HJT Loggen min. Sliter med en trojan!

Oblivinati · 16. juli 2008

Hei er ny til dette programmet. Har fått en trojan inn på PC'n min og sliter med å få den vekk. Jeg tenkte at det umulig kunne gjøre det verre, ved å poste loggen min og se om noen kan hjelpe meg.

------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:17:29, on 16.07.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\WINDOWS\system32\bcmntray.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\VM_STI.EXE

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Xfire\xfire.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\HPQ\Shared\hpqwmi.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\7GW3WlUM.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTSF Agent] C:\WINDOWS\system32\28463\RTSF.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MyWebSearch\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Programfiler\Anti Trojan Elite\TJEnder.exe :NO

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Veoh] "C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &Search - ?p=ZNfox000

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe (file missing)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://synnesinspace.spaces.live.com//Phot...ad/MsnPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\Skype4COM.dll

O20 - AppInit_DLLs: ASAPHook

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--

End of file - 8235 bytes

norbat · 16. juli 2008

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [RTSF Agent] C:\WINDOWS\system32\28463\RTSF.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MyWebSearch\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - ?p=ZNfox000

O20 - AppInit_DLLs: ASAPHook

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

Oblivinati · 16. juli 2008

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [RTSF Agent] C:\WINDOWS\system32\28463\RTSF.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MyWebSearch\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWebSearch\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - ?p=ZNfox000

O20 - AppInit_DLLs: ASAPHook

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

Her er da Combofix loggen min!

ComboFix 08-07-14.2 - Sigve Sørensen 2008-07-16 13:06:33.1 - NTFSx86

Running from: C:\Documents and Settings\Sigve Sørensen\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))

.

2008-07-16 04:15 . 2008-07-16 04:15 <DIR> d-------- C:\Programfiler\Trend Micro

2008-07-15 22:09 . 2008-07-15 22:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Xfire

2008-07-15 19:32 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-15 19:32 . 2008-06-14 20:00 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-15 16:07 . 2008-07-15 16:07 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-07-15 16:07 . 2008-07-15 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-07-15 16:00 . 2008-07-15 16:00 0 --a------ C:\WINDOWS\system32\7GW3WlUM.exe.a_a

2008-07-10 02:00 . 2008-07-10 02:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritter

2008-07-09 03:27 . 2008-07-09 03:26 29,760 --a------ C:\WINDOWS\system32\v56cB0Mg.exe

2008-06-25 18:58 . 2008-06-25 18:58 <DIR> d-------- C:\Programfiler\Xfire

2008-06-25 18:49 . 2008-06-25 18:49 <DIR> d-------- C:\Programfiler\Dyyno

2008-06-18 19:52 . 2008-06-18 19:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-06-17 22:03 . 2008-06-17 22:03 <DIR> d-------- C:\Programfiler\Veoh Networks

2008-06-17 22:03 . 2008-06-17 22:03 <DIR> d-------- C:\Documents and Settings\Sigve SÇ÷rensen

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-16 06:18 --------- d-----w C:\Programfiler\World of Warcraft

2008-07-15 21:34 --------- d-----w C:\Programfiler\Incomplete

2008-07-15 21:04 --------- d-----w C:\Programfiler\LimeWire

2008-07-15 14:07 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-09 21:31 --------- d-----w C:\Programfiler\DivX

2008-07-09 12:08 --------- d-----w C:\Programfiler\EA Games

2008-07-09 12:04 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-07-05 10:03 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-06-25 00:41 --------- d-----w C:\Programfiler\TruePoker

2008-06-21 13:03 --------- d-----w C:\Programfiler\Warcraft III

2008-06-11 23:53 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll

2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-05-29 15:49 --------- d-----w C:\Programfiler\TrackMania Nations ESWC

2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-05-17 22:03 --------- d-----w C:\Programfiler\Translate-It

2008-05-16 13:40 --------- d-----w C:\Programfiler\mIRC

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 07:04 658,944 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-31 02:43 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288]

"Veoh"="C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 16:11 3644464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\bcmntray" [X]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 14:12 102492]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 14:11 692316]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-01-14 13:21 233534]

"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoAutoTrayNotify"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoResolveSearch"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2004-11-10 02:19 38912 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"C:\\Programfiler\\BitLord\\BitLord.exe"=

"C:\\Programfiler\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"=

"C:\\Programfiler\\Valve\\Steam\\steamapps\\sigvesorensen\\counter-strike source\\hl2.exe"=

"C:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Veoh Networks\\Veoh\\VeohClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"18526:TCP"= 18526:TCP:*:Disabled:BitComet 18526 TCP

"18526:UDP"= 18526:UDP:*:Disabled:BitComet 18526 UDP

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:08]

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys []

S3 ATE_PROCMON;ATE_PROCMON;C:\Programfiler\Anti Trojan Elite\ATEPMon.sys []

S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 05:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASChannel

.

Contents of the 'Scheduled Tasks' folder

"2008-07-15 22:06:04 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-16 07:00:01 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-16 08:00:01 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-16 09:00:01 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-16 10:00:01 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-16 11:00:02 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-09 12:00:01 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-09 13:00:01 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 14:00:01 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 15:00:01 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 16:00:01 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 23:00:01 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 17:00:01 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 18:00:02 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 19:00:01 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 20:00:02 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 21:00:04 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\v56cB0Mg.exe

"2008-07-15 22:38:10 C:\WINDOWS\Tasks\At25.job"