tobler0ne Skrevet 18. juli 2008 Del Skrevet 18. juli 2008 (endret) Jeg bumper det gamle emnet mitt. Saken er som så: AVG rapporterer en infeksjon (Trojan horse Generic_c.TQZ) på mammas laptop. Jeg har ikke peiling på hva jeg skal gjøre og spør derfor folket her på diskusjon.no. Starter med å poste en HJT-logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:26:35, on 01.08.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\BR040286.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\Users\SOLBJR~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Users\Solbjørg\Desktop\123\456.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [bisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6902 bytes Endret 31. juli 2008 av Tobye Lenke til kommentar
norbat Skrevet 18. juli 2008 Del Skrevet 18. juli 2008 Loggen ser grei ut. Ingen tegn på malware. Lenke til kommentar
norbat Skrevet 1. august 2008 Del Skrevet 1. august 2008 Følg veiledningen: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres etter poster du her i din egen tråd. Lenke til kommentar
tobler0ne Skrevet 1. august 2008 Forfatter Del Skrevet 1. august 2008 (endret) Jeg har litt problemer med å kjøre ComboFix. Får melding om at komandoprossesen har sluttet å virke, leste en guiden som sier at jeg skal bruke Vista Recovery Environment. Problemet er at Vista lå fårhåndsinstallert, så jeg har ikke CD'en her. Kan poste SAS loggen nå tho. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/01/2008 at 12:28 PM Application Version : 4.15.1000 Core Rules Database Version : 3523 Trace Rules Database Version: 1513 Scan type : Quick Scan Total Scan Time : 00:14:13 Memory items scanned : 502 Memory threats detected : 0 Registry items scanned : 424 Registry threats detected : 0 File items scanned : 14727 File threats detected : 0 Endret 1. august 2008 av Tobye Lenke til kommentar
norbat Skrevet 3. august 2008 Del Skrevet 3. august 2008 Hent Decard,legg på skrivebord. Kjør dss.exe og følge veiledningen. Når scanningen er ferdig, åpnes det en logg (main.txt) som du kopierer og limer inn i din neste post. Lenke til kommentar
tobler0ne Skrevet 3. august 2008 Forfatter Del Skrevet 3. august 2008 Main: Klikk for å se/fjerne innholdet nedenfor Deckard's System Scanner v20071014.68Run by Solbjørg on 2008-08-03 18:03:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 32: 2008-08-01 10:33:55 UTC - RP91 - ComboFix created restore point 31: 2008-08-01 10:11:00 UTC - RP90 - Installed SUPERAntiSpyware Free Edition 30: 2008-07-31 19:54:06 UTC - RP89 - Windows Update 29: 2008-07-31 15:59:45 UTC - RP88 - Windows Update 28: 2008-07-29 08:10:24 UTC - RP87 - Windows Update -- First Restore Point -- 1: 2008-07-01 13:04:49 UTC - RP52 - Installed Acer ScreenSaver Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Solbjørg.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:05, on 2008-08-03 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\BR040286.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\ehome\ehmsas.exe C:\Users\SOLBJR~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\taskeng.exe C:\Users\Solbjørg\Desktop\dss.exe C:\Windows\system32\conime.exe C:\Users\SOLBJR~1\Desktop\123\Solbjørg.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [bisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7254 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; > -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p <Not Verified; ; app> S4 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management> S4 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management> S4 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService> S4 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service> S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> S4 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-08-03 18:01:35 414 --a------ C:\Windows\Tasks\Norton Security Scan.job -- Files created between 2008-07-03 and 2008-08-03 ----------------------------- 2008-08-01 14:24:33 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-08-01 12:33:15 68096 --a------ C:\Windows\zip.exe 2008-08-01 12:33:15 49152 --a------ C:\Windows\VFind.exe 2008-08-01 12:33:15 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-08-01 12:33:15 98816 --a------ C:\Windows\sed.exe 2008-08-01 12:33:15 80412 --a------ C:\Windows\grep.exe 2008-08-01 12:33:15 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-08-01 12:33:00 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-08-01 12:11:31 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-08-01 12:11:18 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-08-01 12:08:01 0 d-------- C:\Program Files\CCleaner 2008-07-31 23:26:16 0 d--h----- C:\$AVG8.VAULT$ 2008-07-04 20:48:34 0 d-------- C:\Program Files\Common Files\Adobe 2008-07-04 20:44:53 0 d-------- C:\Users\All Users\Google 2008-07-04 20:44:52 0 d-------- C:\Program Files\Google 2008-07-04 20:44:13 0 d-------- C:\Users\All Users\NOS 2008-07-04 20:44:10 0 d-------- C:\Program Files\NOS 2008-07-04 18:01:54 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-04 18:01:27 0 d-------- C:\Users\All Users\Symantec 2008-07-04 11:15:27 0 d-------- C:\Program Files\Sun 2008-07-04 11:14:16 0 d-------- C:\Program Files\Java 2008-07-04 11:13:41 0 d-------- C:\Program Files\Common Files\Java 2008-07-03 16:32:13 0 d-------- C:\Program Files\Norton Security Scan 2008-07-03 16:31:45 0 d-------- C:\Windows\system32\Adobe -- Find3M Report --------------------------------------------------------------- 2008-08-03 18:01:09 452326 --a------ C:\Windows\system32\perfh014.dat 2008-08-03 18:01:09 76478 --a------ C:\Windows\system32\perfc014.dat 2008-08-01 12:11:18 0 d-------- C:\Users\Solbjørg\AppData\Roaming\SUPERAntiSpyware.com 2008-08-01 12:10:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-11 10:44:30 0 d-------- C:\Users\Solbjørg\AppData\Roaming\Google 2008-07-10 14:36:59 0 d-------- C:\Program Files\Windows Mail 2008-07-05 14:58:52 0 d-------- C:\Users\Solbjørg\AppData\Roaming\Adobe 2008-07-04 20:48:34 0 d-------- C:\Program Files\Common Files 2008-07-03 14:38:32 0 d-------- C:\Program Files\Yahoo! 2008-07-02 18:17:17 0 d-------- C:\Program Files\Microsoft Works 2008-07-02 18:17:07 0 d-------- C:\Program Files\MSBuild 2008-07-02 18:16:23 0 d-------- C:\Program Files\Microsoft.NET 2008-07-02 18:13:25 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2008-07-02 17:58:08 0 d-------- C:\Users\Solbjørg\AppData\Roaming\DAEMON Tools 2008-07-02 15:18:13 0 d--hs---- C:\Users\Solbjørg\AppData\Roaming\.# 2008-07-02 00:50:28 3 --a------ C:\Windows\AFirst.cmd 2008-07-01 17:05:20 0 d-------- C:\Program Files\AVG 2008-07-01 16:38:06 0 d-------- C:\Users\Solbjørg\AppData\Roaming\Opera 2008-07-01 16:30:20 0 d-------- C:\Program Files\Lavasoft 2008-07-01 16:28:37 0 d-------- C:\Program Files\Opera 2008-07-01 15:23:43 0 d-------- C:\Program Files\Acer Inc 2008-07-01 15:17:11 0 d-------- C:\Program Files\Apoint2K 2008-07-01 15:15:20 0 d-------- C:\Program Files\Acer 2008-07-01 15:10:29 0 d-------- C:\Program Files\Acer Arcade Deluxe 2008-07-01 15:09:58 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-01 15:08:11 0 d-------- C:\Program Files\Launch Manager 2008-07-01 15:06:27 0 d-------- C:\Users\Solbjørg\AppData\Roaming\Identities 2008-07-01 15:05:22 0 d-------- C:\Users\Solbjørg\AppData\Roaming\Macromedia 2008-07-01 15:04:34 2569 --a------ C:\Windows\CLEANUP.CMD 2008-07-01 15:00:44 0 d-------- C:\Program Files\Windows NT 2008-07-01 15:00:44 0 d--hs---- C:\Program Files\Fellesfiler -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 04:23] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 11:53 C:\Windows\RtHDVCpl.exe] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-22 16:21] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-22 16:21] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-22 16:21] "BisonInst0402"="C:\Windows\BR040286.exe" [2007-05-08 20:48] "Skytel"="Skytel.exe" [2007-11-20 12:15 C:\Windows\SkyTel.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-21 12:18] "eRecoveryService"="" [] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 10:08] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-04 20:44] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableUIADesktopToggle"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPanel] C:\Acer\APanel\APanel.cmd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4595a165-4850-11dd-a1ab-001eec4a376d}] AutoRun\command- F:\SETUP.EXE configure\command- F:\SETUP.EXE install\command- F:\SETUP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-08-03 18:06:50 ------------ Ekstra: Klikk for å se/fjerne innholdet nedenfor Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0 Architecture: X86; Language: Norwegian CPU 0: Intel® Pentium® Dual CPU T2390 @ 1.86GHz Percentage of Memory in Use: 33% Physical Memory (total/avail): 3061.24 MiB / 2023.9 MiB Pagefile Memory (total/avail): 6324.77 MiB / 5272.2 MiB Virtual Memory (total/avail): 2047.88 MiB / 1894.16 MiB C: is Fixed (NTFS) - 143.29 GiB total, 103.64 GiB free. D: is Fixed (NTFS) - 143.08 GiB total, 136.28 GiB free. E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD3200BEVT-22ZCT0 ATA Device - 298.09 GiB - 3 partitions \PARTITION0 - Unknown - 11.71 GiB \PARTITION1 (bootable) - Installable File System - 143.29 GiB - C: \PARTITION2 - Installable File System - 143.08 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: AVG Anti-Virus Free v8.0 (AVG Technologies) AS: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) AS: SUPERAntiSpyware v4, 15, 0, 1000 (SUPERAntiSpyware.com) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Solbj›rg\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SOLBJRG-PC ComSpec=C:\Windows\system32\cmd.exe DFSTRACINGON=FALSE FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Solbj›rg LOCALAPPDATA=C:\Users\Solbj›rg\AppData\Local LOGONSERVER=\\SOLBJRG-PC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Acer\Empowering Technology\eDataSecurity;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0d ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\SOLBJR~1\AppData\Local\Temp TMP=C:\Users\SOLBJR~1\AppData\Local\Temp TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat USERDOMAIN=Solbj›rg-PC USERNAME=Solbj›rg USERPROFILE=C:\Users\Solbj›rg windir=C:\Windows -- User Profiles --------------------------------------------------------------- Solbjørg -- Add/Remove Programs --------------------------------------------------------- --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\SetXX.exe" -uninst --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall Acer Arcade Deluxe --> C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\Setup.exe -uninstall Acer Crystal Eye --> C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x0009 -removeonly Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\setup.exe -runfromtemp -l0x0009 -removeonly Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x14 -removeonly Acer Empowering Technology --> "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0014 -removeonly Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x14 -removeonly Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x14 -removeonly Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x14 -removeonly Acer eSettings Management --> "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0014 -removeonly Acer GameZone Console 2.0.1.1 --> "C:\Program Files\Acer GameZone\GameConsole\unins000.exe" Acer GridVista --> C:\Windows\GVUni.exe GridV.UNI Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x14 -removeonly Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A81200000003} Adobe Reader 8.1.2 Security Update 1 (KB403742) --> Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log Agatha Christie Death on the Nile --> "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log" Agere Systems HDA Modem --> agrsmdel Alice Greenfingers --> "C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log" ALPS Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Azada --> "C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log" Backspin Billiards --> "C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log" Big Kahuna Reef --> "C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log" Bookworm Deluxe --> "C:\Program Files\Acer GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Bookworm Deluxe\install.log" Bricks of Egypt --> "C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log" Cake Mania --> "C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Chicken Invaders 3 --> "C:\Program Files\Acer GameZone\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Chicken Invaders 3\install.log" Chuzzle --> "C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log" Diner Dash Flo on the Go --> "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log" Flip Words 2 --> "C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log" getPlus® --> "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1 Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "C:\Users\Solbjørg\Desktop\123\HijackThis.exe" /uninstall Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall Java 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Jewel Quest Solitaire --> "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log" Kick N Rush --> "C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log" Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI Mahjong Escape Ancient China --> "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log" Mahjongg Artifacts --> "C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log" Microsoft Office Access MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0015-0414-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0016-0414-0000-0000000FF1CE} Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-00BA-0414-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0044-0414-0000-0000000FF1CE} Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-00A1-0414-0000-0000000FF1CE} Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001A-0414-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0018-0414-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE} Microsoft Office Proof (Norwegian (Nynorsk)) 2007 --> MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE} Microsoft Office Proofing (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-002C-0414-0000-0000000FF1CE} Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-0019-0414-0000-0000000FF1CE} Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-006E-0414-0000-0000000FF1CE} Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 --> MsiExec.exe /X{90120000-001B-0414-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works --> MsiExec.exe /I{F22E8D16-0D5E-4b25-A630-F1361E6B02D2} Mystery Case Files - Huntsville --> "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log" Mystery Solitaire - Secret Island --> "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log" Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380} NTI Backup NOW! 4.7 --> C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0414 NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1044 CDM7 OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} Opera 9.50 --> MsiExec.exe /X{7472B5B4-3FB7-446F-BC78-6BBA506EC473} Orion --> MsiExec.exe /X{0BF78E88-A7C9-4406-89CF-0BA473BA7821} PowerProducer --> "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Turbo Pizza --> "C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log" Zuma Deluxe --> "C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log" -- Application Event Log ------------------------------------------------------- Event Record #/Type1766 / Error Event Submitted/Written: 08/03/2008 05:54:42 PM Event ID/Source: 10 / WinMgmt Event Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Event Record #/Type1765 / Success Event Submitted/Written: 08/03/2008 05:54:38 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type1760 / Success Event Submitted/Written: 08/03/2008 05:54:24 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type1758 / Success Event Submitted/Written: 08/01/2008 08:39:20 PM Event ID/Source: 902 / Software Licensing Service Event Description: Software Licensing-tjenesten er startet. Event Record #/Type1748 / Warning Event Submitted/Written: 08/01/2008 08:16:08 PM Event ID/Source: 1530 / profsvc Event Description: Windows oppdaget at registerfilen fremdeles er i bruk av andre programmer eller tjenester. Filen lastes ut nå. Det kan være at programmene eller tjenestene som bruker registerfilen, ikke vil fungere på riktig måte etterpå. INFO - 1 user registry handles leaked from \Registry\User\S-1-5-21-3504365497-857353442-181939489-1000_Classes: Process 1028 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3504365497-857353442-181939489-1000_CLASSES -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type12825 / Warning Event Submitted/Written: 08/03/2008 06:06:16 PM Event ID/Source: 3004 / WinDefend Event Description: Sanntidsbeskyttelsesagenten for %Solbjørg-PC27 har oppdaget endringer. Microsoft anbefaler at du analyserer programvaren som utførte disse endringene. Du kan bruke informasjon om hvordan disse programmene fungerer til å velge om du vil la dem kjøre eller vil fjerne dem fra datamaskinen. Tillat endringer bare hvis du stoler på programmet eller programvareutgiveren. %Solbjørg-PC27 kan ikke angre endringer som du tillater. Se følgende for mer informasjon: %Solbjørg-PC275 Skanne-ID: {61DDE894-7FBE-4C89-A61D-78FC7964D73E} Bruker: Solbjørg-PC\Solbjørg Navn: %Solbjørg-PC271 ID: %Solbjørg-PC272 Alvorlighets-ID: %Solbjørg-PC273 Kategori-ID: %Solbjørg-PC274 Funnet bane: %Solbjørg-PC276 Varseltype: %Solbjørg-PC278 Gjenkjenningstype: 1.1.1600.02 Event Record #/Type12824 / Warning Event Submitted/Written: 08/03/2008 06:06:16 PM Event ID/Source: 3004 / WinDefend Event Description: Sanntidsbeskyttelsesagenten for %Solbjørg-PC27 har oppdaget endringer. Microsoft anbefaler at du analyserer programvaren som utførte disse endringene. Du kan bruke informasjon om hvordan disse programmene fungerer til å velge om du vil la dem kjøre eller vil fjerne dem fra datamaskinen. Tillat endringer bare hvis du stoler på programmet eller programvareutgiveren. %Solbjørg-PC27 kan ikke angre endringer som du tillater. Se følgende for mer informasjon: %Solbjørg-PC275 Skanne-ID: {CCA4D5D0-3865-4DF5-8EFC-670BA55758BA} Bruker: Solbjørg-PC\Solbjørg Navn: %Solbjørg-PC271 ID: %Solbjørg-PC272 Alvorlighets-ID: %Solbjørg-PC273 Kategori-ID: %Solbjørg-PC274 Funnet bane: %Solbjørg-PC276 Varseltype: %Solbjørg-PC278 Gjenkjenningstype: 1.1.1600.02 Event Record #/Type12823 / Warning Event Submitted/Written: 08/03/2008 06:06:16 PM Event ID/Source: 3004 / WinDefend Event Description: Sanntidsbeskyttelsesagenten for %Solbjørg-PC27 har oppdaget endringer. Microsoft anbefaler at du analyserer programvaren som utførte disse endringene. Du kan bruke informasjon om hvordan disse programmene fungerer til å velge om du vil la dem kjøre eller vil fjerne dem fra datamaskinen. Tillat endringer bare hvis du stoler på programmet eller programvareutgiveren. %Solbjørg-PC27 kan ikke angre endringer som du tillater. Se følgende for mer informasjon: %Solbjørg-PC275 Skanne-ID: {602275D8-FB34-4C81-8E5E-ED8EA7DA4422} Bruker: Solbjørg-PC\Solbjørg Navn: %Solbjørg-PC271 ID: %Solbjørg-PC272 Alvorlighets-ID: %Solbjørg-PC273 Kategori-ID: %Solbjørg-PC274 Funnet bane: %Solbjørg-PC276 Varseltype: %Solbjørg-PC278 Gjenkjenningstype: 1.1.1600.02 Event Record #/Type12822 / Warning Event Submitted/Written: 08/03/2008 06:06:14 PM Event ID/Source: 3004 / WinDefend Event Description: Sanntidsbeskyttelsesagenten for %Solbjørg-PC27 har oppdaget endringer. Microsoft anbefaler at du analyserer programvaren som utførte disse endringene. Du kan bruke informasjon om hvordan disse programmene fungerer til å velge om du vil la dem kjøre eller vil fjerne dem fra datamaskinen. Tillat endringer bare hvis du stoler på programmet eller programvareutgiveren. %Solbjørg-PC27 kan ikke angre endringer som du tillater. Se følgende for mer informasjon: %Solbjørg-PC275 Skanne-ID: {280CA2EB-8821-47E9-881B-DA1F83CFFC55} Bruker: Solbjørg-PC\Solbjørg Navn: %Solbjørg-PC271 ID: %Solbjørg-PC272 Alvorlighets-ID: %Solbjørg-PC273 Kategori-ID: %Solbjørg-PC274 Funnet bane: %Solbjørg-PC276 Varseltype: %Solbjørg-PC278 Gjenkjenningstype: 1.1.1600.02 Event Record #/Type12821 / Warning Event Submitted/Written: 08/03/2008 06:06:14 PM Event ID/Source: 3004 / WinDefend Event Description: Sanntidsbeskyttelsesagenten for %Solbjørg-PC27 har oppdaget endringer. Microsoft anbefaler at du analyserer programvaren som utførte disse endringene. Du kan bruke informasjon om hvordan disse programmene fungerer til å velge om du vil la dem kjøre eller vil fjerne dem fra datamaskinen. Tillat endringer bare hvis du stoler på programmet eller programvareutgiveren. %Solbjørg-PC27 kan ikke angre endringer som du tillater. Se følgende for mer informasjon: %Solbjørg-PC275 Skanne-ID: {C3479C75-A24A-48B7-8A06-6C9A781C8E32} Bruker: Solbjørg-PC\Solbjørg Navn: %Solbjørg-PC271 ID: %Solbjørg-PC272 Alvorlighets-ID: %Solbjørg-PC273 Kategori-ID: %Solbjørg-PC274 Funnet bane: %Solbjørg-PC276 Varseltype: %Solbjørg-PC278 Gjenkjenningstype: 1.1.1600.02 -- End of Deckard's System Scanner: finished at 2008-08-03 18:06:50 ------------ Merker at Windows Automatiske oppdatering er blitt slått av av og til. Dessuten var det litt weird at det kom en en Norton Scan nå nettopp. Lenke til kommentar
norbat Skrevet 3. august 2008 Del Skrevet 3. august 2008 Norton Security Scan er et lite gratisprogram fra Symantec som sjekker sikkerheten på pc'n. Programmet kommer gjerne sammen med enkelte programmer som du installerer. Du kan avinstallere programmet om du ønsker via legg til/fjern programmer Finner AVG fortsatt trojaneren? Lenke til kommentar
tobler0ne Skrevet 3. august 2008 Forfatter Del Skrevet 3. august 2008 Niks, nå ser ikke AVG noen trojaner . Jeg skjønner ikke helt hva min kjære mor har gjort for å få den trojaneren, fordi historikken viser ingen skadelige sider som jeg ser det. Men uansett tusen takk norbat! Jeg setter stor pris på hjelpen du gir =). Ny HJT-logg, istelfelde du ville se over: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:24, on 2008-08-04 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\BR040286.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\ehome\ehmsas.exe C:\Users\SOLBJR~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\Opera\opera.exe C:\Users\Solbjørg\Desktop\123\456.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [bisonInst0402] C:\Windows\BR040286.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7168 bytes Lenke til kommentar
norbat Skrevet 4. august 2008 Del Skrevet 4. august 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) Ut over dette ser loggen din fin ut. Oppdater gjerne Java: http://java.com/en/download/index.jsp Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå