ComboFix 10-08-20.01 - 19010HKMI2 21.08.2010 22:35:19.2.2 - x86 Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.47.1044.18.1919.1061 [GMT 2:00] Kjører fra: c:\users\19010HKMI2\Desktop\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525} FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} SP: Trend Micro OfficeScan Anti-spyware *disabled* (Updated) {6D124117-24A2-4555-BD42-A763D52CFEB2} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . Følgende filer ble deaktivert: c:\windows\System32\cwAgent.dll ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\lsass.exe c:\program files\Common Files\Uninstall c:\users\19010HKMI2\AppData\Local\jwijisbhw c:\users\19010HKMI2\AppData\Local\jwijisbhw\qiddqjsshdw.exe c:\users\19010HKMI2\AppData\Local\Windows Server c:\users\19010HKMI2\AppData\Local\Windows Server\admin.txt c:\users\19010HKMI2\AppData\Local\Windows Server\flags.ini c:\users\19010HKMI2\AppData\Local\Windows Server\server.dat c:\users\19010HKMI2\AppData\Local\Windows Server\uses32.dat c:\users\19010HKMI2\AppData\Roaming\3A56C4F71E99CCA61B0F0B4FCFF2E307 c:\users\19010HKMI2\AppData\Roaming\3A56C4F71E99CCA61B0F0B4FCFF2E307\enemies-names.txt c:\users\19010HKMI2\AppData\Roaming\3A56C4F71E99CCA61B0F0B4FCFF2E307\local.ini c:\users\19010HKMI2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor c:\users\19010HKMI2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\users\19010HKMI2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\windows\system32\zlibwapi.dll c:\windows\system32\drivers\SafeBoot.sys . . . er infisert!! . . . Failed to find a valid replacement. Infisert kopi av c:\windows\explorer.exe ble funnet og desinfisert Gjenopprettet kopi fra - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe Infisert kopi av c:\windows\System32\wininit.exe ble funnet og desinfisert Gjenopprettet kopi fra - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NDISRD ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-07-21 til 2010-08-21 ))))))))))))))))))))))))))))))))) . 2010-08-21 20:49 . 2010-08-21 20:57 -------- d-----w- c:\users\19010HKMI2\AppData\Local\temp 2010-08-21 20:49 . 2010-08-21 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-21 20:49 . 2010-08-21 20:49 -------- d-----w- c:\users\19010admin\AppData\Local\temp 2010-08-20 21:22 . 2010-08-20 21:22 -------- d-----w- c:\users\19010HKMI2\AppData\Roaming\Malwarebytes 2010-08-20 21:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-20 21:21 . 2010-08-20 21:21 -------- d-----w- c:\programdata\Malwarebytes 2010-08-20 21:21 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-20 21:21 . 2010-08-20 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-15 16:01 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys 2010-08-15 16:01 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll 2010-08-15 16:01 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-15 16:01 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-15 16:01 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll 2010-08-15 16:01 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-15 16:01 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-15 16:01 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-07 23:26 . 2010-08-07 23:26 -------- d-----w- C:\BraCa Soft . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-21 20:51 . 2007-07-12 09:22 2484 ----a-w- c:\windows\bthservsdp.dat 2010-08-21 20:51 . 2007-10-02 12:27 -------- d-----w- c:\users\19010HKMI2\AppData\Roaming\SoftGrid Client 2010-08-21 19:36 . 2008-11-13 11:47 -------- d-----w- c:\program files\Steam 2010-08-20 21:07 . 2009-11-29 13:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-08-20 21:04 . 2007-12-25 13:22 -------- d-----w- c:\users\19010HKMI2\AppData\Roaming\uTorrent 2010-08-15 21:39 . 2008-12-10 02:02 -------- d-----w- c:\programdata\Microsoft Help 2010-08-15 21:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-15 21:33 . 2010-05-13 01:08 -------- d-----w- c:\users\19010HKMI2\AppData\Roaming\Skype 2010-08-15 15:54 . 2009-09-20 17:18 -------- d-----w- c:\program files\Voobly 2010-08-15 15:50 . 2008-11-19 19:58 -------- d-----w- c:\users\19010HKMI2\AppData\Roaming\skypePM 2010-08-01 23:29 . 2006-11-21 05:21 89580 ----a-w- c:\windows\system32\perfc014.dat 2010-08-01 23:29 . 2006-11-21 05:21 487046 ----a-w- c:\windows\system32\perfh014.dat 2010-07-24 20:42 . 2010-05-13 01:06 -------- d-----r- c:\program files\Skype 2010-07-18 15:14 . 2009-01-09 13:37 -------- d-----w- c:\program files\Microsoft 2010-07-15 19:30 . 2009-06-20 19:25 -------- d-----w- c:\users\19010HKMI2\AppData\Roaming\Ventrilo 2010-07-13 22:50 . 2007-10-04 19:39 -------- d-----w- c:\users\19010HKMI2\AppData\Roaming\Sports Interactive 2010-07-09 14:52 . 2010-07-09 14:41 -------- d-----w- c:\users\19010HKMI2\AppData\Roaming\Pro Cycling Manager 2008 - Demo 2010-07-04 16:06 . 2007-07-12 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-04 14:25 . 2010-07-04 14:25 -------- d-----w- c:\program files\directx 2010-07-04 13:23 . 2010-07-04 13:23 0 ----a-w- c:\windows\PowerReg.dat 2010-07-04 13:18 . 2010-07-04 12:50 -------- d-----w- c:\users\19010HKMI2\AppData\Roaming\DAEMON Tools Lite 2010-07-04 12:52 . 2010-07-04 12:51 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-07-04 12:52 . 2007-12-25 20:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-07-04 12:50 . 2010-07-04 12:50 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-06-29 22:45 . 2010-04-26 21:30 1240800 ----a-w- c:\users\19010HKMI2\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe 2010-06-29 22:43 . 2010-06-29 22:43 159456 ----a-w- c:\users\19010HKMI2\AppData\Roaming\GameRanger\GameRanger\Data\GameRanger.dll 2010-06-28 16:17 . 2010-08-15 16:02 833024 ----a-w- c:\windows\system32\wininet.dll 2010-06-28 16:13 . 2010-08-15 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-23 18:46 . 2010-06-20 11:01 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-06-11 15:31 . 2010-08-15 16:02 274432 ----a-w- c:\windows\system32\schannel.dll 2010-05-27 19:16 . 2010-08-15 16:02 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-05-27 11:27 . 2010-05-17 21:15 54 ----a-w- c:\windows\system32\rp_stats.dat 2010-05-27 11:27 . 2010-05-17 21:15 39 ----a-w- c:\windows\system32\rp_rules.dat 2010-05-26 16:16 . 2010-06-11 21:07 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:25 . 2010-06-11 21:07 289792 ----a-w- c:\windows\system32\atmfd.dll . ------- Sigcheck ------- [-] 2008-10-30 . 05AD9BDD25436C3C15C7045A32C53738 . 2927616 . . [6.0.6000.16386] . . c:\windows\explorer.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-04-16 746792] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\cwAgent.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-22905\Scripts\Logon\0\0] "Script"=\\hvgs-fs\Trend\net_use.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-52639\Scripts\Logon\0\0] "Script"=\\hvgs-fs\Trend\net_use.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] 2007-05-08 06:38 331552 ----a-w- c:\program files\PDF Complete\pdfsty.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-05-08 18:16 1238352 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-09 03:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voobly] 2010-08-09 22:48 131072 ----a-w- c:\program files\Voobly\voobly.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2007-05-23 09:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 R2 BC-Agent;cwBCClient;c:\windows\system32\cwClient.exe [2008-09-26 315392] R2 RPCER;Remote Procedure Call (HNM);c:\program files\Common Files\ODBC\comp.exe [2006-03-28 12801736] R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-02-26 51216] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2009-12-04 230928] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2009-12-04 36368] R3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [2009-02-23 488768] R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2009-02-23 652552] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-04 691696] S0 SafeBoot;SafeBoot; [x] S0 SbAlg;SbAlg; [x] S0 SbFsLock;SbFsLock; [x] S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096] S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-04-18 39080] S1 RsvLock;RsvLock; [x] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-02-23 143376] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-01-05 18944] S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448] S2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [2007-05-03 525680] S2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-02-23 235024] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712] S3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftfslh.sys [2007-05-03 559984] S3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys [2007-05-03 134000] S3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftvollh.sys [2007-05-03 17776] S3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [2007-05-03 206192] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-08-21 c:\windows\Tasks\updater.exe.job - c:\program files\Kunnskapsforlaget\Ordnett Pluss\updater.exe [2009-06-30 12:37] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.heggen.vgs.no uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: %SystemRoot%\system32\wsck32.dll FF - ProfilePath - c:\users\19010HKMI2\AppData\Roaming\Mozilla\Firefox\Profiles\apu9gofl.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://oltd.atgat.com/v2/default.aspx?a=n&companyCode=vaagsfjord FF - prefs.js: keyword.URL - FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\19010HKMI2\AppData\Roaming\Mozilla\Firefox\Profiles\apu9gofl.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\users\19010HKMI2\AppData\Roaming\Mozilla\Firefox\Profiles\apu9gofl.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - BHO-{AE48B4E7-002B-4891-8E26-ED5E888FAE7D} - (no file) MSConfigStartUp-Google Update - c:\users\19010HKMI2\AppData\Local\Google\Update\GoogleUpdate.exe MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe MSConfigStartUp-SBI - c:\users\19010HKMI2\Desktop\install_sbd_en.exe ActiveSetup-ccc-core-static - msiexec AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-21 22:57 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\windows\TEMP\TMP000000493D53456363571DC1 524288 bytes skanning vellykket skjulte filer: 1 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x86A06EC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x83146322 \Driver\ACPI -> acpi.sys @ 0x8060dd4c \Driver\atapi -> 0x857770b0 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-3799992752-535036049-2774849586-52639\Software\G*e*n*i*e*"!\FM Genie Scout 10] @Allowed: (Read) (RestrictedCode) "GameDir"="c:\\Users\\19010HKMI2\\Documents\\Sports Interactive\\Football Manager 2010\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Users\\19010HKMI2\\Documents\\Sports Interactive\\Football Manager 2010" "SaveDir"="c:\\Users\\19010HKMI2\\Documents\\Sports Interactive\\Football Manager 2010\\" "HistoryDir"="c:\\Users\\19010HKMI2\\Desktop\\Ny mappe\\FM Genie Scout 10\\History Points" "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2010\\data\\db\\1000\\lang_db.dat" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Steklo Black" "LastUpdateCheck"=dword:00009dd6 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000074 "UniqueID"="48-F695-2F33" "Currency"=dword:0000003a "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" [HKEY_USERS\S-1-5-21-3799992752-535036049-2774849586-52639\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Users\\19010HKMI2\\Documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Users\\19010HKMI2\\Documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Users\\19010HKMI2\\Documents\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="c:\\Users\\19010HKMI2\\Desktop\\Håkon Mikalsen\\FM\\FM Genie Scout 2009 XE\\History Points" "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000067 "UniqueID"="48-F695-2F33" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "GraphStep"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(700) c:\windows\SbHpNp.dll - - - - - - - > 'Explorer.exe'(1300) c:\windows\system32\APSHook.dll c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll c:\windows\system32\wsck32.dll c:\windows\system32\btncopy.dll c:\program files\Softricity\SoftGrid for Windows Desktops\sftshlx.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\AEADISRV.EXE c:\windows\system32\agrsmsvc.exe c:\windows\system32\ifxspmgt.exe c:\windows\system32\ifxtcs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\IfxPsdSv.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\Ati2evxx.exe c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe c:\program files\Hewlett-Packard\IAM\bin\asghost.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe c:\windows\system32\conime.exe . ************************************************************************** . Tidspunkt ferdig: 2010-08-21 23:09:50 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-08-21 21:09 Pre-Run: 15 540 875 264 byte ledig Post-Run: 15 144 931 328 byte ledig - - End Of File - - 5FB0131FCC341D0D1F07455B1E52FA4F