Bilder kan ikke åpnes, og favoritt-felt mangler i explorer.exe (Vista)

[Riot™]

Hei hei.

 

Det har seg slik at jeg kanskje har støtt på et merkelig virus. Når jeg skal åpne bilder så vil de ikke åpne, og når jeg høyre-klikker dem så har jeg tre usynlige knapper. Hvorvidt om annet er korrupt vet jeg ikke, men Ad-Aware fanger det ihvertfall ikke opp.

 

Bilde er lenket.

 

Kan dette stamme fra et Virus, eller en meget korrupt installasjon av Vista? Jeg er ganske så usikker på både hva det er og hva pokker jeg skal søke etter. "Missing buttons"? Nei, jeg aneri kke. Håper på svar som kan hjelpe!

 

Mvh,

meg.

Endret 21. mars 2008 av Riot™

[snippsat]

Ja vi får se åssen det ser ut.

 

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

[Riot™]

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:49:15, on 21.03.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\IRW.exe

C:\Program Files\Boot Camp\KbdMgr.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Logitech\Profiler\LWEMon.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe

C:\PROGRA~2\EASYPH~1.0B1\Apache\bin\apache.exe

C:\Windows\system32\conime.exe

C:\PROGRA~2\EASYPH~1.0B1\Apache\bin\apache.exe

C:\PROGRA~2\EASYPH~1.0B1\MySql\bin\mysqld.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\Carl Ohr\Desktop\HJT\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iRW] C:\Windows\system32\IRW.exe

O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe

O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 8780 bytes

 

Det er hva som dukker opp. Er det noe spesifikt jeg burde se etter?

[snippsat]

Loggen ser grei ut.

Ettsom du har problemer kjører vi litt til,så du er sikker.

Kan feilsøke på andre ting etter dette.

 

Last ned oppdatere og kjør full scan SAS free

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

[Riot™]

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-03-20.5 - Carl Ohr 2008-03-21 17:46:00.1 - NTFSx86

Running from: C:\Users\Carl Ohr\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

 

2008-03-21 17:17 . 2008-03-21 17:17 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-03-21 17:17 . 2008-03-21 17:17 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-03-21 17:16 . 2008-03-21 17:16 <DIR> d-------- C:\Users\CARLOH~1\AppData\Roaming\SUPERAntiSpyware.com

2008-03-21 17:16 . 2008-03-21 17:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-03-21 14:14 . 2008-03-21 14:15 <DIR> d-------- C:\Users\All Users\Lavasoft

2008-03-21 14:14 . 2008-03-21 14:15 <DIR> d-------- C:\ProgramData\Lavasoft

2008-03-21 14:14 . 2008-03-21 14:14 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-21 14:14 . 2008-03-21 17:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-21 07:09 . 2008-03-21 10:26 <DIR> d-------- C:\Program Files\EasyPHP 2.0b1

2008-03-21 06:43 . 2006-11-02 11:23 <DIR> dr------- C:\Users\apache2triad\Videos

2008-03-21 06:43 . 2006-11-02 11:23 <DIR> dr------- C:\Users\apache2triad\Pictures

2008-03-21 06:43 . 2006-11-02 11:23 <DIR> dr------- C:\Users\apache2triad\Music

2008-03-21 06:43 . 2006-11-02 11:23 <DIR> dr------- C:\Users\apache2triad\Links

2008-03-21 06:43 . 2006-11-02 11:23 <DIR> dr------- C:\Users\apache2triad\Downloads

2008-03-21 06:43 . 2008-03-21 07:04 <DIR> dr------- C:\Users\apache2triad\Documents

2008-03-21 06:43 . 2008-03-21 07:04 <DIR> d--h----- C:\Users\apache2triad\AppData

2008-03-21 01:49 . 2008-03-21 01:56 <DIR> d-------- C:\Users\CARLOH~1\AppData\Roaming\NoNameScript

2008-03-21 01:49 . 2008-03-21 01:49 <DIR> d-------- C:\Users\CARLOH~1\AppData\Roaming\mIRC

2008-03-21 01:49 . 2008-03-21 01:49 <DIR> d-------- C:\Program Files\mIRC

2008-03-20 21:02 . 2008-03-20 21:02 <DIR> dr------- C:\Users\Carl Ohr\Searches

2008-03-19 21:00 . 2008-03-19 21:00 <DIR> d-------- C:\Program Files\THQ

2008-03-19 20:55 . 2008-03-19 20:55 54,156 --ah----- C:\Windows\QTFont.qfn

2008-03-19 20:55 . 2008-03-19 20:55 1,409 --a------ C:\Windows\QTFont.for

2008-03-19 09:51 . 2008-03-19 09:51 <DIR> dr------- C:\Users\eline\Videos

2008-03-19 09:51 . 2008-03-19 09:51 <DIR> dr------- C:\Users\eline\Searches

2008-03-19 09:51 . 2008-03-19 20:00 <DIR> dr------- C:\Users\eline\Saved Games

2008-03-19 09:51 . 2008-03-19 09:51 <DIR> dr------- C:\Users\eline\Pictures

2008-03-19 09:51 . 2008-03-19 09:51 <DIR> dr------- C:\Users\eline\Music

2008-03-19 09:51 . 2008-03-19 09:51 <DIR> dr------- C:\Users\eline\Links

2008-03-19 09:51 . 2008-03-19 09:51 <DIR> dr------- C:\Users\eline\Downloads

2008-03-19 09:51 . 2008-03-19 10:02 <DIR> dr------- C:\Users\eline\Documents

2008-03-19 09:51 . 2008-03-19 15:53 <DIR> dr------- C:\Users\eline\Contacts

2008-03-19 09:51 . 2006-11-02 13:35 <DIR> d-------- C:\Users\eline\AppData\Roaming\Media Center Programs

2008-03-19 09:51 . 2008-03-19 09:51 <DIR> d--h----- C:\Users\eline\AppData

2008-03-19 06:12 . 2008-03-21 01:13 <DIR> d-------- C:\Users\All Users\Test Drive Unlimited

2008-03-19 06:12 . 2008-03-21 01:13 <DIR> d-------- C:\ProgramData\Test Drive Unlimited

2008-03-19 06:08 . 2008-03-19 06:08 <DIR> dr-h----- C:\Users\CARLOH~1\AppData\Roaming\SecuROM

2008-03-19 06:08 . 2008-03-19 06:17 107,888 --a------ C:\Windows\System32\CmdLineExt.dll

2008-03-19 00:55 . 2008-03-19 00:55 <DIR> d-------- C:\Program Files\Atari

2008-03-18 23:42 . 2008-03-18 23:42 1,152,000 --a------ C:\Windows\System32\themecpl.dll

2008-03-18 23:42 . 2008-03-18 23:42 233,888 --a------ C:\Windows\System32\DreamScene.dll

2008-03-18 23:40 . 2008-03-18 23:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-03-18 22:41 . 2008-03-18 22:41 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2008-03-18 22:41 . 2008-03-18 22:41 1,524,224 --a------ C:\Windows\System32\wucltux.dll

2008-03-18 22:41 . 2008-03-18 22:41 53,080 --a------ C:\Windows\System32\wuauclt.exe

2008-03-18 22:41 . 2008-03-18 22:41 43,352 --a------ C:\Windows\System32\wups2.dll

2008-03-18 22:40 . 2008-03-18 22:40 549,720 --a------ C:\Windows\System32\wuapi.dll

2008-03-18 22:40 . 2008-03-18 22:40 80,896 --a------ C:\Windows\System32\wudriver.dll

2008-03-18 22:40 . 2008-03-18 22:40 33,624 --a------ C:\Windows\System32\wups.dll

2008-03-18 22:39 . 2008-03-18 22:39 163,000 --a------ C:\Windows\System32\wuwebv.dll

2008-03-18 22:39 . 2008-03-18 22:39 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-03-18 22:12 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll

2008-03-18 22:09 . 2008-03-18 22:09 <DIR> d-------- C:\Program Files\Codemasters

2008-03-18 17:11 . 2008-03-18 17:11 <DIR> d-------- C:\Users\All Users\Trymedia

2008-03-18 17:11 . 2008-03-18 17:11 <DIR> d-------- C:\ProgramData\Trymedia

2008-03-18 17:04 . 2008-03-18 17:08 <DIR> d-------- C:\Program Files\rFactor

2008-03-18 16:06 . 2008-03-18 16:06 <DIR> d-------- C:\Program Files\Common Files\Logitech

2008-03-18 16:06 . 2006-06-06 15:34 192,512 --a------ C:\Windows\System32\WmJoyFrc.dll

2008-03-18 16:06 . 2006-06-06 15:37 46,208 --a------ C:\Windows\System32\drivers\WmXlCore.sys

2008-03-18 16:06 . 2006-06-06 15:37 21,632 --a------ C:\Windows\System32\drivers\WmFilter.sys

2008-03-18 16:06 . 2006-06-06 15:37 20,864 --a------ C:\Windows\System32\drivers\WmHidLo.sys

2008-03-18 16:06 . 2006-06-06 15:37 11,136 --a------ C:\Windows\System32\drivers\WmBEnum.sys

2008-03-18 16:06 . 2006-06-06 15:37 6,400 --a------ C:\Windows\System32\drivers\WmVirHid.sys

2008-03-18 16:05 . 2008-03-18 16:05 <DIR> d-------- C:\Program Files\Logitech

2008-03-17 16:27 . 2008-03-17 16:27 <DIR> d-------- C:\Program Files\directx

2008-03-17 16:26 . 2008-03-17 16:26 <DIR> d-------- C:\Program Files\Rockstar Games

2008-03-17 04:52 . 2008-03-17 04:58 <DIR> d-------- C:\GTR2

2008-03-17 03:39 . 2008-03-17 03:39 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-03-17 03:39 . 2008-03-17 03:39 <DIR> d-------- C:\ProgramData\Apple Computer

2008-03-17 03:38 . 2008-03-17 03:38 <DIR> d-------- C:\Program Files\Apple Software Update

2008-03-15 23:58 . 2002-11-02 09:53 57,344 --a------ C:\Windows\System32\WNASPINT.DLL

2008-03-15 23:44 . 2008-03-16 01:20 <DIR> d-------- C:\eJay

2008-03-15 23:38 . 2008-03-18 16:04 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-03-15 23:32 . 2008-03-15 23:32 <DIR> d-------- C:\Users\CARLOH~1\AppData\Roaming\DAEMON Tools

2008-03-15 23:32 . 2008-03-15 23:32 717,296 --a------ C:\Windows\System32\drivers\sptd.sys

2008-03-13 10:06 . 2006-11-02 11:23 <DIR> dr------- C:\Users\LogMeInRemoteUser\Videos

2008-03-13 10:06 . 2006-11-02 11:23 <DIR> d-------- C:\Users\LogMeInRemoteUser\Saved Games

2008-03-13 10:06 . 2006-11-02 11:23 <DIR> dr------- C:\Users\LogMeInRemoteUser\Pictures

2008-03-13 10:06 . 2006-11-02 11:23 <DIR> dr------- C:\Users\LogMeInRemoteUser\Music

2008-03-13 10:06 . 2006-11-02 11:23 <DIR> dr------- C:\Users\LogMeInRemoteUser\Links

2008-03-13 10:06 . 2006-11-02 11:23 <DIR> dr------- C:\Users\LogMeInRemoteUser\Downloads

2008-03-13 10:06 . 2008-03-13 10:06 <DIR> dr------- C:\Users\LogMeInRemoteUser\Documents

2008-03-13 10:06 . 2006-11-02 12:18 <DIR> d--h----- C:\Users\LogMeInRemoteUser\AppData

2008-03-13 05:47 . 2007-11-15 18:46 87,352 --a------ C:\Windows\System32\LMIinit.dll

2008-03-13 05:47 . 2007-11-15 18:46 83,288 --a------ C:\Windows\System32\LMIRfsClientNP.dll

2008-03-13 05:47 . 2007-08-03 15:09 46,112 --a------ C:\Windows\System32\drivers\LMIRfsDriver.sys

2008-03-13 05:47 . 2007-11-15 18:46 21,496 --a------ C:\Windows\System32\LMIport.dll

2008-03-13 05:46 . 2008-03-21 00:22 <DIR> d-------- C:\Program Files\LogMeIn

2008-03-13 00:20 . 2008-03-13 00:20 38 --a------ C:\Windows\avisplitter.INI

2008-03-13 00:06 . 2008-03-21 04:35 <DIR> d-------- C:\Users\CARLOH~1\AppData\Roaming\LimeWire

2008-03-13 00:05 . 2008-03-13 00:30 <DIR> d-a------ C:\Users\All Users\TEMP

2008-03-13 00:05 . 2008-03-13 00:30 <DIR> d-a------ C:\ProgramData\TEMP

2008-03-13 00:05 . 2008-03-19 21:00 <DIR> d-------- C:\Fraps

2008-03-13 00:04 . 2008-03-13 00:05 <DIR> d-------- C:\Program Files\LimeWire

2008-03-13 00:04 . 2008-03-13 00:05 <DIR> d-------- C:\Program Files\Java

2008-03-13 00:04 . 2008-03-13 00:04 <DIR> d-------- C:\Program Files\Common Files\Java

2008-03-12 22:17 . 2008-03-12 22:17 <DIR> d-------- C:\Program Files\Wisdom-soft ScreenHunter 5 Free

2008-03-12 22:17 . 2008-03-21 15:45 157,082 --a------ C:\ScreenHunter.gif

2008-03-12 21:08 . 2008-03-12 21:08 <DIR> d-------- C:\Users\CARLOH~1\AppData\Roaming\vlc

2008-03-12 19:05 . 2008-03-12 19:05 <DIR> d-------- C:\Program Files\VideoLAN

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-12 16:56 --------- d-----w C:\Program Files\Windows Sidebar

2008-03-12 16:14 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-03-12 09:04 174 --sha-w C:\Program Files\desktop.ini

2008-03-12 03:51 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-03-12 03:51 315,392 ----a-w C:\Windows\HideWin.exe

2008-02-14 18:14 34,308 ----a-w C:\BASSMOD.DLL

2008-02-12 23:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-12 23:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-12 23:00 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-12 23:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-12 23:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-12 23:00 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-12 22:58 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-02-12 22:57 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-12 22:57 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-12 22:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-12 22:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-01-14 12:15 81,920 ----a-w C:\Windows\System32\frapsvid.dll

2008-01-10 12:16 159,839 ----a-w C:\Windows\System32\xvidvfw.dll

2008-01-10 12:15 755,027 ----a-w C:\Windows\System32\xvidcore.dll

2008-01-08 22:33 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2007-12-24 12:49 7,680 ----a-w C:\Windows\System32\ff_vfw.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:32 2159104 C:\Windows\System32\oobefldr.dll]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-12 18:11 1266936]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 12:55 486856]

"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2006-07-05 13:17 60416]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-11 16:26 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-08 20:59 4702208 C:\Windows\RtHDVCpl.exe]

"IRW"="C:\Windows\system32\IRW.exe" [2007-10-08 20:56 147456]

"Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe" [2007-10-08 22:06 419120]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]

"Adobe_ID0EYTHM"="C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-17 03:36 385024]

"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 13:33 176128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{33D2FC00-332E-47FA-A68B-9F8064F56EFB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{C7573391-B3A3-4B14-AB1B-55509600BABC}"= UDP:3703:Adobe Version Cue CS3 Server

"{1D1C8602-1625-47E2-B75E-D70CC46C2B95}"= UDP:3704:Adobe Version Cue CS3 Server

"{B091AB86-D4E1-4E00-A14E-C75F7ACA529E}"= UDP:50900:Adobe Version Cue CS3 Server

"{A8BDE22C-A035-4105-9066-112E4615A604}"= UDP:50901:Adobe Version Cue CS3 Server

"{92689592-C4CA-466B-A9F4-8469FCBCF2C6}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{274D3463-FC9C-4917-AE15-EC99DD27223F}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"TCP Query User{E4B7C1E1-4DF8-4110-A277-4005A455BDDE}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{94AD645A-5357-4F23-B724-21FA582D562C}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{F2408413-83C1-42ED-BDF3-5B55A8E39BB3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{3C5178E5-5DBD-4A69-AAB9-8F19C910C424}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{C423AC22-CC1A-4313-8CB2-8ADA44EDB597}C:\\program files\\codemasters\\dirt demo\\dirtdemo.exe"= UDP:C:\program files\codemasters\dirt demo\dirtdemo.exe:DiRT Demo Executable

"UDP Query User{32EF6CBF-56DF-49F8-855D-79BB6096BC00}C:\\program files\\codemasters\\dirt demo\\dirtdemo.exe"= TCP:C:\program files\codemasters\dirt demo\dirtdemo.exe:DiRT Demo Executable

"TCP Query User{2F950DDF-AFD5-4C99-9861-1EC3B256DCFE}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"UDP Query User{98895ED6-8376-4B47-B287-149279421528}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"{A39DA146-DDA4-4565-9DF4-BE19CF8F324C}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{9949F97D-F969-497A-A1E3-17F5A837079F}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{CCB96E99-5B53-437C-9DBA-B83DF36E5118}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{B87E9AC0-FA00-4EF2-B849-6814951A8AD7}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{C1EA97FD-840D-4789-A407-D9B833738EC7}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{A80FD245-0407-4CC8-990D-928D8D81B84E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{9DDBE3AC-FF80-4237-8172-7BEA079BA4CD}C:\\program files\\easyphp 2.0b1\\apache\\bin\\apache.exe"= UDP:C:\program files\easyphp 2.0b1\apache\bin\apache.exe:Apache HTTP Server

"UDP Query User{257294B3-5683-4520-AE79-669B0766BAEE}C:\\program files\\easyphp 2.0b1\\apache\\bin\\apache.exe"= TCP:C:\program files\easyphp 2.0b1\apache\bin\apache.exe:Apache HTTP Server

"TCP Query User{06271ABB-1C42-4EF5-8D85-F1B86E9269F5}C:\\program files\\easyphp 2.0b1\\mysql\\bin\\mysqld.exe"= UDP:C:\program files\easyphp 2.0b1\mysql\bin\mysqld.exe:mysqld

"UDP Query User{9B3D0BF7-F885-471F-9500-F57DF12A2E87}C:\\program files\\easyphp 2.0b1\\mysql\\bin\\mysqld.exe"= TCP:C:\program files\easyphp 2.0b1\mysql\bin\mysqld.exe:mysqld

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe [2007-10-08 22:04]

R2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe [2007-10-08 22:05]

R2 KeyAgent;KeyAgent;C:\Windows\system32\drivers\KeyAgent.sys [2007-10-08 20:56]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R2 MacHALDriver;Mac HAL;C:\Windows\system32\drivers\MacHALDriver.sys [2007-10-08 20:56]

R3 applebt;Apple Built-in Bluetooth;C:\Windows\system32\DRIVERS\applebt.sys [2007-10-08 20:56]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-08 20:55]

R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys [2007-10-08 20:56]

R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys [2007-10-08 20:56]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-10-08 20:58]

S3 BthKicker;Apple Bluetooth Device Driver;C:\Windows\system32\DRIVERS\BthKicker.sys [2007-10-08 20:56]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-12 18:11]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19af42cd-f2e0-11dc-b2be-001d4f887d6b}]

\shell\AutoRun\command - E:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19af42f9-f2e0-11dc-b2be-001d4f887d6b}]

\shell\AutoRun\command - F:\MLLaunch.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2f53553-f011-11dc-9ffe-806e6f6e6963}]

\shell\AutoRun\command - D:\rFactorSetup_Logitech.exe

 

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

Contents of the 'Scheduled Tasks' folder

"2008-03-21 14:37:01 C:\Windows\Tasks\User_Feed_Synchronization-{A424A865-7DEB-4762-BCFA-35C02472D1E2}.job"

- C:\Windows\system32\msfeedssync.exe

"2008-03-21 16:44:59 C:\Windows\Tasks\User_Feed_Synchronization-{A438BB17-A6A0-4A7B-8593-24D37D7C6261}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 17:48:11

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-21 17:48:40

.

2008-03-18 22:42:55 --- E O F ---

 

Tok sin tid å kjøre SAS, men men. På tide med en restart og se om ting fungerer. Takker så mycket for hjelp.

 

redigert: Nope, har fortsatt det samme problemet. Frustrerende i grunn...

Endret 21. mars 2008 av Riot™

[snippsat]

Når begynte problemet?

Var det etter du innstallerte noe.

 

Det letteste kan var og sette den tilbake før problemet oppsto.

 

Start->kjør(eller søk på vista)

Lim inn fet tekst %systemroot%\system32\restore\rstrui.exe

 

Her skal du få en del gjennopprettingstidspunt.

Endret 21. mars 2008 av SNIPPSAT

[Riot™]

Eneste jeg har installert i nær tid er Apache2Triad og EasyPHP. Har ikke hatt problemer med EasyPHP før, men A2T prøvde jeg for første gang men tviler det skal være problemet.

 

Jeg installerte Windows Live Photo gallery og kan nå åpne bilder. Problemet med WLPG er at det går jo sørpetregt å åpne bilder med det i forhold til vanlig Windows Photo Gallery, samt at jeg har de tre skjulte funksjonene.

[snippsat]

Prøv noen raske og bra da.

http://www.faststone.org/FSViewerDetail.htm

 

http://www.irfanview.com/

[Riot™]

Takker for hjelpen. Merkelig at det virker som det bare er jeg som har dette problemet. Har googlet alt, "Extra buttons upon right click", etc etc. Merkelige greier.

[snippsat]

Kontrolpanel->brukerkontoer

Lag en ny bruker.

 

Slå av pcen,logg det på den.

Se om det er likt der.

 

Prøv xdn tweaker,med denne kan du redigere høyereklikk menu.

http://www.hardware.no/artikler/programtip...n_tweaker/49919

Endret 22. mars 2008 av SNIPPSAT

[Riot™]

Prøvde kjæresten sin bruker men hennes har også slik. Lagde så en ny en, men what do you know, der var der også. Får vel prøve XDN.

 

redigert: XDN hadde bare forhåndsinstilte ting man kunne fjerne, ikke et valg.

Endret 22. mars 2008 av Riot™

[snippsat]

Register er vel svaret her.

http://www.technobabble.com.au/technobabbl...ntext-menus.htm

 

http://windowsxp.mvps.org/context_folders.htm

 

http://www.tech-archive.net/Archive/WinXP/...5/msg03946.html