SpyAxe / Smitfraud-C trouble
Started by
EricAX
, Dec 05 2005 10:31 AM
#16
Posted 16 December 2005 - 05:53 AM
njustice
-
- Member
-
- 521 posts
Member
#17
Posted 16 December 2005 - 08:50 AM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
OK, I am sorry. Here are the 3 logs:
For Guest (Gjest) account:
StartupList report, 15.12.2005, 16:08:25
StartupList version: 1.52.2
Started from : C:\Downloads\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programfiler\Wistron\AVManager\AVManager.exe
C:\Programfiler\Norman\bin\ZLH.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Downloads\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Gjest\Start-meny\Programmer\Oppstart]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart]
Adobe Acrobat Speed Launcher.lnk = ?
Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
PRONoMgr.exe = C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
SynTPLpr = C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe
HotkeyApp = C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe
LMgrOSD = C:\Program Files\Launch Manager\OSD.exe
Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe"
AVManager = "C:\Programfiler\Wistron\AVManager\AVManager.exe"
Norman ZANDA = C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
AGRSMMSG = AGRSMMSG.exe
LtMoh = C:\Programfiler\ltmoh\Ltmoh.exe
iTunesHelper = C:\Programfiler\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Programfiler\QuickTime\qttask.exe" -atboottime
AWMON = "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
mmtask = C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Acrobat Assistant 7.0 = "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SpySweeper = "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Programfiler\Messenger\msmsgs.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registerredigering'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
SpywareGuard Download Protection - C:\Programfiler\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - c:\programfiler\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204
[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewid...oOnlineScan.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1107615952093
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1133735888519
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...645/mcfscan.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI-driver: System32\DRIVERS\ACPI.sys (system)
Microsoft innebygd kontrollerdriver: System32\DRIVERS\ACPIEC.sys (system)
Adobe LM Service: "C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Adobe Active File Monitor: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)
Fjerning av akustisk ekko for Microsoft Kernel: system32\drivers\aec.sys (manual start)
AFD-nettverksstøttemiljø: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: System32\DRIVERS\AGRSM.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-klientprotokoll: System32\DRIVERS\arp1394.sys (manual start)
RAS asynkron mediedriver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI harddiskkontroller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydstubbedriver: System32\DRIVERS\audstub.sys (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
Tjenesten Background Intelligent Transfer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM-driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Driver for Microsoft vekselstrømsadapter: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery-driver: System32\DRIVERS\compbatt.sys (system)
COM+-systemapplikasjon: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cirrus Logic WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Diskdriver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
DRM-lyddekoder for Microsoft Kernel: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-hendelsessystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Programfiler\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Programfiler\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Programfiler\ewido\security suite\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Driver for Volumbehandling: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generisk pakkeklassifiserer: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID-klassedriver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
Driver for CD-brenningsfilter: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel-prosessordriver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
Driver for IP-trafikkfilter: System32\DRIVERS\ipfltdrv.sys (manual start)
Driver for IP i IP-tunnel: System32\DRIVERS\ipinip.sys (manual start)
IP-nettverksadresseoversetter: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Programfiler\iPod\bin\iPodService.exe (manual start)
IPSEC-driver: System32\DRIVERS\ipsec.sys (system)
IrDA-protokoll: System32\DRIVERS\irda.sys (autostart)
IR-nummereringstjeneste: System32\DRIVERS\irenum.sys (manual start)
Infrarød overvåking: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver for PnP ISA/EISA Bus: System32\DRIVERS\isapnp.sys (system)
Driver for tastaturklasse: System32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave lydmikser: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
AEGIS Protocol (IEEE 802.1x) v2.2.1.0: system32\DRIVERS\mdc8021x.sys (autostart)
Machine Debug Manager: "C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Driver for musklasse: System32\DRIVERS\mouclass.sys (system)
HID-driver for mus: System32\DRIVERS\mouhid.sys (manual start)
Enhetsomadresserer for WebDav-klient: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Tjenesteproxy for Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Klokkeproxy for Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Kvalitetsbehandlingsproxy for Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
BIOS-driver for Microsoft System Management: System32\DRIVERS\mssmbios.sys (manual start)
Ndiskio: \??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS (autostart)
NDIS TAPI-driver for ekstern pålogging: System32\DRIVERS\ndistapi.sys (manual start)
I/T-protokoll for NDIS-brukermodus: System32\DRIVERS\ndisuio.sys (manual start)
NDIS WAN-driver for ekstern pålogging: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-grensesnitt: System32\DRIVERS\netbios.sys (system)
NetBios over TCP/IP: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-nettverksdriver: System32\DRIVERS\nic1394.sys (manual start)
Norman API-hooking helper: C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norman NJeeves: C:\Programfiler\Norman\bin\NJEEVES.EXE (manual start)
Norman ZANDA: "C:\Programfiler\Norman\bin\ZANDA.EXE" (autostart)
NSC infrarød enhetsdriver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nvcfsr: \??\C:\Programfiler\Norman\Nvc\bin\nvcfsr.sys (manual start)
nvcoafl51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoafl51.sys (manual start)
nvcoaft51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoaft51.sys (manual start)
nvcoarc51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoarc51.sys (manual start)
Norman Virus Control on-access component: C:\Programfiler\Norman\Nvc\bin\nvcoas.exe (manual start)
Norman Virus Control Scheduler: C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE (manual start)
Driver for IPX-trafikkfilter: System32\DRIVERS\nwlnkflt.sys (manual start)
Driver for videresending av IPX-trafikk: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI-kompatibel IEEE 1394-vertskontroller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Driver for parallell port: System32\DRIVERS\parport.sys (manual start)
Driver for PCI-buss: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
PDEngine: C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe (manual start)
PDScheduler: C:\Programfiler\Raxco\PerfectDisk\PDSched.exe (autostart)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Photoshop Elements Device Connect: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN-miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prosessordriver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakkeplanlegger: System32\DRIVERS\psched.sys (manual start)
Direkte parallell koblingsdriver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Driver for automatisk ekstern påloggingstilkobling: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN-miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPPOE-driver for ekstern tilgang: System32\DRIVERS\raspppoe.sys (manual start)
Direkte parallell: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filterdriver for digital CD-lydavspilling: System32\DRIVERS\redbook.sys (system)
RegSrvc: C:\WINDOWS\system32\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Spectrum24 Event Monitor: C:\WINDOWS\system32\S24EvMon.exe (autostart)
WLAN Transport: System32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydsplitter for Microsoft Kernel: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Filterdriver for systemgjenoppretting: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSI: system32\Drivers\SSI.SYS (system)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Webroot Spy Sweeper Engine: C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
SVKP: \??\C:\WINDOWS\system32\SVKP.sys (autostart)
Driver for programvarebuss: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C3C43A47-1362-44E0-99ED-A02F383BCA02} (manual start)
Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System-lydenhet: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver for TCP/IP-protokoll: System32\DRIVERS\tcpip.sys (system)
Driver for terminalenhet: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Oppdateringsdriver for mikrokode: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB generell overordnet driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 aktivert hub: System32\DRIVERS\usbhub.sys (manual start)
USB-masselagringsenhet: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniportdriver for Microsoft USB universell vertskontroller: System32\DRIVERS\usbuhci.sys (manual start)
VGA-skjermkort.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Intel® PRO/Wireless 2200 Adapter-driver: system32\DRIVERS\w22n51.sys (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IP ARP-driver for ekstern pålogging: System32\DRIVERS\wanarp.sys (manual start)
Winbond Memory Stick Storage (MS) Device Driver: System32\Drivers\WBMS.SYS (manual start)
Winbond Secure Digital Storage (SD/MMC) Device Driver: System32\Drivers\WBSD.SYS (manual start)
Wbutton: \SystemRoot\system32\drivers\Wbutton.sys (system)
Microsoft WINMM WDM Audio Compatibility-driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Tjenesten Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)
AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011: system32\drivers\wA301a.sys (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = PDBoot.exe
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 35 820 bytes
Report generated in 168,322 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
For Guest (Gjest) account:
StartupList report, 15.12.2005, 16:08:25
StartupList version: 1.52.2
Started from : C:\Downloads\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programfiler\Wistron\AVManager\AVManager.exe
C:\Programfiler\Norman\bin\ZLH.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Downloads\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Gjest\Start-meny\Programmer\Oppstart]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart]
Adobe Acrobat Speed Launcher.lnk = ?
Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
PRONoMgr.exe = C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
SynTPLpr = C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe
HotkeyApp = C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe
LMgrOSD = C:\Program Files\Launch Manager\OSD.exe
Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe"
AVManager = "C:\Programfiler\Wistron\AVManager\AVManager.exe"
Norman ZANDA = C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
AGRSMMSG = AGRSMMSG.exe
LtMoh = C:\Programfiler\ltmoh\Ltmoh.exe
iTunesHelper = C:\Programfiler\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Programfiler\QuickTime\qttask.exe" -atboottime
AWMON = "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
mmtask = C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Acrobat Assistant 7.0 = "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SpySweeper = "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Programfiler\Messenger\msmsgs.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registerredigering'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
SpywareGuard Download Protection - C:\Programfiler\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - c:\programfiler\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204
[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewid...oOnlineScan.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1107615952093
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1133735888519
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...645/mcfscan.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI-driver: System32\DRIVERS\ACPI.sys (system)
Microsoft innebygd kontrollerdriver: System32\DRIVERS\ACPIEC.sys (system)
Adobe LM Service: "C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Adobe Active File Monitor: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)
Fjerning av akustisk ekko for Microsoft Kernel: system32\drivers\aec.sys (manual start)
AFD-nettverksstøttemiljø: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: System32\DRIVERS\AGRSM.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-klientprotokoll: System32\DRIVERS\arp1394.sys (manual start)
RAS asynkron mediedriver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI harddiskkontroller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydstubbedriver: System32\DRIVERS\audstub.sys (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
Tjenesten Background Intelligent Transfer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM-driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Driver for Microsoft vekselstrømsadapter: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery-driver: System32\DRIVERS\compbatt.sys (system)
COM+-systemapplikasjon: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cirrus Logic WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Diskdriver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
DRM-lyddekoder for Microsoft Kernel: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-hendelsessystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Programfiler\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Programfiler\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Programfiler\ewido\security suite\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Driver for Volumbehandling: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generisk pakkeklassifiserer: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID-klassedriver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
Driver for CD-brenningsfilter: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel-prosessordriver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
Driver for IP-trafikkfilter: System32\DRIVERS\ipfltdrv.sys (manual start)
Driver for IP i IP-tunnel: System32\DRIVERS\ipinip.sys (manual start)
IP-nettverksadresseoversetter: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Programfiler\iPod\bin\iPodService.exe (manual start)
IPSEC-driver: System32\DRIVERS\ipsec.sys (system)
IrDA-protokoll: System32\DRIVERS\irda.sys (autostart)
IR-nummereringstjeneste: System32\DRIVERS\irenum.sys (manual start)
Infrarød overvåking: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver for PnP ISA/EISA Bus: System32\DRIVERS\isapnp.sys (system)
Driver for tastaturklasse: System32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave lydmikser: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
AEGIS Protocol (IEEE 802.1x) v2.2.1.0: system32\DRIVERS\mdc8021x.sys (autostart)
Machine Debug Manager: "C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Driver for musklasse: System32\DRIVERS\mouclass.sys (system)
HID-driver for mus: System32\DRIVERS\mouhid.sys (manual start)
Enhetsomadresserer for WebDav-klient: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Tjenesteproxy for Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Klokkeproxy for Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Kvalitetsbehandlingsproxy for Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
BIOS-driver for Microsoft System Management: System32\DRIVERS\mssmbios.sys (manual start)
Ndiskio: \??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS (autostart)
NDIS TAPI-driver for ekstern pålogging: System32\DRIVERS\ndistapi.sys (manual start)
I/T-protokoll for NDIS-brukermodus: System32\DRIVERS\ndisuio.sys (manual start)
NDIS WAN-driver for ekstern pålogging: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-grensesnitt: System32\DRIVERS\netbios.sys (system)
NetBios over TCP/IP: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-nettverksdriver: System32\DRIVERS\nic1394.sys (manual start)
Norman API-hooking helper: C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norman NJeeves: C:\Programfiler\Norman\bin\NJEEVES.EXE (manual start)
Norman ZANDA: "C:\Programfiler\Norman\bin\ZANDA.EXE" (autostart)
NSC infrarød enhetsdriver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nvcfsr: \??\C:\Programfiler\Norman\Nvc\bin\nvcfsr.sys (manual start)
nvcoafl51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoafl51.sys (manual start)
nvcoaft51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoaft51.sys (manual start)
nvcoarc51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoarc51.sys (manual start)
Norman Virus Control on-access component: C:\Programfiler\Norman\Nvc\bin\nvcoas.exe (manual start)
Norman Virus Control Scheduler: C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE (manual start)
Driver for IPX-trafikkfilter: System32\DRIVERS\nwlnkflt.sys (manual start)
Driver for videresending av IPX-trafikk: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI-kompatibel IEEE 1394-vertskontroller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Driver for parallell port: System32\DRIVERS\parport.sys (manual start)
Driver for PCI-buss: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
PDEngine: C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe (manual start)
PDScheduler: C:\Programfiler\Raxco\PerfectDisk\PDSched.exe (autostart)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Photoshop Elements Device Connect: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN-miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prosessordriver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakkeplanlegger: System32\DRIVERS\psched.sys (manual start)
Direkte parallell koblingsdriver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Driver for automatisk ekstern påloggingstilkobling: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN-miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPPOE-driver for ekstern tilgang: System32\DRIVERS\raspppoe.sys (manual start)
Direkte parallell: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filterdriver for digital CD-lydavspilling: System32\DRIVERS\redbook.sys (system)
RegSrvc: C:\WINDOWS\system32\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Spectrum24 Event Monitor: C:\WINDOWS\system32\S24EvMon.exe (autostart)
WLAN Transport: System32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydsplitter for Microsoft Kernel: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Filterdriver for systemgjenoppretting: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSI: system32\Drivers\SSI.SYS (system)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Webroot Spy Sweeper Engine: C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
SVKP: \??\C:\WINDOWS\system32\SVKP.sys (autostart)
Driver for programvarebuss: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C3C43A47-1362-44E0-99ED-A02F383BCA02} (manual start)
Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System-lydenhet: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver for TCP/IP-protokoll: System32\DRIVERS\tcpip.sys (system)
Driver for terminalenhet: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Oppdateringsdriver for mikrokode: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB generell overordnet driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 aktivert hub: System32\DRIVERS\usbhub.sys (manual start)
USB-masselagringsenhet: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniportdriver for Microsoft USB universell vertskontroller: System32\DRIVERS\usbuhci.sys (manual start)
VGA-skjermkort.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Intel® PRO/Wireless 2200 Adapter-driver: system32\DRIVERS\w22n51.sys (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IP ARP-driver for ekstern pålogging: System32\DRIVERS\wanarp.sys (manual start)
Winbond Memory Stick Storage (MS) Device Driver: System32\Drivers\WBMS.SYS (manual start)
Winbond Secure Digital Storage (SD/MMC) Device Driver: System32\Drivers\WBSD.SYS (manual start)
Wbutton: \SystemRoot\system32\drivers\Wbutton.sys (system)
Microsoft WINMM WDM Audio Compatibility-driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Tjenesten Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)
AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011: system32\drivers\wA301a.sys (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = PDBoot.exe
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 35 820 bytes
Report generated in 168,322 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Edited by EricAX, 16 December 2005 - 08:57 AM.
#18
Posted 16 December 2005 - 09:01 AM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
For user Thy Thy:
StartupList report, 15.12.2005, 16:19:21
StartupList version: 1.52.2
Started from : C:\Downloads\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norman\bin\ZANDA.EXE
C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\bin\NJEEVES.EXE
C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programfiler\Wistron\AVManager\AVManager.exe
C:\Programfiler\Norman\bin\ZLH.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\ltmoh\Ltmoh.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Thy-Thy\Start-meny\Programmer\Oppstart]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart]
Adobe Acrobat Speed Launcher.lnk = ?
Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
PRONoMgr.exe = C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
SynTPLpr = C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe
HotkeyApp = C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe
LMgrOSD = C:\Program Files\Launch Manager\OSD.exe
Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe"
AVManager = "C:\Programfiler\Wistron\AVManager\AVManager.exe"
Norman ZANDA = C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
AGRSMMSG = AGRSMMSG.exe
LtMoh = C:\Programfiler\ltmoh\Ltmoh.exe
iTunesHelper = C:\Programfiler\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Programfiler\QuickTime\qttask.exe" -atboottime
AWMON = "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
mmtask = C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Acrobat Assistant 7.0 = "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SpySweeper = "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registerredigering'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
SpywareGuard Download Protection - C:\Programfiler\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - c:\programfiler\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
--------------------------------------------------
Enumerating Task Scheduler jobs:
wrSpySweeperTrialSweep.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204
[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewid...oOnlineScan.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1107615952093
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1133735888519
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...645/mcfscan.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI-driver: System32\DRIVERS\ACPI.sys (system)
Microsoft innebygd kontrollerdriver: System32\DRIVERS\ACPIEC.sys (system)
Adobe LM Service: "C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Adobe Active File Monitor: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)
Fjerning av akustisk ekko for Microsoft Kernel: system32\drivers\aec.sys (manual start)
AFD-nettverksstøttemiljø: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: System32\DRIVERS\AGRSM.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-klientprotokoll: System32\DRIVERS\arp1394.sys (manual start)
RAS asynkron mediedriver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI harddiskkontroller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydstubbedriver: System32\DRIVERS\audstub.sys (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
Tjenesten Background Intelligent Transfer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM-driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Driver for Microsoft vekselstrømsadapter: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery-driver: System32\DRIVERS\compbatt.sys (system)
COM+-systemapplikasjon: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cirrus Logic WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Diskdriver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
DRM-lyddekoder for Microsoft Kernel: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-hendelsessystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Programfiler\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Programfiler\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Programfiler\ewido\security suite\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Driver for Volumbehandling: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generisk pakkeklassifiserer: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID-klassedriver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
Driver for CD-brenningsfilter: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel-prosessordriver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
Driver for IP-trafikkfilter: System32\DRIVERS\ipfltdrv.sys (manual start)
Driver for IP i IP-tunnel: System32\DRIVERS\ipinip.sys (manual start)
IP-nettverksadresseoversetter: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Programfiler\iPod\bin\iPodService.exe (manual start)
IPSEC-driver: System32\DRIVERS\ipsec.sys (system)
IrDA-protokoll: System32\DRIVERS\irda.sys (autostart)
IR-nummereringstjeneste: System32\DRIVERS\irenum.sys (manual start)
Infrarød overvåking: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver for PnP ISA/EISA Bus: System32\DRIVERS\isapnp.sys (system)
Driver for tastaturklasse: System32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave lydmikser: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
AEGIS Protocol (IEEE 802.1x) v2.2.1.0: system32\DRIVERS\mdc8021x.sys (autostart)
Machine Debug Manager: "C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Driver for musklasse: System32\DRIVERS\mouclass.sys (system)
HID-driver for mus: System32\DRIVERS\mouhid.sys (manual start)
Enhetsomadresserer for WebDav-klient: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Tjenesteproxy for Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Klokkeproxy for Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Kvalitetsbehandlingsproxy for Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
BIOS-driver for Microsoft System Management: System32\DRIVERS\mssmbios.sys (manual start)
Ndiskio: \??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS (autostart)
NDIS TAPI-driver for ekstern pålogging: System32\DRIVERS\ndistapi.sys (manual start)
I/T-protokoll for NDIS-brukermodus: System32\DRIVERS\ndisuio.sys (manual start)
NDIS WAN-driver for ekstern pålogging: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-grensesnitt: System32\DRIVERS\netbios.sys (system)
NetBios over TCP/IP: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-nettverksdriver: System32\DRIVERS\nic1394.sys (manual start)
Norman API-hooking helper: C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norman NJeeves: C:\Programfiler\Norman\bin\NJEEVES.EXE (manual start)
Norman ZANDA: "C:\Programfiler\Norman\bin\ZANDA.EXE" (autostart)
NSC infrarød enhetsdriver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nvcfsr: \??\C:\Programfiler\Norman\Nvc\bin\nvcfsr.sys (manual start)
nvcoafl51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoafl51.sys (manual start)
nvcoaft51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoaft51.sys (manual start)
nvcoarc51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoarc51.sys (manual start)
Norman Virus Control on-access component: C:\Programfiler\Norman\Nvc\bin\nvcoas.exe (manual start)
Norman Virus Control Scheduler: C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE (manual start)
Driver for IPX-trafikkfilter: System32\DRIVERS\nwlnkflt.sys (manual start)
Driver for videresending av IPX-trafikk: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI-kompatibel IEEE 1394-vertskontroller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Driver for parallell port: System32\DRIVERS\parport.sys (manual start)
Driver for PCI-buss: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
PDEngine: C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe (manual start)
PDScheduler: C:\Programfiler\Raxco\PerfectDisk\PDSched.exe (autostart)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Photoshop Elements Device Connect: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN-miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prosessordriver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakkeplanlegger: System32\DRIVERS\psched.sys (manual start)
Direkte parallell koblingsdriver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Driver for automatisk ekstern påloggingstilkobling: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN-miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPPOE-driver for ekstern tilgang: System32\DRIVERS\raspppoe.sys (manual start)
Direkte parallell: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filterdriver for digital CD-lydavspilling: System32\DRIVERS\redbook.sys (system)
RegSrvc: C:\WINDOWS\system32\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Spectrum24 Event Monitor: C:\WINDOWS\system32\S24EvMon.exe (autostart)
WLAN Transport: System32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydsplitter for Microsoft Kernel: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Filterdriver for systemgjenoppretting: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSI: system32\Drivers\SSI.SYS (system)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Webroot Spy Sweeper Engine: C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
SVKP: \??\C:\WINDOWS\system32\SVKP.sys (autostart)
Driver for programvarebuss: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C3C43A47-1362-44E0-99ED-A02F383BCA02} (manual start)
Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System-lydenhet: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver for TCP/IP-protokoll: System32\DRIVERS\tcpip.sys (system)
Driver for terminalenhet: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Oppdateringsdriver for mikrokode: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB generell overordnet driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 aktivert hub: System32\DRIVERS\usbhub.sys (manual start)
USB-masselagringsenhet: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniportdriver for Microsoft USB universell vertskontroller: System32\DRIVERS\usbuhci.sys (manual start)
VGA-skjermkort.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Intel® PRO/Wireless 2200 Adapter-driver: system32\DRIVERS\w22n51.sys (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IP ARP-driver for ekstern pålogging: System32\DRIVERS\wanarp.sys (manual start)
Winbond Memory Stick Storage (MS) Device Driver: System32\Drivers\WBMS.SYS (manual start)
Winbond Secure Digital Storage (SD/MMC) Device Driver: System32\Drivers\WBSD.SYS (manual start)
Wbutton: \SystemRoot\system32\drivers\Wbutton.sys (system)
Microsoft WINMM WDM Audio Compatibility-driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Tjenesten Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)
AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011: system32\drivers\wA301a.sys (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = PDBoot.exe
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 37 268 bytes
Report generated in 0,281 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 15.12.2005, 16:19:21
StartupList version: 1.52.2
Started from : C:\Downloads\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norman\bin\ZANDA.EXE
C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\bin\NJEEVES.EXE
C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programfiler\Wistron\AVManager\AVManager.exe
C:\Programfiler\Norman\bin\ZLH.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\ltmoh\Ltmoh.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Thy-Thy\Start-meny\Programmer\Oppstart]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart]
Adobe Acrobat Speed Launcher.lnk = ?
Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
PRONoMgr.exe = C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
SynTPLpr = C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe
HotkeyApp = C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe
LMgrOSD = C:\Program Files\Launch Manager\OSD.exe
Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe"
AVManager = "C:\Programfiler\Wistron\AVManager\AVManager.exe"
Norman ZANDA = C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
AGRSMMSG = AGRSMMSG.exe
LtMoh = C:\Programfiler\ltmoh\Ltmoh.exe
iTunesHelper = C:\Programfiler\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Programfiler\QuickTime\qttask.exe" -atboottime
AWMON = "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
mmtask = C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Acrobat Assistant 7.0 = "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SpySweeper = "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registerredigering'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
SpywareGuard Download Protection - C:\Programfiler\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - c:\programfiler\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
--------------------------------------------------
Enumerating Task Scheduler jobs:
wrSpySweeperTrialSweep.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204
[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewid...oOnlineScan.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1107615952093
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1133735888519
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...645/mcfscan.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI-driver: System32\DRIVERS\ACPI.sys (system)
Microsoft innebygd kontrollerdriver: System32\DRIVERS\ACPIEC.sys (system)
Adobe LM Service: "C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Adobe Active File Monitor: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)
Fjerning av akustisk ekko for Microsoft Kernel: system32\drivers\aec.sys (manual start)
AFD-nettverksstøttemiljø: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: System32\DRIVERS\AGRSM.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-klientprotokoll: System32\DRIVERS\arp1394.sys (manual start)
RAS asynkron mediedriver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI harddiskkontroller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydstubbedriver: System32\DRIVERS\audstub.sys (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
Tjenesten Background Intelligent Transfer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM-driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Driver for Microsoft vekselstrømsadapter: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery-driver: System32\DRIVERS\compbatt.sys (system)
COM+-systemapplikasjon: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cirrus Logic WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Diskdriver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
DRM-lyddekoder for Microsoft Kernel: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-hendelsessystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Programfiler\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Programfiler\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Programfiler\ewido\security suite\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Driver for Volumbehandling: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generisk pakkeklassifiserer: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID-klassedriver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
Driver for CD-brenningsfilter: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel-prosessordriver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
Driver for IP-trafikkfilter: System32\DRIVERS\ipfltdrv.sys (manual start)
Driver for IP i IP-tunnel: System32\DRIVERS\ipinip.sys (manual start)
IP-nettverksadresseoversetter: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Programfiler\iPod\bin\iPodService.exe (manual start)
IPSEC-driver: System32\DRIVERS\ipsec.sys (system)
IrDA-protokoll: System32\DRIVERS\irda.sys (autostart)
IR-nummereringstjeneste: System32\DRIVERS\irenum.sys (manual start)
Infrarød overvåking: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver for PnP ISA/EISA Bus: System32\DRIVERS\isapnp.sys (system)
Driver for tastaturklasse: System32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave lydmikser: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
AEGIS Protocol (IEEE 802.1x) v2.2.1.0: system32\DRIVERS\mdc8021x.sys (autostart)
Machine Debug Manager: "C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Driver for musklasse: System32\DRIVERS\mouclass.sys (system)
HID-driver for mus: System32\DRIVERS\mouhid.sys (manual start)
Enhetsomadresserer for WebDav-klient: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Tjenesteproxy for Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Klokkeproxy for Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Kvalitetsbehandlingsproxy for Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
BIOS-driver for Microsoft System Management: System32\DRIVERS\mssmbios.sys (manual start)
Ndiskio: \??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS (autostart)
NDIS TAPI-driver for ekstern pålogging: System32\DRIVERS\ndistapi.sys (manual start)
I/T-protokoll for NDIS-brukermodus: System32\DRIVERS\ndisuio.sys (manual start)
NDIS WAN-driver for ekstern pålogging: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-grensesnitt: System32\DRIVERS\netbios.sys (system)
NetBios over TCP/IP: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-nettverksdriver: System32\DRIVERS\nic1394.sys (manual start)
Norman API-hooking helper: C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norman NJeeves: C:\Programfiler\Norman\bin\NJEEVES.EXE (manual start)
Norman ZANDA: "C:\Programfiler\Norman\bin\ZANDA.EXE" (autostart)
NSC infrarød enhetsdriver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nvcfsr: \??\C:\Programfiler\Norman\Nvc\bin\nvcfsr.sys (manual start)
nvcoafl51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoafl51.sys (manual start)
nvcoaft51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoaft51.sys (manual start)
nvcoarc51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoarc51.sys (manual start)
Norman Virus Control on-access component: C:\Programfiler\Norman\Nvc\bin\nvcoas.exe (manual start)
Norman Virus Control Scheduler: C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE (manual start)
Driver for IPX-trafikkfilter: System32\DRIVERS\nwlnkflt.sys (manual start)
Driver for videresending av IPX-trafikk: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI-kompatibel IEEE 1394-vertskontroller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Driver for parallell port: System32\DRIVERS\parport.sys (manual start)
Driver for PCI-buss: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
PDEngine: C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe (manual start)
PDScheduler: C:\Programfiler\Raxco\PerfectDisk\PDSched.exe (autostart)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Photoshop Elements Device Connect: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN-miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prosessordriver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakkeplanlegger: System32\DRIVERS\psched.sys (manual start)
Direkte parallell koblingsdriver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Driver for automatisk ekstern påloggingstilkobling: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN-miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPPOE-driver for ekstern tilgang: System32\DRIVERS\raspppoe.sys (manual start)
Direkte parallell: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filterdriver for digital CD-lydavspilling: System32\DRIVERS\redbook.sys (system)
RegSrvc: C:\WINDOWS\system32\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Spectrum24 Event Monitor: C:\WINDOWS\system32\S24EvMon.exe (autostart)
WLAN Transport: System32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydsplitter for Microsoft Kernel: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Filterdriver for systemgjenoppretting: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSI: system32\Drivers\SSI.SYS (system)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Webroot Spy Sweeper Engine: C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
SVKP: \??\C:\WINDOWS\system32\SVKP.sys (autostart)
Driver for programvarebuss: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C3C43A47-1362-44E0-99ED-A02F383BCA02} (manual start)
Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System-lydenhet: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver for TCP/IP-protokoll: System32\DRIVERS\tcpip.sys (system)
Driver for terminalenhet: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Oppdateringsdriver for mikrokode: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB generell overordnet driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 aktivert hub: System32\DRIVERS\usbhub.sys (manual start)
USB-masselagringsenhet: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniportdriver for Microsoft USB universell vertskontroller: System32\DRIVERS\usbuhci.sys (manual start)
VGA-skjermkort.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Intel® PRO/Wireless 2200 Adapter-driver: system32\DRIVERS\w22n51.sys (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IP ARP-driver for ekstern pålogging: System32\DRIVERS\wanarp.sys (manual start)
Winbond Memory Stick Storage (MS) Device Driver: System32\Drivers\WBMS.SYS (manual start)
Winbond Secure Digital Storage (SD/MMC) Device Driver: System32\Drivers\WBSD.SYS (manual start)
Wbutton: \SystemRoot\system32\drivers\Wbutton.sys (system)
Microsoft WINMM WDM Audio Compatibility-driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Tjenesten Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)
AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011: system32\drivers\wA301a.sys (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = PDBoot.exe
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 37 268 bytes
Report generated in 0,281 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
#19
Posted 16 December 2005 - 09:06 AM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
For Owner (Eier):
StartupList report, 15.12.2005, 16:40:42
StartupList version: 1.52.2
Started from : C:\Downloads\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norman\bin\ZANDA.EXE
C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\bin\NJEEVES.EXE
C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programfiler\Wistron\AVManager\AVManager.exe
C:\Programfiler\Norman\bin\ZLH.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\Downloads\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart]
SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart]
Adobe Acrobat Speed Launcher.lnk = ?
Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
PRONoMgr.exe = C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
SynTPLpr = C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe
HotkeyApp = C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe
LMgrOSD = C:\Program Files\Launch Manager\OSD.exe
Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe"
AVManager = "C:\Programfiler\Wistron\AVManager\AVManager.exe"
Norman ZANDA = C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
AGRSMMSG = AGRSMMSG.exe
LtMoh = C:\Programfiler\ltmoh\Ltmoh.exe
iTunesHelper = C:\Programfiler\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Programfiler\QuickTime\qttask.exe" -atboottime
AWMON = "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
mmtask = C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Acrobat Assistant 7.0 = "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SpySweeper = "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
AWMON = "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registerredigering'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
SpywareGuard Download Protection - C:\Programfiler\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - c:\programfiler\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
--------------------------------------------------
Enumerating Task Scheduler jobs:
wrSpySweeperTrialSweep.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204
[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewid...oOnlineScan.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1107615952093
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1133735888519
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...645/mcfscan.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI-driver: System32\DRIVERS\ACPI.sys (system)
Microsoft innebygd kontrollerdriver: System32\DRIVERS\ACPIEC.sys (system)
Adobe LM Service: "C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Adobe Active File Monitor: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)
Fjerning av akustisk ekko for Microsoft Kernel: system32\drivers\aec.sys (manual start)
AFD-nettverksstøttemiljø: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: System32\DRIVERS\AGRSM.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-klientprotokoll: System32\DRIVERS\arp1394.sys (manual start)
RAS asynkron mediedriver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI harddiskkontroller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydstubbedriver: System32\DRIVERS\audstub.sys (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
Tjenesten Background Intelligent Transfer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM-driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Driver for Microsoft vekselstrømsadapter: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery-driver: System32\DRIVERS\compbatt.sys (system)
COM+-systemapplikasjon: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cirrus Logic WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Diskdriver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
DRM-lyddekoder for Microsoft Kernel: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-hendelsessystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Programfiler\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Programfiler\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Programfiler\ewido\security suite\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Driver for Volumbehandling: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generisk pakkeklassifiserer: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID-klassedriver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
Driver for CD-brenningsfilter: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel-prosessordriver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
Driver for IP-trafikkfilter: System32\DRIVERS\ipfltdrv.sys (manual start)
Driver for IP i IP-tunnel: System32\DRIVERS\ipinip.sys (manual start)
IP-nettverksadresseoversetter: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Programfiler\iPod\bin\iPodService.exe (manual start)
IPSEC-driver: System32\DRIVERS\ipsec.sys (system)
IrDA-protokoll: System32\DRIVERS\irda.sys (autostart)
IR-nummereringstjeneste: System32\DRIVERS\irenum.sys (manual start)
Infrarød overvåking: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver for PnP ISA/EISA Bus: System32\DRIVERS\isapnp.sys (system)
Driver for tastaturklasse: System32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave lydmikser: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
AEGIS Protocol (IEEE 802.1x) v2.2.1.0: system32\DRIVERS\mdc8021x.sys (autostart)
Machine Debug Manager: "C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Driver for musklasse: System32\DRIVERS\mouclass.sys (system)
HID-driver for mus: System32\DRIVERS\mouhid.sys (manual start)
Enhetsomadresserer for WebDav-klient: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Tjenesteproxy for Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Klokkeproxy for Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Kvalitetsbehandlingsproxy for Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
BIOS-driver for Microsoft System Management: System32\DRIVERS\mssmbios.sys (manual start)
Ndiskio: \??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS (autostart)
NDIS TAPI-driver for ekstern pålogging: System32\DRIVERS\ndistapi.sys (manual start)
I/T-protokoll for NDIS-brukermodus: System32\DRIVERS\ndisuio.sys (manual start)
NDIS WAN-driver for ekstern pålogging: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-grensesnitt: System32\DRIVERS\netbios.sys (system)
NetBios over TCP/IP: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-nettverksdriver: System32\DRIVERS\nic1394.sys (manual start)
Norman API-hooking helper: C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norman NJeeves: C:\Programfiler\Norman\bin\NJEEVES.EXE (manual start)
Norman ZANDA: "C:\Programfiler\Norman\bin\ZANDA.EXE" (autostart)
NSC infrarød enhetsdriver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nvcfsr: \??\C:\Programfiler\Norman\Nvc\bin\nvcfsr.sys (manual start)
nvcoafl51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoafl51.sys (manual start)
nvcoaft51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoaft51.sys (manual start)
nvcoarc51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoarc51.sys (manual start)
Norman Virus Control on-access component: C:\Programfiler\Norman\Nvc\bin\nvcoas.exe (manual start)
Norman Virus Control Scheduler: C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE (manual start)
Driver for IPX-trafikkfilter: System32\DRIVERS\nwlnkflt.sys (manual start)
Driver for videresending av IPX-trafikk: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI-kompatibel IEEE 1394-vertskontroller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Driver for parallell port: System32\DRIVERS\parport.sys (manual start)
Driver for PCI-buss: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
PDEngine: C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe (manual start)
PDScheduler: C:\Programfiler\Raxco\PerfectDisk\PDSched.exe (autostart)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Photoshop Elements Device Connect: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN-miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prosessordriver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakkeplanlegger: System32\DRIVERS\psched.sys (manual start)
Direkte parallell koblingsdriver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Driver for automatisk ekstern påloggingstilkobling: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN-miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPPOE-driver for ekstern tilgang: System32\DRIVERS\raspppoe.sys (manual start)
Direkte parallell: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filterdriver for digital CD-lydavspilling: System32\DRIVERS\redbook.sys (system)
RegSrvc: C:\WINDOWS\system32\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Spectrum24 Event Monitor: C:\WINDOWS\system32\S24EvMon.exe (autostart)
WLAN Transport: System32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydsplitter for Microsoft Kernel: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Filterdriver for systemgjenoppretting: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSI: system32\Drivers\SSI.SYS (system)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Webroot Spy Sweeper Engine: C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
SVKP: \??\C:\WINDOWS\system32\SVKP.sys (autostart)
Driver for programvarebuss: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C3C43A47-1362-44E0-99ED-A02F383BCA02} (manual start)
Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System-lydenhet: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver for TCP/IP-protokoll: System32\DRIVERS\tcpip.sys (system)
Driver for terminalenhet: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Oppdateringsdriver for mikrokode: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB generell overordnet driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 aktivert hub: System32\DRIVERS\usbhub.sys (manual start)
USB-masselagringsenhet: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniportdriver for Microsoft USB universell vertskontroller: System32\DRIVERS\usbuhci.sys (manual start)
VGA-skjermkort.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Intel® PRO/Wireless 2200 Adapter-driver: system32\DRIVERS\w22n51.sys (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IP ARP-driver for ekstern pålogging: System32\DRIVERS\wanarp.sys (manual start)
Winbond Memory Stick Storage (MS) Device Driver: System32\Drivers\WBMS.SYS (manual start)
Winbond Secure Digital Storage (SD/MMC) Device Driver: System32\Drivers\WBSD.SYS (manual start)
Wbutton: \SystemRoot\system32\drivers\Wbutton.sys (system)
Microsoft WINMM WDM Audio Compatibility-driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Tjenesten Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)
AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011: system32\drivers\wA301a.sys (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = PDBoot.exe
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 37 335 bytes
Report generated in 0,151 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 15.12.2005, 16:40:42
StartupList version: 1.52.2
Started from : C:\Downloads\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norman\bin\ZANDA.EXE
C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\bin\NJEEVES.EXE
C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programfiler\Wistron\AVManager\AVManager.exe
C:\Programfiler\Norman\bin\ZLH.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\ltmoh\Ltmoh.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\Downloads\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart]
SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart]
Adobe Acrobat Speed Launcher.lnk = ?
Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
PRONoMgr.exe = C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
SynTPLpr = C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe
HotkeyApp = C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe
LMgrOSD = C:\Program Files\Launch Manager\OSD.exe
Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe"
AVManager = "C:\Programfiler\Wistron\AVManager\AVManager.exe"
Norman ZANDA = C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
AGRSMMSG = AGRSMMSG.exe
LtMoh = C:\Programfiler\ltmoh\Ltmoh.exe
iTunesHelper = C:\Programfiler\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Programfiler\QuickTime\qttask.exe" -atboottime
AWMON = "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
mmtask = C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Acrobat Assistant 7.0 = "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SpySweeper = "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
AWMON = "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registerredigering'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
SpywareGuard Download Protection - C:\Programfiler\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - c:\programfiler\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
--------------------------------------------------
Enumerating Task Scheduler jobs:
wrSpySweeperTrialSweep.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204
[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewid...oOnlineScan.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1107615952093
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1133735888519
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab
[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...645/mcfscan.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI-driver: System32\DRIVERS\ACPI.sys (system)
Microsoft innebygd kontrollerdriver: System32\DRIVERS\ACPIEC.sys (system)
Adobe LM Service: "C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Adobe Active File Monitor: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (autostart)
Fjerning av akustisk ekko for Microsoft Kernel: system32\drivers\aec.sys (manual start)
AFD-nettverksstøttemiljø: \SystemRoot\System32\drivers\afd.sys (system)
Agere Systems Soft Modem: System32\DRIVERS\AGRSM.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-klientprotokoll: System32\DRIVERS\arp1394.sys (manual start)
RAS asynkron mediedriver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI harddiskkontroller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydstubbedriver: System32\DRIVERS\audstub.sys (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
Tjenesten Background Intelligent Transfer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM-driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Driver for Microsoft vekselstrømsadapter: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery-driver: System32\DRIVERS\compbatt.sys (system)
COM+-systemapplikasjon: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cirrus Logic WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Diskdriver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
DRM-lyddekoder for Microsoft Kernel: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-hendelsessystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Programfiler\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Programfiler\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Programfiler\ewido\security suite\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Driver for Volumbehandling: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generisk pakkeklassifiserer: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID-klassedriver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
Driver for CD-brenningsfilter: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel-prosessordriver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
Driver for IP-trafikkfilter: System32\DRIVERS\ipfltdrv.sys (manual start)
Driver for IP i IP-tunnel: System32\DRIVERS\ipinip.sys (manual start)
IP-nettverksadresseoversetter: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Programfiler\iPod\bin\iPodService.exe (manual start)
IPSEC-driver: System32\DRIVERS\ipsec.sys (system)
IrDA-protokoll: System32\DRIVERS\irda.sys (autostart)
IR-nummereringstjeneste: System32\DRIVERS\irenum.sys (manual start)
Infrarød overvåking: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver for PnP ISA/EISA Bus: System32\DRIVERS\isapnp.sys (system)
Driver for tastaturklasse: System32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave lydmikser: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
AEGIS Protocol (IEEE 802.1x) v2.2.1.0: system32\DRIVERS\mdc8021x.sys (autostart)
Machine Debug Manager: "C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Driver for musklasse: System32\DRIVERS\mouclass.sys (system)
HID-driver for mus: System32\DRIVERS\mouhid.sys (manual start)
Enhetsomadresserer for WebDav-klient: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Tjenesteproxy for Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Klokkeproxy for Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Kvalitetsbehandlingsproxy for Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
BIOS-driver for Microsoft System Management: System32\DRIVERS\mssmbios.sys (manual start)
Ndiskio: \??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS (autostart)
NDIS TAPI-driver for ekstern pålogging: System32\DRIVERS\ndistapi.sys (manual start)
I/T-protokoll for NDIS-brukermodus: System32\DRIVERS\ndisuio.sys (manual start)
NDIS WAN-driver for ekstern pålogging: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-grensesnitt: System32\DRIVERS\netbios.sys (system)
NetBios over TCP/IP: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-nettverksdriver: System32\DRIVERS\nic1394.sys (manual start)
Norman API-hooking helper: C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norman NJeeves: C:\Programfiler\Norman\bin\NJEEVES.EXE (manual start)
Norman ZANDA: "C:\Programfiler\Norman\bin\ZANDA.EXE" (autostart)
NSC infrarød enhetsdriver: System32\DRIVERS\nscirda.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nvcfsr: \??\C:\Programfiler\Norman\Nvc\bin\nvcfsr.sys (manual start)
nvcoafl51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoafl51.sys (manual start)
nvcoaft51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoaft51.sys (manual start)
nvcoarc51: \??\C:\Programfiler\Norman\Nvc\bin\nvcoarc51.sys (manual start)
Norman Virus Control on-access component: C:\Programfiler\Norman\Nvc\bin\nvcoas.exe (manual start)
Norman Virus Control Scheduler: C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE (manual start)
Driver for IPX-trafikkfilter: System32\DRIVERS\nwlnkflt.sys (manual start)
Driver for videresending av IPX-trafikk: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI-kompatibel IEEE 1394-vertskontroller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Driver for parallell port: System32\DRIVERS\parport.sys (manual start)
Driver for PCI-buss: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
PDEngine: C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe (manual start)
PDScheduler: C:\Programfiler\Raxco\PerfectDisk\PDSched.exe (autostart)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Photoshop Elements Device Connect: C:\Programfiler\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN-miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prosessordriver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakkeplanlegger: System32\DRIVERS\psched.sys (manual start)
Direkte parallell koblingsdriver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Driver for automatisk ekstern påloggingstilkobling: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN-miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPPOE-driver for ekstern tilgang: System32\DRIVERS\raspppoe.sys (manual start)
Direkte parallell: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filterdriver for digital CD-lydavspilling: System32\DRIVERS\redbook.sys (system)
RegSrvc: C:\WINDOWS\system32\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Spectrum24 Event Monitor: C:\WINDOWS\system32\S24EvMon.exe (autostart)
WLAN Transport: System32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydsplitter for Microsoft Kernel: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Filterdriver for systemgjenoppretting: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSI: system32\Drivers\SSI.SYS (system)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Webroot Spy Sweeper Engine: C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
SVKP: \??\C:\WINDOWS\system32\SVKP.sys (autostart)
Driver for programvarebuss: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C3C43A47-1362-44E0-99ED-A02F383BCA02} (manual start)
Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System-lydenhet: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver for TCP/IP-protokoll: System32\DRIVERS\tcpip.sys (system)
Driver for terminalenhet: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Oppdateringsdriver for mikrokode: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB generell overordnet driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 aktivert hub: System32\DRIVERS\usbhub.sys (manual start)
USB-masselagringsenhet: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniportdriver for Microsoft USB universell vertskontroller: System32\DRIVERS\usbuhci.sys (manual start)
VGA-skjermkort.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Intel® PRO/Wireless 2200 Adapter-driver: system32\DRIVERS\w22n51.sys (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IP ARP-driver for ekstern pålogging: System32\DRIVERS\wanarp.sys (manual start)
Winbond Memory Stick Storage (MS) Device Driver: System32\Drivers\WBMS.SYS (manual start)
Winbond Secure Digital Storage (SD/MMC) Device Driver: System32\Drivers\WBSD.SYS (manual start)
Wbutton: \SystemRoot\system32\drivers\Wbutton.sys (system)
Microsoft WINMM WDM Audio Compatibility-driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Tjenesten Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)
AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011: system32\drivers\wA301a.sys (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = PDBoot.exe
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 37 335 bytes
Report generated in 0,151 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
#20
Posted 17 December 2005 - 05:52 AM
njustice
-
- Member
-
- 521 posts
Member
Hello, using your administrator account....
- Please go to Jotti's malware scan
- Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
- C:\WINDOWS\system32\SVKP.sys
- Click on the submit button
- Please post the results in your next reply.
#21
Posted 17 December 2005 - 09:09 AM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
Hi again,
Seems like it found something. Here are the results:
Jotti's malware scan 2.99-TRANSITION_TO_3.00
File to upload & scan: Virus
Service
Service load: 0% 100%
File: SVKP.sys
Status: INFECTED/MALWARE
MD5 f05028b163b92c302a74409d683ac9b0
Packers detected:
-
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Virtool.SVKProtector
I also did a Panda activescan, and it suddenly found something it hasn't found before which it did not clean:
Incident Status Location
Hacktool:HackTool/OptixPatch Not desinfected C:\Programfiler\Stardock\Object Desktop\WindowBlinds\WinRAR v3.41 Final Trial to Full by Great Elmo!!.exe
Seems like it found something. Here are the results:
Jotti's malware scan 2.99-TRANSITION_TO_3.00
File to upload & scan: Virus
Service
Service load: 0% 100%
File: SVKP.sys
Status: INFECTED/MALWARE
MD5 f05028b163b92c302a74409d683ac9b0
Packers detected:
-
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Virtool.SVKProtector
I also did a Panda activescan, and it suddenly found something it hasn't found before which it did not clean:
Incident Status Location
Hacktool:HackTool/OptixPatch Not desinfected C:\Programfiler\Stardock\Object Desktop\WindowBlinds\WinRAR v3.41 Final Trial to Full by Great Elmo!!.exe
Edited by EricAX, 18 December 2005 - 08:08 AM.
#22
Posted 18 December 2005 - 08:17 PM
njustice
-
- Member
-
- 521 posts
Member
Please download the Killbox by Option^Explicit.
Note:In the event you already have Killbox, this is a new version that I need you to download.
Do the following online scans fixing all that is found...make sure you reboot inbetween each scan.
http://www.windowsec...com/trojanscan/
http://be.trendmicro...call_launch.php
Let me know how your computer is running.
Note:In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select
- "Delete on Reboot".
- From the main Killbox Window, Select Options>>Delete on Reboot>>Process all in List
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C
C:\Programfiler\Stardock\Object Desktop\WindowBlinds\WinRAR v3.41 Final Trial to Full by Great Elmo!!.exe
C:\WINDOWS\system32\SVKP.sys
- Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
- Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
Do the following online scans fixing all that is found...make sure you reboot inbetween each scan.
http://www.windowsec...com/trojanscan/
http://be.trendmicro...call_launch.php
Let me know how your computer is running.
#23
Posted 19 December 2005 - 12:04 PM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
I followed your instructions and removed the two files.
The Trojanscan found nothing.
I am still not able to launch housecall. When I try to start, all browsers are shut down and nothing else happens. Do you know what is wrong? How can I start housecall?
I haven't received the alarms from ad-watch for the last few times I have re-started. However, there are still some issues with my computer:
SpySweeper still reports one item (which it does not remove without subscription) that I cannot find on my computer:
Name: spyaxe
Category: Adware
Risk Rating: 3/5 High
Traces found: 1
c:\documents and settings\eier\siste\spyaxe.lnk
How can I get rid of this??
My office programs still does not work (Word, Outlook, Excel, Powerpoint, Picture Manager etc)
My PC is extremely slow when starting up new programs, most notably IE or Firefox browsers, and when booting up.
I seem to experience a noticable increase of spam e-mails since I first got infected many days ago. Is this a coincidence or is it connected?
I look forward to your reply.
The Trojanscan found nothing.
I am still not able to launch housecall. When I try to start, all browsers are shut down and nothing else happens. Do you know what is wrong? How can I start housecall?
I haven't received the alarms from ad-watch for the last few times I have re-started. However, there are still some issues with my computer:
SpySweeper still reports one item (which it does not remove without subscription) that I cannot find on my computer:
Name: spyaxe
Category: Adware
Risk Rating: 3/5 High
Traces found: 1
c:\documents and settings\eier\siste\spyaxe.lnk
How can I get rid of this??
My office programs still does not work (Word, Outlook, Excel, Powerpoint, Picture Manager etc)
My PC is extremely slow when starting up new programs, most notably IE or Firefox browsers, and when booting up.
I seem to experience a noticable increase of spam e-mails since I first got infected many days ago. Is this a coincidence or is it connected?
I look forward to your reply.
Edited by EricAX, 19 December 2005 - 12:08 PM.
#24
Posted 19 December 2005 - 12:33 PM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
Hi again,
I just logged into my wife's account, and the registrychanges keep occuring. I do not get any alarm and I am not asked to block or allow them in this account, but they turn up in the Ad-Watch log when I start up. These are the registry changes that I am informed about upon startup:
Ad-Watch-loggfil, eksportert på 19.12.2005
Totalt antall hendelser:10
===============================================
19.12.2005 19:22:25 - Definitions file SE1R82 19.12.2005 loaded successfully.
Build:SE1R82 19.12.2005
Total Signatures :46022
Target Families :807
Target Categories :6
CSI data Size :85136
File Size :1707938
===============================================
19.12.2005 19:22:25 - User preferences file loaded.
Ad-Watch preference file loaded.
Applying user settings
C:\Documents and Settings\Thy-Thy\Programdata\Norman\Ad-Aware\awsettings.awc
Initialization complete.
===============================================
19.12.2005 19:22:30 - Webområdefil lastet inn.
Webområdefil lastet inn.
C:\Programfiler\Norman\Norman Ad-Aware SE Plus\sites.txt
Antall oppføringer: 3223
===============================================
19.12.2005 19:22:31 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Internet Explorer\Main
Verdi:Start Page
Data:http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Nye data:http://www.osloaikido.no/norsk/norskindex.html
===============================================
19.12.2005 19:22:31 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Internet Explorer\Search
Verdi:Default_Search_URL
Data:
Nye data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============================================
19.12.2005 19:22:31 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Windows\CurrentVersion\Run
Verdi:SpySweeper
Data:
Nye data:"C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
===============================================
19.12.2005 19:22:31 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Windows\CurrentVersion\Policies\System
Verdi:DisableTaskMgr
Data:
Nye data:0
===============================================
19.12.2005 19:22:45 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Internet Explorer\Search
Verdi:SearchAssistant
Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Nye data:http://www.google.com/ie
===============================================
19.12.2005 19:22:45 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Windows\CurrentVersion\Run
Verdi:SpySweeper
Data:
Nye data:"C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
===============================================
19.12.2005 19:22:45 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Windows\CurrentVersion\Run
Verdi:SunJavaUpdateSched
Data:C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe
Nye data:
===============================================
What does this mean? Does it indicate any infection? Why I am not allowed to block these?
I also tried to log into the guest account, but couldn't get through the Ad-WAtch alarms I received. I received the alarm I have received previously saying that a registrychange changing the startpage to:
http://www.microsoft...pver={SUB_PVER}ar=home
I tried to block this a number of times, but the alarm did not go away. I also tried to log off/turn the PC off, but nothing happened. Finally, I had to turn off the power in order to turn the PC off. I tried to log into the guest account a couple of other times, but the same happened every time. I also noticed a warning in the Norman icon on the lower taskbar saying that Internetprotection was not running. I don't get this message on either of the other accounts. Why do I get this for the guest account? I have also tried to turn on the internetprotection, but didn't find out how to do this.
When I log back into my own account (owner) after having used the other accounts, I again receive the AD-Watch alarms. I press "block" every time. (The alarms are about the following registry modifications as reported previously: DisableTaskMgr, SunJavaUpdateSched, Default_Search_URL, SpySweeper and SearchAssistant). As I said I press "block" every time, but I am not sure if I am successful. When I look into the Ad-WAtch statistics, I see the following summary: Total Ad-Watch Events: 1507, Blocked: 0, Accepted: 55. Why does it say blocked: 0 when I try to block almost every registry modification? Anyway, the alarms are back after having used the other two accounts.
Anyway - this is how my PC is now. It seems quite different for the three accounts I have. I look forward to your advice on how to fix this.
I just logged into my wife's account, and the registrychanges keep occuring. I do not get any alarm and I am not asked to block or allow them in this account, but they turn up in the Ad-Watch log when I start up. These are the registry changes that I am informed about upon startup:
Ad-Watch-loggfil, eksportert på 19.12.2005
Totalt antall hendelser:10
===============================================
19.12.2005 19:22:25 - Definitions file SE1R82 19.12.2005 loaded successfully.
Build:SE1R82 19.12.2005
Total Signatures :46022
Target Families :807
Target Categories :6
CSI data Size :85136
File Size :1707938
===============================================
19.12.2005 19:22:25 - User preferences file loaded.
Ad-Watch preference file loaded.
Applying user settings
C:\Documents and Settings\Thy-Thy\Programdata\Norman\Ad-Aware\awsettings.awc
Initialization complete.
===============================================
19.12.2005 19:22:30 - Webområdefil lastet inn.
Webområdefil lastet inn.
C:\Programfiler\Norman\Norman Ad-Aware SE Plus\sites.txt
Antall oppføringer: 3223
===============================================
19.12.2005 19:22:31 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Internet Explorer\Main
Verdi:Start Page
Data:http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Nye data:http://www.osloaikido.no/norsk/norskindex.html
===============================================
19.12.2005 19:22:31 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Internet Explorer\Search
Verdi:Default_Search_URL
Data:
Nye data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============================================
19.12.2005 19:22:31 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Windows\CurrentVersion\Run
Verdi:SpySweeper
Data:
Nye data:"C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
===============================================
19.12.2005 19:22:31 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Windows\CurrentVersion\Policies\System
Verdi:DisableTaskMgr
Data:
Nye data:0
===============================================
19.12.2005 19:22:45 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Internet Explorer\Search
Verdi:SearchAssistant
Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Nye data:http://www.google.com/ie
===============================================
19.12.2005 19:22:45 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Windows\CurrentVersion\Run
Verdi:SpySweeper
Data:
Nye data:"C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
===============================================
19.12.2005 19:22:45 - Registerendring er oppdaget
Rot:HKEY_LOCAL_MACHINE
Nøkkel:Software\Microsoft\Windows\CurrentVersion\Run
Verdi:SunJavaUpdateSched
Data:C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe
Nye data:
===============================================
What does this mean? Does it indicate any infection? Why I am not allowed to block these?
I also tried to log into the guest account, but couldn't get through the Ad-WAtch alarms I received. I received the alarm I have received previously saying that a registrychange changing the startpage to:
http://www.microsoft...pver={SUB_PVER}ar=home
I tried to block this a number of times, but the alarm did not go away. I also tried to log off/turn the PC off, but nothing happened. Finally, I had to turn off the power in order to turn the PC off. I tried to log into the guest account a couple of other times, but the same happened every time. I also noticed a warning in the Norman icon on the lower taskbar saying that Internetprotection was not running. I don't get this message on either of the other accounts. Why do I get this for the guest account? I have also tried to turn on the internetprotection, but didn't find out how to do this.
When I log back into my own account (owner) after having used the other accounts, I again receive the AD-Watch alarms. I press "block" every time. (The alarms are about the following registry modifications as reported previously: DisableTaskMgr, SunJavaUpdateSched, Default_Search_URL, SpySweeper and SearchAssistant). As I said I press "block" every time, but I am not sure if I am successful. When I look into the Ad-WAtch statistics, I see the following summary: Total Ad-Watch Events: 1507, Blocked: 0, Accepted: 55. Why does it say blocked: 0 when I try to block almost every registry modification? Anyway, the alarms are back after having used the other two accounts.
Anyway - this is how my PC is now. It seems quite different for the three accounts I have. I look forward to your advice on how to fix this.
Edited by EricAX, 19 December 2005 - 03:42 PM.
#25
Posted 21 December 2005 - 03:35 AM
njustice
-
- Member
-
- 521 posts
Member
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Download WindPFind
Then reboot your computer into safe mode
Open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Scan Mail Bases - Click OK
- Now under select a target to scan:Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Download WindPFind
Then reboot your computer into safe mode
Open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
Edited by njustice, 21 December 2005 - 03:36 AM.
#26
Posted 21 December 2005 - 03:44 AM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
Thanks,
I will du as you advice when I get home and let you know the results.
While trying to cure my PC - do you have any advice on how to get my office products working again. I would really need to do some work with word and excel....
I will du as you advice when I get home and let you know the results.
While trying to cure my PC - do you have any advice on how to get my office products working again. I would really need to do some work with word and excel....
#27
Posted 21 December 2005 - 11:20 PM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
Here are the two reports. Please let me know what you can make of it and advice me what to do next.
Kapersky:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, December 21, 2005 21:44:40
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 21/12/2005
Kaspersky Anti-Virus database records: 168467
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 57834
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 3303 sec
No malware has been detected. The sections that have been scanned are CLEAN.
Scan process completed.
WinPFind:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
qoologic 21.12.2005 21:16:44 204131 C:\WinPFind.zip
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
PEC2 25.04.2003 13:00:00 41119 C:\WINDOWS\SYSTEM32\dfrg.msc
FSG! 11.11.2003 16:00:22 236544 C:\WINDOWS\SYSTEM32\divxdec.ax
PTech 04.11.2005 16:27:24 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 09.12.2005 01:20:36 2716000 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 09.12.2005 01:20:36 2716000 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 09:03:00 704000 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 09:03:20 664064 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 25.04.2003 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
PTech 04.08.2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
21.12.2005 22:12:10 S 2048 C:\WINDOWS\bootstat.dat
05.12.2005 01:04:18 H 0 C:\WINDOWS\inf\oem29.inf
21.12.2005 20:37:14 H 0 C:\WINDOWS\LastGood\INF\oem30.inf
21.12.2005 20:37:14 H 0 C:\WINDOWS\LastGood\INF\oem30.PNF
01.12.2005 04:46:08 S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
02.12.2005 01:12:44 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
21.12.2005 22:12:02 H 8192 C:\WINDOWS\system32\config\default.LOG
21.12.2005 22:12:28 H 1024 C:\WINDOWS\system32\config\SAM.LOG
21.12.2005 22:12:12 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
21.12.2005 22:12:58 H 61440 C:\WINDOWS\system32\config\software.LOG
21.12.2005 22:12:18 H 856064 C:\WINDOWS\system32\config\system.LOG
15.12.2005 16:27:22 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
10.11.2005 17:22:04 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\d2a91757-1005-4b01-a74a-63157bb3296a
10.11.2005 17:22:04 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
21.12.2005 21:45:34 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 04.08.2004 09:03:38 69120 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 09:03:38 551424 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 09:03:38 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 09:03:38 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 09:03:38 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 09:03:38 155648 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 09.07.2003 20:20:32 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 04.08.2004 09:03:38 358912 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 09:03:38 130048 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 09:03:38 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 09:03:38 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03.06.2005 02:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 25.04.2003 13:00:00 188416 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 09:03:38 619008 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 25.04.2003 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 09:03:38 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 09:03:38 256512 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04.08.2004 09:03:38 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 09:03:38 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel® Corporation 10.12.2003 02:26:02 77824 C:\WINDOWS\SYSTEM32\PRAppltW.cpl
Apple Computer, Inc. 23.09.2004 18:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 04.08.2004 09:03:38 299008 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 25.04.2003 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 09:03:38 93696 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 09:03:38 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 03:16:34 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 25.04.2003 13:00:00 188416 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 25.04.2003 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 25.04.2003 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26.05.2005 03:16:34 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 09.07.2003 20:20:32 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
21.12.2005 20:17:20 2331 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Acrobat Speed Launcher.lnk
16.04.2005 12:56:24 880 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk
05.02.2005 14:19:04 HS 84 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
05.02.2005 14:04:04 HS 62 C:\Documents and Settings\All Users\Programdata\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
05.02.2005 14:19:04 HS 84 C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\desktop.ini
10.12.2005 23:54:20 645 C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\SpywareGuard.lnk
Checking files in %USERPROFILE%\Application Data folder...
05.02.2005 14:04:04 HS 62 C:\Documents and Settings\Eier\Programdata\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Programfiler\SpywareGuard\spywareguard.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programfiler\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programfiler\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NVC
{D5507020-DB45-11d1-A5F0-00600872F78D} = C:\Programfiler\Norman\Nvc\BIN\NVCSE.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programfiler\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Startmeny-pinne = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NVC
{D5507020-DB45-11d1-A5F0-00600872F78D} = C:\Programfiler\Norman\Nvc\BIN\NVCSE.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programfiler\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programfiler\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\NVC
{D5507020-DB45-11d1-A5F0-00600872F78D} = C:\Programfiler\Norman\Nvc\BIN\NVCSE.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programfiler\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Programfiler\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\programfiler\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Dagens tips = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programfiler\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programfiler\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Utforsker-bånd for filsøk = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-bånd = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koblinger : %SystemRoot%\system32\SHELL32.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koblinger : %SystemRoot%\system32\SHELL32.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programfiler\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
PRONoMgr.exe C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
SynTPLpr C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
LaunchAp C:\Program Files\Launch Manager\LaunchAp.exe
HotkeyApp C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol C:\Program Files\Launch Manager\CtrlVol.exe
LMgrOSD C:\Program Files\Launch Manager\OSD.exe
Wbutton "C:\Program Files\Launch Manager\Wbutton.exe"
AVManager "C:\Programfiler\Wistron\AVManager\AVManager.exe"
Norman ZANDA C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
AGRSMMSG AGRSMMSG.exe
LtMoh C:\Programfiler\ltmoh\Ltmoh.exe
iTunesHelper C:\Programfiler\iTunes\iTunesHelper.exe
QuickTime Task "C:\Programfiler\QuickTime\qttask.exe" -atboottime
AWMON "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
mmtask C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Acrobat Assistant 7.0 "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SpySweeper "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
AWMON "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FELLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring
= C:\WINDOWS\System32\LgNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB
= C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs wbsys.dll
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 21.12.2005 22:19:52
Kapersky:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, December 21, 2005 21:44:40
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 21/12/2005
Kaspersky Anti-Virus database records: 168467
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 57834
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 3303 sec
No malware has been detected. The sections that have been scanned are CLEAN.
Scan process completed.
WinPFind:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
qoologic 21.12.2005 21:16:44 204131 C:\WinPFind.zip
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
PEC2 25.04.2003 13:00:00 41119 C:\WINDOWS\SYSTEM32\dfrg.msc
FSG! 11.11.2003 16:00:22 236544 C:\WINDOWS\SYSTEM32\divxdec.ax
PTech 04.11.2005 16:27:24 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 09.12.2005 01:20:36 2716000 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 09.12.2005 01:20:36 2716000 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 09:03:00 704000 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 09:03:20 664064 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 25.04.2003 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
PTech 04.08.2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
21.12.2005 22:12:10 S 2048 C:\WINDOWS\bootstat.dat
05.12.2005 01:04:18 H 0 C:\WINDOWS\inf\oem29.inf
21.12.2005 20:37:14 H 0 C:\WINDOWS\LastGood\INF\oem30.inf
21.12.2005 20:37:14 H 0 C:\WINDOWS\LastGood\INF\oem30.PNF
01.12.2005 04:46:08 S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
02.12.2005 01:12:44 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
21.12.2005 22:12:02 H 8192 C:\WINDOWS\system32\config\default.LOG
21.12.2005 22:12:28 H 1024 C:\WINDOWS\system32\config\SAM.LOG
21.12.2005 22:12:12 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
21.12.2005 22:12:58 H 61440 C:\WINDOWS\system32\config\software.LOG
21.12.2005 22:12:18 H 856064 C:\WINDOWS\system32\config\system.LOG
15.12.2005 16:27:22 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
10.11.2005 17:22:04 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\d2a91757-1005-4b01-a74a-63157bb3296a
10.11.2005 17:22:04 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
21.12.2005 21:45:34 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 04.08.2004 09:03:38 69120 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 09:03:38 551424 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 09:03:38 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 09:03:38 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 09:03:38 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 09:03:38 155648 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 09.07.2003 20:20:32 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 04.08.2004 09:03:38 358912 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 09:03:38 130048 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 09:03:38 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 09:03:38 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03.06.2005 02:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 25.04.2003 13:00:00 188416 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 09:03:38 619008 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 25.04.2003 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 09:03:38 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 09:03:38 256512 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04.08.2004 09:03:38 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 09:03:38 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel® Corporation 10.12.2003 02:26:02 77824 C:\WINDOWS\SYSTEM32\PRAppltW.cpl
Apple Computer, Inc. 23.09.2004 18:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 04.08.2004 09:03:38 299008 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 25.04.2003 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 09:03:38 93696 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 09:03:38 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 03:16:34 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 25.04.2003 13:00:00 188416 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 25.04.2003 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 25.04.2003 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26.05.2005 03:16:34 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 09.07.2003 20:20:32 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
21.12.2005 20:17:20 2331 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Acrobat Speed Launcher.lnk
16.04.2005 12:56:24 880 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk
05.02.2005 14:19:04 HS 84 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
05.02.2005 14:04:04 HS 62 C:\Documents and Settings\All Users\Programdata\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
05.02.2005 14:19:04 HS 84 C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\desktop.ini
10.12.2005 23:54:20 645 C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\SpywareGuard.lnk
Checking files in %USERPROFILE%\Application Data folder...
05.02.2005 14:04:04 HS 62 C:\Documents and Settings\Eier\Programdata\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Programfiler\SpywareGuard\spywareguard.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programfiler\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programfiler\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NVC
{D5507020-DB45-11d1-A5F0-00600872F78D} = C:\Programfiler\Norman\Nvc\BIN\NVCSE.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programfiler\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Startmeny-pinne = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NVC
{D5507020-DB45-11d1-A5F0-00600872F78D} = C:\Programfiler\Norman\Nvc\BIN\NVCSE.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programfiler\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programfiler\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\NVC
{D5507020-DB45-11d1-A5F0-00600872F78D} = C:\Programfiler\Norman\Nvc\BIN\NVCSE.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programfiler\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Programfiler\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\programfiler\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
AcroIEToolbarHelper Class = C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Dagens tips = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programfiler\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programfiler\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Utforsker-bånd for filsøk = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-bånd = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koblinger : %SystemRoot%\system32\SHELL32.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koblinger : %SystemRoot%\system32\SHELL32.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programfiler\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
PRONoMgr.exe C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
SynTPLpr C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
LaunchAp C:\Program Files\Launch Manager\LaunchAp.exe
HotkeyApp C:\Program Files\Launch Manager\HotkeyApp.exe
CtrlVol C:\Program Files\Launch Manager\CtrlVol.exe
LMgrOSD C:\Program Files\Launch Manager\OSD.exe
Wbutton "C:\Program Files\Launch Manager\Wbutton.exe"
AVManager "C:\Programfiler\Wistron\AVManager\AVManager.exe"
Norman ZANDA C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
AGRSMMSG AGRSMMSG.exe
LtMoh C:\Programfiler\ltmoh\Ltmoh.exe
iTunesHelper C:\Programfiler\iTunes\iTunesHelper.exe
QuickTime Task "C:\Programfiler\QuickTime\qttask.exe" -atboottime
AWMON "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
mmtask C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Acrobat Assistant 7.0 "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SpySweeper "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
AWMON "C:\Programfiler\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FELLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring
= C:\WINDOWS\System32\LgNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB
= C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs wbsys.dll
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 21.12.2005 22:19:52
#28
Posted 24 December 2005 - 04:45 AM
njustice
-
- Member
-
- 521 posts
Member
Could have sworn I replied the other day. 
The logs provided look ok, I recommend you reinstall the office products you mention having problems with.
The logs provided look ok, I recommend you reinstall the office products you mention having problems with.
#29
Posted 25 December 2005 - 06:26 AM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
Office is now reinstalled and is currently working properly.
But what about the ad-watch alarms I keep getting about the registry changes? Do you know what it means? Should I just allow them, or does it mean that my PC is still infected?
But what about the ad-watch alarms I keep getting about the registry changes? Do you know what it means? Should I just allow them, or does it mean that my PC is still infected?
#30
Posted 28 December 2005 - 07:48 AM
EricAX
- Topic Starter
-
- Member
-
- 24 posts
Member
Hi again,
I just ran a routine sweep with the Spy Sweeper from the "Thy Thy" user account and it found a rootkit !! It has not found this before, and not in the owner account (I ran a sweep here yesterday, and it only found the spyaxe.lnk thing I have reported previously). Maybe it has been there all along and just found it due to a definition update from the spy sweeper?? Anyway, the spysweeper will not remove it without subscription.
I don't really know what a rootkit is, but my understanding is that it is quite serious. Please help me get rid of this thing.
This is what spy sweeper detects:
fu rootkit components:
c:\system volume information\_restore{0586c777-35ce-448c-b9fd-3cc98c6dc80a}\rp12\a0001851.sys
c:\system volume information\_restore{0586c777-35ce-448c-b9fd-3cc98c6dc80a}\rp13\a0001926.sys
c:\system volume information\_restore{0586c777-35ce-448c-b9fd-3cc98c6dc80a}\rp13\a0003972.sys
Webroot has more information on this here.
I tried to remove it using the Microsoft Windows Malicious Software Removal Tool, but it found nothing. Neither Norman antivirus, ad-aware or any other tools I have been using finds this one. I notice that I have a folder named "system volume informatin" under the C-disk when I am in the Thy Thy account, but I cannot access it. In the owner account, I don't even see this folder (I have enabled the hidden folder option).
Would this discovery influence how I can use my computrer? Can I make things worse if I continue using the PC as normal until we have removed this? I hope you can advice me on this.
I look forward to your reply.
I just ran a routine sweep with the Spy Sweeper from the "Thy Thy" user account and it found a rootkit !! It has not found this before, and not in the owner account (I ran a sweep here yesterday, and it only found the spyaxe.lnk thing I have reported previously). Maybe it has been there all along and just found it due to a definition update from the spy sweeper?? Anyway, the spysweeper will not remove it without subscription.
I don't really know what a rootkit is, but my understanding is that it is quite serious. Please help me get rid of this thing.
This is what spy sweeper detects:
fu rootkit components:
c:\system volume information\_restore{0586c777-35ce-448c-b9fd-3cc98c6dc80a}\rp12\a0001851.sys
c:\system volume information\_restore{0586c777-35ce-448c-b9fd-3cc98c6dc80a}\rp13\a0001926.sys
c:\system volume information\_restore{0586c777-35ce-448c-b9fd-3cc98c6dc80a}\rp13\a0003972.sys
Webroot has more information on this here.
I tried to remove it using the Microsoft Windows Malicious Software Removal Tool, but it found nothing. Neither Norman antivirus, ad-aware or any other tools I have been using finds this one. I notice that I have a folder named "system volume informatin" under the C-disk when I am in the Thy Thy account, but I cannot access it. In the owner account, I don't even see this folder (I have enabled the hidden folder option).
Would this discovery influence how I can use my computrer? Can I make things worse if I continue using the PC as normal until we have removed this? I hope you can advice me on this.
I look forward to your reply.
Edited by EricAX, 28 December 2005 - 09:35 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
