PDA

View Full Version : itunes in task manager, nowhere else. parite-something removed recently using s&d



berliner
2009-03-10, 15:19
Hi there.

I dont know much about computers, malware and problems like this. I have a problem, are desperate and followed your instructions (erunt, teatimer, hjt). Now i am hoping for help.

When i start itunes it shows in the task manager (itunes, itunes helper, apple mobile device) but the program itself isnt visible. I tried deleting an sc.info file as described on apple.com, that helped yesterday, but today the problem is back and it doesnt help to delete sc info again, which is now only a text-file and not an (no idea what it was)-database-file.

Yesterday s&d deleted an parite-something-file wich it found somewhere in my systemfolders.

Just once the same problem (in taskmanager, not working) happened with skype today. Skype worked at the second try.


I hope thats enough information about a problem they probably know. Didnt find help on google, so heres my system data and my hjt log:

Xp-Professional
Service Pack3
AMD Athlon 64, 3500 (plus)
2,21 GHz, 1,00 GB Ram

_____________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:57, on 10.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
E:\Programmer\Diskeeper\DkService.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [WindowsRegKey update] cdiodytjqo.exe
O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6789 bytes



Thank you so much in advance! I will update all information and changes that happen after your help!


Christian

peku006
2009-03-11, 21:26
Hello and Welcome to Safer Networking,

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

1 - SDFix

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)


2 - Boot into Safe Mode

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.


3 - Run SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


4 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

5 - Status Check
Please reply with

1. the SDFix.Report.txt (C:\SDFix\report.txt)
1.the logs from RSIT (log.txt ,info.txt)

description of any problems you are having with your PC

Thanks peku006

berliner
2009-03-13, 21:45
Ok, here's what you asked for. I'm not experiencing any problems with my machine right now.

Thanks again for your help so far!


REPORT


SDFix: Version 1.240
Run by K›dde on 13.03.2009 at 20:15

Microsoft Windows XP [Versjon 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 20:26:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programfiler\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,4d,a2,ad,70,83,a8,10,ab,55,77,59,4a,77,7f,3a,38,42,da,11,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6a,0e,1d,18,63,78,4e,18,ae,1e,a1,3f,9a,68,81,4b,4c,..
"khjeh"=hex:c5,ca,38,3a,6d,ba,c5,9f,6d,cf,a1,a2,82,60,e0,2a,6d,21,36,9f,cd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7e,c5,9b,63,0d,38,ef,30,7b,dd,f9,34,28,d4,aa,c6,1b,07,a0,e9,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:96,69,f5,b7,60,74,c1,22,0f,98,1a,c5,fe,1f,da,99,3d,b3,d7,9a,97,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programfiler\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f8,6d,ff,1d,e8,7e,8f,da,ce,3f,5d,b6,9b,ca,0a,45,80,21,ad,c0,23,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6a,0e,1d,18,63,78,4e,18,ae,1e,a1,3f,9a,68,81,4b,4c,..
"khjeh"=hex:c5,ca,38,3a,6d,ba,c5,9f,6d,cf,a1,a2,82,60,e0,2a,6d,21,36,9f,cd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3f,69,6a,7a,9a,b9,38,f8,95,25,ff,23,4e,3c,b5,42,c3,cd,74,4f,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:84,5e,4b,34,be,de,17,f9,58,c2,c0,56,9e,3e,e4,76,20,c3,32,21,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2a26279a
"s1"=dword:e727a182
"s2"=dword:9393da3b
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:02,f0,9c,e4,87,ad,8f,25,ec,69,ea,05,bc,a4,30,27,47,63,35,5c,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:02,f0,9c,e4,87,ad,8f,25,ec,69,ea,05,bc,a4,30,27,47,63,35,5c,e7,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\cdiodytjqo.exe"="C:\\WINDOWS\\system32\\cdiodytjqo.exe:*:Disabled:cdiodytjqo"
"C:\\Programfiler\\WinMX\\WinMX.exe"="C:\\Programfiler\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"D:\\Spill\\LOTR\\game.dat"="D:\\Spill\\LOTR\\game.dat:*:Disabled:Kampen om Midgard(tm)"
"C:\\Programfiler\\Kazaa\\kazaa.exe"="C:\\Programfiler\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"
"C:\\Programfiler\\BitComet\\BitComet.exe"="C:\\Programfiler\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Programfiler\\LimeWire\\LimeWire.exe"="C:\\Programfiler\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Programfiler\\Google\\Google Talk\\googletalk.exe"="C:\\Programfiler\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Programfiler\\MSI\\i-Speeder\\i-Speeder.exe"="C:\\Programfiler\\MSI\\i-Speeder\\i-Speeder.exe:*:Enabled:i-Speeder"
"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\Spill\\Valve\\Steam\\Steam.exe"="D:\\Spill\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\opposing force\\hl.exe"="D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\opposing force\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\half-life blue shift\\hl.exe"="D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\half-life blue shift\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\half-life\\hl.exe"="D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programfiler\\uTorrent\\uTorrent.exe"="C:\\Programfiler\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"="C:\\Programfiler\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programfiler\\Spotify\\spotify.exe"="C:\\Programfiler\\Spotify\\spotify.exe:*:Enabled:Spotify"
"C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programfiler\\Skype\\Phone\\Skype.exe"="C:\\Programfiler\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe"
Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe"
Mon 31 Dec 2007 4,521 ...HR --- "C:\Documents and Settings\K›dde\Programdata\SecuROM\UserData\securom_v7_01.bak"

Finished!


INFO

info.txt logfile of random's system information tool 1.05 2009-03-13 20:39:54

======Uninstall list======

-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 6 FREE-->"C:\Programfiler\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x14
Audacity 1.2.6-->"C:\Programfiler\Audacity\unins000.exe"
AVG 7.5-->C:\Programfiler\Grisoft\AVG7\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Programfiler\CCleaner\uninst.exe"
Diskeeper Professional Edition-->MsiExec.exe /X{DE4847A9-E86B-4BBB-B991-58C5ACA4FA04}
ERUNT 1.1j-->C:\Programfiler\ERUNT\unins000.exe
FileZilla Server (remove only)-->"C:\Programfiler\FileZilla Server\uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Programfiler\Free Audio Pack\unins000.exe"
GIMP 2.6.4-->"C:\Programfiler\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows Media Player 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iDump (Backing up your iPod)-->C:\Programfiler\iDump\uninstall.exe
IrfanView (remove only)-->C:\Programfiler\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Karen's Directory Printer-->C:\Programfiler\Karen's Power Tools\Directory Printer\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.7)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.42-->C:\Programfiler\Mp3tag\Mp3tagUninstall.EXE
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RT2500 Wireless LAN Card-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{AAA66A0D-E610-40B8-9D51-C1854285773A}\setup.exe" -l0x9 -removeonly
Sikkerhetsoppdatering for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony USB Driver-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SopCast 3.0.3-->C:\Programfiler\SopCast\uninst.exe
Spotify-->"C:\Programfiler\Spotify\uninstall.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Terayon DOCSIS Modem-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}\Setup.exe" -l0x9
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
VCW VicMan's Photo Editor 8.1-->"C:\Programfiler\VCW VicMan's Photo Editor\unins000.exe"
VLC media player 0.9.8a-->C:\Programfiler\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Programfiler\WinRAR\uninstall.exe
xp-AntiSpy 3.97-->C:\Programfiler\xp-AntiSpy\Uninstall.exe
Your Uninstaller! 2008 Version 6.0-->"C:\Programfiler\Your Uninstaller 2008\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: AVG 7.5.557
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic

System event log

Computer Name: CHRISTIAN
Event Code: 7035
Message: Apple Mobile Device-tjenesten har sendt en start-kontroll.
Record Number: 44204
Source Name: Service Control Manager
Time Written: 20090208155545.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: CHRISTIAN
Event Code: 7036
Message: Tjenesten Windows Installer gikk inn i tilstanden Kjører.

Record Number: 44203
Source Name: Service Control Manager
Time Written: 20090208155508.000000+060
Event Type: Informasjon
User:

Computer Name: CHRISTIAN
Event Code: 7035
Message: Windows Installer-tjenesten har sendt en start-kontroll.
Record Number: 44202
Source Name: Service Control Manager
Time Written: 20090208155508.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Computer Name: CHRISTIAN
Event Code: 7036
Message: Tjenesten Computer Browser gikk inn i tilstanden Kjører.

Record Number: 44201
Source Name: Service Control Manager
Time Written: 20090208155401.000000+060
Event Type: Informasjon
User:

Computer Name: CHRISTIAN
Event Code: 7035
Message: Computer Browser-tjenesten har sendt en start-kontroll.
Record Number: 44200
Source Name: Service Control Manager
Time Written: 20090208155401.000000+060
Event Type: Informasjon
User: NT-MYNDIGHET\SYSTEM

Application event log

Computer Name: KJETIL
Event Code: 105
Message:
Record Number: 18928
Source Name: Creative Service for CDROM Access
Time Written: 20080330212956.000000+120
Event Type: Informasjon
User:

Computer Name: KJETIL
Event Code: 1
Message: Service started

Record Number: 18927
Source Name: Avg7UpdSvc
Time Written: 20080330212956.000000+120
Event Type: Informasjon
User:

Computer Name: KJETIL
Event Code: 1800
Message: Tjenesten Windows Security Center er startet.

Record Number: 18926
Source Name: SecurityCenter
Time Written: 20080329204317.000000+060
Event Type: Informasjon
User:

Computer Name: KJETIL
Event Code: 2
Message: The Diskeeper Control Center has been started.
Diskeeper service started

Record Number: 18925
Source Name: Diskeeper
Time Written: 20080329204313.000000+060
Event Type: Informasjon
User:

Computer Name: KJETIL
Event Code: 1
Message: Service started

Record Number: 18924
Source Name: AVGEMS
Time Written: 20080329204312.000000+060
Event Type: Informasjon
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;E:\Programmer\Diskeeper\;C:\Programfiler\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programfiler\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programfiler\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------



LOG

Logfile of random's system information tool 1.05 (written by random/random)
Run by Kødde at 2009-03-13 20:39:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (47%) free of 30 GB
Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:52, on 13.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
E:\Programmer\Diskeeper\DkService.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kødde\Skrivebord\DOwns\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Kødde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6691 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2009-03-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MS Manager32 Startup"=manager32.exe []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2009-02-25 590848]
"DiskeeperSystray"=E:\Programmer\Diskeeper\DkIcon.exe [2005-11-22 221184]
"QuickTime Task"=C:\Programfiler\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Programfiler\iTunes\iTunesHelper.exe [2009-01-06 290088]
"SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2009-03-11 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MS Manager32 Startup"=manager32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programfiler\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programfiler\QuickTime\QTTask.exe [2009-01-05 413696]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\cdiodytjqo.exe"="C:\WINDOWS\system32\cdiodytjqo.exe:*:Disabled:cdiodytjqo"
"C:\Programfiler\WinMX\WinMX.exe"="C:\Programfiler\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"D:\Spill\LOTR\game.dat"="D:\Spill\LOTR\game.dat:*:Disabled:Kampen om Midgard(tm)"
"C:\Programfiler\Kazaa\kazaa.exe"="C:\Programfiler\Kazaa\kazaa.exe:*:Disabled:Kazaa"
"C:\Programfiler\BitComet\BitComet.exe"="C:\Programfiler\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Programfiler\LimeWire\LimeWire.exe"="C:\Programfiler\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Programfiler\Google\Google Talk\googletalk.exe"="C:\Programfiler\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Programfiler\MSI\i-Speeder\i-Speeder.exe"="C:\Programfiler\MSI\i-Speeder\i-Speeder.exe:*:Enabled:i-Speeder"
"C:\Programfiler\Grisoft\AVG7\avginet.exe"="C:\Programfiler\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Programfiler\Grisoft\AVG7\avgamsvr.exe"="C:\Programfiler\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Programfiler\Grisoft\AVG7\avgcc.exe"="C:\Programfiler\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Programfiler\Grisoft\AVG7\avgemc.exe"="C:\Programfiler\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"D:\Spill\Valve\Steam\Steam.exe"="D:\Spill\Valve\Steam\Steam.exe:*:Enabled:Steam"
"D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe"="D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe"="D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe"="D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\uTorrent\uTorrent.exe"="C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programfiler\Spotify\spotify.exe"="C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-03-13 20:39:47 ----D---- C:\rsit
2009-03-13 20:14:28 ----D---- C:\WINDOWS\ERUNT
2009-03-13 20:09:06 ----D---- C:\WINDOWS\pss
2009-03-11 23:08:52 ----D---- C:\SDFix
2009-03-11 11:21:51 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-11 11:21:51 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-11 11:21:51 ----A---- C:\WINDOWS\system32\java.exe
2009-03-10 19:26:32 ----D---- C:\Programfiler\SopCast
2009-03-10 14:04:34 ----D---- C:\WINDOWS\ERDNT
2009-03-10 13:58:14 ----D---- C:\Programfiler\ERUNT
2009-03-10 13:34:57 ----D---- C:\Programfiler\Trend Micro
2009-03-10 13:07:59 ----D---- C:\Programfiler\iPod
2009-03-10 13:07:57 ----D---- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-10 13:07:30 ----D---- C:\Programfiler\QuickTime
2009-03-10 13:07:21 ----D---- C:\Programfiler\Apple Software Update
2009-03-10 13:07:11 ----D---- C:\Programfiler\Fellesfiler\Apple
2009-03-09 20:34:04 ----D---- C:\Programfiler\Spybot - Search & Destroy
2009-03-09 20:34:04 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2009-03-09 19:37:46 ----D---- C:\Documents and Settings\Kødde\Programdata\Spotify
2009-03-09 19:37:44 ----D---- C:\Programfiler\Spotify
2009-03-05 16:28:32 ----D---- C:\lame-398-2
2009-03-05 01:39:39 ----D---- C:\Programfiler\FileZilla Server
2009-03-01 19:07:09 ----A---- C:\WINDOWS\phedit.ini
2009-03-01 18:57:01 ----D---- C:\Programfiler\VCW VicMan's Photo Editor
2009-03-01 18:57:01 ----A---- C:\WINDOWS\system32\msvcrt10.dll
2009-03-01 18:57:01 ----A---- C:\WINDOWS\fmachine.ini
2009-03-01 10:24:54 ----D---- C:\Programfiler\Karen's Power Tools
2009-03-01 10:24:45 ----D---- C:\Documents and Settings\All Users\Programdata\Karen's Power Tools
2009-02-28 18:41:21 ----D---- C:\Documents and Settings\Kødde\Programdata\skypePM
2009-02-28 18:39:16 ----D---- C:\Documents and Settings\Kødde\Programdata\Skype
2009-02-28 18:35:31 ----D---- C:\Programfiler\Fellesfiler\Skype
2009-02-28 18:35:29 ----RD---- C:\Programfiler\Skype
2009-02-28 18:35:24 ----D---- C:\Documents and Settings\All Users\Programdata\Skype
2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudPlayer.dll
2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudioVisu.dll
2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudioRecord.dll
2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudioInfos.dll
2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudFile.dll
2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudDisplay.dll
2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\TABCTFR.DLL
2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\Mscc2fr.dll
2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\inetfr.DLL
2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\AudDesign.dll
2009-02-28 13:27:50 ----D---- C:\Programfiler\Free Audio Pack
2009-02-28 13:27:50 ----A---- C:\WINDOWS\system32\lame_enc.dll
2009-02-28 00:37:04 ----D---- C:\Documents and Settings\Kødde\Programdata\Processing
2009-02-26 02:04:26 ----D---- C:\Programfiler\Audacity
2009-02-24 23:53:26 ----D---- C:\iTunes Rettung
2009-02-24 23:33:01 ----D---- C:\Programfiler\iTunes
2009-02-22 16:15:59 ----D---- C:\Documents and Settings\Kødde\Programdata\gtk-2.0
2009-02-21 20:07:46 ----D---- C:\Documents and Settings\Kødde\Programdata\Ashampoo
2009-02-21 20:07:33 ----D---- C:\Documents and Settings\All Users\Programdata\ashampoo
2009-02-21 20:07:30 ----D---- C:\Programfiler\Ashampoo
2009-02-21 18:27:48 ----D---- C:\Programfiler\IrfanView
2009-02-21 17:51:33 ----D---- C:\Programfiler\GIMP-2.0
2009-02-21 14:52:50 ----D---- C:\Programfiler\TVAnts
2009-02-19 13:34:48 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-02-09 21:53:56 ----D---- C:\Documents and Settings\All Users\Programdata\Adobe
2009-02-09 21:53:49 ----D---- C:\Programfiler\Fellesfiler\Adobe
2009-02-09 21:53:49 ----D---- C:\Programfiler\Adobe
2009-02-08 21:53:51 ----D---- C:\Programfiler\iDump
2009-02-08 17:51:16 ----D---- C:\Documents and Settings\Kødde\Programdata\dvdcss
2009-02-08 16:25:42 ----D---- C:\Documents and Settings\Kødde\Programdata\WinRAR
2009-02-08 16:25:17 ----D---- C:\Programfiler\WinRAR
2009-02-08 15:56:41 ----D---- C:\Documents and Settings\Kødde\Programdata\Apple Computer
2009-02-08 15:56:14 ----D---- C:\Programfiler\Bonjour
2009-02-07 11:16:47 ----D---- C:\Documents and Settings\Kødde\Programdata\Mp3tag
2009-02-07 11:16:42 ----D---- C:\Programfiler\Mp3tag
2009-02-07 01:11:41 ----D---- C:\Programfiler\uTorrent
2009-02-07 01:11:36 ----D---- C:\Documents and Settings\Kødde\Programdata\uTorrent
2009-02-06 12:39:37 ----D---- C:\WINDOWS\flurry-win32-1.1.1.11
2009-02-06 11:50:13 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-06 11:50:04 ----D---- C:\Programfiler\Java
2009-02-06 11:28:07 ----D---- C:\Documents and Settings\Kødde\Programdata\vlc
2009-02-06 11:26:55 ----D---- C:\Programfiler\VideoLAN
2009-02-06 11:17:57 ----D---- C:\Programfiler\xp-AntiSpy
2009-02-06 10:55:10 ----A---- C:\WINDOWS\system32\WRLSetup.exe
2009-02-06 10:55:10 ----A---- C:\WINDOWS\system32\installrt2500qa.dll
2009-02-06 10:55:10 ----A---- C:\WINDOWS\system32\AegisI5.exe
2009-02-06 10:54:56 ----D---- C:\Programfiler\RALINK
2009-02-06 10:27:48 ----D---- C:\Documents and Settings\Kødde\Programdata\MSN6
2009-02-06 10:27:48 ----D---- C:\Documents and Settings\All Users\Programdata\MSN6
2009-02-06 00:11:38 ----A---- C:\WINDOWS\ModemLog_Standard modem med 56000 bps.txt
2009-01-21 21:09:55 ----D---- C:\Documents and Settings\Kødde\Programdata\Media Player Classic
2009-01-14 21:18:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2008-12-17 22:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$

======List of files/folders modified in the last 3 months======

2009-03-13 20:39:44 ----D---- C:\WINDOWS\Prefetch
2009-03-13 20:37:57 ----D---- C:\WINDOWS
2009-03-13 20:37:44 ----D---- C:\Programfiler\Mozilla Firefox
2009-03-13 20:34:06 ----AD---- C:\WINDOWS\Temp
2009-03-13 20:32:29 ----RASH---- C:\boot.ini
2009-03-13 20:32:29 ----A---- C:\WINDOWS\win.ini
2009-03-13 20:32:29 ----A---- C:\WINDOWS\system.ini
2009-03-13 20:15:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-13 20:10:09 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-03-11 22:51:04 ----D---- C:\WINDOWS\system32\drivers
2009-03-11 22:51:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-11 11:22:52 ----SHD---- C:\WINDOWS\Installer
2009-03-11 11:21:53 ----SHD---- C:\Config.Msi
2009-03-11 11:21:51 ----D---- C:\WINDOWS\system32
2009-03-10 19:26:32 ----AD---- C:\Programfiler
2009-03-10 18:02:41 ----D---- C:\Documents and Settings\Kødde\Programdata\AVG7
2009-03-10 13:07:19 ----HD---- C:\WINDOWS\inf
2009-03-10 13:07:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-10 13:07:11 ----D---- C:\Programfiler\Fellesfiler
2009-03-10 12:54:11 ----AD---- C:\Documents and Settings\All Users\Programdata\TEMP
2009-02-24 23:41:35 ----D---- C:\WINDOWS\system32\NtmsData
2009-02-08 23:39:01 ----D---- C:\WINDOWS\Debug
2009-02-06 12:38:30 ----D---- C:\WINDOWS\system
2009-02-06 10:54:56 ----HD---- C:\Programfiler\InstallShield Installation Information
2009-01-31 14:25:32 ----D---- C:\WINDOWS\Help
2009-01-28 22:00:25 ----D---- C:\Documents and Settings\Kødde\Programdata\Real
2009-01-27 22:38:55 ----D---- C:\Documents and Settings\All Users\Programdata\Creative
2009-01-27 22:23:17 ----D---- C:\Documents and Settings\All Users\Programdata\avg7
2009-01-22 18:17:50 ----SD---- C:\WINDOWS\Tasks
2009-01-22 18:16:21 ----D---- C:\WINDOWS\system32\Adobe
2009-01-22 18:16:01 ----D---- C:\Documents and Settings\Kødde\Programdata\Macromedia
2009-01-22 18:16:00 ----D---- C:\WINDOWS\system32\Macromed
2009-01-22 18:16:00 ----D---- C:\Documents and Settings\Kødde\Programdata\Adobe
2009-01-21 20:55:56 ----A---- C:\WINDOWS\clue.ini
2009-01-21 20:38:28 ----D---- C:\Documents and Settings
2009-01-21 20:28:32 ----D---- C:\WINDOWS\WinSxS
2009-01-21 20:17:08 ----RSD---- C:\WINDOWS\Fonts
2009-01-14 21:17:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-10 02:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-04 22:21:22 ----D---- C:\Programfiler\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-09-26 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-09-26 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-20 10760]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0-støttemiljø for ikke-IFS-tjenesteleverandør; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-09 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-02-06 17119]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-09-26 4960]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-09 5888]
R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-12-15 218368]
R3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 aktivert hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniportdriver for Microsoft USB åpen vertskontroller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\KDDE~1\LOKALE~1\Temp\catchme.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-02-03 223128]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2004-09-30 16880]
S3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
S3 QV2KUX;Casio digitalt kamera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
S3 SONYPVU1;Sony USB-filterdriver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 st3mp28;st3mp28; C:\WINDOWS\System32\DRIVERS\st3mp28.sys []
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2007-06-15 19840]
S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-13 96512]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-09-26 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2007-12-20 406528]
R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Diskeeper;Diskeeper; E:\Programmer\Diskeeper\DkService.exe [2005-11-23 765952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2009-03-11 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2005-09-02 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FileZilla Server;FileZilla Server FTP server; C:\Programfiler\FileZilla Server\FileZilla Server.exe [2009-03-03 691200]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NipSvc;Norman API-hooking helper; E:\Norman\Nvc\BIN\nipsvc.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programfiler\Windows Media Player\WMPNetwk.exe [2006-11-15 914944]

-----------------EOF-----------------



HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:23, on 13.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
E:\Programmer\Diskeeper\DkService.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6625 bytes

berliner
2009-03-14, 12:47
Hi.

I just realized that itunes might have worked (nearly) properly all the way. It just takes about 7 minutes for it to start up. I didn't deliberatley change anything (location, amount, whatever...) about what it has to collect so i don't see why it takes like 6 1/2 minutes longer now than a few days ago.

Everything else works fine i believe.

peku006
2009-03-14, 15:15
Hi berliner

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log

Thanks peku006

berliner
2009-03-15, 14:03
Er du egentlig norsk?

Again - here's what you asked for:
____


Malwarebytes' Anti-Malware 1.34
Databaseversjon: 1851
Windows 5.1.2600 Service Pack 3

15.03.2009 11:07:37
mbam-log-2009-03-15 (11-07-31).txt

Skanntype: Full Skann (C:\|D:\|E:\|)
Objekter skannet: 141128
Tid tilbakelagt: 26 minute(s), 43 second(s)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 2
Mapper infisert: 0
Filer infisert: 0

Minneprosesser infisert:
(Ingen mistenkelige filer funnet)

Minnemoduler infisert:
(Ingen mistenkelige filer funnet)

Registernøkler infisert:
(Ingen mistenkelige filer funnet)

Registerverdier infisert:
(Ingen mistenkelige filer funnet)

Registerfiler infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Mapper infisert:
(Ingen mistenkelige filer funnet)

Filer infisert:
(Ingen mistenkelige filer funnet)


____


Malwarebytes' Anti-Malware 1.34
Databaseversjon: 1851
Windows 5.1.2600 Service Pack 3

15.03.2009 11:07:48
mbam-log-2009-03-15 (11-07-48).txt

Skanntype: Full Skann (C:\|D:\|E:\|)
Objekter skannet: 141128
Tid tilbakelagt: 26 minute(s), 43 second(s)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 2
Mapper infisert: 0
Filer infisert: 0

Minneprosesser infisert:
(Ingen mistenkelige filer funnet)

Minnemoduler infisert:
(Ingen mistenkelige filer funnet)

Registernøkler infisert:
(Ingen mistenkelige filer funnet)

Registerverdier infisert:
(Ingen mistenkelige filer funnet)

Registerfiler infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Mapper infisert:
(Ingen mistenkelige filer funnet)

Filer infisert:
(Ingen mistenkelige filer funnet)


____



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:04, on 15.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
E:\Programmer\Diskeeper\DkService.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6526 bytes

peku006
2009-03-15, 15:39
Hi berliner

egentlig jeg er finsk..men har bodd lenge i Norge

1 - Remove bad HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):


O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe


Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

2 - Download and Run OTMoveIt3

Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.

:files
C:\windows\system32\manager32.exe

Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

2. the OTMoveIt3 log
3. a fresh HijackThis log

Thanks peku006

berliner
2009-03-16, 00:09
Jeg er tysk og i Oslo.


MoveIt:

Error: Unable to interpret <C:\windows\system32\manager32.exe> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_230529


HJT:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:24, on 15.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
E:\Programmer\Diskeeper\DkService.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6395 bytes

Takk for nå.

peku006
2009-03-16, 08:10
Hi ang God Morgen berliner

FileLook

Please download FileLook by jpshortstuff from one of the following mirrors:
Link 1 (http://jpshortstuff.247fixes.com/FileLook.exe)
Link 2 (http://images.malwareremoval.com/jpshortstuff/FileLook_.exe)
Double-click FileLook.exe to run it. (Vista users will almost certainly have to right click and select Run As Administrator)
Ensure that the BBCode Ouput checkbox is checked.
Copy the content of the following codebox into the main textfield:


manager32.exe

Click the FileLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at C:\fl_log.txt

Thanks peku006

berliner
2009-03-16, 17:10
FileLook.exe v2.0 by jpshortstuff
Log created at 16:09 on 16/03/2009
==================================
FileLook - "anager32.exe"

Unable to find file.

==============================

=EOF=



[HJT]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:43, on 16.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
E:\Programmer\Diskeeper\DkService.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6395 bytes

peku006
2009-03-16, 18:33
Hi berliner

this looks like a small "typo" :slap:

it´s manager32.exe ....not "anager32.exe"


FileLook.exe v2.0 by jpshortstuff
Log created at 16:09 on 16/03/2009
==================================
FileLook - "anager32.exe"

Unable to find file.

==============================

=EOF=

Please do it again

Thanks peku006

berliner
2009-03-16, 20:52
Hi.

"anager32.exe" is what it answers when i ask for "manager32.exe"

When i ask for "mmanager32.exe" it answers "manager32.exe"

...



Hi berliner

this looks like a small "typo" :slap:

it´s manager32.exe ....not "anager32.exe"



Please do it again

Thanks peku006

peku006
2009-03-16, 21:08
Hi berliner
hmm...not found.......det va som ... !

Let us take a deeper look.

Please download OTScanIt2 from Geeks to Go (http://oldtimer.geekstogo.com/OTScanIt2.exe) or Bleeping Computer (http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe). Save it to your desktop.

Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner.
When done, Notepad will open. Please post this log in your next reply.

Thanks peku006

berliner
2009-03-16, 21:27
OTScanIt2 logfile created on: 16.03.2009 20:20:53 - Run 1
OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\Kødde\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

1023,47 Mb Total Physical Memory | 412,64 Mb Available Physical Memory | 40,32% Memory free
1,65 Gb Paging File | 1,20 Gb Available in Paging File | 72,58% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 29,29 Gb Total Space | 12,81 Gb Free Space | 43,74% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 48,64 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
Drive E: | 108,18 Gb Total Space | 77,30 Gb Free Space | 71,46% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 149,00 Gb Total Space | 1,23 Gb Free Space | 0,83% Space Free | Partition Type: FAT32
Drive H: | 17,58 Gb Total Space | 0,64 Gb Free Space | 3,62% Space Free | Partition Type: NTFS
Drive I: | 10,36 Gb Total Space | 5,67 Gb Free Space | 54,69% Space Free | Partition Type: NTFS

Computer Name: CHRISTIAN
Current User Name: Kødde
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008.11.07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> [2007.10.23 18:04:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> [2009.02.25 11:00:50 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.)
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> [2007.12.20 18:51:53 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.)
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> [2007.09.26 15:02:53 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.)
dkservice.exe -> E:\Programmer\Diskeeper\DkService.exe -> [2005.11.23 06:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008.04.14 17:22:49 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009.03.09 18:02:36 | 00,307,704 | ---- | M] (Mozilla Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009.01.06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
itunes.exe -> %ProgramFiles%\iTunes\iTunes.exe -> [2009.01.06 13:06:28 | 14,294,824 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2009.01.06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009.03.11 11:21:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009.03.11 11:21:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008.05.16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\OTScanIt2\OTScanIt2.exe -> [2009.02.19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
raconfig2500.exe -> %ProgramFiles%\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe -> [2005.01.20 14:14:58 | 00,536,576 | ---- | M] (Ralink Technology, Corp.)
uaservice7.exe -> %SystemRoot%\system32\UAService7.exe -> [2005.09.02 16:24:06 | 00,126,976 | ---- | M] ()
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008.04.14 17:23:18 | 00,013,824 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008.11.07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004.07.15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> [2007.10.23 18:04:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> [2007.09.26 15:02:53 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.)
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> [2007.12.20 18:51:53 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.)
(Bonjour Service) Bonjour-tjeneste [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> E:\Programmer\Diskeeper\DkService.exe -> [2005.11.23 06:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation)
(FileZilla Server) FileZilla Server FTP server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\FileZilla Server\FileZilla Server.exe -> [2009.03.03 11:19:28 | 00,691,200 | ---- | M] (FileZilla Project)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008.04.14 17:22:17 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod-tjeneste [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2009.01.06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009.03.11 11:21:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(NipSvc) Norman API-hooking helper [Win32_Own | On_Demand | Stopped] -> -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008.05.16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation)
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %SystemRoot%\system32\UAService7.exe -> [2005.09.02 16:24:06 | 00,126,976 | ---- | M] ()
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006.11.15 09:46:18 | 00,914,944 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.6.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> [2009.02.06 10:55:13 | 00,017,119 | ---- | M] (Meetinghouse Data Communications)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> [2004.02.24 04:08:52 | 00,400,384 | ---- | M] (Sensaura)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2004.06.21 09:53:20 | 00,626,204 | ---- | M] (Realtek Semiconductor Corp.)
(AmdK8) AMD Athlon64 Processor Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\AmdK8.sys -> [2003.11.07 05:00:00 | 00,035,328 | R--- | M] (Advanced Micro Devices)
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7core.sys -> [2007.10.23 18:04:48 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.)
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7rsw.sys -> [2007.09.26 15:02:57 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.)
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avg7rsxp.sys -> [2007.09.26 15:02:57 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.)
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgclean.sys -> [2007.12.20 18:51:53 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.)
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\System32\Drivers\avgtdi.sys -> [2007.09.26 15:02:58 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.)
(cdrbsdrv) cdrbsdrv [Kernel | System | Running] -> %SystemRoot%\System32\drivers\CDRBSDRV.SYS -> [2004.03.08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation)
(dtscsi) dtscsi [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\dtscsi.sys -> [2006.02.03 10:14:52 | 00,223,128 | ---- | M] (DT Soft Ltd.)
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ENTECH.sys -> [1999.10.21 09:12:52 | 00,020,400 | ---- | M] (EnTech Taiwan)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> [2008.04.17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(Jukebox3) Jukebox3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ctpdusb.sys -> [2004.09.30 00:27:00 | 00,016,880 | ---- | M] (Creative Technology Ltd.)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2008.05.16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation)
(nvatabus) nvatabus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvatabus.sys -> [2004.06.03 09:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\NVENETFD.sys -> [2005.04.06 03:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nvnetbus.sys -> [2004.05.17 13:00:54 | 00,012,928 | ---- | M] (NVIDIA Corporation)
(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\System32\DRIVERS\nv_agp.sys -> [2003.10.29 12:02:00 | 00,021,120 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direkte parallell koblingsdriver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> [2001.10.09 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\PxHelp20.sys -> [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(QV2KUX) Casio digitalt kamera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\qv2kux.sys -> [2001.08.17 20:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\RootMdm.sys -> [2001.10.09 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(RT2500) RT2500 Wireless Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\RT2500.sys -> [2004.12.15 19:12:04 | 00,218,368 | ---- | M] (Ralink Technology Inc.)
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\Rtlnic51.sys -> [2003.12.31 10:58:46 | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation )
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\Rtnicxp.sys -> [2006.12.14 15:44:06 | 00,085,120 | ---- | M] (Realtek Semiconductor Corporation )
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> [2007.11.13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfdrv01.sys -> [2005.08.10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology)
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfhlp02.sys -> [2005.05.16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology)
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfsync02.sys -> [2005.08.10 15:06:28 | 00,019,968 | ---- | M] (Protection Technology)
(sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfvfs02.sys -> [2005.09.29 18:01:51 | 00,066,048 | ---- | M] (Protection Technology)
(SONYPVU1) Sony USB-filterdriver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\SONYPVU1.SYS -> [2001.08.17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> [2006.02.02 23:57:11 | 00,642,560 | ---- | M] ()
(StMp3Rec) Player Recovery Device Control Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\StMp3Rec.sys -> [2007.06.15 10:49:30 | 00,019,840 | R--- | M] (Generic)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> [2008.11.07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.no/ ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.no/ ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Kødde\Programdata\Mozilla\FireFox\Profiles\aa4fg579.default\prefs.js ->
browser.startup.homepage -> "www.google.no" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.7" ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4 ->
extensions.enabledItems -> {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.7.8 ->
extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
extensions.enabledItems -> treestyletab@piro.sakura.ne.jp:0.7.2009021201 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 ->
< HOSTS File > (686 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008.06.11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009.01.26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009.03.11 11:21:42 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009.03.11 11:21:42 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVG7_CC" -> \PROGRA~1\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> [2009.02.25 11:00:50 | 00,590,848 | ---- | M] ()
"DiskeeperSystray" -> E:\Programmer\Diskeeper\DkIcon.exe ["E:\Programmer\Diskeeper\DkIcon.exe"] -> [2005.11.22 16:38:20 | 00,221,184 | ---- | M] (Diskeeper Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Programfiler\iTunes\iTunesHelper.exe"] -> [2009.01.06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.)
"NvCplDaemon" -> %SystemRoot%\system32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008.05.16 13:01:00 | 13,529,088 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Programfiler\QuickTime\QTTask.exe" -atboottime] -> [2009.01.05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Programfiler\Java\jre6\bin\jusched.exe"] -> [2009.03.11 11:21:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart ->
%AllUsersProfile%\Start-meny\Programmer\Oppstart\Ralink Wireless Utility.lnk -> %ProgramFiles%\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe -> [2005.01.20 14:14:58 | 00,536,576 | ---- | M] (Ralink Technology, Corp.)
< Kødde Startup Folder > -> C:\Documents and Settings\Kødde\Start-meny\Programmer\Oppstart ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoRecentDocsNetHood" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2004.12.06 16:47:08 | 09,166,848 | R--- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009.01.26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{461CC20B-FB6E-4f16-8FE8-C29359DB100E}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009.01.26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 17:23:00 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX-galleri ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5442 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5443 domain(s) found. ->
.[msn] -> Min datamaskin ->
www.msi_com.tw [http] -> Klarerte områder ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] ->
{33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab [Reg Error: Key error.] ->
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [HKLM] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab [Reg Error: Key error.] ->
{8167C273-DF59-4416-B647-C8BB2C7EE83E} [HKLM] -> http://liveupdate.msi.com.tw/autobios/LOnline/install.cab [Reg Error: Key error.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Reg Error: Key error.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{401FBD90-72DD-4087-9B0D-ED9765AEEF6D} -> () ->
{66426032-6511-4B65-8BDE-C3424896BAE2} -> (802.11g Wireless LAN PCI) ->
{78A7D52B-06FA-4ADF-BC08-0957AF963A72} -> (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
{A2075401-1236-474A-B26F-EC4BB6D9A1DC} -> (1394-nettverkskort) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008.04.14 17:22:49 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008.04.14 17:23:10 | 00,140,800 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008.04.13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008.04.14 17:23:10 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Programfiler\BitComet\BitComet.exe" -> C:\Programfiler\BitComet\BitComet.exe [C:\Programfiler\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> File not found
"C:\Programfiler\Bonjour\mDNSResponder.exe" -> C:\Programfiler\Bonjour\mDNSResponder.exe [C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Programfiler\Google\Google Talk\googletalk.exe" -> C:\Programfiler\Google\Google Talk\googletalk.exe [C:\Programfiler\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> File not found
"C:\Programfiler\Grisoft\AVG7\avgamsvr.exe" -> C:\Programfiler\Grisoft\AVG7\avgamsvr.exe [C:\Programfiler\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> [2007.10.23 18:04:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)
"C:\Programfiler\Grisoft\AVG7\avgcc.exe" -> C:\Programfiler\Grisoft\AVG7\avgcc.exe [C:\Programfiler\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> [2009.02.25 11:00:50 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.)
"C:\Programfiler\Grisoft\AVG7\avgemc.exe" -> C:\Programfiler\Grisoft\AVG7\avgemc.exe [C:\Programfiler\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> [2007.12.20 18:51:53 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.)
"C:\Programfiler\Grisoft\AVG7\avginet.exe" -> C:\Programfiler\Grisoft\AVG7\avginet.exe [C:\Programfiler\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> [2008.10.16 16:35:54 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.)
"C:\Programfiler\iTunes\iTunes.exe" -> C:\Programfiler\iTunes\iTunes.exe [C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009.01.06 13:06:28 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Programfiler\Kazaa\kazaa.exe" -> C:\Programfiler\Kazaa\kazaa.exe [C:\Programfiler\Kazaa\kazaa.exe:*:Disabled:Kazaa] -> File not found
"C:\Programfiler\LimeWire\LimeWire.exe" -> C:\Programfiler\LimeWire\LimeWire.exe [C:\Programfiler\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Programfiler\MSI\i-Speeder\i-Speeder.exe" -> C:\Programfiler\MSI\i-Speeder\i-Speeder.exe [C:\Programfiler\MSI\i-Speeder\i-Speeder.exe:*:Enabled:i-Speeder] -> File not found
"C:\Programfiler\Skype\Phone\Skype.exe" -> C:\Programfiler\Skype\Phone\Skype.exe [C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009.02.04 12:27:34 | 23,975,720 | R--- | M] (Skype Technologies S.A.)
"C:\Programfiler\Spotify\spotify.exe" -> C:\Programfiler\Spotify\spotify.exe [C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify] -> [2009.02.25 20:56:58 | 02,517,888 | ---- | M] (Spotify AB)
"C:\Programfiler\uTorrent\uTorrent.exe" -> C:\Programfiler\uTorrent\uTorrent.exe [C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009.02.07 01:11:41 | 00,270,128 | ---- | M] (BitTorrent, Inc.)
"C:\Programfiler\WinMX\WinMX.exe" -> C:\Programfiler\WinMX\WinMX.exe [C:\Programfiler\WinMX\WinMX.exe:*:Enabled:WinMX Application] -> File not found
"C:\StubInstaller.exe" -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> File not found
"C:\WINDOWS\system32\cdiodytjqo.exe" -> C:\WINDOWS\system32\cdiodytjqo.exe [C:\WINDOWS\system32\cdiodytjqo.exe:*:Disabled:cdiodytjqo] -> File not found
"D:\Spill\LOTR\game.dat" -> D:\Spill\LOTR\game.dat [D:\Spill\LOTR\game.dat:*:Disabled:Kampen om Midgard(tm)] -> File not found
"D:\Spill\Valve\Steam\Steam.exe" -> D:\Spill\Valve\Steam\Steam.exe [D:\Spill\Valve\Steam\Steam.exe:*:Enabled:Steam] -> File not found
"D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe" -> D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe [D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher] -> File not found
"D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe" -> D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe [D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe:*:Enabled:Half-Life Launcher] -> File not found
"D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe" -> D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe [D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe:*:Enabled:Half-Life Launcher] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM-driver ->
"ImagePath" -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008.04.13 19:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\FELLES~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007.01.17 15:50:17 | 00,000,050 | ---- | M] ()
H:\AUTOEXEC.BAT [] -> H:\AUTOEXEC.BAT [ NTFS ] -> [2008.03.17 11:41:11 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


[Files/Folders - Created Within 30 Days]
OTScanIt2 -> %UserProfile%\OTScanIt2 -> [2009.03.16 20:20:14 | 00,000,000 | ---D | C]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [2009.03.15 23:05:29 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009.03.15 10:35:30 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009.03.15 10:35:29 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Skrivebord\Malwarebytes' Anti-Malware.lnk -> [2009.03.15 10:35:29 | 00,000,697 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009.03.15 10:35:27 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009.03.15 10:35:26 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Programdata\Malwarebytes -> [2009.03.15 10:35:26 | 00,000,000 | ---D | C]
NEU -> %UserProfile%\Skrivebord\NEU -> [2009.03.14 13:34:24 | 00,000,000 | ---D | C]
Siste -> %UserProfile%\Siste -> [2009.03.14 13:29:36 | 00,000,000 | RH-D | C]
rsit -> %SystemDrive%\rsit -> [2009.03.13 20:39:47 | 00,000,000 | ---D | C]
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009.03.13 20:15:23 | 00,578,560 | ---- | C] (Microsoft Corporation)
ERUNT -> %SystemRoot%\ERUNT -> [2009.03.13 20:14:28 | 00,000,000 | ---D | C]
pss -> %SystemRoot%\pss -> [2009.03.13 20:09:06 | 00,000,000 | ---D | C]
SDFix -> %SystemDrive%\SDFix -> [2009.03.11 23:08:52 | 00,000,000 | ---D | C]
.recently-used.xbel -> %UserProfile%\.recently-used.xbel -> [2009.03.11 10:18:48 | 00,046,440 | ---- | C] ()
SopCast.lnk -> %UserProfile%\Skrivebord\SopCast.lnk -> [2009.03.10 19:26:33 | 00,000,665 | ---- | C] ()
SopCast -> %ProgramFiles%\SopCast -> [2009.03.10 19:26:32 | 00,000,000 | ---D | C]
Setup-SopCast-3.0.3-2008-4-30.exe -> %UserProfile%\Skrivebord\Setup-SopCast-3.0.3-2008-4-30.exe -> [2009.03.10 19:25:40 | 03,187,458 | ---- | C] ()
ERDNT -> %SystemRoot%\ERDNT -> [2009.03.10 14:04:34 | 00,000,000 | ---D | C]
NTREGOPT.lnk -> %UserProfile%\Skrivebord\NTREGOPT.lnk -> [2009.03.10 13:58:15 | 00,000,612 | ---- | C] ()
ERUNT.lnk -> %UserProfile%\Skrivebord\ERUNT.lnk -> [2009.03.10 13:58:15 | 00,000,593 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009.03.10 13:58:14 | 00,000,000 | ---D | C]
HijackThis.lnk -> %UserProfile%\Skrivebord\HijackThis.lnk -> [2009.03.10 13:34:57 | 00,001,731 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009.03.10 13:34:57 | 00,000,000 | ---D | C]
iTunes.lnk -> %AllUsersProfile%\Skrivebord\iTunes.lnk -> [2009.03.10 13:08:09 | 00,002,341 | ---- | C] ()
iPod -> %ProgramFiles%\iPod -> [2009.03.10 13:07:59 | 00,000,000 | ---D | C]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2009.03.10 13:07:57 | 00,000,000 | ---D | C]
QuickTime Player.lnk -> %AllUsersProfile%\Skrivebord\QuickTime Player.lnk -> [2009.03.10 13:07:40 | 00,001,605 | ---- | C] ()
QuickTime -> %ProgramFiles%\QuickTime -> [2009.03.10 13:07:30 | 00,000,000 | ---D | C]
Apple Software Update -> %ProgramFiles%\Apple Software Update -> [2009.03.10 13:07:21 | 00,000,000 | ---D | C]
Apple -> %CommonProgramFiles%\Apple -> [2009.03.10 13:07:11 | 00,000,000 | ---D | C]
iTunes Library.itl -> %UserProfile%\Mine dokumenter\iTunes Library.itl -> [2009.03.10 12:48:38 | 43,156,928 | ---- | C] ()
iTunes Library.itl -> %UserProfile%\Skrivebord\iTunes Library.itl -> [2009.03.10 12:48:04 | 43,156,928 | ---- | C] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Skrivebord\Spybot - Search & Destroy.lnk -> [2009.03.09 20:34:13 | 00,000,932 | ---- | C] ()
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2009.03.09 20:34:04 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> %AllUsersProfile%\Programdata\Spybot - Search & Destroy -> [2009.03.09 20:34:04 | 00,000,000 | ---D | C]
Spotify -> %UserProfile%\Lokale innstillinger\Programdata\Spotify -> [2009.03.09 19:37:46 | 00,000,000 | ---D | C]
Spotify -> %AppData%\Spotify -> [2009.03.09 19:37:46 | 00,000,000 | ---D | C]
Spotify.lnk -> %UserProfile%\Skrivebord\Spotify.lnk -> [2009.03.09 19:37:45 | 00,000,665 | ---- | C] ()
Spotify -> %ProgramFiles%\Spotify -> [2009.03.09 19:37:44 | 00,000,000 | ---D | C]
Thumbs.db -> %UserProfile%\Skrivebord\Thumbs.db -> [2009.03.09 18:08:10 | 00,009,728 | -HS- | C] ()
heat.jpg -> %UserProfile%\Skrivebord\heat.jpg -> [2009.03.09 18:08:01 | 00,073,350 | ---- | C] ()
lame-398-2 -> %SystemDrive%\lame-398-2 -> [2009.03.05 16:28:32 | 00,000,000 | ---D | C]
toneichgut.jpg -> %UserProfile%\Skrivebord\toneichgut.jpg -> [2009.03.05 02:07:02 | 00,193,149 | ---- | C] ()
FileZilla Server Interface.lnk -> %UserProfile%\Skrivebord\FileZilla Server Interface.lnk -> [2009.03.05 01:44:13 | 00,001,743 | ---- | C] ()
FileZilla Server -> %ProgramFiles%\FileZilla Server -> [2009.03.05 01:39:39 | 00,000,000 | ---D | C]
Ny mappe -> %UserProfile%\Skrivebord\Ny mappe -> [2009.03.05 00:59:53 | 00,000,000 | ---D | C]
phedit.ini -> %SystemRoot%\phedit.ini -> [2009.03.01 19:07:09 | 00,000,250 | ---- | C] ()
msvcrt10.dll -> %SystemRoot%\System32\msvcrt10.dll -> [2009.03.01 18:57:01 | 00,210,944 | ---- | C] ()
fmachine.ini -> %SystemRoot%\fmachine.ini -> [2009.03.01 18:57:01 | 00,005,515 | ---- | C] ()
VCW VicMan's Photo Editor -> %ProgramFiles%\VCW VicMan's Photo Editor -> [2009.03.01 18:57:01 | 00,000,000 | ---D | C]
Karen's Power Tools -> %UserProfile%\Lokale innstillinger\Programdata\Karen's Power Tools -> [2009.03.01 10:24:57 | 00,000,000 | ---D | C]
Karen's Power Tools -> %ProgramFiles%\Karen's Power Tools -> [2009.03.01 10:24:54 | 00,000,000 | ---D | C]
Karen's Power Tools -> %AllUsersProfile%\Programdata\Karen's Power Tools -> [2009.03.01 10:24:45 | 00,000,000 | ---D | C]
CCleaner.lnk -> %UserProfile%\Skrivebord\CCleaner.lnk -> [2009.03.01 10:16:57 | 00,001,545 | ---- | C] ()
Daten.lnk -> %UserProfile%\Skrivebord\Daten.lnk -> [2009.02.28 22:57:35 | 00,001,132 | ---- | C] ()
ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [2009.02.28 18:41:22 | 00,000,048 | -H-- | C] ()
skypePM -> %AppData%\skypePM -> [2009.02.28 18:41:21 | 00,000,000 | ---D | C]
Skype -> %AppData%\Skype -> [2009.02.28 18:39:16 | 00,000,000 | ---D | C]
Skype -> %CommonProgramFiles%\Skype -> [2009.02.28 18:35:31 | 00,000,000 | ---D | C]
Skype -> %ProgramFiles%\Skype -> [2009.02.28 18:35:29 | 00,000,000 | R--D | C]
Skype -> %AllUsersProfile%\Programdata\Skype -> [2009.02.28 18:35:24 | 00,000,000 | ---D | C]
AudFile.dll -> %SystemRoot%\System32\AudFile.dll -> [2009.02.28 13:27:52 | 01,986,560 | ---- | C] (NCT Company Ltd.)
AudioInfos.dll -> %SystemRoot%\System32\AudioInfos.dll -> [2009.02.28 13:27:52 | 01,212,416 | ---- | C] (NCT Company Ltd.)
AudioVisu.dll -> %SystemRoot%\System32\AudioVisu.dll -> [2009.02.28 13:27:52 | 00,479,232 | ---- | C] (NCT Company Ltd.)
AudPlayer.dll -> %SystemRoot%\System32\AudPlayer.dll -> [2009.02.28 13:27:52 | 00,458,752 | ---- | C] (NCT Company Ltd.)
AudioRecord.dll -> %SystemRoot%\System32\AudioRecord.dll -> [2009.02.28 13:27:52 | 00,454,656 | ---- | C] (NCT Company Ltd.)
AudDisplay.dll -> %SystemRoot%\System32\AudDisplay.dll -> [2009.02.28 13:27:52 | 00,417,792 | ---- | C] (NCT Company Ltd.)
COMCT232.OCX -> %SystemRoot%\System32\COMCT232.OCX -> [2009.02.28 13:27:52 | 00,164,144 | ---- | C] (Microsoft Corporation)
NCTWMAProfiles.prx -> %SystemRoot%\System32\NCTWMAProfiles.prx -> [2009.02.28 13:27:52 | 00,116,296 | ---- | C] ()
AudDesign.dll -> %SystemRoot%\System32\AudDesign.dll -> [2009.02.28 13:27:51 | 02,084,864 | ---- | C] (NCT Company Ltd.)
TABCTL32.OCX -> %SystemRoot%\System32\TABCTL32.OCX -> [2009.02.28 13:27:51 | 00,224,016 | ---- | C] (Microsoft Corporation)
MSCMCFR.DLL -> %SystemRoot%\System32\MSCMCFR.DLL -> [2009.02.28 13:27:51 | 00,141,312 | ---- | C] (Microsoft Corporation)
VB6FR.DLL -> %SystemRoot%\System32\VB6FR.DLL -> [2009.02.28 13:27:51 | 00,119,568 | ---- | C] (Microsoft Corporation)
msinet.OCX -> %SystemRoot%\System32\msinet.OCX -> [2009.02.28 13:27:51 | 00,115,920 | ---- | C] (Microsoft Corporation)
VB6STKIT.DLL -> %SystemRoot%\System32\VB6STKIT.DLL -> [2009.02.28 13:27:51 | 00,101,888 | ---- | C] (Microsoft Corporation)
Mscc2fr.dll -> %SystemRoot%\System32\Mscc2fr.dll -> [2009.02.28 13:27:51 | 00,059,904 | ---- | C] (Microsoft Corporation)
CMDLGFR.DLL -> %SystemRoot%\System32\CMDLGFR.DLL -> [2009.02.28 13:27:51 | 00,032,768 | ---- | C] (Microsoft Corporation)
TABCTFR.DLL -> %SystemRoot%\System32\TABCTFR.DLL -> [2009.02.28 13:27:51 | 00,021,504 | ---- | C] (Microsoft Corporation)
inetfr.DLL -> %SystemRoot%\System32\inetfr.DLL -> [2009.02.28 13:27:51 | 00,015,360 | ---- | C] (Microsoft Corporation)
lame_enc.dll -> %SystemRoot%\System32\lame_enc.dll -> [2009.02.28 13:27:50 | 00,484,352 | ---- | C] ()
Free Audio Pack -> %ProgramFiles%\Free Audio Pack -> [2009.02.28 13:27:50 | 00,000,000 | ---D | C]
Processing -> %UserProfile%\Mine dokumenter\Processing -> [2009.02.28 00:37:04 | 00,000,000 | ---D | C]
Processing -> %AppData%\Processing -> [2009.02.28 00:37:04 | 00,000,000 | ---D | C]
Audacity -> %ProgramFiles%\Audacity -> [2009.02.26 02:04:26 | 00,000,000 | ---D | C]
iTunes Rettung -> %SystemDrive%\iTunes Rettung -> [2009.02.24 23:53:26 | 00,000,000 | ---D | C]
iTunes -> %ProgramFiles%\iTunes -> [2009.02.24 23:33:01 | 00,000,000 | ---D | C]
tunichtgut.png -> %UserProfile%\tunichtgut.png -> [2009.02.22 16:15:59 | 02,364,694 | ---- | C] ()
gtk-2.0 -> %AppData%\gtk-2.0 -> [2009.02.22 16:15:59 | 00,000,000 | ---D | C]
Ashampoo -> %AppData%\Ashampoo -> [2009.02.21 20:07:46 | 00,000,000 | ---D | C]
ashampoo -> %UserProfile%\Lokale innstillinger\Programdata\ashampoo -> [2009.02.21 20:07:33 | 00,000,000 | ---D | C]
ashampoo -> %AllUsersProfile%\Programdata\ashampoo -> [2009.02.21 20:07:33 | 00,000,000 | ---D | C]
Ashampoo -> %ProgramFiles%\Ashampoo -> [2009.02.21 20:07:30 | 00,000,000 | ---D | C]
IrfanView -> %ProgramFiles%\IrfanView -> [2009.02.21 18:27:48 | 00,000,000 | ---D | C]
.thumbnails -> %UserProfile%\.thumbnails -> [2009.02.21 17:52:30 | 00,000,000 | ---D | C]
.gimp-2.6 -> %UserProfile%\.gimp-2.6 -> [2009.02.21 17:52:00 | 00,000,000 | ---D | C]
.gegl-0.0 -> %UserProfile%\.gegl-0.0 -> [2009.02.21 17:51:56 | 00,000,000 | ---D | C]
GIMP-2.0 -> %ProgramFiles%\GIMP-2.0 -> [2009.02.21 17:51:33 | 00,000,000 | ---D | C]
TVAnts -> %ProgramFiles%\TVAnts -> [2009.02.21 14:52:50 | 00,000,000 | ---D | C]
hidserv.dll -> %SystemRoot%\System32\hidserv.dll -> [2009.02.19 13:34:48 | 00,021,504 | ---- | C] (Microsoft Corporation)
hidserv.dll -> %SystemRoot%\System32\dllcache\hidserv.dll -> [2009.02.19 13:34:48 | 00,021,504 | ---- | C] (Microsoft Corporation)
mouhid.sys -> %SystemRoot%\System32\drivers\mouhid.sys -> [2009.02.19 13:34:47 | 00,012,160 | ---- | C] (Microsoft Corporation)
mouhid.sys -> %SystemRoot%\System32\dllcache\mouhid.sys -> [2009.02.19 13:34:47 | 00,012,160 | ---- | C] (Microsoft Corporation)
kbdhid.sys -> %SystemRoot%\System32\drivers\kbdhid.sys -> [2009.02.19 13:34:46 | 00,014,592 | ---- | C] (Microsoft Corporation)
kbdhid.sys -> %SystemRoot%\System32\dllcache\kbdhid.sys -> [2009.02.19 13:34:46 | 00,014,592 | ---- | C] (Microsoft Corporation)
hidusb.sys -> %SystemRoot%\System32\drivers\hidusb.sys -> [2009.02.19 13:34:40 | 00,010,368 | ---- | C] (Microsoft Corporation)
hidusb.sys -> %SystemRoot%\System32\dllcache\hidusb.sys -> [2009.02.19 13:34:40 | 00,010,368 | ---- | C] (Microsoft Corporation)
usbccgp.sys -> %SystemRoot%\System32\drivers\usbccgp.sys -> [2009.02.19 13:34:36 | 00,032,128 | ---- | C] (Microsoft Corporation)
usbccgp.sys -> %SystemRoot%\System32\dllcache\usbccgp.sys -> [2009.02.19 13:34:36 | 00,032,128 | ---- | C] (Microsoft Corporation)
Flurry.scr -> %SystemRoot%\Flurry.scr -> [2009.02.19 00:23:00 | 00,118,845 | ---- | C] (Matt Ginzton)
Texte -> %UserProfile%\Mine dokumenter\Texte -> [2009.02.18 23:48:34 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
Perflib_Perfdata_19c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_19c.dat -> [2009.03.16 15:58:32 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_2ec.dat -> %SystemRoot%\Temp\Perflib_Perfdata_2ec.dat -> [2009.03.16 15:58:28 | 00,016,384 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009.03.16 15:58:15 | 00,181,438 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009.03.16 15:58:12 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009.03.16 15:58:08 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009.03.16 06:15:04 | 12,320,768 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009.03.16 06:15:04 | 00,000,286 | -HS- | M] ()
Perflib_Perfdata_134.dat -> %SystemRoot%\Temp\Perflib_Perfdata_134.dat -> [2009.03.16 06:04:07 | 00,016,384 | ---- | M] ()
IconCache.db -> %UserProfile%\Lokale innstillinger\Programdata\IconCache.db -> [2009.03.15 23:18:07 | 04,956,044 | -H-- | M] ()
Perflib_Perfdata_1d0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_1d0.dat -> [2009.03.15 22:45:27 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_188.dat -> %SystemRoot%\Temp\Perflib_Perfdata_188.dat -> [2009.03.15 11:10:01 | 00,016,384 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Skrivebord\Malwarebytes' Anti-Malware.lnk -> [2009.03.15 10:35:29 | 00,000,697 | ---- | M] ()
Perflib_Perfdata_dc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_dc.dat -> [2009.03.15 10:24:34 | 00,016,384 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009.03.15 00:52:56 | 00,078,336 | ---- | M] ()
Perflib_Perfdata_cc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_cc.dat -> [2009.03.14 18:56:03 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_e0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_e0.dat -> [2009.03.14 10:00:50 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_7a8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_7a8.dat -> [2009.03.13 20:33:57 | 00,016,384 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009.03.13 20:32:29 | 00,000,637 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009.03.13 20:32:29 | 00,000,227 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009.03.13 20:32:29 | 00,000,211 | RHS- | M] ()
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [2009.03.13 20:16:04 | 00,000,686 | ---- | M] ()
user32.dll -> %SystemRoot%\System32\dllcache\user32.dll -> [2009.03.13 20:15:23 | 00,578,560 | ---- | M] (Microsoft Corporation)
.recently-used.xbel -> %UserProfile%\.recently-used.xbel -> [2009.03.11 10:18:48 | 00,046,440 | ---- | M] ()
SopCast.lnk -> %UserProfile%\Skrivebord\SopCast.lnk -> [2009.03.10 19:26:33 | 00,000,665 | ---- | M] ()
NTREGOPT.lnk -> %UserProfile%\Skrivebord\NTREGOPT.lnk -> [2009.03.10 13:58:15 | 00,000,612 | ---- | M] ()
ERUNT.lnk -> %UserProfile%\Skrivebord\ERUNT.lnk -> [2009.03.10 13:58:15 | 00,000,593 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Skrivebord\HijackThis.lnk -> [2009.03.10 13:34:57 | 00,001,731 | ---- | M] ()
iTunes.lnk -> %AllUsersProfile%\Skrivebord\iTunes.lnk -> [2009.03.10 13:21:39 | 00,002,341 | ---- | M] ()
QuickTime Player.lnk -> %AllUsersProfile%\Skrivebord\QuickTime Player.lnk -> [2009.03.10 13:07:40 | 00,001,605 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009.03.09 20:41:17 | 00,114,968 | ---- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Skrivebord\Spybot - Search & Destroy.lnk -> [2009.03.09 20:34:13 | 00,000,932 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT -> [2009.03.09 20:33:12 | 00,018,040 | ---- | M] ()
Spotify.lnk -> %UserProfile%\Skrivebord\Spotify.lnk -> [2009.03.09 19:37:45 | 00,000,665 | ---- | M] ()
Thumbs.db -> %UserProfile%\Skrivebord\Thumbs.db -> [2009.03.09 18:08:11 | 00,009,728 | -HS- | M] ()
heat.jpg -> %UserProfile%\Skrivebord\heat.jpg -> [2009.03.09 18:08:02 | 00,073,350 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009.03.08 22:40:19 | 00,002,262 | ---- | M] ()
toneichgut.jpg -> %UserProfile%\Skrivebord\toneichgut.jpg -> [2009.03.05 02:07:03 | 00,193,149 | ---- | M] ()
FileZilla Server Interface.lnk -> %UserProfile%\Skrivebord\FileZilla Server Interface.lnk -> [2009.03.05 01:44:13 | 00,001,743 | ---- | M] ()
phedit.ini -> %SystemRoot%\phedit.ini -> [2009.03.01 19:07:09 | 00,000,250 | ---- | M] ()
CCleaner.lnk -> %UserProfile%\Skrivebord\CCleaner.lnk -> [2009.03.01 10:16:57 | 00,001,545 | ---- | M] ()
Daten.lnk -> %UserProfile%\Skrivebord\Daten.lnk -> [2009.02.28 22:58:08 | 00,001,132 | ---- | M] ()
ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [2009.02.28 18:41:22 | 00,000,048 | -H-- | M] ()
tunichtgut.png -> %UserProfile%\tunichtgut.png -> [2009.02.22 16:15:59 | 02,364,694 | ---- | M] ()
iTunes Library.itl -> %UserProfile%\Skrivebord\iTunes Library.itl -> [2009.02.19 15:22:15 | 43,156,928 | ---- | M] ()
iTunes Library.itl -> %UserProfile%\Mine dokumenter\iTunes Library.itl -> [2009.02.19 15:22:15 | 43,156,928 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Programdata\Microsoft\Network\Downloader\qmgr0.dat -> [2009.01.14 21:12:11 | 00,004,646 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Programdata\Microsoft\Network\Downloader\qmgr1.dat -> [2009.01.14 21:12:11 | 00,004,232 | ---- | M] ()
data.dat -> %AllUsersProfile%\Programdata\Microsoft\Office\Data\data.dat -> [2004.12.01 21:26:30 | 00,001,372 | ---- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mine dokumenter\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Skrivebord\Thumbs.db:encryptable
@Alternate Data Stream - 165 bytes -> %AllUsersProfile%\Programdata\TEMP:B3D74A13
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 Systemet finner ikke angitt fil.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programfiler\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,4d,a2,ad,70,83,a8,10,ab,55,77,59,4a,77,7f,3a,38,42,da,11,46,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6a,0e,1d,18,63,78,4e,18,ae,1e,a1,3f,9a,68,81,4b,4c,..
"khjeh"=hex:c5,ca,38,3a,6d,ba,c5,9f,6d,cf,a1,a2,82,60,e0,2a,6d,21,36,9f,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7e,c5,9b,63,0d,38,ef,30,7b,dd,f9,34,28,d4,aa,c6,1b,07,a0,e9,82,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:96,69,f5,b7,60,74,c1,22,0f,98,1a,c5,fe,1f,da,99,3d,b3,d7,9a,97,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programfiler\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f8,6d,ff,1d,e8,7e,8f,da,ce,3f,5d,b6,9b,ca,0a,45,80,21,ad,c0,23,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6a,0e,1d,18,63,78,4e,18,ae,1e,a1,3f,9a,68,81,4b,4c,..
"khjeh"=hex:c5,ca,38,3a,6d,ba,c5,9f,6d,cf,a1,a2,82,60,e0,2a,6d,21,36,9f,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3f,69,6a,7a,9a,b9,38,f8,95,25,ff,23,4e,3c,b5,42,c3,cd,74,4f,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:84,5e,4b,34,be,de,17,f9,58,c2,c0,56,9e,3e,e4,76,20,c3,32,21,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2a26279a
"s1"=dword:e727a182
"s2"=dword:9393da3b
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:02,f0,9c,e4,87,ad,8f,25,ec,69,ea,05,bc,a4,30,27,47,63,35,5c,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:02,f0,9c,e4,87,ad,8f,25,ec,69,ea,05,bc,a4,30,27,47,63,35,5c,e7,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 5
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 Systemet finner ikke angitt fil.
C:\Documents and Settings\All Users\Programdata\TEMP:B3D74A13 165 bytes
scan completed successfully
hidden files: 106

< End of report >

peku006
2009-03-16, 21:49
Hi berliner

Logs look good. How's the computer running now? Any problems?

berliner
2009-03-17, 00:13
Well, itunes is slow, but i can live with that if you tell me im clean...

Whats manager32.exe? What else did i remove? How did i get it? Do i need more protection than xpantispy, ccleaner, s&d, avg? can i get rid of all the anti-malware-stuff i downloaded?

what did i tell the world about me with my logs?


Tusen takk for hjelpet!! :beerbeerb: og til neste gang ;)


Berliner

peku006
2009-03-17, 17:35
Hi berliner

Whats manager32.exe?
it is a bad guy,but it was gone, and therefore it could not be found

What else did i remove?
there was not anything dangerous

Do i need more protection than xpantispy, ccleaner, s&d, avg?
not really, but you can Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.

can i get rid of all the anti-malware-stuff i downloaded?
we will do it a bit later.

what did i tell the world about me with my logs?
All about yourself :yes:

We will run one online scan to be sure that there is nothing left.

1 - Clean temp files

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Click Exit on the Main menu to close the program


2 - Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. 2. the ComboFix log
2. the Kaspersky online scanner report
3. a fresh HijackThis log

Thanks peku006

berliner
2009-03-18, 12:53
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, March 18, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 18, 2009 08:13:00
Records in database: 1926270
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\

Scan statistics:
Files scanned: 118493
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:16:00


File name / Threat name / Threats count
C:\WINDOWS\system32\madCHook.dll Infected: not-a-virus:RiskTool.Win32.Hooker.a 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:57, on 18.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
E:\Programmer\Diskeeper\DkService.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Java\jre6\bin\java.exe
C:\Documents and Settings\Kødde\Lokale innstillinger\Temp\jkos-Kødde\binaries\ScanningProcess.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6498 bytes



Combofix?

peku006
2009-03-18, 13:11
Hi berliner

Next we remove all used tools.

Delete RSIT from your desktop, also delete this folder C:\rsit.

Delete FileLook from your desktop, also delete this file C:\fl_log.txt

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

and finally


Double-click OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


everything looks good except......

it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

How's the computer running now? Any problems?

Thanks peku006

berliner
2009-03-18, 14:22
Tusen takk again. Armoured now. What about the tea timer?

peku006
2009-03-18, 15:51
Hi berliner

Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
On the left hand side, click on Tools.
Check (tick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Restart your computer for the changes to take effect.

After that.............

Congratulations, your log looks clean! :yahoo:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)

Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.


Happy safe surfing! :bigthumb:

peku006
2009-03-22, 10:40
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.