Heur Trojan Generic

**kathymer** · #1 21. Nov 2008, 07:18

Hei Fyrene,

Jeg skriver fordi et par dager nå, jeg har problemer med dette så ring trojan.

Jeg har info av Hijack Denne resultater, kan noen hjelpe meg å ta?

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 10:16:57 pm, on 21/11/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de Program \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de Program \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Archivos de Program \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Archivos de Program \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Verktøy \ StatusClient \ StatusClient.exe
C: \ Archivos de Program \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Archivos de Program \ Java \ jre6 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Archivos de Program \ Windows Desktop Search \ WindowsSearch.exe
C: \ Archivos de Program \ Microsoft Office \ Office12 \ ONENOTEM.EXE
c: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Javasofts \ JRE \ 1.3.1 \ bin \ javaw.ex e
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Archivos de Program \ Uniblue \ RegistryBooster \ RegistryBooster.e XE
C: \ Archivos de Program \ Windows Live \ Messenger \ msnmsgr.exe
C: \ WINDOWS \ explorer.exe
C: \ Archivos de Program \ Windows Live \ Messenger \ usnsvc.exe
C: \ Archivos de Program \ Mozilla Firefox \ firefox.exe
C: \ Archivos de Program \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ HPBPRO.EXE

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de Program \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de Program \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Skjem bort / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Archivos de Program \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Archivos de Program \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Archivos de Program \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [StatusClient] C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Verktøy \ StatusClient \ StatusClient.exe / auto
O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe
O4 - HKLM \ .. \ Run: [HPLJ Config] c: \ Archivos de Program \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe-c Direct-p DOT4_001-pn "HP LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120.000
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Archivos de Program \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Archivos de Program \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [AVP] "C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - HKLM \ .. \ Run: [f411a9e3] rundll32.exe "C: \ WINDOWS \ system32 \ knqyluad.dll", b
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Archivos de Program \ Yahoo! \ Messenger \ YahooMessenger.exe" stille
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOKALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de røde ")
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Recorte de pantalla e Hjem rápido de OneNote 2007.lnk = C: \ Archivos de Program \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C: \ Archivos de Program \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra sammenheng menyelement: E & xportar en Microsoft Excel - res: / / C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra "Verktøy" MENUITEM: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra knappen: webområdetrafikk beskyttelse statistics - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll
O9 - Extra knappen: Send en OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: & Send en OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra knappen: HP Smart Velg - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra knappen: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Archivos de Program \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archivos de Program \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archivos de Program \ Messenger \ msmsgs.exe
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CS2 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveSystemServices.dll
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ Archiv ~ 1 \ Archiv ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C: \ Archivos de Program \ Canon \ CAL \ CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Archivos de Program \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C: \ Archivos de Program \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ system32 \ WLTRYSVC.EXE

--
End of file - 9813 bytes

Venter for raskt svar,

Kathy

**evilfantasy** · #2 21. Nov 2008, 12:56

Velkommen til CJ.

Åpne HijackThis og velg Gjør et søk.

Sett et merke ved siden av følgende oppføringer: (hvis det)

O4 - HKLM \ .. \ Run: [f411a9e3] rundll32.exe "C: \ WINDOWS \ system32 \ knqyluad.dll", b

Viktig: Lukk alle åpne vinduer unntatt HijackThis og klikk Fix kontrolleres.

Etter fullført, avslutter HijackThis.

----------

Merk: nedenstående instruksjoner ble laget spesielt for denne brukeren. Hvis du ikke bruker, IKKE Følg disse skiltene fordi de kan ødelegge hjemkomsten til systemet

Gå til Start> Kjør og skriver Notepad.exe deretter OK

Kopier og lim inn nedenfor i Notepad og lagre som fixme.reg til ditt Desktop

Code:

REGEDIT4 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] "f411a9e3" =-

Finn fixme.reg på skrivebordet og dobbeltklikk på den. Svar Ja når du blir bedt om å fusjonere med Registry.

Kontroller at du fortelle meg hvis du mottar en suksess beskjed om å legge det over til registret. Hvis du ikke blir en suksess melding, det fungerte ikke.

Slett fixme.reg fra Desktop.

----------

Vennligst skriv ut disse instruksjonene som de vil være nødvendig senere når Internett-tilgang er ikke tilgjengelig.

Laste ned SDFix av AndyManchesta og lagre den på skrivebordet.

Når du bruker dette verktøyet, må du bruke Administrator konto eller en konto med Administrative rettigheter

Dobbeltklikk SDFix.exe og det vil pakke ut filene i% systemdrive%
(dette er den stasjonen som inneholder Windows-katalogen, vanligvis C: \ SDFix).
Ikke bruker den ennå.

Start datamaskinen i Sikkermodus bruker F8 metode. Du gjør dette ved å starte datamaskinen, og etter å ha hørt maskinen piper én gang under oppstart (men før Windows ikonet) trykker du F8-tasten gjentatte ganger. En meny vises med flere alternativer. Bruk piltastene til å navigere og velge alternativet for å kjøre Windows i "sikker modus".

Åpne SDFix mappe og dobbeltklikk RunThis.bat å starte skriptet.

Type Y å starte Cleanup prosessen.
Det vil fjerne enhver Trojan Services eller registeroppføringer finnes deretter be deg om å trykke en tast for å starte på nytt.
Trykk på en tast og den vil starte PC.
Når PC-en startes på nytt, det Fixtool vil kjøre igjen og fullføre fjerningen deretter vise Ferdig, Trykker på en tast for å avslutte skriptet og laste desktop ikoner.
Når skrivebordsikonene laste SDFix rapporten åpnes på skjermen, og også lagre i SDFix mappen som Report.txt.
Kopier og lim innholdet av resultatene fil Report.txt i neste svar sammen med en ny HijackThis log (fra normal oppstart-modus).

**kathymer** · #3 24th Nov 2008, 06:18

Hei Evil,

Sorry for ikke å skrive før jeg måtte gå ut til Hong Kong for virksomheten. Derfor jeg ikke har tid til å følge instruksjonene som dagen, og i dag fant jeg ut at hijackthis loggen har allerede endre.

Hvis du kunne ta en titt og fortell meg hva jeg skal nå, vil jeg virkelig setter pris på det, og enda en gang Jeg beklager forsinkelsen.

Her er det:

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 09:17:07 pm, on 24/11/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de Program \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Archivos de Program \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
C: \ Archivos de Program \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Archivos de Program \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Verktøy \ StatusClient \ StatusClient.exe
C: \ Archivos de Program \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Archivos de Program \ Java \ jre6 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Archivos de Program \ Windows Desktop Search \ WindowsSearch.exe
C: \ Archivos de Program \ Microsoft Office \ Office12 \ ONENOTEM.EXE
c: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Javasofts \ JRE \ 1.3.1 \ bin \ javaw.ex e
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Archivos de Program \ Canon \ CAL \ CALMAIN.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Archivos de Program \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe
C: \ Archivos de Program \ Mozilla Firefox \ firefox.exe
C: \ Archivos de Program \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de Program \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de Program \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Skjem bort / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Archivos de Program \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Archivos de Program \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Archivos de Program \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [StatusClient] C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Verktøy \ StatusClient \ StatusClient.exe / auto
O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe
O4 - HKLM \ .. \ Run: [HPLJ Config] c: \ Archivos de Program \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe-c Direct-p DOT4_001-pn "HP LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120.000
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Archivos de Program \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Archivos de Program \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [AVP] "C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Archivos de Program \ Yahoo! \ Messenger \ YahooMessenger.exe" stille
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOKALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de røde ")
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Recorte de pantalla e Hjem rápido de OneNote 2007.lnk = C: \ Archivos de Program \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C: \ Archivos de Program \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra sammenheng menyelement: E & xportar en Microsoft Excel - res: / / C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra "Verktøy" MENUITEM: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra knappen: webområdetrafikk beskyttelse statistics - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll
O9 - Extra knappen: Send en OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: & Send en OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra knappen: HP Smart Velg - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra knappen: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Archivos de Program \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archivos de Program \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archivos de Program \ Messenger \ msmsgs.exe
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CS2 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveSystemServices.dll
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ Archiv ~ 1 \ Archiv ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C: \ Archivos de Program \ Canon \ CAL \ CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Archivos de Program \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C: \ Archivos de Program \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ system32 \ WLTRYSVC.EXE

--
End of file - 9627 bytes

Takk igjen, og venter på svar,

Kathy

**evilfantasy** · #4 24th Nov 2008, 10:24

Vi må fremdeles gjøre SDFix scan.

Vennligst skriv ut disse instruksjonene som de vil være nødvendig senere når Internett-tilgang er ikke tilgjengelig.

Laste ned SDFix av AndyManchesta og lagre den på skrivebordet.

Når du bruker dette verktøyet, må du bruke Administrator konto eller en konto med Administrative rettigheter

Dobbeltklikk SDFix.exe og det vil pakke ut filene i% systemdrive%
(dette er den stasjonen som inneholder Windows-katalogen, vanligvis C: \ SDFix).
Ikke bruker den ennå.

Start datamaskinen i Sikkermodus bruker F8 metode. Du gjør dette ved å starte datamaskinen, og etter å ha hørt maskinen piper én gang under oppstart (men før Windows ikonet) trykker du F8-tasten gjentatte ganger. En meny vises med flere alternativer. Bruk piltastene til å navigere og velge alternativet for å kjøre Windows i "sikker modus".

Åpne SDFix mappe og dobbeltklikk RunThis.bat å starte skriptet.

Type Y å starte Cleanup prosessen.
Det vil fjerne enhver Trojan Services eller registeroppføringer finnes deretter be deg om å trykke en tast for å starte på nytt.
Trykk på en tast og den vil starte PC.
Når PC-en startes på nytt, det Fixtool vil kjøre igjen og fullføre fjerningen deretter vise Ferdig, Trykker på en tast for å avslutte skriptet og laste desktop ikoner.
Når skrivebordsikonene laste SDFix rapporten åpnes på skjermen, og også lagre i SDFix mappen som Report.txt.
Kopier og lim innholdet av resultatene fil Report.txt i neste svaret.

**kathymer** · #5 25th Nov 2008, 05:14

Hei Evil, her er resultatene. Så langt datamaskinen fungerer flott. Thanks a lot. Gi meg beskjed hvis noe annet må gjøres.

SDFix: Versjon 1.240
Run by Administrator på 25/11/2008 til 19:47

Microsoft Windows XP [Versjon ¢ n 5.1.2600]
Running Fra: C: \ SDFix

Checking Services :

Gjenopprette Standard Security Verdier
Gjenopprette Default Hosts File

Start

Checking Files :

Trojan Files Found:

C: \ WINDOWS \ system32 \ ssqPihiH.dll - Slettet
C: \ Documents and Settings \ All Users \ Men £ Hjem \ Programas \ Hjem \. Beskyttet - Slettet
C: \ Documents and Settings \ TrackerVsrGroup \ Men £ Hjem \ Programas \ Hjem \. Beskyttet - Slettet
C: \ Archivos de Program \ iSecurity \ antivirusxp.bmp - Slettet
C: \ Archivos de Program \ iSecurity \ antivirusxp.ico - Slettet
C: \ Archivos de Program \ iSecurity \ antivirusxpi.bmp - Slettet
C: \ Archivos de Program \ iSecurity \ iSecurity.dat - Slettet
C: \ Archivos de Program \ iSecurity \ iSecurity.html - Slettet
C: \ Archivos de Program \ iSecurity \ systemdefender.bmp - Slettet
C: \ Archivos de Program \ iSecurity \ systemdefender.ico - Slettet
C: \ Archivos de Program \ iSecurity \ systemdefenderi.bmp - Slettet

Mappen C: \ Archivos de Program \ IE Extensions - Removed
Mappen C: \ Archivos de Program \ iSecurity - Removed
Mappen C: \ Archivos de Program \ RichVideoCodec - Removed
Mappen C: \ WINDOWS \ system32 \ 734914 - Removed
Mappen C: \ WINDOWS \ system32 \ 931928 - Removed

Fjerne Temp Files

ADS Check :

Final Check :

CatchMe 0.3.1361.2 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 20:01:58
Windows 5.1.2600 Service Pack 3 NTFS

skanning skjulte prosesser ...

skanning skjulte tjenester & Systemstrukturen ...

scanning hidden registeroppføringene ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows Search \ Samle \ Windows \ SystemIndex]
"LogName" = "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Microsoft \ Search \ Data \ Programmer \ Window s \ Prosjekter \ SystemIndex \ SystemIndex.Ntfy10.gthr"
"SecondaryLogName" = "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Microsoft \ Search \ Data \ Programmer \ Window s \ Prosjekter \ SystemIndex \ SystemIndex.Ntfy11.gthr"

skanning skjulte filer ...

skanning er fullført
skjulte prosesser: 0
skjulte tjenester: 0
skjulte filer: 0

Resterende Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ listen]
"C: \ \ WINDOWS \ \ system32 \ \ sessmgr.exe" = "C: \ \ WINDOWS \ \ system32 \ \ sessmgr.exe: *: Disabled: @ xpsp2res.dll, -22019"
"C: \ \ Archivos de Program \ \ Ares \ \ Ares.exe" = "C: \ \ Archivos de Program \ \ Ares \ \ Ares.exe: *: Disabled: Ares P2P for Windows"
"C: \ \ WINDOWS \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ WINDOWS \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Disabled: @ xpsp3res.dll, -20000"
"C: \ \ Archivos de Program \ \ Hewlett-Packard \ \ Toolbox2.0 \ \ Javasofts \ \ JRE \ \ 1.3.1 \ \ bin \ \ ja vaw.exe" = "C: \ \ Archivos de Program \ \ Hewlett-Packard \ \ Toolbox2.0 \ \ Javasofts \ \ JRE \ \ 1.3.1 \ \ bin \ \ ja vaw.exe: *: Disabled: javaw "
"C: \ \ WINDOWS \ \ system32 \ \ mmc.exe" = "C: \ \ WINDOWS \ \ sys tem32 \ \ mmc.exe: *: Disabled: Microsoft Management Console"
"C: \ \ Archivos de Program \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Archivos de Program \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE: *: Disabled: Microsoft Office Groove "
"C: \ \ Archivos de Program \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" = "C: \ \ Archivos de Program \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE: *: Disabled: Microsoft Office OneNote "
"C: \ \ Archivos de Program \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ \ Archivos de Program \ Microsoft Office \ \ Office12 \ \ Outlook.exe: *: Disabled: Microsoft Office Outlook "
"C: \ \ Archivos de Program \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Archivos de Program \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe: *: Disabled: Windows Live Messenger "
"C: \ \ Archivos de Program \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Archivos de Program \ \ Windows Live \ \ Messenger \ \ livecall.exe: *: Disabled: Windows Live Messenger (Telefon)
"C: \ \ Archivos de Program \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Archivos de Program \ \ Messenger \ \ msmsgs.exe: *: Disabled: Windows Messenger"
"C: \ \ Documents and Settings \ \ All Users.WINDOWS \ \ Datos de Program \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ engelsk \ \ setup.exe" = "C: \ \ Documents and Settings \ \ All Users.WINDOWS \ \ Datos de Program \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ engelsk \ \ setup.exe: *: Disabled: Kaspersky Internet Security 2009 Setup "
"C: \ \ Archivos de Program \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Archivos de Program \ \ Skype \ \ Phone \ \ Skype.exe: *: Disabled: Skype"
"C: \ \ Archivos de Program \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ \ Archivos de Program \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe: *: Disabled: Yahoo! Messenger "
"C: \ \ Archivos de Program \ \ AVG \ AVG8 \ \ avgupd.exe" = "C: \ \ Archivos de Program \ \ AVG \ AVG8 \ \ avgupd.exe: *: Enabled: avgupd.e XE"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listen]
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ \ Archivos de Program \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Archivos de Program \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe: *: Enabled: Windows Live Messenger "
"C: \ \ Archivos de Program \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Archivos de Program \ \ Windows Live \ \ Messenger \ \ livecall.exe: *: Enabled: Windows Live Messenger (Telefon)

Resterende Filer :

Fil sikkerhetskopier: - C: \ SDFix \ backup \ backups.zip

Filer med skjulte attributter :

Søndag 12 mars 2006 10.311.680 .. SH. --- "C: \ Archivos de Program \ AVIConverter \ mencoder.exe"
Mandag 14 april 2008 60.416 A.SH. --- "C: \ Archivos de Program \ Outlook Express \ msimn.exe"
Lørdag 11 november 2006 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Tirsdag 13 november 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Tirsdag 13 februar 2007 3.096.576 A.. H. --- "C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ U3 \ temp \ Launchpad Removal.exe"
Fredag 21 november 2008 18.922 ... H. --- "C: \ Documents and Settings \ Mauricio \ Mis documentos \ Erika \ Privat \ Bøker \ ~ WRL3517.tmp"

Ferdig!

Takk,

Kathy

**evilfantasy** · #6 25 november 2008, 11:56

Laste ned Malwarebytes' Anti-Malware (MBAM)

Dobbeltklikk mbam-setup.exe og følger instruksjonene for å installere programmet.
Ved utgangen, må du passe på et merke plasseres ved siden av det følgende:
- Oppdater Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Deretter klikker du Fullfør.
Hvis en oppdatering er funnet, vil laste ned og installere den nyeste versjonen.
Når programmet er lastet, velger du Utføre rask skanning, Og klikk Scan.
Når skanningen er fullført, klikker du OK, Deretter Vis resultater å vise resultater.
Pass på at alt er sjekket, og klikk Fjern valgte.
Når desinfeksjon er ferdig, en logg åpnes i Notepad, og du kan bli bedt om å starte. (Se Extra Note)
Loggen lagres automatisk ved MBAM og kan vises ved å klikke Logger kategorien i MBAM.
Kopier og lim inn hele rapporten i neste svaret.

Ekstra Merk: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli presentert med 1 av 2 ledetekster, klikk OK for å enten og la MBAM fortsette med desinfeksjon prosessen, hvis du blir bedt om å starte datamaskinen på nytt, kan du gjøre det umiddelbart.

----------

Laste ned tilfeldig system informasjon verktøyet (RSIT) av en tilfeldig / tilfeldig fra og lagre det til skrivebordet ditt.

Dobbeltklikk på RSIT.exe å kjøre.
Klikk Fortsett på ansvarsfraskrivelse skjermen.
Når den er ferdig, to loggene åpne.
Log.txt <skal optimaliseres og info.txt <skal minimeres
Vennligst post innholdet av begge loggene i neste svaret.

----------

Neste innlegg kan du legge til:
MBAM logg
RSIT logge & info logs

Merk: Det kan ta to stillinger for å få alle de logger inn.

**kathymer** · #7 29th Nov 2008, 08:10

Hei Evil,

Her er loggene:
Logfile tilfeldig system informasjon verktøyet 1,04 (skrevet av tilfeldige / tilfeldig)
Kjør av Mauricio på 2008-11-29 23:03:34
Microsoft Windows XP Professional Service Pack 3
Systemstasjonen C: har 50 GB (68%) gratis på 73 GB
Totalt RAM: 1015 MB (53% gratis)

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 11:03:42 pm, on 29/11/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de Program \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de Program \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Archivos de Program \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Archivos de Program \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Archivos de Program \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe
C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Verktøy \ StatusClient \ StatusClient.exe
C: \ Archivos de Program \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Archivos de Program \ Java \ jre6 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Archivos de Program \ Windows Desktop Search \ WindowsSearch.exe
C: \ Archivos de Program \ Microsoft Office \ Office12 \ ONENOTEM.EXE
c: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Javasofts \ JRE \ 1.3.1 \ bin \ javaw.ex e
C: \ Archivos de Program \ Canon \ CAL \ CALMAIN.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe
C: \ Archivos de Program \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ Archivos de Program \ Mozilla Firefox \ firefox.exe
C: \ Documents and Settings \ Mauricio \ Escritorio \ RSIT.exe
C: \ Archivos de Program \ Trend Micro \ HijackThis \ Mauricio.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de Program \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Archivos de Program \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O2 - BHO: HP Print Enhancer - (0347C33E-8762-4905-BF09-768834316C61) - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - (053F9267-DC04-4294-A72C-58F732D338C0) - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_framework.dll
O2 - BHO: Adobe PDF Link Helper - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Archivos de Program \ Archivos comunes \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Archivos de Program \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: AVG Safe Search - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - (no file)
O2 - BHO: IEVkbdBHO - (59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C) - C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de Program \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de Hjem de sesión - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Archivos de Program \ Archivos comunes \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: (no name) - (C08DF07A-3E49-4E25-9AB0-D3882835F153) - (no file)
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Archivos de Program \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Archivos de Program \ Java \ jre6 \ lib \ distribuere \ jqs \ ie \ jqs_plugin.dl l
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de Program \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Skjem bort / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Archivos de Program \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Archivos de Program \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Archivos de Program \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [StatusClient] C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Verktøy \ StatusClient \ StatusClient.exe / auto
O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe
O4 - HKLM \ .. \ Run: [HPLJ Config] c: \ Archivos de Program \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe-c Direct-p DOT4_001-pn "HP LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120.000
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Archivos de Program \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Archivos de Program \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [AVP] "C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Archivos de Program \ Yahoo! \ Messenger \ YahooMessenger.exe" stille
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOKALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de røde ")
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Recorte de pantalla e Hjem rápido de OneNote 2007.lnk = C: \ Archivos de Program \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C: \ Archivos de Program \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra sammenheng menyelement: E & xportar en Microsoft Excel - res: / / C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra "Verktøy" MENUITEM: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra knappen: webområdetrafikk beskyttelse statistics - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll
O9 - Extra knappen: Send en OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: & Send en OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra knappen: HP Smart Velg - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra knappen: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Archivos de Program \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ micros ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archivos de Program \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Archivos de Program \ Messenger \ msmsgs.exe
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CS2 \ Services \ Tcpip \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveSystemServices.dll
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ Archiv ~ 1 \ Archiv ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C: \ Archivos de Program \ Canon \ CAL \ CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Archivos de Program \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C: \ Archivos de Program \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ system32 \ WLTRYSVC.EXE

--
End of file - 11628 bytes

====== Planlagte oppgaver mappe ======

C: \ WINDOWS \ oppgaver \ AppleSoftwareUpdate.job
C: \ WINDOWS \ oppgaver \ enlgfqlf.job

====== Registerkontroll dump ======

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (02478D38-C3F9-4EFB-9B51-7695ECA05670)]
Yahoo! Toolbar Helper - C: \ Archivos de Program \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (0347C33E-8762-4905-BF09-768834316C61)]
HP Print Enhancer - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_printenhancer.dll [2007-03-03 1298024]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (053F9267-DC04-4294-A72C-58F732D338C0)]
HP Print Clips - C: \ Archivos de Program \ HP \ Smart Web Printing \ hpswp_framework.dll [2007-03-03 177768]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (18DF081C-E8AD-4283-A596-FA578C2EBDC3)]
Adobe PDF Link Helper - C: \ Archivos de Program \ Archivos comunes \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (22BF413B-C6D2-4d91-82A9-A0F997BA588C)]
Skype add-on (mastermind) - C: \ Archivos de Program \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll [2008-06-04 1404928]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0)]
AVG Safe Search

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C)]
IEVkbdBHO Class - C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (72853161-30C5-4D22-B7F9-0BBC1D38A37E)]
Groove GFS Browser Helper - C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (761497BB-D6F0-462C-B6EB-D4DAF1D92D43)]
SSVHelper Class - C: \ Archivos de Program \ Java \ jre6 \ bin \ ssv.dll [2008-10-28 320920]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (7E853D72-626A-48EC-A868-BA8D5E23E045)]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (9030D464-4C02-4ABF-8ECC-5164760863C6)]
Windows Live Aplicación auxiliar de Hjem de sesión - C: \ Archivos de Program \ Archivos comunes \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (C08DF07A-3E49-4E25-9AB0-D3882835F153)]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (DBC80044-A445-435b-BC74-9C25C1C588A9)]
Java (tm) Plug-in 2 SSV Helper - C: \ Archivos de Program \ Java \ jre6 \ bin \ jp2ssv.dll [2008-10-28 34816]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (E7E6F031-17CE-4C07-BC86-EABFE594F69C)]
JQSIEStartDetectorImpl Class - C: \ Archivos de Program \ Java \ jre6 \ lib \ distribuere \ jqs \ ie \ jqs_plugin.dl l [2008-10-28 73728]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Archivos de Program \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run]
"IMJPMIG8.1" = C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EX E [2008-04-14 208952]
"PHIME2002ASync" = C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A" = C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ Tint SETP.EXE [2008-04-14 455168]
"GrooveMonitor" = C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveMonitor.exe [2007-08-24 33648]
"SigmatelSysTrayApp" = C: \ Archivos de Program \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe [2007-05-10 405504]
"Broadcom Wireless Manager UI" = C: \ WINDOWS \ system32 \ WLTRAY.exe [2006-11-01 1392640]
"HP Software Update" = C: \ Archivos de Program \ HP \ HP Software Update \ HPWuSchd2.exe [2006-12-11 49152]
"Adobe Reader Speed Launcher" = C: \ Archivos de Program \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe [2008-06-12 34672]
"QuickTime Task" = C: \ Archivos de Program \ QuickTime \ QTTask.exe [2008-05-27 413696]
"StatusClient" = C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4.0 \ webapps \ Verktøy \ StatusClient \ StatusClient.exe [2002-12-17 36864]
"TomcatStartup" = C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe [2003-04-01 155648]
"HPLJ Config" = C: \ Archivos de Program \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe-c Direct-p DOT4_001-pn HP LaserJet 1150 PCL 5e-n 0-l 1033-sl 120.000 []
"SynTPEnh" = C: \ Archivos de Program \ Synaptics \ SynTP \ SynTPEnh.exe [2007-12-07 1024000]
"SunJavaUpdateSched" = C: \ Archivos de Program \ Java \ jre6 \ bin \ jusched.exe [2008-10-28 136600]
"igfxtray" = C: \ WINDOWS \ system32 \ igfxtray.exe [2006-09-15 94208]
"igfxhkcmd" = C: \ WINDOWS \ system32 \ hkcmd.exe [2006-09-15 77824]
"igfxpers" = C: \ WINDOWS \ system32 \ igfxpers.exe [2006-09-15 118784]
"AVP" = C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-14 15360]
"Messenger (Yahoo!)" = C: \ Archivos de Program \ Yahoo! \ Messenger \ YahooMessenger.exe [2008-11-05 4347120]

C: \ Documents and Settings \ All Users.WINDOWS \ Meny Hjem \ Programas \ Hjem
Búsqueda en el escritorio de Windows.lnk - C: \ Archivos de Program \ Windows Desktop Search \ WindowsSearch.exe

C: \ Documents and Settings \ Mauricio \ Meny Hjem \ Programas \ Hjem
Recorte de pantalla e Hjem rápido de OneNote 2007.lnk - C: \ Archivos de Program \ Microsoft Office \ Office12 \ ONENOTEM.EXE

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLS" = "C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ igfxcui]
C: \ WINDOWS \ system32 \ igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ klogon]
C: \ WINDOWS \ system32 \ klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-14 240128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks]
"(B5A7F190-DDA6-4420-B3BA-52453494E6CD)" = C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll [2007-08-24 2212224]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = C: \ Archivos de Program \ Windows Desktop Search \ MSNLNamespaceMgr.dll [2007-02-06 294400]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ listen]
"C: \ WINDOWS \ system32 \ sessmgr.exe" = "C: \ WINDOWS \ syst em32 \ sessmgr.exe: *: Disabled: @ xpsp2res.dll, -22019"
"C: \ Archivos de Program \ Ares \ Ares.exe" = "C: \ Archivos de Program \ Ares \ Ares.exe: *: Disabled: Ares P2P for Windows"
"C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe" = "C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe: *: Disabled: @ xpsp3res.dll, -20000"
"C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Javasofts \ JRE \ 1.3.1 \ bin \ javaw.ex e" = "C: \ Archivos de Program \ Hewlett-Packard \ Toolbox2.0 \ Javasofts \ JRE \ 1.3.1 \ bin \ javaw.ex e: *: Disabled: javaw "
"C: \ WINDOWS \ system32 \ mmc.exe" = "C: \ WINDOWS \ system32 \ mmc.exe: *: Disabled: Microsoft Management Console"
"C: \ Archivos de Program \ Microsoft Office \ Office12 \ GROOVE.EXE" = "C: \ Archivos de Program \ Microsoft Office \ Office12 \ GROOVE.EXE: *: Disabled: Microsoft Office Groove"
"C: \ Archivos de Program \ Microsoft Office \ Office12 \ ONENOTE.EXE" = "C: \ Archivos de Program \ Microsoft Office \ Office12 \ ONENOTE.EXE: *: Disabled: Microsoft Office OneNote"
"C: \ Archivos de Program \ Microsoft Office \ Office12 \ Outlook.exe" = "C: \ Archivos de Program \ Microsoft Office \ Office12 \ Outlook.exe: *: Disabled: Microsoft Office Outlook"
"C: \ Archivos de Program \ Windows Live \ Messenger \ msnmsgr.exe" = "C: \ Archivos de Program \ Windows Live \ Messenger \ msnmsgr.exe: *: Disabled: Windows Live Messenger"
"C: \ Archivos de Program \ Windows Live \ Messenger \ livecall.exe" = "C: \ Archivos de Program \ Windows Live \ Messenger \ livecall.exe: *: Disabled: Windows Live Messenger (Phone)"
"C: \ Archivos de Program \ Messenger \ msmsgs.exe" = "C: \ Archivos de Program \ Messenger \ msmsgs.exe: *: Disabled: Windows Messenger"
"C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ engelsk \ setup.exe" = "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ engelsk \ setup.exe: *: Disabled: Kaspersky Internet Security 2009 Setup "
"C: \ Archivos de Program \ Yahoo! \ Messenger \ YahooMessenger.exe" = "C: \ Archivos de Program \ Yahoo! \ Messenger \ YahooMessenger.exe: *: Dis abled: Yahoo Messenger"
"C: \ Archivos de Program \ AVG \ AVG8 \ avgupd.exe" = "C: \ Archivos de Program \ AVG \ AVG8 \ avgupd.exe: *: Enabled: avgupd.exe"
"C: \ Archivos de Program \ Skype \ Phone \ Skype.exe" = "C: \ Archivos de Program \ Skype \ Phone \ Skype.exe: *: Enabled: Skype"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listen]
"% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ Archivos de Program \ Windows Live \ Messenger \ msnmsgr.exe" = "C: \ Archivos de Program \ Windows Live \ Messenger \ msnmsgr.exe: *: Enabled: Windows Live Messenger"
"C: \ Archivos de Program \ Windows Live \ Messenger \ livecall.exe" = "C: \ Archivos de Program \ Windows Live \ Messenger \ livecall.exe: *: Enabled: Windows Live Messenger (Phone)"

====== Liste over filer / mapper opprettet i de siste 1 mnd ======

2008-11-29 23:03:33 ---- D ---- C: \ rsit
2008-11-29 22:41:40 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ Malwarebytes
2008-11-29 22:41:23 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Malwarebytes
2008-11-29 22:41:23 ---- D ---- C: \ Archivos de Program \ Malwarebytes' Anti-Malware
2008-11-29 09:19:41 ---- SH ---- C: \ WINDOWS \ system32 \ dhtngaxu.ini
2008-11-27 22:05:52 ---- SH ---- C: \ WINDOWS \ system32 \ pugslxae.ini
2008-11-26 22:03:57 ---- SH ---- C: \ WINDOWS \ system32 \ eukkiphh.ini
2008-11-25 19:41:04 ---- D ---- C: \ WINDOWS \ ERUNT
2008-11-25 11:01:26 ---- SH ---- C: \ WINDOWS \ system32 \ lulxsfxo.ini
2008-11-24 21:19:15 ---- D ---- C: \ SDFix
2008-11-24 07:58:30 ---- SH ---- C: \ WINDOWS \ system32 \ xgvvibbj.ini
2008-11-22 08:27:10 ---- SH ---- C: \ WINDOWS \ system32 \ pqukverl.ini
2008-11-21 21:52:02 ---- D ---- C: \ Archivos de Program \ Trend Micro
2008-11-21 08:24:21 ---- SH ---- C: \ WINDOWS \ system32 \ daulyqnk.ini
2008-11-21 07:57:32 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ Desktopicon
2008-11-21 07:57:23 ---- D ---- C: \ Archivos de Program \ Unlocker
2008-11-20 08:08:07 ---- B ---- C: \ WINDOWS \ ntbtlog.txt
2008-11-19 23:33:53 ---- SH ---- C: \ WINDOWS \ system32 \ hhgdaqoj.ini
2008-11-19 20:40:38 ---- D ---- C: \ WINDOWS \ system32 \ NtmsData
2008-11-19 00:35:14 ---- D ---- C: \ WINDOWS \ RegisteredPackages
2008-11-19 00:18:12 ---- N ---- C: \ WINDOWS \ system32 \ pxcpya64.exe
2008-11-19 00:17:54 ---- N ---- C: \ WINDOWS \ system32 \ pxinsa64.exe
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ vxblock.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxwave.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxsfs.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxmas.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxhpinst.exe
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxdrv.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxafs.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ px.dll
2008-11-19 00:16:06 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ Winamp
2008-11-19 00:16:06 ---- D ---- C: \ Archivos de Program \ Winamp
2008-11-18 23:18:58 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Kaspersky Lab
2008-11-18 23:18:58 ---- D ---- C: \ Archivos de Program \ Kaspersky Lab
2008-11-18 22:53:33 ---- SH ---- C: \ WINDOWS \ system32 \ gpifbath.ini
2008-11-18 22:53:08 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Yahoo! Companion
2008-11-18 22:52:54 ---- B ---- C: \ WINDOWS \ system32 \ ff326d9d-.txt
2008-11-18 22:49:38 ---- Ash ---- C: \ WINDOWS \ system32 \ OrBIOqss.ini
2008-11-18 21:50:39 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Kaspersky Lab installasjonsfiler
2008-11-18 21:50:11 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Avg8
2008-11-18 21:01:02 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ Yahoo!
2008-11-18 21:00:55 ---- D ---- C: \ Archivos de Program \ Yahoo!
2008-11-16 18:22:11 ---- B ---- C: \ WINDOWS \ system32 \ igfxres.dll
2008-11-16 18:14:28 ---- B ---- C: \ WINDOWS \ system32 \ iAlmCoIn_v4693.dll
2008-11-16 18:14:04 ---- D ---- C: \ Archivos de Program \ Lenovo
2008-11-16 18:13:02 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ InstallShield
2008-11-16 17:07:04 ---- D ---- C: \ Archivos de Program \ Ares
2008-11-16 07:56:56 ---- HDC ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ (51019853-129C-4EDE-9030-D5FD7BBD9AD0)
2008-11-16 07:50:56 ---- N ---- C: \ WINDOWS \ system32 \ spmsg2.dll
2008-11-16 07:50:46 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallXPSEPSCLP $
2008-11-16 07:45:41 ---- D ---- C: \ WINDOWS \ system32 \ XPSViewer
2008-11-16 07:45:33 ---- D ---- C: \ WINDOWS \ system32 \ no
2008-11-16 07:45:22 ---- D ---- C: \ Archivos de Program \ Referanse råd
2008-11-16 07:43:37 ---- N ---- C: \ WINDOWS \ system32 \ prntvpt.dll
2008-11-16 07:43:36 ---- N ---- C: \ WINDOWS \ system32 \ xpssvcs.dll
2008-11-16 07:43:36 ---- N ---- C: \ WINDOWS \ system32 \ xpsshhdr.dll
2008-11-16 07:43:35 ---- D ---- C: \ 5f1fa5494e63fddfbdfa29aa67bcdc5a
2008-11-16 07:32:05 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ DriverScanner
2008-11-16 07:30:14 ---- HDC ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ (D5ABFFAD-D592-4F98-B02B-587125B4801F)
2008-11-16 07:27:18 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ Uniblue
2008-11-16 07:26:25 ---- D ---- C: \ Archivos de Program \ Uniblue
2008-11-16 07:25:46 ---- HDC ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185)
2008-10-31 20:38:38 ---- B ---- C: \ WINDOWS \ system32 \ vfwwdm32.dll
2008-10-30 19:39:53 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ QuickTime
2008-10-30 19:39:05 ---- D ---- C: \ Archivos de Program \ Archivos comunes \ Ulead Systems
2008-10-30 19:38:30 ---- D ---- C: \ Archivos de Program \ InterVideo Information Service
2008-10-30 19:38:30 ---- D ---- C: \ Archivos de Program \ Archivos comunes \ Ulead
2008-10-30 19:37:27 ---- D ---- C: \ Archivos de Program \ Archivos comunes \ InterVideo
2008-10-30 19:37:22 ---- D ---- C: \ Archivos de Program \ InterVideo
2008-10-30 19:37:22 ---- B ---- C: \ WINDOWS \ mws.exe
2008-10-30 19:37:13 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ InterVideo
2008-10-30 19:36:31 ---- D ---- C: \ Archivos de Program \ Digital Camera

====== Liste over filer / mapper endret de siste 1 mnd ======

2008-11-29 23:02:55 ---- D ---- C: \ WINDOWS \ Temp
2008-11-29 23:01:22 ---- D ---- C: \ Archivos de Program \ Mozilla Firefox
2008-11-29 22:59:43 ---- D ---- C: \ WINDOWS
2008-11-29 22:58:13 ---- D ---- C: \ WINDOWS \ system32 \ drivers
2008-11-29 22:58:13 ---- D ---- C: \ WINDOWS \ system32
2008-11-29 22:57:31 ---- B ---- C: \ WINDOWS \ SchedLgU.Txt
2008-11-29 22:41:23 ---- RD ---- C: \ Archivos de Program
2008-11-29 09:39:51 ---- D ---- C: \ Archivos de Program \ Mozilla Thunderbird
2008-11-28 20:28:20 ---- D ---- C: \ WINDOWS \ system32 \ Catroot2
2008-11-26 00:42:28 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ Skype
2008-11-25 22:39:44 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ skypePM
2008-11-21 09:46:32 ---- B ---- C: \ WINDOWS \ system32 \ PerfStringBackup.INI
2008-11-21 08:20:19 ---- B ---- C: \ WINDOWS \ OEWABLog.txt
2008-11-21 01:29:03 ---- SHD ---- C: \ System Volume Information
2008-11-21 01:29:03 ---- D ---- C: \ WINDOWS \ system32 \ restore
2008-11-21 00:01:59 ---- D ---- C: \ Program Files
2008-11-20 12:39:56 ---- D ---- C: \ WINDOWS \ Prefetch
2008-11-20 08:14:06 ---- SHD ---- C: \ RECYCLER
2008-11-20 08:09:06 ---- D ---- C: \ Documents and Settings
2008-11-19 20:08:01 ---- D ---- C: \ WINDOWS \ Hjelp
2008-11-19 20:00:27 ---- D ---- C: \ WINDOWS \ system32 \ config
2008-11-19 07:15:53 ---- D ---- C: \ WINDOWS \ security
2008-11-19 00:45:38 ---- D ---- C: \ WINDOWS \ Debug
2008-11-19 00:45:24 ---- HD ---- C: \ WINDOWS \ inf
2008-11-19 00:42:49 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache
2008-11-18 23:26:21 ---- SHD ---- C: \ WINDOWS \ Installer
2008-11-18 23:26:18 ---- HD ---- C: \ Config.Msi
2008-11-18 22:54:46 ---- D ---- C: \ WINDOWS \ nettverket diagnostiske
2008-11-18 22:39:38 ---- SD ---- C: \ WINDOWS \ Tasks
2008-11-18 22:05:01 ---- RSD ---- C: \ WINDOWS \ Fonts
2008-11-18 20:27:00 ---- utslett ---- C: \ boot.ini
2008-11-16 21:31:33 ---- D ---- C: \ WINDOWS \ Microsoft.NET
2008-11-16 21:31:31 ---- RSD ---- C: \ WINDOWS \ montering
2008-11-16 19:29:33 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ ZoomBrowser EX
2008-11-16 19:12:02 ---- D ---- C: \ Documents and Settings \ Mauricio \ Datos de Program \ CameraWindowDC
2008-11-16 18:19:17 ---- DC ---- C: \ WINDOWS \ system32 \ DRVSTORE
2008-11-16 18:18:59 ---- D ---- C: \ Archivos de Program \ Broadcom
2008-11-16 18:15:38 ---- D ---- C: \ WINDOWS \ system32 \ ReinstallBackups
2008-11-16 18:14:04 ---- HD ---- C: \ Archivos de Program \ InstallShield Installasjonsinformasjon
2008-11-16 18:12:53 ---- D ---- C: \ drivers
2008-11-16 18:00:33 ---- D ---- C: \ Archivos de Program \ Videolan
2008-11-16 17:49:54 ---- D ---- C: \ i386
2008-11-16 07:51:08 ---- B ---- C: \ WINDOWS \ imsins.BAK
2008-11-16 07:50:04 ---- D ---- C: \ WINDOWS \ system32 \ es-es
2008-11-16 07:45:35 ---- D ---- C: \ Archivos de Program \ MSBuild
2008-11-16 07:41:29 ---- D ---- C: \ WINDOWS \ WinSxS
2008-10-30 19:40:39 ---- D ---- C: \ Archivos de Program \ Google
2008-10-30 19:39:05 ---- D ---- C: \ Archivos de Program \ Archivos comunes
2008-10-30 19:36:32 ---- D ---- C: \ WINDOWS \ system

====== Liste over drivere (R = Running, S = stoppet, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = funksjonshemmede )======

R1 intelppm; Controlador de procesador Intel, C: \ WINDOWS \ system32 \ drivers \ intelppm.sys [2008-04-14 40576]
R1 KLIF; Kaspersky Lab Driver; C: \ WINDOWS \ system32 \ drivers \ klif.sys [2008-11-18 213008]
R3 BCM43XX; Controlador de la Tarjeta de røde inalámbrica WLAN fra Dell, C: \ WINDOWS \ system32 \ drivers \ bcmwl5.sys [2006-10-12 604928]
R3 bcm4sbxp; Broadcom 440x 10/100 Integrated Controller XP Driver; C: \ WINDOWS \ system32 \ drivers \ bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt; Controlador de batería de método de kontroll ACPI fra Microsoft, C: \ WINDOWS \ system32 \ drivers \ CmBatt.sys [2008-04-14 13952]
R3 HDAudBus; Controlador de buss fra Microsoft UAA for High Definition Audio, C: \ WINDOWS \ system32 \ drivers \ HDAudBus.sys [2008-04-14 144384]
R3 ialm; ialm; C: \ WINDOWS \ system32 \ drivers \ ialmnt5.sys [2006-09-15 1173468]
R3 Iviaspi; IVI ASPI Shell, C: \ WINDOWS \ system32 \ drivers \ iviaspi.sys [2006-11-22 16024]
R3 klim5; Kaspersky Anti-Virus NDIS Filtrer; C: \ WINDOWS \ system32 \ drivers \ klim5.sys [2008-04-30 24592]
R3 NWADI; NWADI Buss Enumerator; C: \ WINDOWS \ system32 \ drivers \ NWADIenum.sys [2006-03-27 74752]
R3 STHDA; SigmaTel High Definition Audio Codec, C: \ WINDOWS \ system32 \ drivers \ sthda.sys [2007-05-10 1222840]
R3 SynTP; Synaptics touchpad Driver; C: \ WINDOWS \ system32 \ drivers \ SynTP.sys [2007-12-07 220032]
R3 usbehci; Controlador minipuerto de la controladora mejorada USB 2.0 fra Microsoft, C: \ WINDOWS \ system32 \ drivers \ usbehci.sys [2008-04-14 30208]
R3 usbhub; Concentrador habilitado USB2, C: \ WINDOWS \ system32 \ drivers \ Usbhub.sys [2008-04-14 59520]
R3 usbuhci; Controlador minipuerto de la controladora de vert universell USB fra Microsoft, C: \ WINDOWS \ system32 \ drivers \ usbuhci.sys [2008-04-14 20608]
S3 CatchMe; CatchMe; \? \ C: \ DOCUME ~ 1 \ Mauricio \ CONFIG ~ 1 \ Temp \ catchme.sys []
S3 CCDECODE; Descodificador de título cerrado, C: \ WINDOWS \ system32 \ drivers \ CCDECODE.sys [2008-04-14 17024]
S3 DOT4; Controlador MS IEEE-1284,4; C: \ WINDOWS \ system32 \ drivers \ Dot4.sys [2008-04-14 206976]
S3 Dot4Print; Controlador de clase de impresión para IEEE-1284,4; C: \ WINDOWS \ system32 \ drivers \ Dot4Prt.sys [2001-08-18 12928]
S3 dot4usb; MS Dot4USB Filtrer Dot4USB Filtrer; C: \ WINDOWS \ system32 \ drivers \ dot4usb.sys [2001-08-23 24064]
S3 hidusb; Controlador de clases HID fra Microsoft, C: \ WINDOWS \ system32 \ drivers \ hidusb.sys [2008-04-14 10368]
S3 HPZid412; IEEE-1284,4 Driver HPZid412; C: \ WINDOWS \ system32 \ drivers \ HPZid412.sys [2006-12-03 49920]
S3 HPZipr12; Print Klassifikasjon Driver for IEEE-1284,4 HPZipr12; C: \ WINDOWS \ system32 \ drivers \ HPZipr12.sys [2006-12-03 16496]
S3 HPZius12; USB til IEEE-1284,4 Translation Driver HPZius12; C: \ WINDOWS \ system32 \ drivers \ HPZius12.sys [2006-12-03 21568]
S3 mouhid; Controlador HID de musen; C: \ WINDOWS \ system32 \ drivers \ mouhid.sys [2001-08-24 12416]
S3 MSTEE; Convertidor Tee / Sink-to-Sink de transferencia fra Microsoft, C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC; Codec NABTS / FEC VBI; C: \ WINDOWS \ system32 \ drivers \ NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP; Conexión de TV / Video fra Microsoft, C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys [2008-04-14 10880]
S3 PCASp50; PCASp50 NDIS Protocol Driver; C: \ WINDOWS \ system32 \ Drivers \ PCASp50.sys [2006-04-10 18560]
S3 Slip; BDA Slip De-Framer; C: \ WINDOWS \ system32 \ drivers \ SLIP.sys [2008-04-14 11136]
S3 streamip; Receptor BDA IP; C: \ WINDOWS \ system32 \ drivers \ StreamIP.sys [2008-04-14 15232]
S3 usbccgp; Controlador primario genérico USB fra Microsoft, C: \ WINDOWS \ system32 \ drivers \ usbccgp.sys [2008-04-14 32128]
S3 usbprint; Clase de impresora USB fra Microsoft, C: \ WINDOWS \ system32 \ drivers \ usbprint.sys [2008-04-14 25856]
S3 usbscan; Controlador de escáner USB, C: \ WINDOWS \ system32 \ drivers \ usbscan.sys [2008-04-14 15104]
S3 USBSTOR; Dispositivo de almacenamiento masivo de datos USB, C: \ WINDOWS \ system32 \ drivers \ USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo; Dispositivo de Vídeo USB (WDM); C: \ WINDOWS \ system32 \ Drivers \ usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC; Codec de teletexto estándar mundial, C: \ WINDOWS \ system32 \ drivers \ WSTCODEC.SYS [2008-04-14 19200]
S4 WS2IFSL; Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2,0; C: \ WINDOWS \ system32 \ drivers \ ws2ifsl.sys [2001-08-24 12032]

====== Liste over tjenester (R = Running, S = stoppet, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = funksjonshemmede )======

R2 AVP; Kaspersky Anti-Virus, C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe [2008-07-29 206088]
R2 CCALib8; Canon Camera Access Library 8; C: \ Archivos de Program \ Canon \ CAL \ CALMAIN.exe [2007-01-31 96370]
R2 hpqddsvc; Servicio HP CUE DeviceDiscovery; C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService; Java Quick Starter; C: \ Archivos de Program \ Java \ jre6 \ bin \ jqs.exe [2008-10-28 152984]
R2 Net Driver HPZ12; Net Driver HPZ12; C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12; Pml Driver HPZ12; C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-14 14336]
R2 UleadBurningHelper; Ulead Burning Helper; C: \ Archivos de Program \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe [2004-12-13 49152]
R2 UMWdf; Windows User Mode Driver Framework, C: \ WINDOWS \ system32 \ wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc; Dell Wireless WLAN Tray Service; C: \ WINDOWS \ system32 \ WLTRYSVC.EXE [2006-11-01 20480]
R2 WSearch; Búsqueda de Windows; C: \ WINDOWS \ system32 \ SearchIndexer.exe [2007-02-06 300032]
R3 hpqcxs08; hpqcxs08; C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-14 14336]
S3 aspnet_state; ASP.NET State Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ aspn et_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;. NET Runtime Optimization Service v2.0.50727_X86; C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ msco rsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0; Windows Presentation Foundation Font Cache 3.0.0.0; C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ wpf \ Presen tationFontCache.exe [2008-07-29 46104]
S3 idsvc; Windows CardSpace; C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ Windows Communication Foundation \ infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service; Microsoft Office Groove Audit Service; C: \ Archivos de Program \ Microsoft Office \ Office12 \ GrooveAuditService.exe [2007-08-24 68464]
S3 odserv; Microsoft Office Diagnostics Service; C: \ Archivos de Program \ Archivos comunes \ Microsoft Shared \ Office12 \ ODSERV.EXE [2007-08-24 443776]
S3 ose; Office Source Engine; C: \ Archivos de Program \ Archivos comunes \ Microsoft Shared \ Source Engine \ Ose.exe [2006-10-26 145184]
S3 usnjsvc; Servicio Lector del diario USN de Carpetas para compartir de Messenger, C: \ Archivos de Program \ Windows Live \ Messenger \ usnsvc.exe [2007-10-19 98328]
S3 WLSetupSvc; Windows Live Setup Service; C: \ Archivos de Program \ Windows Live \ Installer \ WLSetupSvc.exe [2007-10-26 266240]
S4 NetTcpPortSharing; Net.Tcp Port Sharing Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ Windows Communication Foundation \ SMSvcHost.exe [2008-07-29 132096]
S4 Zumie Search Service; Zumie Search Service; C: \ Archivos de Program \ Zumie \ zumie.exe C: \ Archivos de Program \ Zumie \ zumie.dll Service []

----------------- EOF -----------------

**kathymer** · #8 29th Nov 2008, 08:11

info.txt logfile tilfeldig system informasjon verktøyet 1,04 2008-11-29 23:03:46

====== Uninstall listen ======

-> "C: \ Archivos de Program \ InstallShield Installation Information \ (F37167DD-4436-4641-90B6-329D60632DDA) \ Setup.exe" REMOVEALL - u: (F37167DD-4436-4641-90B6-329D60632DDA)
-> Rundll32 C: \ Archiv ~ 1 \ Archiv ~ 1 \ installere ~ 1 \ profesjonelle ~ 1 \ Kjøretid \ 070 1 \ Intel32 \ Ctor.dll, LaunchSetup "C: \ Archivos de Program \ InstallShield Installation Information \ (FA7621DC - 7144-4A24-973C-B9BC0E945628) \ setup.exe "-l0x9
-> rundll32.exe Setupapi.dll, InstallHinfSection DefaultUninstall 132 C: \ WINDOWS \ INF \ PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-0015-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-0016-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-0018-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-0019-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-001A-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-001B-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-001F-0403-0000-0000000FF1CE) / uninstall (A5B6B786-2D6F-4B75-940F-42B32D01D146)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-001F-0409-0000-0000000FF1CE) / uninstall (3EC77D26-799B-4CD8-914F-C1565E796173)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-001F-040C-0000-0000000FF1CE) / uninstall (430971B1-C31E-45DA-81E0-72C095BAB72C)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-001F-0416-0000-0000000FF1CE) / uninstall (669EB263-0AFE-4FCB-A068-DB082CA6273C)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-001F-0C0A-0000-0000000FF1CE) / uninstall (F7A31780-33C4-4E39-951A-5EC9B91D7BF1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-0030-0000-0000-0000000FF1CE) / uninstall (BEE75E01-DD3F-4D5F-B96C-609E6538D419)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-006E-0C0A-0000-0000000FF1CE) / uninstall (35B14BD6-6042-4A55-B326-58309DC8C72A)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-00A1-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / pakke (90120000-00BA-0C0A-0000-0000000FF1CE) / uninstall (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
32 Bit HP CIO Components Installer -> Msiexec.exe / I (F1E63043-54FC-429B-AB2C-31AF9FBA4BC7)
Acrobat.com--> C: \ Archivos de Program \ Archivos comunes \ Adobe AIR \ Versjoner \ 1.0 \ Adobe AIR Application Installer.exe-uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com--> Msiexec.exe / I (77DCDCE3-2DED-62F3-8154-05E745472D07)
Actualización de Seguridad for Windows XP (KB923789) -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ genuinst.exe C: \ WINDOWS \ system32 \ Macromed \ Flash \ KB923789.inf
Actualización de Seguridad for Windows XP (KB950759 )-->" C: \ WINDOWS \ $ NtUninstallKB950759 $ \ spuninst \ spunin st.exe "
Actualización de Seguridad for Windows XP (KB950760 )-->" C: \ WINDOWS \ $ NtUninstallKB950760 $ \ spuninst \ spunin st.exe "
Actualización de Seguridad for Windows XP (KB950762 )-->" C: \ WINDOWS \ $ NtUninstallKB950762 $ \ spuninst \ spunin st.exe "
Actualización de Seguridad for Windows XP (KB951376-v2 )-->" C: \ WINDOWS \ $ NtUninstallKB951376-v2 $ \ Spuninst \ Spuninst.exe "
Actualización de Seguridad for Windows XP (KB951698 )-->" C: \ WINDOWS \ $ NtUninstallKB951698 $ \ spuninst \ spunin st.exe "
Actualización de Seguridad for Windows XP (KB951748 )-->" C: \ WINDOWS \ $ NtUninstallKB951748 $ \ spuninst \ spunin st.exe "
Actualización for Windows XP (KB898461 )-->" C: \ WINDOWS \ $ NtUninstallKB898461 $ \ spuninst \ spunin st.exe "
Actualización for Windows XP (KB942763 )-->" C: \ WINDOWS \ $ NtUninstallKB942763 $ \ spuninst \ spunin st.exe "
Actualización for Windows XP (KB951072-v2 )-->" C: \ WINDOWS \ $ NtUninstallKB951072-v2 $ \ Spuninst \ Spuninst.exe "
Actualización for Windows XP (KB951978 )-->" C: \ WINDOWS \ $ NtUninstallKB951978 $ \ spuninst \ spunin st.exe "
Adobe AIR -> Msiexec.exe / I (197A3012-8C85-4FD3-AB66-9EC7E13DB92E)
Adobe Flash Player 10 ActiveX -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ uninstall_acti veX.exe
Adobe Flash Player Plugin -> C: \ WINDOWS \ system32 \ Macromed \ Flash \ uninstall_plug in.exe
Adobe Reader 9 -> Msiexec.exe / I (AC76BA86-7AD7-1033-7B44-A90000000001)
Apple Software Update -> Msiexec.exe / I (02DFF6B1-1654-411C-8D7B-FD6052EF016F)
Ares 2.0.9 -> "C: \ Archivos de Program \ Ares \ uninstall.exe"
AVIConverter 3.0 -> C: \ Archivos de Program \ AVIConverter \ uninst.exe
Barra Yahoo! con bloqueador de ventanas emergentes -> C: \ Archiv ~ 1 \ Yahoo! \ Common \ unyt.exe
Broadcom 440x 10/100 Integrated Controller -> Msiexec.exe / X (612B9183-67A9-4B44-9877-2F059E35B86A)
Broadcom WLAN -> C: \ Archivos de Program \ InstallShield Installation Information \ (13191B3F-D711-4906-81B3-5C47E031B235) \ setup.exe-runfromtemp-l0x000a-removeonly
Búsqueda en el escritorio de Windows 3.01 -> "C: \ WINDOWS \ $ NtUninstallKB917013 $ \ spuninst \ spunin st.exe"
Canon Camera Access Library -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ CAL \ Uninst.ini"
Canon Camera Support Core Bibliotek -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ CSCLIB \ Uninst.ini"
Canon G.726 WMP-dekoder -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ G726Decoder \ G726DecUnInstall.ini"
Canon MovieEdit oppgave for ZoomBrowser EX -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ ZoomBrowser EX \ Programfiler \ MVWUninst.ini "
Canon RAW Image Task for ZoomBrowser EX -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ RAW Image Task \ Uninst.ini "
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ CameraWindow \ CameraWindowDVC \ uninst. ini "
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ CameraWindow \ CameraWindowDVC6 \ Unins t . ini "
Canon Utilities CameraWindow DC -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ CameraWindow \ CameraWindowDC \ uninst. Ini"
Canon Utilities CameraWindow -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ CameraWindow \ CameraWindowLauncher \ U ninst.ini"
Canon Utilities EOS Utility -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ EOS Utility \ Uninst.ini"
Canon Utilities MyCamera DC -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ CameraWindow \ MyCameraDC \ Uninst.ini"
Canon Utilities MyCamera -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ CameraWindow \ MyCamera \ Uninst.ini"
Canon Utilities PhotoStitch -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ PhotoStitch \ Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ CameraWindow \ RemoteCaptureTask DC \ uninst. ini "
Canon Utilities ZoomBrowser EX -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ ZoomBrowser EX \ Programfiler \ Uninst.ini"
Canons ZoomBrowser EX Memory Card Utility -> "C: \ Archivos de Program \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de Program \ Canon \ ZoomBrowser EX MCU \ Uninst.ini"
Chinese Simplified Fonter støtte for Adobe Reader 9 -> Msiexec.exe / I (AC76BA86-7AD7-2447-0000-900000000003)
Dell Mobile Broadband Card Utility -> Msiexec.exe / X (DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28)
Dell Wireless WLAN Card -> "C: \ Archivos de Program \ Dell \ Dell Wireless WLAN Card \ bcmwlu00.exe" verbose / rootkey = "Software \ Broadcom \ 802,11 \ UninstallInfo" / rootdir = "C: \ Archivos de Program \ Dell \ Dell Wireless WLAN Card "
Diccionario Cambridge Klett Compact -> C: \ WINDOWS \ IsUn040a.exe-f "C: \ Archivos de Program \ Cambridge \ ENS001CP \ Uninst.isu"
Digital Camera Driver -> C: \ Archiv ~ 1 \ DIGITA ~ 2 \ UNWISE.EXE C: \ Archiv ~ 1 \ DIGITA ~ 2 \ INSTALL.LOG
HijackThis 2.0.2 -> "C: \ Archivos de Program \ Trend Micro \ HijackThis \ HijackThis.exe" / avinstallere
Hurtigreparasjon for Microsoft. NET Framework 3.5 SP1 (KB953595) -> C: \ WINDOWS \ system32 \ msiexec.exe / pakke (CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9) / uninstall / qb + REBOOTPROMPT = ""
HP LaserJet 1150 / 1300 -> Msiexec.exe / x (1485B7CD-4CBD-4039-8EAE-5A22993D7F54)
HP Officejet J3500 Series -> C: \ Archivos de Program \ HP \ Digital Imaging \ (B1D1B548-BD7D-40f9-80A4-A247E44BFCF4) \ setup \ hpzscr01.exe-datfile hpwscr15.dat
HP Smart Web Printing -> Msiexec.exe / X (415CDA53-9100-476F-A7B2-476691E117C7)
HP Update -> Msiexec.exe / X (8C6027FD-53DC-446D-BB75-CACD7028A134)
Intel (R) Graphics Media Accelerator Driver for Mobile -> rundll32.exe C: \ WINDOWS \ system32 \ ialmrem.dll, UninstallW2KIGfx2I D PCI \ VEN_8086 & DEV_2792 PCI \ VEN_8086 & DEV_2592
InterVideo MediaOne Galleri -> rundll32 C: \ Archiv ~ 1 \ Archiv ~ 1 \ installere ~ 1 \ engine \ 6 \ INTEL3 ~ 1 \ ct or.dll, LaunchSetup "C: \ Archivos de Program \ InstallShield Installation Information \ (34F0D55F -C386-4195-9A5B-961D3F6ACD46) \ setup.exe "REMOVEALL
Java (TM) 6 Update 10 -> Msiexec.exe / X (26A24AE4-039D-4CA4-87B4-2F83216010FF)
Java (TM) 6 Update 7 -> Msiexec.exe / I (3248F0A8-6813-11D6-A77B-00B0D0160070)
Kaspersky Anti-Virus 2009 -> Msiexec.exe / I (6580C5A3-2336-4EC5-85F1-3448C5F6208A)
Kaspersky Anti-Virus 2009 -> Msiexec.exe / I (6580C5A3-2336-4EC5-85F1-3448C5F6208A)
Malwarebytes' Anti-Malware -> "C: \ Archivos de Program \ Malwarebytes' Anti-Malware \ unins000.exe"
Microsoft. NET Framework 2.0 Service Pack 2 Språk Pack - ESN -> Msiexec.exe / I (85AC0FFA-643D-3103-9310-7086ECB0C36C)
Microsoft. NET Framework 2.0 Service Pack 2 -> Msiexec.exe / I (C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F)
Microsoft. NET Framework 3.0 Service Pack 2 Språk Pack - ESN -> Msiexec.exe / I (BDEDB104-4067-3D5E-81F0-DBEBFE856B45)
Microsoft. NET Framework 3.0 Service Pack 2 -> Msiexec.exe / I (A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7)
Microsoft. NET Framework 3.5 Language Pack SP1 - esn -> Msiexec.exe / I (92E4A65F-7007-3357-A69A-167F71A337BD)
Microsoft. NET Framework 3.5 SP1 -> C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.5 \ Microso ft. NET Framework 3.5 SP1 \ setup.exe
Microsoft. NET Framework 3.5 SP1 -> Msiexec.exe / I (CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9)
Microsoft internasjonalt domenenavn Mitigation APIene -> "C: \ WINDOWS \ $ NtServicePackUninstallIDNMitigationA PIS $ \ Spuninst \ Spuninst.exe"
Microsoft National Language Support Downlevel APIene -> "C: \ WINDOWS \ $ NtServicePackUninstallNLSDownlevelMa pping $ \ Spuninst \ Spuninst.exe"
Microsoft Office Access MUI (Spansk) 2007 -> Msiexec.exe / X (90120000-0015-0C0A-0000-0000000FF1CE)
Microsoft Office Enterprise 2007 -> "C: \ Archivos de Program \ Archivos comunes \ Microsoft Shared \ Office12 \ Office Setup Controller \ setup.exe" / avinstallere ENTERPRISE / dll OSETUP.DLL
Microsoft Office Enterprise 2007 -> Msiexec.exe / X (90120000-0030-0000-0000-0000000FF1CE)
Microsoft Office Excel MUI (Spansk) 2007 -> Msiexec.exe / X (90120000-0016-0C0A-0000-0000000FF1CE)
Microsoft Office Groove MUI (Spansk) 2007 -> Msiexec.exe / X (90120000-00BA-0C0A-0000-0000000FF1CE)
Microsoft Office InfoPath MUI (Spansk) 2007 (Beta) -> Msiexec.exe / X (30120000-0044-0C0A-0000-0000000FF1CE)
Microsoft Office OneNote MUI (Spansk) 2007 -> Msiexec.exe / X (90120000-00A1-0C0A-0000-0000000FF1CE)
Microsoft Office Outlook MUI (Spansk) 2007 -> Msiexec.exe / X (90120000-001A-0C0A-0000-0000000FF1CE)
Microsoft Office PowerPoint MUI (Spansk) 2007 -> Msiexec.exe / X (90120000-0018-0C0A-0000-0000000FF1CE)
Microsoft Office Proof (Baskerland) 2007 -> Msiexec.exe / X (90120000-001F-042D-0000-0000000FF1CE)
Microsoft Office Proof (katalansk) 2007 -> Msiexec.exe / X (90120000-001F-0403-0000-0000000FF1CE)
Microsoft Office Proof (England) 2007 -> Msiexec.exe / X (90120000-001F-0409-0000-0000000FF1CE)
Microsoft Office Proof (fransk) 2007 -> Msiexec.exe / X (90120000-001F-040C-0000-0000000FF1CE)
Microsoft Office Proof (Galician) 2007 -> Msiexec.exe / X (90120000-001F-0456-0000-0000000FF1CE)
Microsoft Office Proof (Portuguese (Brazil)) 2007 -> Msiexec.exe / X (90120000-001F-0416-0000-0000000FF1CE)
Microsoft Office Proof (Spansk) 2007 -> Msiexec.exe / X (90120000-001F-0C0A-0000-0000000FF1CE)
Microsoft Office Korrekturverktøy (Spansk) 2007 -> Msiexec.exe / X (90120000-002C-0C0A-0000-0000000FF1CE)
Microsoft Office Publisher MUI (Spansk) 2007 -> Msiexec.exe / X (90120000-0019-0C0A-0000-0000000FF1CE)
Microsoft Office Delt MUI (Spansk) 2007 -> Msiexec.exe / X (90120000-006E-0C0A-0000-0000000FF1CE)
Microsoft Office Word MUI (Spansk) 2007 -> Msiexec.exe / X (90120000-001B-0C0A-0000-0000000FF1CE)
Microsoft Visual C + + 2005 Redistributable -> Msiexec.exe / X (7299052b-02a4-4627-81f2-1818da5d550d)
Mozilla Firefox (2.0.0.18) -> C: \ Archivos de Program \ Mozilla Firefox \ Uninstall \ helper.exe
Mozilla Thunderbird (2.0.0.18) -> C: \ Archivos de Program \ Mozilla Thunderbird \ Uninstall \ helper.exe
MSN -> C: \ Archivos de Program \ MSN \ MsnInstaller \ msninst.exe / Handling: ARP
MSXML 4.0 SP2 (KB936181) -> Msiexec.exe / I (C04E32E0-0416-434D-AFB9-6969D703A9EF)
OpenOffice.org 3.0 -> Msiexec.exe / I (F44DA61E-720D-4E79-871F-F6E628B33242)
Paquete de språk fra Microsoft. NET Framework 3.5 SP1 - esn -> c: \ WINDOWS \ Microsoft.NET \ Framework \ v3.5 \ Microso ft. NET Framework 3.5 Language Pack SP1 - esn \ setup.exe
QuickTime -> Msiexec.exe / I (08CA9554-B5FE-4313-938F-D4A417B81175)
Gjennomgang for Windows XP (KB952287 )-->" C: \ WINDOWS \ $ NtUninstallKB952287 $ \ spuninst \ spunin st.exe "
Sikkerhetsoppdatering for Excel 2007 (KB946974) -> msiexec / pakke (90120000-0030-0000-0000-0000000FF1CE) / uninstall (85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E)
Sikkerhetsoppdatering for Microsoft Office Publisher 2007 (KB950114) -> msiexec / pakke (90120000-0030-0000-0000-0000000FF1CE) / uninstall (F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85)
Sikkerhetsoppdatering for Microsoft Office 2007 (KB951808) -> msiexec / pakke (90120000-0030-0000-0000-0000000FF1CE) / uninstall (8F375E11-4FD6-4B89-9E2B-A76D48B51E00)
Sikkerhetsoppdatering for Microsoft Office Word 2007 (KB950113) -> msiexec / pakke (90120000-0030-0000-0000-0000000FF1CE) / uninstall (AD72BABE-C733-4FCF-9674-4314466191B9)
Sikkerhetsoppdatering for Office 2007 (KB947801) -> msiexec / pakke (90120000-0030-0000-0000-0000000FF1CE) / uninstall (02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E)
SigmaTel Audio -> rundll32 C: \ Archiv ~ 1 \ Archiv ~ 1 \ installere ~ 1 \ profesjonelle ~ 1 \ Kjøretid \ 10 \ 01 \ Intel32 \ Ctor.dll, LaunchSetup "C: \ Archivos de Program \ InstallShield Installation Information \ (A462213D-EED4-42C2-9A60-7BDD4D4B0B17) \ setup.exe "-l0xa-fjerne-removeonly
Skype ™ 3.8 -> Msiexec.exe / X (5C82DAE5-6EB0-4374-9254-BE3319BA4E82)
Synaptics Pekeenhet Driver -> rundll32.exe "C: \ Archivos de Program \ Synaptics \ SynTP \ SynISDLL.dll", standAloneU ninstall
Uniblue DriverScanner 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ (D5ABFFAD-D592-4F98-B02B-587125B4801F) \ DriverScanner_Setup.exe" Fjern = TRUE MODIFY = FALSE
Uniblue DriverScanner 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ (D5ABFFAD-D592-4F98-B02B-587125B4801F) \ DriverScanner_Setup.exe
Uniblue RegistryBooster 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185) \ Uniblue RegistryBooster.exe" Fjern = TRUE MODIFY = FALSE
Uniblue RegistryBooster 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185) \ Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ (51019853-129C-4EDE-9030-D5FD7BBD9AD0) \ SpeedUpMyPC.exe" Fjern = TRUE MODIFY = FALSE
Uniblue SpeedUpMyPC 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ Datos de Program \ (51019853-129C-4EDE-9030-D5FD7BBD9AD0) \ SpeedUpMyPC.exe
Unlocker 1.8.7 -> C: \ Archivos de Program \ Unlocker \ uninst.exe
Oppdatering for Microsoft Office Outlook 2007 (KB952142) -> msiexec / pakke (90120000-0030-0000-0000-0000000FF1CE) / uninstall (4AD3A076-427C-491F-A5B7-7D1DE788A756)
Oppdatering for Office 2007 (KB946691) -> msiexec / pakke (90120000-0030-0000-0000-0000000FF1CE) / uninstall (A420F522-7395-4872-9882-C591B4B92278)
Oppdatering for Outlook 2007 søppelpostfilteret (kb953463) -> msiexec / pakke (90120000-0030-0000-0000-0000000FF1CE) / uninstall (1B78D541-9FF1-4330-ADD8-CED14F0C1E8E)
Winamp -> "C: \ Archivos de Program \ Winamp \ UninstWA.exe"
Windows Live Asistente para el Hjem de sesión -> Msiexec.exe / I (AFA4E5FD-ED70-4D92-99D0-162FD56DC986)
Windows Live Installer -> Msiexec.exe / X (9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1)
Windows Live Messenger -> Msiexec.exe / X (FC411B47-30BF-428C-9C1E-F6C54A94EA7E)
Windows Media Format Runtime -> "C: \ Archivos de Program \ Windows Media Player \ wmsetsdk.exe" / UninstallAll
WinRAR archiver -> C: \ Archivos de Program \ WinRAR \ uninstall.exe
XML Paper Specification delte komponenter Language Pack 1.0 -> "C: \ WINDOWS \ $ NtUninstallXPSEPSCLP $ \ spuninst \ spuni nst.exe"
Yahoo! Messenger -> C: \ Archiv ~ 1 \ Yahoo! \ Messenger \ UNWISE.EXE / uc: \ Archiv ~ 1 \ Yahoo! \ Messenger \ INSTALL.LOG

===== HijackThis sikkerhetskopier =====

O23 - Service: Zumie Search Service - Unknown owner - C: \ Archivos de Program \ Zumie \ zumie.exe (fil mangler)

====== Hosts File ======

127.0.0.1 localhost

====== Sikkerhetssenter informasjon ======

AV: Kaspersky Anti-Virus (utdatert)

====== Miljøvariabler ======

"ComSpec" =% SystemRoot% \ system32 \ cmd.exe
"Path" =% SystemRoot% \ system32;% SystemRoot%;% SystemR oot% \ System32 \ Wbem; C: \ Archivos de Program \ QuickTime \ QTSystem \
"Windir" =% SystemRoot%
"FP_NO_HOST_CHECK" = NO
"OS" = Windows_NT
"PROCESSOR_ARCHITECTURE" = x86
"PROCESSOR_LEVEL" = 6
"PROCESSOR_IDENTIFIER" = x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION" = 0d08
"NUMBER_OF_PROCESSORS" = 1
"PATHEXT" =. COM;. EXE;. BAT;. CMD;. VBS;. VBE;. JS;. Jse;. WSF;. WSH
"TEMP" =% SystemRoot% \ Temp
"TMP" =% SystemRoot% \ Temp
"CLASSPATH" =.; C: \ Archivos de Program \ QuickTime \ QTSystem \ QTJava.zip
"QTJAVA" = C: \ Archivos de Program \ QuickTime \ QTSystem \ QTJava.zip

----------------- EOF -----------------

**kathymer** · #9 29th Nov 2008, 08:12

Malwarebytes' Anti-Malware 1.30
Database versjon: 1433
Windows 5.1.2600 Service Pack 3

29/11/2008 10:55:13 pm
mbam-log-2008-11-29 (22-55-13). txt

Scan type: Quick Scan
Objekter skannet: 68095
Tid brukt: 10 minutt (er), 45 sekund (er)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registernøkler Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 11
Files Infected: 28

Memory Processes Infected:
(Ingen skadelige eks oppdaget)

Memory Modules Infected:
C: \ WINDOWS \ system32 \ ljJyVnom.dll (Trojan.Vundo.H) -> Delete on reboot.

Registernøkler Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (459f140e-1635-41de-8061-8de0ab740e28) (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT \ CLSID \ (459f140e-1635-41de-8061-8de0ab740e28) (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT \ Interface \ (48e92754-2daf-4de4-8385-34f631580e9b) (Trojan.FakeAlert) -> karantene og slettet.
HKEY_CLASSES_ROOT \ Interface \ (a1c23ba2-8f20-4c01-b663-7ff2b3421194) (Trojan.FakeAlert) -> karantene og slettet.
HKEY_CLASSES_ROOT \ CLSID \ (d37d6c1a-7ba4-47f4-9bf2-75031e257df6) (Trojan.FakeAlert) -> karantene og slettet.
HKEY_CLASSES_ROOT \ Typelib \ (84562fca-ee8b-4585-a1d1-eae97b23370e) (Trojan.FakeAlert) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (098716a9-0310-4cbe-bd64-b790a9761158) (Trojan.FakeAlert) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantene og slettet.

Registry Values Infected:
(Ingen skadelige eks oppdaget)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notification Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ljjyvnom -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ljjyvnom -> Slett på omstart.

Folders Infected:
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene \ Autorun (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene \ Autorun \ HKCU (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene \ Autorun \ HKCU \ Runo NCE (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene \ Autorun \ HKLM (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene \ Autorun \ HKLM \ Runo NCE (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene \ Autorun \ StartMenu ALLUSERS (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene \ Autorun \ StartMenu CurrentUser (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene \ BrowserObjects (Rogue.Multiple) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ rhcvllj0e32r \ Karantene \ Packages (Rogue.Multiple) -> karantene og slettet.

Files Infected:
C: \ WINDOWS \ system32 \ ljJyVnom.dll (Trojan.Vundo.H) -> Delete on reboot.
C: \ WINDOWS \ system32 \ monVyJjl.ini (Trojan.Vundo.H) -> Delete on reboot.
C: \ WINDOWS \ system32 \ monVyJjl.ini2 (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ egurvpxu.dll (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ uxpvruge.ini (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ ioodgsis.dll (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ sisgdooi.ini (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ olcxvcls.dll (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ slcvxclo.ini (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ qxxiopls.dll (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ slpoixxq.ini (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ tlpvqfqf.dll (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ fqfqvplt.ini (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ yqbfrwpg.dll (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ gpwrfbqy.ini (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ geBqRhEv.dll (Trojan.Vundo) -> karantene og slettet.
C: \ WINDOWS \ system32 \ jkkKbxWp.dll (Trojan.Vundo) -> karantene og slettet.
C: \ RECYCLER \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc339.exe (Adware.Seekmo) -> karantene og slettet.
C: \ RECYCLER \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc340.exe (Adware.Seekmo) -> karantene og slettet.
C: \ RECYCLER \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc343.exe (Adware.Seekmo) -> karantene og slettet.
C: \ Archivos de Program \ Mozilla Firefox \ regxpcom.exe (Trojan.FBrowsingAdvisor) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Configuración lokale \ Temp \ nsp116.tmp \ blowfish.dll (Trojan.FakeAlert) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Escritorio \ Antivirus XP 2008.lnk (Rogue.Antivirus) -> karantene og slettet.
C: \ Documents and Settings \ All Users \ Escritorio \ Antivirus XP 2008.lnk (Rogue.Antivirus) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ Microsoft \ Internet Explorer \ Quick Launch \ Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de Program \ Microsoft \ Internet Explorer \ Quick Launch \ Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> karantene og slettet.
C: \ Documents and Settings \ Mauricio \ Configuración lokale \ Temp \ lwpwer.exe (Trojan.FakeAlert) -> karantene og slettet.
C: \ Documents and Settings \ TrackerVsrGroup \ Escritorio \ SystemDefender. Lnk (Rogue.SystemDefender) -> karantene og slettet.

**kathymer** · #10 29th Nov 2008, 08:14

Vel, det er de 3-logger som du ba om, at jeg vet om noe annet må gjøres.
Og takk for din hjelp og tid.

Jeg setter pris på det.

Kathy.

Lignende Tråder
Tråd	Tråd startet	Forum	Svar	Siste innlegg
Problem med Trojansk Hest Downloader Generic 9	OGB	Virus, spionprogrammer og sikkerhet	7	21 november 2009 13:06
Infisert med MultiPacked.Multi.Generic Malware!	ruffryder2k7	Virus, spionprogrammer og sikkerhet	12	26 juni 2009 19:26
Trojan.vundo.h, trojan.agent, adware.mirar + mer! : (	sillyarfer	Virus, spionprogrammer og sikkerhet	1	14 desember 2008 09:59
Infisert med Heur.trojan.generic Please Help	ruffryder2k7	Virus, spionprogrammer og sikkerhet	17	6 november 2008 10:39
Er du i stand til å synkronisere en fellesbetegnelse mp3 spilleren [ikke en iPod] med iTunes?	reyrey_angulo	Lyd, høyttalere og MP3-spillere	1	18 mars 2007 15:39