_siggen_ Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Kan noen hjelpe meg å sjekke logger. Fra Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:43:24, on 30.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\System32\rundll32.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Users\Sigurd\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\Explorer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Sigurd\Desktop\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: {f40e588d-2c1a-240b-cb14-396ccecf30a0} - {0a03fcec-c693-41bc-b042-a1c2d885e04f} - C:\Windows\system32\dcdnsdau.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddaxw.dll,#1 O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [7ae3ef5e] rundll32.exe "C:\Windows\system32\rawxqynd.dll",b O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 11683 bytes Fra combofix: ComboFix 08-03-27.3 - Sigurd 2008-03-29 9:33:19.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1220 [GMT 1:00] Running from: C:\Users\Sigurd\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows.old\Windows\System32\Desktop_.ini C:\Windows\BM79d0dcc2.xml C:\Windows\pskt.ini C:\Windows\system32\AutoRun.inf C:\Windows\system32\qrhncgcx.dll C:\Windows\System32\ybbeg.ini C:\Windows\System32\ybbeg.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-29 08:37 --------- d-----w C:\Users\Sigurd\AppData\Roaming\DNA 2008-03-29 08:25 --------- d-----w C:\Users\Sigurd\AppData\Roaming\.purple 2008-03-28 23:16 --------- d-----w C:\Users\Sigurd\AppData\Roaming\SUPERAntiSpyware.com 2008-03-28 23:16 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-28 23:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-28 23:01 --------- d-----w C:\Program Files\LogMeIn 2008-03-28 20:06 --------- d-----w C:\Program Files\Bit Che 2008-03-28 12:35 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-28 12:28 --------- d-----w C:\Program Files\CCleaner 2008-03-28 12:21 --------- d-----w C:\Users\Sigurd\AppData\Roaming\gtk-2.0 2008-03-28 12:18 --------- d-----w C:\Program Files\Pidgin 2008-03-28 12:18 --------- d-----w C:\Program Files\Aspell 2008-03-28 12:16 --------- d-----w C:\Program Files\Common Files\GTK 2008-03-28 09:36 67,080 ----a-w C:\Windows\system32\drivers\avgwfpx.sys 2008-03-28 09:36 10,520 ----a-w C:\Windows\System32\avgrsstx.dll 2008-03-28 09:14 --------- d-----w C:\Users\Sigurd\AppData\Roaming\BitTorrent 2008-03-28 09:08 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys 2008-03-28 09:08 12,424 ----a-w C:\Windows\system32\drivers\avgrkx86.sys 2008-03-28 09:08 --------- d-----w C:\ProgramData\avg8 2008-03-28 09:08 --------- d-----w C:\Program Files\AVG 2008-03-27 21:15 --------- d-----w C:\Program Files\Java 2008-03-27 21:14 --------- d-----w C:\Program Files\Common Files\Java 2008-03-27 19:50 --------- d-----w C:\Program Files\FMS 2008-03-27 17:32 --------- d-----w C:\ProgramData\NCH Swift Sound 2008-03-27 17:31 --------- d-----w C:\Users\Sigurd\AppData\Roaming\NCH Swift Sound 2008-03-27 17:31 --------- d-----w C:\ProgramData\NCH Software 2008-03-27 17:31 --------- d-----w C:\Program Files\NCH Swift Sound 2008-03-27 17:31 --------- d-----w C:\Program Files\NCH Software 2008-03-27 10:08 --------- d-----w C:\Program Files\MagicISO 2008-03-27 08:42 --------- d-----w C:\Program Files\RealVNC 2008-03-26 10:55 --------- d-----w C:\Users\Sigurd\AppData\Roaming\Vso 2008-03-25 19:38 --------- d-----w C:\Program Files\VSO 2008-03-24 23:23 55,326 ----a-w C:\Users\Sigurd\AppData\Roaming\nvModes.dat 2008-03-23 11:09 --------- d-----w C:\Program Files\DVDFab Platinum 4 2008-03-23 11:04 --------- d-----w C:\ProgramData\vsosdk 2008-03-23 11:00 87,608 ----a-w C:\Users\Sigurd\AppData\Roaming\inst.exe 2008-03-23 11:00 47,360 ----a-w C:\Users\Sigurd\AppData\Roaming\pcouffin.sys 2008-03-21 13:55 --------- d-----w C:\Program Files\iPod Access for Windows 2008-03-21 13:47 --------- d-----w C:\Program Files\Common Files\eSellerate 2008-03-21 13:46 --------- d-----w C:\Program Files\iPod To Computer Transfer 2008-03-21 13:28 --------- d-----w C:\Program Files\Bonjour 2008-03-21 13:23 --------- d-----w C:\ProgramData\Apple Computer 2008-03-21 13:22 --------- d-----w C:\Program Files\Apple Software Update 2008-03-21 13:21 --------- d-----w C:\ProgramData\Apple 2008-03-21 13:21 --------- d-----w C:\Program Files\Common Files\Apple 2008-03-21 10:46 --------- d-----w C:\Program Files\Windows Mail 2008-03-20 13:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-20 13:27 --------- d-----w C:\Program Files\Acer 2008-03-20 13:24 --------- d-----w C:\Program Files\SUYIN 2008-03-20 13:24 --------- d-----w C:\Program Files\ACER Crystal Eye webcam 2008-03-11 08:25 --------- d-----w C:\Program Files\Cucusoft 2008-03-11 07:59 --------- d-----w C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD 2008-03-11 07:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-03-11 07:48 --------- d-----w C:\Program Files\NeroInstall.bak 2008-03-11 07:33 --------- d-----w C:\ProgramData\DVD Shrink 2008-03-11 07:24 --------- d-----w C:\Users\Sigurd\AppData\Roaming\dvdcss 2008-03-11 07:13 --------- d-----w C:\Users\Sigurd\AppData\Roaming\OpenOffice.org2 2008-03-02 03:08 --------- d-----w C:\Program Files\VistaCodecPack 2008-02-29 10:27 --------- d-----w C:\Program Files\IT Larsen 2008-02-15 19:30 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys 2008-02-15 19:20 --------- d-----w C:\Program Files\DVD Shrink 2008-02-15 19:02 --------- d-----w C:\Users\Sigurd\AppData\Roaming\Nero 2008-02-15 19:01 --------- d-----w C:\Program Files\Common Files\Nero 2008-02-15 18:59 --------- d-----w C:\ProgramData\Nero 2008-02-15 18:59 --------- d-----w C:\Program Files\Nero 2008-02-15 14:32 --------- d-----w C:\ProgramData\NVIDIA 2008-02-15 14:19 23,600 ----a-w C:\Windows\system32\drivers\TVICHW32.SYS 2008-02-14 13:24 --------- d-----w C:\Program Files\Apoint2K 2008-02-14 13:21 --------- d-----w C:\Program Files\Acer Inc 2008-02-14 09:04 --------- d-----w C:\Users\Sigurd\AppData\Roaming\AdobeUM 2008-02-14 08:51 --------- d-----w C:\ProgramData\Adobe Systems 2008-02-14 08:51 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2008-02-14 08:49 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-14 08:34 --------- d-----w C:\Users\Sigurd\AppData\Roaming\HP 2008-02-14 02:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 02:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-14 02:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 02:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 02:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 02:07 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-02-14 02:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 02:07 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-14 02:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 02:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 02:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 02:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 02:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 02:06 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 02:06 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 02:06 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 02:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 02:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 02:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 02:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 02:06 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-14 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-14 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-14 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-14 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-13 13:05 --------- d-----w C:\Program Files\PowerISO . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0a03fcec-c693-41bc-b042-a1c2d885e04f}] C:\Windows\system32\dcdnsdau.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @={8D2223A2-B3C6-4e32-B096-CDD11F628C60} [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-27 18:45 288576] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-11 17:14 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2008-02-11 08:58 4702208 C:\Windows\RtHDVCpl.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-21 18:18 159744] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-10 15:35 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-10 15:35 8501792] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-10 15:35 81920] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 22:02 2048808] "InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 22:02 1082152] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2008-01-31 23:13 385024] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ] "MSServer"="C:\Windows\system32\ddaxw.dll" [ ] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "7ae3ef5e"="C:\Windows\system32\rawxqynd.dll" [ ] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-03-28 10:36 1177368] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-02-14 09:50:59 25214] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-02-05 22:47:32 535336] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll eNetHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{5F1DC606-7B09-4A9D-AA95-6C171AF8BAD1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{538A1F07-C1AC-4252-934A-A15C32193191}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{6812D373-A137-4582-8947-24238A6A4B3B}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{7DC877DF-5D6E-44B6-8851-C113660E7149}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{F8BEA6F5-087A-4CA1-95B2-03F4FF258052}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "TCP Query User{7C9D0175-2E97-4578-957F-A77CD971E0EA}C:\\program files\\dna\\btdna.exe"= UDP:C:\program files\dna\btdna.exe:btdna "UDP Query User{3C96C84F-7581-4815-ADEE-B1D1EE5AB460}C:\\program files\\dna\\btdna.exe"= TCP:C:\program files\dna\btdna.exe:btdna "TCP Query User{1B9AE6B8-DE89-430C-B353-701410E9B5C7}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent "UDP Query User{C234A5A4-9CE9-433C-A9DA-50FE1FDF38AD}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent "TCP Query User{7C3D69B8-5324-4A82-BB2A-B818B85ABA6F}C:\\apache\\apache.exe"= UDP:C:\apache\apache.exe:Apache "UDP Query User{D31972A0-E443-4AB4-8F13-46A265C37136}C:\\apache\\apache.exe"= TCP:C:\apache\apache.exe:Apache "TCP Query User{371D0990-B877-4371-9FE3-0D4920030162}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3 "UDP Query User{A06E41CF-0979-414C-958D-6099CB18A84E}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3 "TCP Query User{9FDC7490-6D98-4B64-9546-0068560992BE}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{716E73B0-ABE9-4E2D-BA81-3F4626A6505F}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{639404B7-FDEF-4643-A702-E34FD0642B17}C:\\program files\\realvnc\\vnc4\\vncviewer.exe"= UDP:C:\program files\realvnc\vnc4\vncviewer.exe:VNC Viewer Enterprise Edition for Win32 "UDP Query User{B4A7C43A-DFB5-4BD1-A884-52147D598679}C:\\program files\\realvnc\\vnc4\\vncviewer.exe"= TCP:C:\program files\realvnc\vnc4\vncviewer.exe:VNC Viewer Enterprise Edition for Win32 "TCP Query User{FAE3BF07-0C9F-46DE-94F4-F13AC2CC89DE}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{275FC1DB-13CC-4B5B-A875-B530E0360ACF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{5F4148A3-2383-4A52-A0EC-9F298E3E0B41}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{D33AC704-A9FB-474F-ABD0-EC22A74FFA89}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{F891270A-2A78-4B7F-95E4-D56C9841AFE6}"= Disabled:UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{349D2EB5-ED05-468A-B055-6CA053ABD40F}"= Disabled:TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-03-28 10:08] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-03-28 10:08] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-28 10:08] R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-03-28 10:08] R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00] R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57] R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02] R2 RapiMgr;Tilkobling for Windows Mobile-basert enhet;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 WcesComm;Tilkobling for Windows Mobile 2003-basert enhet;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 22:15] R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-03-28 10:36] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 08:30] R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\RunGame.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 21:26:55 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Program Files\iPod Access for Windows\iPAHelper.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Users\Sigurd\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Completion time: 2008-03-29 21:30:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-29 20:29:54 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. . 2008-03-28 11:11:23 --- E O F --- Fra Superantispyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/29/2008 at 01:41 AM Application Version : 4.0.1154 Core Rules Database Version : 3426 Trace Rules Database Version: 1418 Scan type : Complete Scan Total Scan Time : 01:22:17 Memory items scanned : 894 Memory threats detected : 0 Registry items scanned : 7610 Registry threats detected : 14 File items scanned : 34265 File threats detected : 2 Trojan.WinFixer HKLM\Software\Classes\CLSID\{0AB47AC7-4E57-49AE-BE09-1F27764142E4} HKCR\CLSID\{0AB47AC7-4E57-49AE-BE09-1F27764142E4} HKCR\CLSID\{0AB47AC7-4E57-49AE-BE09-1F27764142E4}\InprocServer32 C:\WINDOWS\SYSTEM32\GEBBY.DLL HKLM\Software\Classes\CLSID\{E441CF1D-68B8-4BC5-BADF-50629FBF5328} HKCR\CLSID\{E441CF1D-68B8-4BC5-BADF-50629FBF5328} HKCR\CLSID\{E441CF1D-68B8-4BC5-BADF-50629FBF5328}\InprocServer32 HKLM\Software\Classes\CLSID\{FA058DB0-3F43-4ED1-A49D-21F4F4E1F858} HKCR\CLSID\{FA058DB0-3F43-4ED1-A49D-21F4F4E1F858} HKCR\CLSID\{FA058DB0-3F43-4ED1-A49D-21F4F4E1F858}\InprocServer32 HKCR\CLSID\{FA058DB0-3F43-4ED1-A49D-21F4F4E1F858}\InprocServer32#ThreadingModel Adware.Vundo Variant HKLM\Software\Classes\CLSID\{50880312-F300-4BE1-8A78-95358C2CE4FF} HKCR\CLSID\{50880312-F300-4BE1-8A78-95358C2CE4FF} HKCR\CLSID\{50880312-F300-4BE1-8A78-95358C2CE4FF}\InprocServer32 HKCR\CLSID\{50880312-F300-4BE1-8A78-95358C2CE4FF}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\TUVSQ.DLL Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: {f40e588d-2c1a-240b-cb14-396ccecf30a0} - {0a03fcec-c693-41bc-b042-a1c2d885e04f} - C:\Windows\system32\dcdnsdau.dll (file missing) O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddaxw.dll,#1 O4 - HKLM\..\Run: [7ae3ef5e] rundll32.exe "C:\Windows\system32\rawxqynd.dll",b Post ny hjt-logg og fortell hvordan PC-en kjører. Lenke til kommentar
_siggen_ Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 Fjerna dei . Her er den nye loggen etter dei er fjerna. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:10:41, on 30.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Users\Sigurd\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\Explorer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\calc.exe C:\Users\Sigurd\Desktop\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 11348 bytes Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Loggen ser fin ut. Opplever du noen problemer eller kjører PC-en ok? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå