-
Innlegg
204 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av Soildor
-
-
Nei AVG svikta :/
-
U'r momy in my pants
Grrrr
-
-
Kan du være min liksom-psykolog, da?
trenge du ein psykolog så bare legg til meg:D
venner bruker faktisk og snakke ut om ting til meg :O
vet ikke kvifor
-
vanskelig å si når du ikke kan vise til noe spesifikk
ok scanner nå so skal eg skrive her i forummet i morgen tidleg ( legge ved eit bilete) ^^
håper det kan hjelpe
-
klarer du å legge ut et bilde av feilmeldingen?
har ikke fått den nå fekk den for nokon veke siden
vet du kva det er eller?:S
-
hei eg scannet pc'n og fekk opp at eg hadde ein hidden driver..?
nokon som vet kva det er ? om det er skadeleg osv
-
Internet exsplore fungerer faktisk betre :O
men kan du si meg vilken type virus eg hadde ? :S
-
slik? ;D
Klikk for å se/fjerne innholdet nedenforComboFix 09-01-06.02 - sondre 2009-01-07 19:19:01.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2046.991 [GMT 1:00]
Kjører fra: c:\users\sondre\Desktop\ComboFix.exe
Command switches brukt :: c:\users\sondre\Desktop\CFScript.txt
* Opprettet nytt gjenopprettingspunkt
FILE ::
c:\windows\ltN1.ini
c:\windows\System32\ALLFSAF7a.ocx
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\ltN1.ini
c:\windows\System32\ALLFSAF7a.ocx
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-07 til 2009-01-07 )))))))))))))))))))))))))))))))))
.
2009-01-07 17:51 . 2009-01-07 17:51 <DIR> d-------- c:\users\sondre\AppData\Roaming\Malwarebytes
2009-01-07 17:51 . 2009-01-04 18:41 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-07 17:51 . 2009-01-04 18:41 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-07 17:50 . 2009-01-07 17:50 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-07 17:50 . 2009-01-07 17:50 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-07 17:50 . 2009-01-07 17:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 17:37 . 2009-01-07 17:38 524,288 --ahs---- c:\users\aadne{893e0d42-ba25-11dd-8b2a-001b3828eefb}.TMContainer00000000000000000002.regtrans-ms
2009-01-07 17:37 . 2009-01-07 17:45 524,288 --ahs---- c:\users\aadne{893e0d42-ba25-11dd-8b2a-001b3828eefb}.TMContainer00000000000000000001.regtrans-ms
2009-01-07 17:37 . 2009-01-07 17:45 65,536 --ahs---- c:\users\aadne{893e0d42-ba25-11dd-8b2a-001b3828eefb}.TM.blf
2009-01-07 16:46 . 2009-01-07 16:47 <DIR> d-------- c:\program files\HJT
2009-01-04 20:54 . 2009-01-04 20:54 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-01-04 20:54 . 2009-01-04 20:54 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-01-04 20:51 . 2009-01-04 20:51 <DIR> d-------- c:\users\sondre\AppData\Roaming\SUPERAntiSpyware.com
2009-01-04 20:51 . 2009-01-04 20:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-28 00:46 . 2008-12-28 00:46 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-21 11:32 . 2008-12-21 11:32 <DIR> d-------- c:\program files\Bonjour
2008-12-19 11:12 . 2008-12-19 11:12 126,976 --a------ c:\windows\War3Unin.exe
2008-12-19 11:12 . 2008-12-19 11:17 21,150 --a------ c:\windows\War3Unin.dat
2008-12-19 11:12 . 2008-12-19 11:12 2,829 --a------ c:\windows\War3Unin.pif
2008-12-18 16:23 . 2008-12-21 20:23 <DIR> d-------- c:\program files\WinISD
2008-12-17 23:33 . 2008-12-17 23:33 20 --a------ c:\windows\mafosav.INI
2008-12-15 15:14 . 2008-12-15 15:14 <DIR> d-------- c:\users\sondre\AppData\Roaming\skypePM
2008-12-15 15:14 . 2008-12-15 15:14 56 --ah----- c:\windows\System32\ezsidmv.dat
2008-12-15 15:12 . 2008-12-15 15:12 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-14 22:48 . 2008-12-14 23:30 <DIR> d-------- c:\program files\VstPlugins
2008-12-14 22:48 . 2008-12-21 20:21 <DIR> d-------- c:\program files\Image-Line
2008-12-14 22:48 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\System32\vorbis.acm
2008-12-14 22:48 . 2006-06-20 09:56 225,280 --a------ c:\windows\System32\rewire.dll
2008-12-13 22:54 . 2008-12-13 22:54 <DIR> d-------- c:\program files\ToggleEN
2008-12-13 22:10 . 2008-12-13 22:12 <DIR> d-------- c:\users\All Users\OrbNetworks
2008-12-13 22:10 . 2008-12-13 22:12 <DIR> d-------- c:\programdata\OrbNetworks
2008-12-13 22:10 . 2008-12-13 22:10 <DIR> d-------- c:\program files\Winamp Remote
2008-12-13 22:09 . 2008-12-13 22:31 <DIR> d-------- c:\users\sondre\AppData\Roaming\Winamp
2008-12-13 22:09 . 2008-12-21 11:59 <DIR> d-------- c:\program files\Winamp
2008-12-13 22:09 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll
2008-12-13 16:20 . 2008-12-13 16:20 <DIR> d-------- c:\users\sondre\AppData\Roaming\Canneverbe_Limited
2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\users\All Users\Avira
2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\programdata\Avira
2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\program files\Avira
2008-12-12 22:34 . 2008-12-12 22:35 72,744 --a------ c:\windows\System32\GDIPFONTCACHEV1.DAT
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll
2008-12-11 07:37 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 07:02 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 07:02 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 07:02 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 07:01 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 07:01 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 07:01 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 07:01 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-11 07:01 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-07 00:18 . 2008-12-07 00:18 <DIR> d-------- c:\program files\OpenAL
2008-12-07 00:18 . 2008-12-07 00:18 413,696 --a------ c:\windows\System32\wrap_oal.dll
2008-12-07 00:18 . 2008-12-07 00:18 110,592 --a------ c:\windows\System32\OpenAL32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 16:43 --------- d-----w c:\users\sondre\AppData\Roaming\uTorrent
2009-01-07 16:43 --------- d-----w c:\programdata\avg8
2009-01-07 14:58 --------- d-----w c:\program files\Common Files\Steam
2009-01-06 19:07 27,430 ----a-w c:\users\sondre\AppData\Roaming\nvModes.dat
2009-01-06 15:10 --------- d-----w c:\users\sondre\AppData\Roaming\OpenOffice.org2
2009-01-04 19:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-30 11:05 --------- d-----w c:\program files\Google
2008-12-29 01:23 --------- d-----w c:\program files\CCleaner
2008-12-28 04:26 --------- d-----w c:\users\sondre\AppData\Roaming\dvdcss
2008-12-27 23:46 --------- d-----w c:\program files\Java
2008-12-17 18:04 --------- d-----w c:\program files\Rockstar Games
2008-12-15 15:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 14:21 --------- d-----w c:\users\sondre\AppData\Roaming\Skype
2008-12-14 10:47 --------- d-----w c:\program files\Safari
2008-12-12 19:35 --------- d-----w c:\program files\Common Files\Adobe
2008-12-12 17:28 8,066 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-12-11 06:47 --------- d-----w c:\program files\Windows Mail
2008-12-11 06:41 --------- d-----w c:\programdata\Microsoft Help
2008-12-07 13:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-06 23:34 --------- d-----w c:\program files\Microsoft Games
2008-12-06 13:18 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-06 09:54 --------- d-----w c:\program files\Common Files\3DO Shared
2008-12-06 09:38 --------- d-----w c:\program files\directx
2008-12-05 22:17 --------- d-----w c:\programdata\Symantec
2008-12-05 15:47 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-28 09:21 --------- d-----w c:\users\sondre\AppData\Roaming\Hamachi
2008-11-24 13:07 --------- d-----w c:\program files\AVG
2008-11-23 10:47 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 10:46 --------- d-----w c:\program files\iPod
2008-11-23 10:46 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 10:45 --------- d-----w c:\program files\QuickTime
2008-11-16 12:30 --------- d---a-w c:\programdata\TEMP
2008-11-15 20:38 --------- d-----w c:\users\sondre\AppData\Roaming\Acoustica
2008-11-15 20:38 --------- d-----w c:\program files\Acoustica Shared Effects
2008-11-15 20:38 --------- d-----w c:\program files\Acoustica Mixcraft 4
2008-11-15 20:24 --------- d-----w c:\programdata\Acoustica
2008-11-12 16:58 --------- d-----w c:\users\sondre\AppData\Roaming\SPORE
2008-11-12 16:44 --------- d-----w c:\program files\Electronic Arts
2008-11-11 19:45 --------- d-----w c:\users\sondre\AppData\Roaming\Bioshock
2008-11-11 17:46 --------- d-----w c:\users\sondre\AppData\Roaming\Red Alert 3
2008-11-07 23:25 --------- d-----w c:\programdata\Messenger Plus!
2008-11-07 20:10 --------- d-----w c:\users\sondre\AppData\Roaming\vlc
2008-11-07 18:21 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-07 18:21 --------- d-----w c:\program files\Hamachi
2008-11-07 16:25 15,819,776 ----a-w c:\windows\System32\imageres.dll
2008-11-07 16:21 --------- d-----w c:\programdata\Stardock
2008-11-07 16:19 --------- d--h--w c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-07 14:54 --------- d-----w c:\program files\Softonic_English
2008-11-07 14:54 --------- d-----w c:\program files\Conduit
2008-11-04 18:21 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-27 09:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll
2008-10-22 04:29 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-22 04:29 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-10 03:52 452,440 ----a-w c:\windows\System32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\System32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\System32\D3DCompiler_40.dll
2008-06-15 17:03 174 --sha-w c:\program files\desktop.ini
2007-09-20 13:23 0 ----a-w c:\users\sondre\AppData\Roaming\wklnhst.dat
2008-06-18 09:43 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-18 09:43 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-18 09:43 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-07_18.31.37,86 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 17:03:12 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-07 17:31:16 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-23 23:03 1784856 --a------ c:\program files\ToggleEN\tbTogg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2008-09-15 06:47 1784856 --a------ c:\program files\Softonic_English\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Steam"="d:\cs\steam.exe" [2008-10-08 1410296]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\programmer\QuickTime\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-03 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\K:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Users^sondre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\sondre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{46378D39-6192-45FE-86F7-64A545F0B1B4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D61150FB-6AC1-4290-8870-705DFA8F9779}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{865A5C83-C108-437B-8AF3-39BF8E851292}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{25E5AE1B-5384-4FC7-B15B-F0F0DBB071C3}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{BB90C049-97AE-47C9-9947-AC02E36FED37}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{3B8E43F8-5124-4484-B682-2CA2E37ADC55}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{AF48596A-CDC1-4E39-AC7A-97E16AA7B751}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{A2DD3F69-16E6-4282-8AD3-187E3ACE6389}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{7C546036-2353-4CAC-BEEC-6256E0C8EBA6}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{4D1F501C-2EDC-4BB7-A585-1D703CB23DA3}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{86D07C70-7B6C-4D80-A6D3-987D1E2A9BC5}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{A3E2A3EB-6B03-4CFA-94D0-05AB7A07C361}"= UDP:d:\bf2\BF2.exe:Battlefield 2
"{BDD458C7-B12D-4EAF-8CC5-D4D10FE06917}"= TCP:d:\bf2\BF2.exe:Battlefield 2
"TCP Query User{89CB9C49-11F7-4E85-8BDE-73448C504B39}c:\\users\\sondre\\desktop\\skype\\phone\\skype.exe"= UDP:c:\users\sondre\desktop\skype\phone\skype.exe:skype.exe
"UDP Query User{D2D6168C-F56B-4055-9705-2536DBFF40E2}c:\\users\\sondre\\desktop\\skype\\phone\\skype.exe"= TCP:c:\users\sondre\desktop\skype\phone\skype.exe:skype.exe
"TCP Query User{709750F8-C548-48CA-9750-5FBF147DEB21}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= UDP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{93AA1A6D-141A-4DEF-878C-CC28FF66A837}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= TCP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher
"{A6D8CEC5-BD26-4386-A12E-B0F28164744D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{BB3FF932-BEAF-4F41-9CB9-6950AE97896D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F6688792-BB38-4306-A460-E30C930BD1E1}c:\\users\\sondre\\documents\\^ting\\skype\\phone\\skype.exe"= UDP:c:\users\sondre\documents\^ting\skype\phone\skype.exe:skype.exe
"UDP Query User{483774F6-9987-41F6-AE17-0BF171197213}c:\\users\\sondre\\documents\\^ting\\skype\\phone\\skype.exe"= TCP:c:\users\sondre\documents\^ting\skype\phone\skype.exe:skype.exe
"{72D4C292-7DDE-4F47-87C1-63C56CB980D0}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{20539A95-9015-48C8-B45E-D233096FFB61}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{614B4F20-CC4D-4A87-AB8B-A771BBE01B95}d:\\cs\\steam.exe"= UDP:d:\cs\steam.exe:Steam
"UDP Query User{2BC236A4-364F-4DE9-B03F-1680AD90AA45}d:\\cs\\steam.exe"= TCP:d:\cs\steam.exe:Steam
"TCP Query User{EC3390F0-386B-445E-B3B6-DE5BD27C7E38}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= UDP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{38349E42-DF84-49C0-9B99-16527E9DF84D}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= TCP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{E3FFEA64-706B-4CFB-9227-683CDE9B4C98}d:\\cs\\steamapps\\aose\\condition zero deleted scenes\\hl.exe"= UDP:d:\cs\steamapps\aose\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{68FA644E-E524-4341-BF2C-3DE60C5E484A}d:\\cs\\steamapps\\aose\\condition zero deleted scenes\\hl.exe"= TCP:d:\cs\steamapps\aose\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{C8E69D93-B724-4CC4-B433-FE16FC99C1BF}d:\\cs\\steam.exe"= UDP:d:\cs\steam.exe:Steam
"UDP Query User{0308372E-EE1E-4127-B61E-B604907F0AEC}d:\\cs\\steam.exe"= TCP:d:\cs\steam.exe:Steam
"TCP Query User{0250E114-B125-410E-BD13-C6E2D88CBEBB}d:\\cs\\steamapps\\aose\\deathmatch classic\\hl.exe"= UDP:d:\cs\steamapps\aose\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{70D40977-6432-46A7-B367-37D5DD320E68}d:\\cs\\steamapps\\aose\\deathmatch classic\\hl.exe"= TCP:d:\cs\steamapps\aose\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{8B5FE294-288F-4D61-9250-00447CACD5F3}d:\\cs\\steamapps\\sondre_o\\counter-strike\\hl.exe"= UDP:d:\cs\steamapps\sondre_o\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1CF1DA62-E3D3-4105-B246-6D00447D31EA}d:\\cs\\steamapps\\sondre_o\\counter-strike\\hl.exe"= TCP:d:\cs\steamapps\sondre_o\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{199DCA47-D779-4381-AE8F-A46C56D72BA6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C3DFB329-0190-40A3-9D8D-CDD0996E953C}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6FB53468-2693-48E0-924B-665DAA68EC15}d:\\fraps\\xfire\\xfire.exe"= UDP:d:\fraps\xfire\xfire.exe:Xfire
"UDP Query User{DC3B8B84-2D56-4B43-AC9D-9B73711A61F3}d:\\fraps\\xfire\\xfire.exe"= TCP:d:\fraps\xfire\xfire.exe:Xfire
"TCP Query User{F4C059F9-1AD9-4714-9E66-1C965561EC64}c:\\users\\sondre\\documents\\mediaplayer\\bitlord\\bitlord.exe"= UDP:c:\users\sondre\documents\mediaplayer\bitlord\bitlord.exe:bitlord.exe
"UDP Query User{9700559D-81AB-42B1-841E-D44F6202AA51}c:\\users\\sondre\\documents\\mediaplayer\\bitlord\\bitlord.exe"= TCP:c:\users\sondre\documents\mediaplayer\bitlord\bitlord.exe:bitlord.exe
"TCP Query User{BE3CC345-55F8-4714-9C7B-E124DC4599F4}d:\\cs\\steamapps\\sondre_o\\day of defeat\\hl.exe"= UDP:d:\cs\steamapps\sondre_o\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{554CE5A7-0551-47CA-AD48-54144B11EC64}d:\\cs\\steamapps\\sondre_o\\day of defeat\\hl.exe"= TCP:d:\cs\steamapps\sondre_o\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{3C564E4B-CD78-4541-8FCA-5AE1677A51C8}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2
"UDP Query User{6445D868-7A4A-45D7-98D9-FFADCF0FE8F5}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2
"TCP Query User{646D98D2-D575-4B08-893F-A2FD8C396E4B}d:\\cs\\steamapps\\sondre_o\\half-life 2 deathmatch\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{BE292D32-4F97-421A-9835-4E2BA1238C75}d:\\cs\\steamapps\\sondre_o\\half-life 2 deathmatch\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{FB8EB337-A504-49EC-B7B4-E4B18760F5FA}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E18A50CA-028A-4E80-BF67-CF334EBAE613}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{2CDE17D8-5756-43A2-8321-33DDA1DF406C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{13D75719-8368-493D-8327-48EA4778A0D9}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{C0412AB7-62D5-4160-B4CC-609FCBDE95C2}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{0E67EFD8-0A5B-46BB-A743-F752853E794B}d:\\programmer\\liero 0.6.6b\\lierox.exe"= UDP:d:\programmer\liero 0.6.6b\lierox.exe:Liero Xtreme
"UDP Query User{FC57F34E-1EAA-4D99-880C-352BBA80FDA5}d:\\programmer\\liero 0.6.6b\\lierox.exe"= TCP:d:\programmer\liero 0.6.6b\lierox.exe:Liero Xtreme
"{79F6AF27-C123-47D4-B53D-26F2DDD8243C}"= UDP:d:\programmer\lime wier\LimeWire\LimeWire.exe:LimeWire
"{D2B3F997-AB0C-4F6A-A034-405014D18B3D}"= TCP:d:\programmer\lime wier\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{1FE15FFF-9563-4FD5-9CDA-5D5CD8A82A68}d:\\programmer\\bitlord\\bitlord.exe"= UDP:d:\programmer\bitlord\bitlord.exe:BitLord
"UDP Query User{97EE938E-9F7A-4EA0-B9F7-F71987B28340}d:\\programmer\\bitlord\\bitlord.exe"= TCP:d:\programmer\bitlord\bitlord.exe:BitLord
"TCP Query User{8FB84CC6-16B1-4CB3-BDFB-5471A26E5E1B}d:\\programmer\\utorrent\\utorrent.exe"= UDP:d:\programmer\utorrent\utorrent.exe:uTorrent
"UDP Query User{F4861F5B-4200-437B-9035-983FC3E659B9}d:\\programmer\\utorrent\\utorrent.exe"= TCP:d:\programmer\utorrent\utorrent.exe:uTorrent
"TCP Query User{7A5A89EF-DEA1-4CD8-9526-8BBC882F711C}c:\\users\\sondre\\desktop\\utorrent.exe"= UDP:c:\users\sondre\desktop\utorrent.exe:utorrent.exe
"UDP Query User{27FE2CE3-3400-4CAC-8205-8770B62E9EE6}c:\\users\\sondre\\desktop\\utorrent.exe"= TCP:c:\users\sondre\desktop\utorrent.exe:utorrent.exe
"TCP Query User{1F4C265C-BD4E-4F4C-A15F-F870A01E4231}d:\\programmer\\win dvd\\windvd.exe"= UDP:d:\programmer\win dvd\windvd.exe:WinDVD
"UDP Query User{4F7EE31F-E9B2-4C8D-996C-A3928C4B526F}d:\\programmer\\win dvd\\windvd.exe"= TCP:d:\programmer\win dvd\windvd.exe:WinDVD
"{3387C312-4D18-47D6-A83D-C26519B93DC1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3E4462EA-5FE1-45AB-B151-DE0C0A5DEA15}d:\\cs\\steamapps\\sondre_o\\source sdk base\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\source sdk base\hl2.exe:hl2
"UDP Query User{7B6ACB02-4A45-4EA3-AEA0-A005BD353A1E}d:\\cs\\steamapps\\sondre_o\\source sdk base\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\source sdk base\hl2.exe:hl2
"TCP Query User{0C2B2FD7-6BB1-4655-AAE4-D4085B24D3EA}d:\\programmer\\ny mappe\\tmnationsforever\\tmforever.exe"= UDP:d:\programmer\ny mappe\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{64D54EBD-D9B3-47A9-B270-35468EEB75A4}d:\\programmer\\ny mappe\\tmnationsforever\\tmforever.exe"= TCP:d:\programmer\ny mappe\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{8A807267-904A-4FA8-8F6C-7A4B66C1D463}d:\\cs\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:d:\cs\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{50FD7D98-7973-4A49-9D8B-2EE58FDDACF0}d:\\cs\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:d:\cs\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{D0D989DA-2219-4F13-8840-4AE9B368EA87}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{0A2A1623-D480-4CE8-9DA6-1D7F33AD6678}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{90B662C1-7253-49FC-80D6-C5B5A43F5534}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidepanel
"UDP Query User{CC60BFC6-31ED-4B70-8B13-1BCA26F56C9F}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidepanel
"TCP Query User{C557F818-AACE-4020-9F8B-52E3EC118DE5}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2
"UDP Query User{E5CA0775-3F44-4243-9A89-9331E5C1EE17}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2
"TCP Query User{49B79FB1-36FB-4D67-A1B8-8CF8F064B6DC}d:\\utorrent\\utorrent.exe"= UDP:d:\utorrent\utorrent.exe:µTorrent
"UDP Query User{F8C79150-7C98-457C-9828-23482FF9C85E}d:\\utorrent\\utorrent.exe"= TCP:d:\utorrent\utorrent.exe:µTorrent
"TCP Query User{D108B99F-0FB7-4458-BFD5-42B17AE025AF}d:\\games\\elma\\test drive unlimited\\testdriveunlimited.exe"= UDP:d:\games\elma\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{E2F6D774-E237-41E4-81BC-3A65507DD168}d:\\games\\elma\\test drive unlimited\\testdriveunlimited.exe"= TCP:d:\games\elma\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{E1721E29-0E09-4090-B755-031F201678C1}d:\\cs\\steamapps\\sondre_o\\source dedicated server\\srcds.exe"= UDP:d:\cs\steamapps\sondre_o\source dedicated server\srcds.exe:srcds
"UDP Query User{3AB8210E-FAC6-4D7C-A8CB-BC2E524EFCD4}d:\\cs\\steamapps\\sondre_o\\source dedicated server\\srcds.exe"= TCP:d:\cs\steamapps\sondre_o\source dedicated server\srcds.exe:srcds
"TCP Query User{3459903E-22B7-44B9-B107-AA6161C8B48B}d:\\cs\\steamapps\\sondre_o\\zombie panic! source\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\zombie panic! source\hl2.exe:hl2
"UDP Query User{62D1040F-D96C-45FD-B1BD-C66A9F33837D}d:\\cs\\steamapps\\sondre_o\\zombie panic! source\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\zombie panic! source\hl2.exe:hl2
"TCP Query User{42AE1D84-FCBE-479D-B6FF-CE38DCAFB10E}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{70DBF98F-DCD3-4253-9715-FEA37C01E0F4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{AACAC9B2-E00B-4545-A5B4-BE4AC4EE8CCA}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{FE301625-48D4-403C-BF8C-9281B014216B}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{F9D28C01-A0D8-42E3-BC91-B114DA24DEBA}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{E1142066-E8E9-484C-915B-B3AF6EFAB671}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{E3983F06-400D-4202-AD63-8D8BD4F524A8}c:\\users\\sondre\\desktop\\cs me bota\\hl.exe"= UDP:c:\users\sondre\desktop\cs me bota\hl.exe:hl.exe
"UDP Query User{D4245EA4-A986-43F5-A98B-087719105782}c:\\users\\sondre\\desktop\\cs me bota\\hl.exe"= TCP:c:\users\sondre\desktop\cs me bota\hl.exe:hl.exe
"TCP Query User{6AD55CF9-A1B3-4B84-B8C0-310CCB58D86C}d:\\utorrent\\utorrent.exe"= UDP:d:\utorrent\utorrent.exe:µTorrent
"UDP Query User{854838DE-19AA-47B8-839A-236D501D8337}d:\\utorrent\\utorrent.exe"= TCP:d:\utorrent\utorrent.exe:µTorrent
"TCP Query User{B0552FBE-07FD-49DF-9FE9-F2563D330FD6}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3
"UDP Query User{675B8ACC-6047-4AC8-95E5-29E6DEDCF1E6}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3
"TCP Query User{270A2229-7774-41F5-A78D-8E7DB16FB354}c:\\program files\\rockstar games\\midnight club ii\\mc2.exe"= UDP:c:\program files\rockstar games\midnight club ii\mc2.exe:mc2
"UDP Query User{4D50D4B4-B026-4190-BB84-EFB878456DB5}c:\\program files\\rockstar games\\midnight club ii\\mc2.exe"= TCP:c:\program files\rockstar games\midnight club ii\mc2.exe:mc2
"{D141B16E-1D59-4AE6-9730-0257BB15E36A}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)
"{290BEAD1-74BB-484B-BBD6-75B15DC5DD41}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{4A8B53E0-0126-4F04-B9D2-A943F6C4346F}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3
"UDP Query User{670D5982-21D8-4930-80B8-3EBE25D6A7E6}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3
"TCP Query User{065984B1-1B17-4D70-A4F5-C6488BAD7D62}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{07C755A8-0798-4C29-9B2C-7CAF61273AF7}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"{3990C28B-BC44-4AF9-BDBA-00D192305450}"= UDP:d:\programmer\QuickTime\iTunes.exe:iTunes
"{FFBD36CE-8D6F-48A3-B4EA-DEE0D857F042}"= TCP:d:\programmer\QuickTime\iTunes.exe:iTunes
"{8C1FDB73-5877-41B7-AFD3-DBE61F8A092D}"= UDP:d:\games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{C6979B84-CC15-4C92-9982-7E2E3D30724E}"= TCP:d:\games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"TCP Query User{CF445DD3-6DA4-4060-BD09-9901F68DC635}d:\\games\\cs me bota\\hl.exe"= UDP:d:\games\cs me bota\hl.exe:Half-Life Launcher
"UDP Query User{094CF2E0-A086-465A-9054-D4577AD215B7}d:\\games\\cs me bota\\hl.exe"= TCP:d:\games\cs me bota\hl.exe:Half-Life Launcher
"TCP Query User{FA8C476B-54B5-42A8-811E-360AAACCF903}d:\\games\\left 4 dead\\left4dead.exe"= UDP:d:\games\left 4 dead\left4dead.exe:left4dead
"UDP Query User{8E95A511-724B-49DC-A461-0A549C22F0BA}d:\\games\\left 4 dead\\left4dead.exe"= TCP:d:\games\left 4 dead\left4dead.exe:left4dead
"{BD599D51-BAEA-4FFD-95E5-9C7561028BAF}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{D4A55936-D219-4BAD-B83F-D093D63A2DC5}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{1672B3A4-F9B6-4CB9-9370-99A5F2DD504E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{383C2EB7-C840-4A68-98F1-98F7C95A5D04}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{74E13A4B-89C0-41C9-8554-1168AE9D1D07}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{9474C1FF-49A4-4C7C-A4DE-41ADAFFB571C}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DBC368F8-EBDF-491D-B667-950A027DC40E}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4B1FD340-951B-434E-A913-2965A178FF82}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{811453EF-AF6D-4379-A14E-D30BD1E71720}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{BC2538D8-947D-4198-9910-DDCA6FE687A1}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{C7F9971B-B3D5-468F-8994-09BF4C42E6AD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{CF73C4B2-EF0B-4768-9E46-340EB79A09A1}d:\\games\\left 4 dead\\left4dead.exe"= UDP:d:\games\left 4 dead\left4dead.exe:left4dead
"UDP Query User{D55BB499-3785-4EAD-8F85-37AA0E23BE2C}d:\\games\\left 4 dead\\left4dead.exe"= TCP:d:\games\left 4 dead\left4dead.exe:left4dead
"TCP Query User{232B4277-0B8D-4E9D-9209-914C7AC2FD7B}d:\\games\\games\\grand theft auto iv\\gtaiv.exe"= UDP:d:\games\games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{B0CE9FFE-D9B1-42F8-B0AE-BB66F35DD112}d:\\games\\games\\grand theft auto iv\\gtaiv.exe"= TCP:d:\games\games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{A6369BA7-2B65-4515-B262-CA67AF8110A9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{14F42108-7ADC-4130-8679-D6CD04D3781A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{0A206D78-BBAD-409B-B2E0-05B9ADCE4BFD}d:\\games\\warcraft iii\\war3.exe"= UDP:d:\games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{EFDD2845-DD88-4150-9060-1A6937CBBDAD}d:\\games\\warcraft iii\\war3.exe"= TCP:d:\games\warcraft iii\war3.exe:Warcraft III
"TCP Query User{A3649EE4-F8B9-46D0-B8D9-DAE22C2A7839}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java Platform SE binary
"UDP Query User{3A5703BD-129F-459E-8F0C-8947A87D02D3}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java Platform SE binary
"TCP Query User{CE25D576-1A54-458D-954E-E84BBCD16DDB}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2
"UDP Query User{46E3E920-A951-46EA-80F1-1CB78752C128}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2
"TCP Query User{7F565F37-5E77-41CE-873C-B2C02F9A1050}d:\\cs\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:d:\cs\steamapps\common\left 4 dead\left4dead.exe:left4dead
"UDP Query User{2E8AEE3A-9942-488E-BB12-19BD43A881C8}d:\\cs\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:d:\cs\steamapps\common\left 4 dead\left4dead.exe:left4dead
"TCP Query User{6CC456E5-705F-4BD9-952F-AB4203154236}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2
"UDP Query User{B147CB70-51A7-44DD-B026-3988F530B94E}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2007-08-03 32256]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-09-20 14:25:37 13560]
R4 TeamViewer;TeamViewer 3;d:\programmer\team viewer\TeamViewer3\TeamViewer_Host.exe [2007-12-17 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2009-01-07 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2009-01-06 c:\windows\Tasks\User_Feed_Synchronization-{0FC97D1B-695B-4149-B4AF-C0782936A31E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://thepiratebay.org/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://no.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\sondre\AppData\Roaming\Mozilla\Firefox\Profiles\vc7po422.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Softonic_English Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.nettby.no/
FF - component: c:\program files\Mozilla Firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFAlert.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\programmer\QuickTime\Mozilla Plugins\npitunes.dll
ATTENTION: FIREFOX POLICIES ARE IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 19:21:20
Windows 6.0.6001 Service Pack 1 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
Tidspunkt ferdig: 2009-01-07 19:23:40
ComboFix-quarantined-files.txt 2009-01-07 18:23:37
ComboFix2.txt 2009-01-07 17:33:25
Pre-Run: 17 970 585 600 byte ledig
Post-Run: 17,730,445,312 byte ledig
439 --- E O F --- 2009-01-02 12:37:07
-
Trykk Start - Alle Programmer - Tilbehør - Notisblokk
Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:
File:: c:\windows\System32\ALLFSAF7a.ocx c:\windows\ltN1.ini
Lagre det som CFScript på Skrivebordet
Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.
Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.
Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.
der det står film med?
-
her er loggen :
ComboFix 09-01-06.02 - sondre 2009-01-07 18:26:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2046.1079 [GMT 1:00]
Kjører fra: c:\users\sondre\Desktop\ComboFix.exe
* Opprettet nytt gjenopprettingspunkt
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\drv\TVtuner\Liteon\Resources\_desktop.ini
c:\windows\Downloaded Program Files\setup.inf
c:\windows\icon.ico
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-07 til 2009-01-07 )))))))))))))))))))))))))))))))))
.
2009-01-07 17:51 . 2009-01-07 17:51 <DIR> d-------- c:\users\sondre\AppData\Roaming\Malwarebytes
2009-01-07 17:51 . 2009-01-04 18:41 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-07 17:51 . 2009-01-04 18:41 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-07 17:50 . 2009-01-07 17:50 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-07 17:50 . 2009-01-07 17:50 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-07 17:50 . 2009-01-07 17:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 17:37 . 2009-01-07 17:38 524,288 --ahs---- c:\users\aadne{893e0d42-ba25-11dd-8b2a-001b3828eefb}.TMContainer00000000000000000002.regtrans-ms
2009-01-07 17:37 . 2009-01-07 17:45 524,288 --ahs---- c:\users\aadne{893e0d42-ba25-11dd-8b2a-001b3828eefb}.TMContainer00000000000000000001.regtrans-ms
2009-01-07 17:37 . 2009-01-07 17:45 65,536 --ahs---- c:\users\aadne{893e0d42-ba25-11dd-8b2a-001b3828eefb}.TM.blf
2009-01-07 16:46 . 2009-01-07 16:47 <DIR> d-------- c:\program files\HJT
2009-01-04 20:54 . 2009-01-04 20:54 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-01-04 20:54 . 2009-01-04 20:54 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-01-04 20:51 . 2009-01-04 20:51 <DIR> d-------- c:\users\sondre\AppData\Roaming\SUPERAntiSpyware.com
2009-01-04 20:51 . 2009-01-04 20:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-28 00:46 . 2008-12-28 00:46 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-21 11:32 . 2008-12-21 11:32 <DIR> d-------- c:\program files\Bonjour
2008-12-19 11:12 . 2008-12-19 11:12 126,976 --a------ c:\windows\War3Unin.exe
2008-12-19 11:12 . 2008-12-19 11:17 21,150 --a------ c:\windows\War3Unin.dat
2008-12-19 11:12 . 2008-12-19 11:12 2,829 --a------ c:\windows\War3Unin.pif
2008-12-18 16:40 . 2008-12-18 16:40 3,120 --a------ c:\windows\System32\ALLFSAF7a.ocx
2008-12-18 16:23 . 2008-12-21 20:23 <DIR> d-------- c:\program files\WinISD
2008-12-18 16:19 . 2008-12-18 16:27 484 --a------ c:\windows\ltN1.ini
2008-12-17 23:33 . 2008-12-17 23:33 20 --a------ c:\windows\mafosav.INI
2008-12-15 15:14 . 2008-12-15 15:14 <DIR> d-------- c:\users\sondre\AppData\Roaming\skypePM
2008-12-15 15:14 . 2008-12-15 15:14 56 --ah----- c:\windows\System32\ezsidmv.dat
2008-12-15 15:12 . 2008-12-15 15:12 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-14 22:48 . 2008-12-14 23:30 <DIR> d-------- c:\program files\VstPlugins
2008-12-14 22:48 . 2008-12-21 20:21 <DIR> d-------- c:\program files\Image-Line
2008-12-14 22:48 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\System32\vorbis.acm
2008-12-14 22:48 . 2006-06-20 09:56 225,280 --a------ c:\windows\System32\rewire.dll
2008-12-13 22:54 . 2008-12-13 22:54 <DIR> d-------- c:\program files\ToggleEN
2008-12-13 22:10 . 2008-12-13 22:12 <DIR> d-------- c:\users\All Users\OrbNetworks
2008-12-13 22:10 . 2008-12-13 22:12 <DIR> d-------- c:\programdata\OrbNetworks
2008-12-13 22:10 . 2008-12-13 22:10 <DIR> d-------- c:\program files\Winamp Remote
2008-12-13 22:09 . 2008-12-13 22:31 <DIR> d-------- c:\users\sondre\AppData\Roaming\Winamp
2008-12-13 22:09 . 2008-12-21 11:59 <DIR> d-------- c:\program files\Winamp
2008-12-13 22:09 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll
2008-12-13 16:20 . 2008-12-13 16:20 <DIR> d-------- c:\users\sondre\AppData\Roaming\Canneverbe_Limited
2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\users\All Users\Avira
2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\programdata\Avira
2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\program files\Avira
2008-12-12 22:34 . 2008-12-12 22:35 72,744 --a------ c:\windows\System32\GDIPFONTCACHEV1.DAT
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll
2008-12-11 07:37 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 07:02 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 07:02 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 07:02 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 07:01 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 07:01 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 07:01 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 07:01 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-11 07:01 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-07 00:18 . 2008-12-07 00:18 <DIR> d-------- c:\program files\OpenAL
2008-12-07 00:18 . 2008-12-07 00:18 413,696 --a------ c:\windows\System32\wrap_oal.dll
2008-12-07 00:18 . 2008-12-07 00:18 110,592 --a------ c:\windows\System32\OpenAL32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 16:43 --------- d-----w c:\users\sondre\AppData\Roaming\uTorrent
2009-01-07 16:43 --------- d-----w c:\programdata\avg8
2009-01-07 14:58 --------- d-----w c:\program files\Common Files\Steam
2009-01-06 19:07 27,430 ----a-w c:\users\sondre\AppData\Roaming\nvModes.dat
2009-01-06 15:10 --------- d-----w c:\users\sondre\AppData\Roaming\OpenOffice.org2
2009-01-04 19:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-30 11:05 --------- d-----w c:\program files\Google
2008-12-29 01:23 --------- d-----w c:\program files\CCleaner
2008-12-28 04:26 --------- d-----w c:\users\sondre\AppData\Roaming\dvdcss
2008-12-27 23:46 --------- d-----w c:\program files\Java
2008-12-17 18:04 --------- d-----w c:\program files\Rockstar Games
2008-12-15 15:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 14:21 --------- d-----w c:\users\sondre\AppData\Roaming\Skype
2008-12-14 10:47 --------- d-----w c:\program files\Safari
2008-12-12 19:35 --------- d-----w c:\program files\Common Files\Adobe
2008-12-12 17:28 8,066 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-12-11 06:47 --------- d-----w c:\program files\Windows Mail
2008-12-11 06:41 --------- d-----w c:\programdata\Microsoft Help
2008-12-07 13:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-06 23:34 --------- d-----w c:\program files\Microsoft Games
2008-12-06 13:18 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-06 09:54 --------- d-----w c:\program files\Common Files\3DO Shared
2008-12-06 09:38 --------- d-----w c:\program files\directx
2008-12-05 22:17 --------- d-----w c:\programdata\Symantec
2008-12-05 15:47 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-28 09:21 --------- d-----w c:\users\sondre\AppData\Roaming\Hamachi
2008-11-24 13:07 --------- d-----w c:\program files\AVG
2008-11-23 10:47 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 10:46 --------- d-----w c:\program files\iPod
2008-11-23 10:46 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 10:45 --------- d-----w c:\program files\QuickTime
2008-11-16 12:30 --------- d---a-w c:\programdata\TEMP
2008-11-15 20:38 --------- d-----w c:\users\sondre\AppData\Roaming\Acoustica
2008-11-15 20:38 --------- d-----w c:\program files\Acoustica Shared Effects
2008-11-15 20:38 --------- d-----w c:\program files\Acoustica Mixcraft 4
2008-11-15 20:24 --------- d-----w c:\programdata\Acoustica
2008-11-12 16:58 --------- d-----w c:\users\sondre\AppData\Roaming\SPORE
2008-11-12 16:44 --------- d-----w c:\program files\Electronic Arts
2008-11-11 19:45 --------- d-----w c:\users\sondre\AppData\Roaming\Bioshock
2008-11-11 17:46 --------- d-----w c:\users\sondre\AppData\Roaming\Red Alert 3
2008-11-07 23:25 --------- d-----w c:\programdata\Messenger Plus!
2008-11-07 20:10 --------- d-----w c:\users\sondre\AppData\Roaming\vlc
2008-11-07 18:21 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-07 18:21 --------- d-----w c:\program files\Hamachi
2008-11-07 16:25 15,819,776 ----a-w c:\windows\System32\imageres.dll
2008-11-07 16:21 --------- d-----w c:\programdata\Stardock
2008-11-07 16:19 --------- d--h--w c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-07 14:54 --------- d-----w c:\program files\Softonic_English
2008-11-07 14:54 --------- d-----w c:\program files\Conduit
2008-11-04 18:21 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-27 09:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll
2008-10-22 04:29 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-22 04:29 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-10 03:52 452,440 ----a-w c:\windows\System32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\System32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\System32\D3DCompiler_40.dll
2008-06-15 17:03 174 --sha-w c:\program files\desktop.ini
2007-09-20 13:23 0 ----a-w c:\users\sondre\AppData\Roaming\wklnhst.dat
2008-06-18 09:43 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-18 09:43 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-18 09:43 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-23 23:03 1784856 --a------ c:\program files\ToggleEN\tbTogg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2008-09-15 06:47 1784856 --a------ c:\program files\Softonic_English\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Steam"="d:\cs\steam.exe" [2008-10-08 1410296]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\programmer\QuickTime\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-03 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\K:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Users^sondre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\sondre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{46378D39-6192-45FE-86F7-64A545F0B1B4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D61150FB-6AC1-4290-8870-705DFA8F9779}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{865A5C83-C108-437B-8AF3-39BF8E851292}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{25E5AE1B-5384-4FC7-B15B-F0F0DBB071C3}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{BB90C049-97AE-47C9-9947-AC02E36FED37}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{3B8E43F8-5124-4484-B682-2CA2E37ADC55}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{AF48596A-CDC1-4E39-AC7A-97E16AA7B751}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{A2DD3F69-16E6-4282-8AD3-187E3ACE6389}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{7C546036-2353-4CAC-BEEC-6256E0C8EBA6}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{4D1F501C-2EDC-4BB7-A585-1D703CB23DA3}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{86D07C70-7B6C-4D80-A6D3-987D1E2A9BC5}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{A3E2A3EB-6B03-4CFA-94D0-05AB7A07C361}"= UDP:d:\bf2\BF2.exe:Battlefield 2
"{BDD458C7-B12D-4EAF-8CC5-D4D10FE06917}"= TCP:d:\bf2\BF2.exe:Battlefield 2
"TCP Query User{89CB9C49-11F7-4E85-8BDE-73448C504B39}c:\\users\\sondre\\desktop\\skype\\phone\\skype.exe"= UDP:c:\users\sondre\desktop\skype\phone\skype.exe:skype.exe
"UDP Query User{D2D6168C-F56B-4055-9705-2536DBFF40E2}c:\\users\\sondre\\desktop\\skype\\phone\\skype.exe"= TCP:c:\users\sondre\desktop\skype\phone\skype.exe:skype.exe
"TCP Query User{709750F8-C548-48CA-9750-5FBF147DEB21}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= UDP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{93AA1A6D-141A-4DEF-878C-CC28FF66A837}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= TCP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher
"{A6D8CEC5-BD26-4386-A12E-B0F28164744D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{BB3FF932-BEAF-4F41-9CB9-6950AE97896D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F6688792-BB38-4306-A460-E30C930BD1E1}c:\\users\\sondre\\documents\\^ting\\skype\\phone\\skype.exe"= UDP:c:\users\sondre\documents\^ting\skype\phone\skype.exe:skype.exe
"UDP Query User{483774F6-9987-41F6-AE17-0BF171197213}c:\\users\\sondre\\documents\\^ting\\skype\\phone\\skype.exe"= TCP:c:\users\sondre\documents\^ting\skype\phone\skype.exe:skype.exe
"{72D4C292-7DDE-4F47-87C1-63C56CB980D0}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{20539A95-9015-48C8-B45E-D233096FFB61}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{614B4F20-CC4D-4A87-AB8B-A771BBE01B95}d:\\cs\\steam.exe"= UDP:d:\cs\steam.exe:Steam
"UDP Query User{2BC236A4-364F-4DE9-B03F-1680AD90AA45}d:\\cs\\steam.exe"= TCP:d:\cs\steam.exe:Steam
"TCP Query User{EC3390F0-386B-445E-B3B6-DE5BD27C7E38}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= UDP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{38349E42-DF84-49C0-9B99-16527E9DF84D}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= TCP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{E3FFEA64-706B-4CFB-9227-683CDE9B4C98}d:\\cs\\steamapps\\aose\\condition zero deleted scenes\\hl.exe"= UDP:d:\cs\steamapps\aose\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{68FA644E-E524-4341-BF2C-3DE60C5E484A}d:\\cs\\steamapps\\aose\\condition zero deleted scenes\\hl.exe"= TCP:d:\cs\steamapps\aose\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{C8E69D93-B724-4CC4-B433-FE16FC99C1BF}d:\\cs\\steam.exe"= UDP:d:\cs\steam.exe:Steam
"UDP Query User{0308372E-EE1E-4127-B61E-B604907F0AEC}d:\\cs\\steam.exe"= TCP:d:\cs\steam.exe:Steam
"TCP Query User{0250E114-B125-410E-BD13-C6E2D88CBEBB}d:\\cs\\steamapps\\aose\\deathmatch classic\\hl.exe"= UDP:d:\cs\steamapps\aose\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{70D40977-6432-46A7-B367-37D5DD320E68}d:\\cs\\steamapps\\aose\\deathmatch classic\\hl.exe"= TCP:d:\cs\steamapps\aose\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{8B5FE294-288F-4D61-9250-00447CACD5F3}d:\\cs\\steamapps\\sondre_o\\counter-strike\\hl.exe"= UDP:d:\cs\steamapps\sondre_o\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1CF1DA62-E3D3-4105-B246-6D00447D31EA}d:\\cs\\steamapps\\sondre_o\\counter-strike\\hl.exe"= TCP:d:\cs\steamapps\sondre_o\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{199DCA47-D779-4381-AE8F-A46C56D72BA6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C3DFB329-0190-40A3-9D8D-CDD0996E953C}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6FB53468-2693-48E0-924B-665DAA68EC15}d:\\fraps\\xfire\\xfire.exe"= UDP:d:\fraps\xfire\xfire.exe:Xfire
"UDP Query User{DC3B8B84-2D56-4B43-AC9D-9B73711A61F3}d:\\fraps\\xfire\\xfire.exe"= TCP:d:\fraps\xfire\xfire.exe:Xfire
"TCP Query User{F4C059F9-1AD9-4714-9E66-1C965561EC64}c:\\users\\sondre\\documents\\mediaplayer\\bitlord\\bitlord.exe"= UDP:c:\users\sondre\documents\mediaplayer\bitlord\bitlord.exe:bitlord.exe
"UDP Query User{9700559D-81AB-42B1-841E-D44F6202AA51}c:\\users\\sondre\\documents\\mediaplayer\\bitlord\\bitlord.exe"= TCP:c:\users\sondre\documents\mediaplayer\bitlord\bitlord.exe:bitlord.exe
"TCP Query User{BE3CC345-55F8-4714-9C7B-E124DC4599F4}d:\\cs\\steamapps\\sondre_o\\day of defeat\\hl.exe"= UDP:d:\cs\steamapps\sondre_o\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{554CE5A7-0551-47CA-AD48-54144B11EC64}d:\\cs\\steamapps\\sondre_o\\day of defeat\\hl.exe"= TCP:d:\cs\steamapps\sondre_o\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{3C564E4B-CD78-4541-8FCA-5AE1677A51C8}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2
"UDP Query User{6445D868-7A4A-45D7-98D9-FFADCF0FE8F5}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2
"TCP Query User{646D98D2-D575-4B08-893F-A2FD8C396E4B}d:\\cs\\steamapps\\sondre_o\\half-life 2 deathmatch\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{BE292D32-4F97-421A-9835-4E2BA1238C75}d:\\cs\\steamapps\\sondre_o\\half-life 2 deathmatch\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{FB8EB337-A504-49EC-B7B4-E4B18760F5FA}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E18A50CA-028A-4E80-BF67-CF334EBAE613}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{2CDE17D8-5756-43A2-8321-33DDA1DF406C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{13D75719-8368-493D-8327-48EA4778A0D9}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{C0412AB7-62D5-4160-B4CC-609FCBDE95C2}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{0E67EFD8-0A5B-46BB-A743-F752853E794B}d:\\programmer\\liero 0.6.6b\\lierox.exe"= UDP:d:\programmer\liero 0.6.6b\lierox.exe:Liero Xtreme
"UDP Query User{FC57F34E-1EAA-4D99-880C-352BBA80FDA5}d:\\programmer\\liero 0.6.6b\\lierox.exe"= TCP:d:\programmer\liero 0.6.6b\lierox.exe:Liero Xtreme
"{79F6AF27-C123-47D4-B53D-26F2DDD8243C}"= UDP:d:\programmer\lime wier\LimeWire\LimeWire.exe:LimeWire
"{D2B3F997-AB0C-4F6A-A034-405014D18B3D}"= TCP:d:\programmer\lime wier\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{1FE15FFF-9563-4FD5-9CDA-5D5CD8A82A68}d:\\programmer\\bitlord\\bitlord.exe"= UDP:d:\programmer\bitlord\bitlord.exe:BitLord
"UDP Query User{97EE938E-9F7A-4EA0-B9F7-F71987B28340}d:\\programmer\\bitlord\\bitlord.exe"= TCP:d:\programmer\bitlord\bitlord.exe:BitLord
"TCP Query User{8FB84CC6-16B1-4CB3-BDFB-5471A26E5E1B}d:\\programmer\\utorrent\\utorrent.exe"= UDP:d:\programmer\utorrent\utorrent.exe:uTorrent
"UDP Query User{F4861F5B-4200-437B-9035-983FC3E659B9}d:\\programmer\\utorrent\\utorrent.exe"= TCP:d:\programmer\utorrent\utorrent.exe:uTorrent
"TCP Query User{7A5A89EF-DEA1-4CD8-9526-8BBC882F711C}c:\\users\\sondre\\desktop\\utorrent.exe"= UDP:c:\users\sondre\desktop\utorrent.exe:utorrent.exe
"UDP Query User{27FE2CE3-3400-4CAC-8205-8770B62E9EE6}c:\\users\\sondre\\desktop\\utorrent.exe"= TCP:c:\users\sondre\desktop\utorrent.exe:utorrent.exe
"TCP Query User{1F4C265C-BD4E-4F4C-A15F-F870A01E4231}d:\\programmer\\win dvd\\windvd.exe"= UDP:d:\programmer\win dvd\windvd.exe:WinDVD
"UDP Query User{4F7EE31F-E9B2-4C8D-996C-A3928C4B526F}d:\\programmer\\win dvd\\windvd.exe"= TCP:d:\programmer\win dvd\windvd.exe:WinDVD
"{3387C312-4D18-47D6-A83D-C26519B93DC1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3E4462EA-5FE1-45AB-B151-DE0C0A5DEA15}d:\\cs\\steamapps\\sondre_o\\source sdk base\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\source sdk base\hl2.exe:hl2
"UDP Query User{7B6ACB02-4A45-4EA3-AEA0-A005BD353A1E}d:\\cs\\steamapps\\sondre_o\\source sdk base\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\source sdk base\hl2.exe:hl2
"TCP Query User{0C2B2FD7-6BB1-4655-AAE4-D4085B24D3EA}d:\\programmer\\ny mappe\\tmnationsforever\\tmforever.exe"= UDP:d:\programmer\ny mappe\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{64D54EBD-D9B3-47A9-B270-35468EEB75A4}d:\\programmer\\ny mappe\\tmnationsforever\\tmforever.exe"= TCP:d:\programmer\ny mappe\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{8A807267-904A-4FA8-8F6C-7A4B66C1D463}d:\\cs\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:d:\cs\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{50FD7D98-7973-4A49-9D8B-2EE58FDDACF0}d:\\cs\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:d:\cs\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{D0D989DA-2219-4F13-8840-4AE9B368EA87}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{0A2A1623-D480-4CE8-9DA6-1D7F33AD6678}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{90B662C1-7253-49FC-80D6-C5B5A43F5534}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidepanel
"UDP Query User{CC60BFC6-31ED-4B70-8B13-1BCA26F56C9F}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidepanel
"TCP Query User{C557F818-AACE-4020-9F8B-52E3EC118DE5}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2
"UDP Query User{E5CA0775-3F44-4243-9A89-9331E5C1EE17}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2
"TCP Query User{49B79FB1-36FB-4D67-A1B8-8CF8F064B6DC}d:\\utorrent\\utorrent.exe"= UDP:d:\utorrent\utorrent.exe:µTorrent
"UDP Query User{F8C79150-7C98-457C-9828-23482FF9C85E}d:\\utorrent\\utorrent.exe"= TCP:d:\utorrent\utorrent.exe:µTorrent
"TCP Query User{D108B99F-0FB7-4458-BFD5-42B17AE025AF}d:\\games\\elma\\test drive unlimited\\testdriveunlimited.exe"= UDP:d:\games\elma\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{E2F6D774-E237-41E4-81BC-3A65507DD168}d:\\games\\elma\\test drive unlimited\\testdriveunlimited.exe"= TCP:d:\games\elma\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{E1721E29-0E09-4090-B755-031F201678C1}d:\\cs\\steamapps\\sondre_o\\source dedicated server\\srcds.exe"= UDP:d:\cs\steamapps\sondre_o\source dedicated server\srcds.exe:srcds
"UDP Query User{3AB8210E-FAC6-4D7C-A8CB-BC2E524EFCD4}d:\\cs\\steamapps\\sondre_o\\source dedicated server\\srcds.exe"= TCP:d:\cs\steamapps\sondre_o\source dedicated server\srcds.exe:srcds
"TCP Query User{3459903E-22B7-44B9-B107-AA6161C8B48B}d:\\cs\\steamapps\\sondre_o\\zombie panic! source\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\zombie panic! source\hl2.exe:hl2
"UDP Query User{62D1040F-D96C-45FD-B1BD-C66A9F33837D}d:\\cs\\steamapps\\sondre_o\\zombie panic! source\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\zombie panic! source\hl2.exe:hl2
"TCP Query User{42AE1D84-FCBE-479D-B6FF-CE38DCAFB10E}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{70DBF98F-DCD3-4253-9715-FEA37C01E0F4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{AACAC9B2-E00B-4545-A5B4-BE4AC4EE8CCA}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{FE301625-48D4-403C-BF8C-9281B014216B}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{F9D28C01-A0D8-42E3-BC91-B114DA24DEBA}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{E1142066-E8E9-484C-915B-B3AF6EFAB671}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{E3983F06-400D-4202-AD63-8D8BD4F524A8}c:\\users\\sondre\\desktop\\cs me bota\\hl.exe"= UDP:c:\users\sondre\desktop\cs me bota\hl.exe:hl.exe
"UDP Query User{D4245EA4-A986-43F5-A98B-087719105782}c:\\users\\sondre\\desktop\\cs me bota\\hl.exe"= TCP:c:\users\sondre\desktop\cs me bota\hl.exe:hl.exe
"TCP Query User{6AD55CF9-A1B3-4B84-B8C0-310CCB58D86C}d:\\utorrent\\utorrent.exe"= UDP:d:\utorrent\utorrent.exe:µTorrent
"UDP Query User{854838DE-19AA-47B8-839A-236D501D8337}d:\\utorrent\\utorrent.exe"= TCP:d:\utorrent\utorrent.exe:µTorrent
"TCP Query User{B0552FBE-07FD-49DF-9FE9-F2563D330FD6}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3
"UDP Query User{675B8ACC-6047-4AC8-95E5-29E6DEDCF1E6}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3
"TCP Query User{270A2229-7774-41F5-A78D-8E7DB16FB354}c:\\program files\\rockstar games\\midnight club ii\\mc2.exe"= UDP:c:\program files\rockstar games\midnight club ii\mc2.exe:mc2
"UDP Query User{4D50D4B4-B026-4190-BB84-EFB878456DB5}c:\\program files\\rockstar games\\midnight club ii\\mc2.exe"= TCP:c:\program files\rockstar games\midnight club ii\mc2.exe:mc2
"{D141B16E-1D59-4AE6-9730-0257BB15E36A}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)
"{290BEAD1-74BB-484B-BBD6-75B15DC5DD41}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{4A8B53E0-0126-4F04-B9D2-A943F6C4346F}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3
"UDP Query User{670D5982-21D8-4930-80B8-3EBE25D6A7E6}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3
"TCP Query User{065984B1-1B17-4D70-A4F5-C6488BAD7D62}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{07C755A8-0798-4C29-9B2C-7CAF61273AF7}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"{3990C28B-BC44-4AF9-BDBA-00D192305450}"= UDP:d:\programmer\QuickTime\iTunes.exe:iTunes
"{FFBD36CE-8D6F-48A3-B4EA-DEE0D857F042}"= TCP:d:\programmer\QuickTime\iTunes.exe:iTunes
"{8C1FDB73-5877-41B7-AFD3-DBE61F8A092D}"= UDP:d:\games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{C6979B84-CC15-4C92-9982-7E2E3D30724E}"= TCP:d:\games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"TCP Query User{CF445DD3-6DA4-4060-BD09-9901F68DC635}d:\\games\\cs me bota\\hl.exe"= UDP:d:\games\cs me bota\hl.exe:Half-Life Launcher
"UDP Query User{094CF2E0-A086-465A-9054-D4577AD215B7}d:\\games\\cs me bota\\hl.exe"= TCP:d:\games\cs me bota\hl.exe:Half-Life Launcher
"TCP Query User{FA8C476B-54B5-42A8-811E-360AAACCF903}d:\\games\\left 4 dead\\left4dead.exe"= UDP:d:\games\left 4 dead\left4dead.exe:left4dead
"UDP Query User{8E95A511-724B-49DC-A461-0A549C22F0BA}d:\\games\\left 4 dead\\left4dead.exe"= TCP:d:\games\left 4 dead\left4dead.exe:left4dead
"{BD599D51-BAEA-4FFD-95E5-9C7561028BAF}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{D4A55936-D219-4BAD-B83F-D093D63A2DC5}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{1672B3A4-F9B6-4CB9-9370-99A5F2DD504E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{383C2EB7-C840-4A68-98F1-98F7C95A5D04}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{74E13A4B-89C0-41C9-8554-1168AE9D1D07}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{9474C1FF-49A4-4C7C-A4DE-41ADAFFB571C}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DBC368F8-EBDF-491D-B667-950A027DC40E}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4B1FD340-951B-434E-A913-2965A178FF82}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{811453EF-AF6D-4379-A14E-D30BD1E71720}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{BC2538D8-947D-4198-9910-DDCA6FE687A1}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{C7F9971B-B3D5-468F-8994-09BF4C42E6AD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{CF73C4B2-EF0B-4768-9E46-340EB79A09A1}d:\\games\\left 4 dead\\left4dead.exe"= UDP:d:\games\left 4 dead\left4dead.exe:left4dead
"UDP Query User{D55BB499-3785-4EAD-8F85-37AA0E23BE2C}d:\\games\\left 4 dead\\left4dead.exe"= TCP:d:\games\left 4 dead\left4dead.exe:left4dead
"TCP Query User{232B4277-0B8D-4E9D-9209-914C7AC2FD7B}d:\\games\\games\\grand theft auto iv\\gtaiv.exe"= UDP:d:\games\games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{B0CE9FFE-D9B1-42F8-B0AE-BB66F35DD112}d:\\games\\games\\grand theft auto iv\\gtaiv.exe"= TCP:d:\games\games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{A6369BA7-2B65-4515-B262-CA67AF8110A9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{14F42108-7ADC-4130-8679-D6CD04D3781A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{0A206D78-BBAD-409B-B2E0-05B9ADCE4BFD}d:\\games\\warcraft iii\\war3.exe"= UDP:d:\games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{EFDD2845-DD88-4150-9060-1A6937CBBDAD}d:\\games\\warcraft iii\\war3.exe"= TCP:d:\games\warcraft iii\war3.exe:Warcraft III
"TCP Query User{A3649EE4-F8B9-46D0-B8D9-DAE22C2A7839}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java Platform SE binary
"UDP Query User{3A5703BD-129F-459E-8F0C-8947A87D02D3}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java Platform SE binary
"TCP Query User{CE25D576-1A54-458D-954E-E84BBCD16DDB}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2
"UDP Query User{46E3E920-A951-46EA-80F1-1CB78752C128}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2
"TCP Query User{7F565F37-5E77-41CE-873C-B2C02F9A1050}d:\\cs\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:d:\cs\steamapps\common\left 4 dead\left4dead.exe:left4dead
"UDP Query User{2E8AEE3A-9942-488E-BB12-19BD43A881C8}d:\\cs\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:d:\cs\steamapps\common\left 4 dead\left4dead.exe:left4dead
"TCP Query User{6CC456E5-705F-4BD9-952F-AB4203154236}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2
"UDP Query User{B147CB70-51A7-44DD-B026-3988F530B94E}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2007-08-03 32256]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-09-20 14:25:37 13560]
R4 TeamViewer;TeamViewer 3;d:\programmer\team viewer\TeamViewer3\TeamViewer_Host.exe [2007-12-17 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2009-01-07 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2009-01-06 c:\windows\Tasks\User_Feed_Synchronization-{0FC97D1B-695B-4149-B4AF-C0782936A31E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - TOMME PEKERE FJERNET - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://thepiratebay.org/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://no.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\sondre\AppData\Roaming\Mozilla\Firefox\Profiles\vc7po422.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Softonic_English Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.nettby.no/
FF - component: c:\program files\Mozilla Firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFAlert.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\programmer\QuickTime\Mozilla Plugins\npitunes.dll
ATTENTION: FIREFOX POLICIES ARE IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 18:31:00
Windows 6.0.6001 Service Pack 1 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
c:\windows\TEMP\TMP0000008246724FC8E2A71768 524288 bytes
skanning vellykket
skjulte filer: 1
**************************************************************************
.
Tidspunkt ferdig: 2009-01-07 18:33:23
ComboFix-quarantined-files.txt 2009-01-07 17:33:21
Pre-Run: 16ÿ898ÿ547ÿ712 byte ledig
Post-Run: 18,122,551,296 byte ledig
436 --- E O F --- 2009-01-02 12:37:07
-
hmm... tror det er et virus som reagerer på combofix..
får du innstalert det og kjørt det
?
edit: hvis det ikke er windows defender som tar Combofix som et virus?
det er windows defender som tar det som eit virus :/ (trur eg)
skal eg bare trykke ignorer da eller?
-
-
jeg får opp ein advarsel nor eg prøver og laste ned Combofix filen det står noko om en trojaner :S
er det normalt? :S
-
nå er dataen restartet då skla eg velgjøre følgende?
Last ned Combofix (av sUBs), og legg det på Skrivebordet.
Kjør combofix.exe, og følg veiledningen.
* Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til.
* Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.
-
her er MBAM loggen :
Malwarebytes' Anti-Malware 1.32
Databaseversjon: 1628
Windows 6.0.6001 Service Pack 1
07.01.2009 17:57:56
mbam-log-2009-01-07 (17-57-56).txt
Skanntype: Rask Skann
Objekter skannet: 53925
Tid tilbakelagt: 5 minute(s), 24 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 1
Registerverdier infisert: 0
Registerfiler infisert: 1
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerverdier infisert:
(Ingen mistenkelige filer funnet)
Registerfiler infisert:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
er ikke moderatorfinnes 2-3 andre som er bedre enn meg
men man må jo ha en hobby ved siden av gaming
men vi trenger vel ikke gå så Off Topic
?
oh ok sorry ^^
men fekk besjed om restarte så skal eg jer det?
-
ok :O sorry d viste eg ikke :/
står at eg har funnet 2 objekter no men scanninga er ikke ferdi :/
men du atte er du forumsadministrator eler noe? siden du er så flink med antivirusprogramm og sant?^^
-
tusen takk for all hjelpen scanner nå
men btw eg trudde dataen min va rein? :S kordan har det seg at eg har så mange virus dadå? :S
-
-_-
ok ska sjå om eg kan fikse det RSKT :S
-
mener med *og du har ein fin virus data ?:O :S
-
ser du har AVG8 og Avira antivir på maskina di
avinnstaler et av de
kvifor avinstalere eit ? :S
-
hei kan nokon sjekke loggen min ( HijackThis )
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:41, on 07.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
D:\programmer\QuickTime\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\CS\Steam.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\sondre\AppData\Local\Temp\RtkBtMnt.exe
D:\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\programmer\QuickTime\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [steam] "d:\cs\steam.exe" -silent
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Nedlastningsadministratorkontroll) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\programmer\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - D:\programmer\team viewer\TeamViewer3\TeamViewer_Host.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 15244 bytes
-
lag ditt eige emne Soildor ved å klikke på "nytt emne" øvst eller nedst på denne sida. I det nye emnet poster du loggen. Dersom du er sikker på at du har virus køyrer du denne veiledninga
ok
-
prøv å last ned combofix på nytt. Du treng ikkje gi det nytt namn, viss det er dette som gir deg feilmeldingen. Dersom du absolutt ikkje får Combofix til å virke bør du køyre HijackThis, noko du gjerne kan gjera uansett.
Gjør følgende:
Last ned 'HijackThis'.
Lagre den i en permanent mappe, f.eks i C:\HJT\, dobbelklikk på HijackThis.exe, og trykk Do a system scan and save a logfile.
Når Notisblokk-vinduet åpnes, trykker du Ctrl-A for å markere hele teksten, kopierer det Ctrl-C og limer det inn i din neste post på forumet Ctrl-V. Mesteparten av innholdet i lista er trygt. Ikke fiks noe enda.
Du vil da få en logg tilsvarende den i spoiler nedenfor:
Klikk for å se/fjerne spoilerteksten nedenforLogfile of HijackThis v1.99.1Scan saved at 17:06:11, on 08.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programfiler\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe
C:\Programfiler\Ahead\InCD\InCD.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kenneth\Skrivebord\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://stealthy.foolishgames.net/news.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe[/code]
Legg loggfila i spoiler ved å gjer følgande:
[*spoiler]Post logger her[/*spoiler] fjern * for at spoiler skal virke
Korleis ser loggen min ut ? :S
er bekjymrett for virus
HijackThis
Klikk for å se/fjerne spoilerteksten nedenforLogfile of Trend Micro HijackThis v2.0.2Scan saved at 16:47:41, on 07.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
D:\programmer\QuickTime\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\CS\Steam.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\sondre\AppData\Local\Temp\RtkBtMnt.exe
D:\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\programmer\QuickTime\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [steam] "d:\cs\steam.exe" -silent
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Nedlastningsadministratorkontroll) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\programmer\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - D:\programmer\team viewer\TeamViewer3\TeamViewer_Host.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 15244 bytes
[/spoiler
kva er hidden driver?
i IKT-drift og sikkerhet
Skrevet
tror det ikke funket :/
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\windows\system32\drivers\avqupafd.sys" not found!
Deletion of file "c:\windows\system32\drivers\avqupafd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.