JFM Skrevet 14. oktober 2007 Del Skrevet 14. oktober 2007 (endret) Fikk akkurat denne meldinga fra noen på MSN Camilla ;$ sier: wow, you look like this top-model http://www.sepa-esap.org/uploads/.hoi/[email protected][/url] Jeg trykte på linken. Så lasta jeg ned noe. Men ble skeptisk og sletta fila. Så jeg opnet den aldri. Har fått meldinga 4 ganger nå.. Er det virus? BTW: Søkte med AVG-antivirus på fila. Avg fant ikke virus i den Endret 14. oktober 2007 av JFM Lenke til kommentar
Ravenlord Skrevet 15. oktober 2007 Del Skrevet 15. oktober 2007 Du merker fort om din msn prøver å åpne nye msn chatter og sender medlingen videre. Men en scan med housecall er jo ikke dumt uansett. Men tviler på at du er infisert. Lenke til kommentar
Ståle Skrevet 15. oktober 2007 Del Skrevet 15. oktober 2007 Det er nok bare alle andre som er infisert, og sender meldingen til deg og andre. Lenke til kommentar
norbat Skrevet 15. oktober 2007 Del Skrevet 15. oktober 2007 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Loggen kan evt. fortelle om det ligger noe på PC-en som bør vekk. Lenke til kommentar
JFM Skrevet 15. oktober 2007 Forfatter Del Skrevet 15. oktober 2007 Kjørte HJT nå. (Loggen i skjult) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:08:09, on 15.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SpeedFan\speedfan.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDClock.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\svshost.exe C:\Programfiler\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Vidalia Bundle\Vidalia\vidalia.exe C:\Programfiler\Edimax\Common\RaUI.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Vidalia Bundle\Privoxy\privoxy.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\Vidalia Bundle\Tor\tor.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Winamp\winamp.exe C:\Documents and Settings\JFM\Skrivebord\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.215.195.85:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [amd_dc_opt] C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Microsoft Updates] svshost.exe O4 - HKLM\..\Run: [track monitor] C:\Programfiler\MSN Track Monitor\msntrack.exe O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Programfiler\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Performance Center] C:\Programfiler\Ascentive\Performance Center\ApcMain.exe -m O4 - HKCU\..\Run: [Vidalia] "C:\Programfiler\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Edimax Wireless Utility.lnk = C:\Programfiler\Edimax\Common\RaUI.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Privoxy.lnk = C:\Programfiler\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save with Download Manager... - C:\Programfiler\J River\Media Jukebox\DMDownload.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///C:/Documents%20and%20Settings/JFM/Skrivebord/HD-DVD9%20Files/components/hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///L:/HD-DVD9%20Files/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///L:/HD-DVD9%20Files/components/wmvhdrating.ocx O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9405 bytes norbat du har hjelpt meg før. Du vet hva du holder på med . Fortsett sånn Lenke til kommentar
norbat Skrevet 15. oktober 2007 Del Skrevet 15. oktober 2007 Last ned SDFix til skrivebordet. Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix Restart PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus) Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet Velg Y for å starte rensingen PC-en vil restarte, og SDFix vil fortsette. Hent deretter Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Når du har gjort dette, poster du en ny HJT-logg + loggen fra SDFix (vil ligge som Report.txt i SDFix-mappa) + Combofix-loggen. Lenke til kommentar
JFM Skrevet 15. oktober 2007 Forfatter Del Skrevet 15. oktober 2007 Har gjort det. SDFix: SDFix: Version 1.109 Run by JFM on 15.10.2007 at 16:24 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\PROGRA~1\SDFIX\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\svshost.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe" "F:\\Programmer\\Nettverk\\fildeling\\utorrent.exe"="F:\\Programmer\\Nettverk\\fildeling\\utorrent.exe:*:Enabled:æTorrent" "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Documents and Settings\\JFM\\Skrivebord\\utorrent1.5.exe"="C:\\Documents and Settings\\JFM\\Skrivebord\\utorrent1.5.exe:*:Enabled:æTorrent" "C:\\Programfiler\\uTorrent\\uTorrent.exe"="C:\\Programfiler\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\Programfiler\\Messenger\\msmsgs.exe"="C:\\Programfiler\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"="C:\\Programfiler\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Programfiler\\Steam\\Steam.exe"="C:\\Programfiler\\Steam\\Steam.exe:*:Enabled:Steam Client" "C:\\Programfiler\\Joost\\xulrunner\\tvprunner.exe"="C:\\Programfiler\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\PPStream\\PPStream.exe"="C:\\Programfiler\\PPStream\\PPStream.exe:*:Enabled:PPStream" "C:\\Programfiler\\PPMate\\ppmate.exe"="C:\\Programfiler\\PPMate\\ppmate.exe:*:Enabled:PPMate" "C:\\Programfiler\\Skype\\Phone\\Skype.exe"="C:\\Programfiler\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- File Backups: - C:\PROGRA~1\SDFIX\SDFix\backups\backups.zip Files with Hidden Attributes: Finished! Combofix: ComboFix 07-10-12.4 - JFM 2007-10-15 16:34:23.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.444 [GMT 2:00] Running from: C:\Documents and Settings\JFM\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Online Video Add-on C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))) . 2007-10-15 16:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-15 16:24 <DIR> d-------- C:\WINDOWS\ERUNT 2007-10-15 16:21 <DIR> d-------- C:\Programfiler\SDFIX 2007-10-13 11:47 <DIR> dr-h----- C:\Documents and Settings\JFM\Programdata\SecuROM 2007-10-13 11:47 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-10-13 11:04 <DIR> d-------- C:\Programfiler\EA Sports 2007-10-12 14:58 <DIR> d-------- C:\Programfiler\NetLimiter 2007-10-12 14:58 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\LockTime 2007-10-11 18:31 <DIR> d-------- C:\Programfiler\VentriloMIX 2007-10-11 18:14 <DIR> d-------- C:\Programfiler\PacSteam 2007-10-09 05:41 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\Move Networks 2007-10-07 23:51 <DIR> d-------- C:\WINDOWS\CBD-021(D) 2007-10-07 23:50 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2007-10-07 23:50 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2007-10-07 23:50 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys 2007-10-07 23:50 25,600 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys 2007-10-07 14:11 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\InstallShield Installation Information 2007-10-07 12:14 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\uTorrent 2007-10-06 23:44 <DIR> d-------- C:\Programfiler\AsfTools 2007-10-06 20:14 <DIR> d-------- C:\Programfiler\Rockstar Games 2007-10-06 20:14 <DIR> d-------- C:\Programfiler\directx 2007-10-06 09:41 <DIR> d-------- C:\WINDOWS\Sun 2007-10-03 22:37 <DIR> d-------- C:\Documents and Settings\JFM\data 2007-10-03 22:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Synacast 2007-10-03 22:20 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\ppstream 2007-10-03 22:20 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\PPMate 2007-10-03 22:14 <DIR> d-------- C:\Programfiler\SopCast 2007-10-03 21:34 <DIR> d-------- C:\Programfiler\stunnel 2007-10-03 21:14 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-10-03 21:13 <DIR> d-------- C:\Programfiler\Echovoice 2007-10-02 23:04 <DIR> d-------- C:\Programfiler\Joost 2007-10-02 23:04 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\Joost 2007-10-02 22:42 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\TVU Networks 2007-10-01 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\winsyscfg 2007-10-01 14:52 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2007-10-01 00:04 163,840 --a------ C:\WINDOWS\system32\kemutb.dll 2007-10-01 00:04 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-10-01 00:04 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-10-01 00:04 69,632 --a------ C:\WINDOWS\system32\KemXML.dll 2007-09-30 20:07 <DIR> d-------- C:\Programfiler\HIP 2007-09-30 20:07 384,512 --a------ C:\WINDOWS\system32\BTMIGetKey.dll 2007-09-30 19:21 <DIR> d-------- C:\Programfiler\Team MediaPortal 2007-09-28 19:56 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\teamspeak2 2007-09-28 18:01 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\Ventrilo 2007-09-28 00:06 <DIR> d-------- C:\Programfiler\Wfwin 2007-09-28 00:06 <DIR> d-------- C:\Programfiler\Trend Micro 2007-09-28 00:06 <DIR> d-------- C:\Programfiler\Analog Devices 2007-09-28 00:06 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\WordFinder Software 2007-09-26 16:16 <DIR> d-------- C:\Programfiler\Vidalia Bundle 2007-09-26 16:16 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\Vidalia 2007-09-26 16:16 <DIR> d-------- C:\Documents and Settings\JFM\Programdata\tor 2007-09-25 21:49 <DIR> d-------- C:\Programfiler\NinjaSurfing 2007-09-25 20:30 <DIR> d-------- C:\Programfiler\Steam 2007-09-25 07:18 <DIR> d-------- C:\WINDOWS\TmpInstall 2007-09-25 03:59 <DIR> d-------- C:\Programfiler\Half Life 2 DayHard 2007-09-24 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LogiShrd 2007-09-24 16:10 <DIR> d-------- C:\Programfiler\Ascentive 2007-09-24 16:10 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-09-22 10:09 40,960 --a------ C:\WINDOWS\system32\FakeSend.exe 2007-09-22 03:57 <DIR> d-------- C:\Programfiler\Counter-Strike Source 2007-09-21 16:02 <DIR> d-------- C:\Programfiler\Okoker ISO Maker 2007-09-21 16:02 4,082,688 --a------ C:\WINDOWS\system32\qtintf70.dll 2007-09-21 16:02 643,072 --a------ C:\WINDOWS\system32\DVDProX2.dll 2007-09-20 22:30 <DIR> d-------- C:\Programfiler\CS 1.6 LAN 2007-09-18 18:46 <DIR> d-------- C:\Programfiler\SEMC 2007-09-18 18:46 41,792 --a------ C:\WINDOWS\system32\drivers\zebrceb.sys 2007-09-18 18:46 5,776 --a------ C:\WINDOWS\system32\drivers\zebrwhnt.sys 2007-09-18 18:46 5,776 --a------ C:\WINDOWS\system32\drivers\zebrwh.sys 2007-09-17 20:26 <DIR> d-------- C:\Programfiler\Innovative Solutions 2007-09-16 15:11 <DIR> d-------- C:\Programfiler\Windows Live Safety Center 2007-09-15 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-15 14:36 --------- d-----w C:\Programfiler\SpeedFan 2007-10-15 14:34 --------- d-----w C:\Documents and Settings\JFM\Programdata\Skype 2007-10-15 07:39 --------- d-----w C:\Programfiler\LogMeIn 2007-10-15 06:00 --------- d-----w C:\Documents and Settings\JFM\Programdata\AVG7 2007-10-12 18:04 --------- d-----w C:\Documents and Settings\JFM\Programdata\Hamachi 2007-10-12 17:12 --------- d-----w C:\Programfiler\Warcraft III 2007-10-10 19:32 --------- d-----w C:\Programfiler\Winamp 2007-10-08 12:41 --------- d-----w C:\Programfiler\uTorrent 2007-10-06 18:14 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-10-05 01:18 --------- d-----w C:\Documents and Settings\JFM\Programdata\BearShare 2007-09-30 22:05 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2007-09-28 12:38 --------- d-----w C:\Documents and Settings\JFM\Programdata\dvdcss 2007-09-24 20:10 --------- d-----w C:\Programfiler\Logitech 2007-09-24 18:14 --------- d-----w C:\Programfiler\Opera 2007-09-22 21:00 --------- d-----w C:\Programfiler\Half-Life 2 Bronze 2007-09-19 01:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-09-14 13:13 --------- d-----w C:\Programfiler\MSN Messenger 2007-09-14 13:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2007-09-14 13:08 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-09-14 13:08 --------- d-----w C:\Programfiler\Bonjour 2007-09-14 05:34 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared 2007-09-13 12:56 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-09-13 12:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-09-13 12:56 --------- d-----w C:\Documents and Settings\JFM\Programdata\Logitech 2007-09-13 12:55 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech 2007-09-11 15:59 --------- d-----w C:\Documents and Settings\JFM\Programdata\Media Player Classic 2007-09-11 15:56 --------- d-----w C:\Programfiler\K-Lite Codec Pack 2007-09-11 15:45 --------- d-----w C:\Programfiler\VideoLAN 2007-09-10 10:06 --------- d-----w C:\Documents and Settings\JFM\Programdata\Ahead 2007-09-10 08:59 --------- d-----w C:\Programfiler\CyberLink 2007-09-10 08:59 --------- d-----w C:\Documents and Settings\JFM\Programdata\CyberLink 2007-09-10 08:59 --------- d-----w C:\Documents and Settings\All Users\Programdata\CyberLink 2007-09-09 22:00 --------- d-----w C:\Programfiler\UltraVNC 2007-09-07 19:52 --------- d-----w C:\Programfiler\MSBuild 2007-09-07 19:52 --------- d-----w C:\Programfiler\Microsoft Works 2007-09-07 19:51 --------- d-----w C:\Programfiler\Microsoft.NET 2007-09-07 18:36 --------- d-----w C:\Programfiler\Azureus 2007-09-07 18:22 --------- d-----w C:\Programfiler\Ubisoft 2007-09-06 20:16 --------- d-----w C:\Documents and Settings\JFM\Programdata\Azureus 2007-09-05 18:08 --------- d-----w C:\Programfiler\UltraStar 2007-09-05 16:38 --------- d-----w C:\Programfiler\Ilusion Software 2007-09-05 15:08 --------- d-----w C:\Programfiler\Half-Life 2 2007-09-05 13:43 --------- d-----w C:\Programfiler\FGP 2007-09-05 05:00 --------- d-----w C:\Programfiler\Fellesfiler\Thraex Software 2007-09-04 17:30 --------- d-----w C:\Programfiler\MSXML 4.0 2007-09-02 18:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\Ahead 2007-09-02 16:55 --------- d-----w C:\Programfiler\Hamachi 2007-09-02 16:54 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-09-01 16:39 --------- d-----w C:\Programfiler\Audacity 2007-09-01 15:36 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2007-08-31 16:36 --------- d-----w C:\Programfiler\Disc2Phone 2007-08-31 13:56 --------- d-----w C:\Programfiler\J River 2007-08-30 12:53 --------- d-----w C:\Programfiler\FirstClass 2007-08-29 20:07 --------- d-----w C:\Programfiler\BearShare Applications 2007-08-27 13:19 --------- d-----w C:\Programfiler\Java 2007-08-27 13:17 --------- d-----w C:\Programfiler\Half-Life 2007-08-27 12:59 --------- d-----w C:\Programfiler\Alcohol Soft 2007-08-27 06:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2007-08-27 05:02 64,411 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2007-08-27 05:02 6,110 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-08-27 04:29 --------- d-----w C:\Documents and Settings\JFM\Programdata\vlc 2007-08-27 04:11 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7 2007-08-27 04:11 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7 2007-08-27 04:11 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7 2007-08-27 04:11 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft 2007-08-26 20:20 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-08-26 20:20 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-08-26 18:48 --------- d-----w C:\Programfiler\Fellesfiler\Java 2007-08-26 18:47 --------- d-----w C:\Programfiler\Skype 2007-08-26 18:47 --------- d-----w C:\Programfiler\Fellesfiler\Skype 2007-08-26 18:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\Skype 2007-08-26 18:41 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-08-26 18:41 --------- d-----w C:\Programfiler\Edimax 2007-08-26 18:41 --------- d-----w C:\Documents and Settings\JFM\Programdata\InstallShield 2007-08-26 18:34 --------- d-----w C:\Programfiler\NVIDIA Corporation 2007-08-26 18:34 --------- d-----w C:\Programfiler\Marvell 2007-08-26 18:34 --------- d-----w C:\Programfiler\Fellesfiler\NVIDIA Shared 2007-08-26 18:34 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-08-26 18:33 --------- d-----w C:\Programfiler\AMD 2007-08-26 18:27 --------- d-----w C:\Programfiler\microsoft frontpage 2007-08-26 18:26 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-08-26 18:25 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-08-26 18:25 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "amd_dc_opt"="C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49] "NVMixerTray"="C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12] "Launch LCDMon"="C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 16:54] "Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 09:49] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe] "LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03] "track monitor"="C:\Programfiler\MSN Track Monitor\msntrack.exe" [] "Echovoice Gamer Statistics"="C:\Programfiler\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 23:52] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 C:\WINDOWS\system32\bthprops.cpl] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-08-17 03:45] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "Performance Center"="C:\Programfiler\Ascentive\Performance Center\ApcMain.exe" [] "Vidalia"="C:\Programfiler\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 08:02] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Edimax Wireless Utility.lnk - C:\Programfiler\Edimax\Common\RaUI.exe [2007-08-26 20:41:40] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-10-03 18:17:09] Privoxy.lnk - C:\Programfiler\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 16:30:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup" R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Programfiler\CyberLink\PowerDVD\000.fcl R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Programfiler\LogMeIn\x86\RaInfo.sys R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys R3 RT80x86;Ralink 802.11n Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2860.sys R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys . Contents of the 'Scheduled Tasks' folder "2007-10-15 14:36:44 C:\WINDOWS\Tasks\SpeedFan.job" "2007-10-15 14:36:44 C:\WINDOWS\Tasks\µTorrent.job" . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-15 16:36:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-15 16:38:32 - machine was rebooted . --- E O F --- HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:41:17, on 15.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SpeedFan\speedfan.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDClock.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Vidalia Bundle\Vidalia\vidalia.exe C:\Programfiler\Edimax\Common\RaUI.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Vidalia Bundle\Privoxy\privoxy.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Skype\Plugin Manager\skypePM.exe C:\Programfiler\Vidalia Bundle\Tor\tor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\Opera\Opera.exe C:\Documents and Settings\JFM\Skrivebord\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.215.195.85:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [amd_dc_opt] C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [track monitor] C:\Programfiler\MSN Track Monitor\msntrack.exe O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Programfiler\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Performance Center] C:\Programfiler\Ascentive\Performance Center\ApcMain.exe -m O4 - HKCU\..\Run: [Vidalia] "C:\Programfiler\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Edimax Wireless Utility.lnk = C:\Programfiler\Edimax\Common\RaUI.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Privoxy.lnk = C:\Programfiler\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save with Download Manager... - C:\Programfiler\J River\Media Jukebox\DMDownload.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///C:/Documents%20and%20Settings/JFM/Skrivebord/HD-DVD9%20Files/components/hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///L:/HD-DVD9%20Files/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///L:/HD-DVD9%20Files/components/wmvhdrating.ocx O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9273 bytes Lenke til kommentar
norbat Skrevet 15. oktober 2007 Del Skrevet 15. oktober 2007 Dette så da mye bedre ut. Du er klar over denne R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.215.195.85:80 ? Ut over dette ser hjt-loggen fin ut. Kjører PC-en greit? Lenke til kommentar
JFM Skrevet 15. oktober 2007 Forfatter Del Skrevet 15. oktober 2007 (endret) Dette så da mye bedre ut. Du er klar over denne R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.215.195.85:80 ? Ut over dette ser hjt-loggen fin ut. Kjører PC-en greit? Var ikke klar over det. Men det gjør ikke noe. det er ikke ip-en min. Kjører et program (heter tor) som for det til å se ut som den Endret 15. oktober 2007 av JFM Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå