSID} = "&Links"

\InProcServer32\(Default) = "F:\WINDOWS\system32\ieframe.dll" [MS]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "f:\programfiler\google\googletoolbar2.dll" ["Google Inc."]

"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"

-> {HKLM...CLSID} = "Show Norton Toolbar"

\InProcServer32\(Default) = "F:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll" ["Symantec Corporation"]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar"

\InProcServer32\(Default) = "F:\Programfiler\Windows Live Toolbar\msntb.dll" [MS]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL" [MS]

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"

\InProcServer32\(Default) = "F:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"

\InProcServer32\(Default) = "F:\Programfiler\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

 

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Send to OneNote"

"MenuText" = "S&end to OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

\InProcServer32\(Default) = "G:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll" [MS]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

 

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "F:\Programfiler\Messenger\msmsgs.exe" [MS]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "F:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "F:\Programfiler\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."]

Ad-Aware 2007 Service, aawservice, ""G:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]

Apple Mobile Device, Apple Mobile Device, ""F:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]

ATK Keyboard Service, ATKKeyboardService, "F:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]

Automatisk LiveUpdate-planlegging, Automatisk LiveUpdate-planlegging, ""F:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]

DNADownloader, DNADownloader, "F:\Programfiler\GameSpot\DownloadManager_Win32.exe" ["CNET Networks"]

EPSON Printer Status Agent2, EPSONStatusAgent2, "F:\Programfiler\Fellesfiler\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]

iPod-tjeneste, iPod Service, "F:\Programfiler\iPod\bin\iPodService.exe" ["Apple Inc."]

LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ""F:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Messenger Sharing Folders USN Journal Reader-tjeneste, usnjsvc, ""F:\Programfiler\MSN Messenger\usnsvc.exe"" [MS]

NVIDIA Display Driver Service, NVSvc, "F:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Prevx Agent, PREVXAgent, ""F:\Programfiler\Prevx2\PXAgent.exe" -f" ["Prevx"]

Pure Networks Network Magic Service, nmservice, ""G:\Programfiler\Pure Networks\Network Magic\nmsrvc.exe"" ["Pure Networks, Inc."]

SoundMAX Agent Service, SoundMAX Agent Service (default), "F:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

StarWind iSCSI Service, StarWindService, "G:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Symantec AppCore Service, SymAppCore, ""F:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""F:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""F:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Symantec Lic NetConnect service, CLTNetCnService, ""F:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h cltCommon" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""F:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]

HPLJ1018LM\Driver = "ZLhp1018.DLL" ["Zenographics, Inc."]

 

 

---------- (launch time: 2007-09-11 16:54:30)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 564 seconds.

---------- (total run time: 685 seconds)

Endret 11. september 2007 av simsimi

[norbat]

Nei. Bruk IE for å laste ned scriptet til skrivebordet.

Dobbeltklikk på Silent Runners.vbs

Velg Åpne

Velg deretter Nei og bekreft med Ja

Det vil lages en logg som legger seg på skrivebordet. Den poster du (bytt den ut med det du har lagt ut)

[norbat]

Ser greit ut dette.

 

Mulig du har noen programmer installert som skaper dette. Installerte du noe rett før dette begynte å skje?

[simsimi]

jeg husker ikke helt, men jeg husker at det skjedde etter noe jeg har postet før: en IP adresse konflikt? skrivebordet ble borte osv.

[norbat]

Det virker ikke som om det er noe 'virus'-relatert. Du kunne ha prøvd en systemgjenoppretting til en dato før dette oppsto.

 

Tilbehør->systemverktøy->systemgjenoppretting.

Velg en dato da ting og tang virket ok.

 

(Ja, har spurt om dette før, men alternativet vil antakelig være å kjøre en repair av Windows)

 

Edit: Du kan sjekke om det er noen systemfiler som er i ulage:

Klikk: Start->Kjør

Skriv: sfc /scannow (mellomrom mellom sfc og / )

Du trenger antakelig XP-cd'n

Endret 11. september 2007 av norbat

[simsimi]

ok, skal prøve noe av dette. men jeg trenger vel ikke noe backup når jeg repair-er xp?? ingen blir sletta??

[norbat]

I teorien så blir ingen av dine data slettet. Men, det du ikke ønsker å miste bør du uansett ta backup av. Man vet aldri

[simsimi]

sfc /scannow funker fortsatt ikke, systemgjenoppretting går heller ikke, for jeg har ikke peiling på når dette egentlig skjedde ordentlig! og en repair av windows?? hvor er det??

[norbat]

For å kjøre en 'repair', må du starte pc'n med XP-cd'n. Derfra kan du kjøre en reperasjon av din nåværende Windows.

[simsimi]

skal du inn i selve xp når du repairer, eller må du inn på biosen og kjøre cden derfra?

[simsimi]

jeg kom på noe jeg lastet ned før dette skjedde. det var en crack. (husker ikke hvor jeg lasta ned fra) når jeg hadde lastet den ned, kom det opp en liten svart skjerm i venstre hjørne, husker ikke hva som sto. jeg tror jeg slettet filen og starta PC-en på nytt, og når den kom på igjen begynte det å skje ting.

 

jeg tror hvertfall at det var det som skjedde.

[norbat]

Det høres sannsynlig ut at dette kan være årsaken. Om ikke du er infisert, så kan 'cracken' ha forstyrres systemet ditt så mye at en repair muligens er løsningen.

 

I verste fall er det en reinstallering av windows du må kjøre.

 

Du kunne sjekket for Rootkit. Bruk f.eks. Blacklight og sjekk om den finner noe.

Hvis ikke, tror jeg en repair/reinstallering er eneste løsning i ditt tilfelle.

[simsimi]

blacklight funket ikke. jeg har drevet å tatt backup av de viktigste filene mine nå og lagt dem inn på en ekstern harddisk, så jeg er klar for en repair/reinstallering. men hvordan repairer man??

[norbat]

Tråden fortsetter her: https://www.diskusjon.no/index.php?showtopic=832940