[Løst]Hjelp jeg har fått en trojansk hest !

[lordbeiken]

Logfile of Trend Micro HijackThis v2.0.2

Klikk for å se/fjerne innholdet nedenfor

Scan saved at 23:26:25, on 22.01.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Steam\Steam.exe

C:\program files\avira\antivir personaledition classic\avcenter.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [1438816404] "C:\ProgramData\2131496019\1438816404.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 7296 bytes

Endret 22. januar 2009 av lordbeiken

[r2d290]

Du har (eller rester av) 2 antivirusprogram: AVG og Avira. Avinstaller ett av dem.

 

Avinstaller bearshare. Det kan du gjøre fra kontrollpanel->legg til/fjern programmer. (du kan eventuelt installere det igjen når vi er ferdig med opprensingen.

 

Ellers kan du følge veiledningen som er linket til øverst i signaturen min, og poste loggene her i tråden din. Samtidig forteller du hvilket program som forteller at du har en trojansk hest, hva fila heter, hvor fila ligger, og hva programmet har gjort med trojaneren (slettet, karantene osv.).

Endret 23. januar 2009 av r2d290

[lordbeiken]

tidligere idag da jeg skulle støvsuge rommet, kortsluttet sikringen på rommet mitt...

senere da jeg fikset sikringen, slo jeg på dataen og det stod at "dette er en midlertidig profil"

alt så ut som om at det hadde blitt restartet eller noe (bakgrunn var borte, mapper var borte osv.)

heldigvis er ikke filene mine slettet, bare lagt tilbake i programfiler

føler meg litt tilbakestående på data...

BTW finner ikke AVG filer på dataen

likte ikke AVG så jeg bytta til Avira AntiVir Personal

 

burde jeg bytte til noe annet ??

Endret 23. januar 2009 av lordbeiken

[lordbeiken]

har installert Malwarebytes' Anti-Malware 1.3 og gjort en scan dette ble resultatet

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.33

Database version: 1682

Windows 6.0.6001 Service Pack 1

 

23.01.2009 19:21:18

mbam-log-2009-01-23 (19-21-18).txt

 

Scan type: Quick Scan

Objects scanned: 50669

Time elapsed: 1 minute(s), 32 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 3

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1438816404 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Users\Lordbeiken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

 

Files Infected:

C:\ProgramData\2131496019\1438816404.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

C:\Users\Lordbeiken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

C:\Users\Lordbeiken\AppData\Local\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

er problemet løst da ??

avira tror at det er ennå malware på dataen

Endret 23. januar 2009 av lordbeiken

[snippsat]

likte ikke AVG så jeg bytta til Avira AntiVir Personal

Avira er bra.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

[lordbeiken]

likte ikke AVG så jeg bytta til Avira AntiVir Personal

Avira er bra.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

 

et lite problem med combofix er at jeg må restarte pc'en

da forsvinner vanligvis alt arbeidet jeg har gjort

men skal prøve igjen ;D

Endret 23. januar 2009 av lordbeiken

[lordbeiken]

dataen overlevde skannen :!: her er ComboFix loggen

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-01-21.04 - Lordbeiken 2009-01-23 21:18:05.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3326.2098 [GMT 1:00]

Kjører fra: c:\users\TEMP\Downloads\ComboFix.exe

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-23 til 2009-01-23 )))))))))))))))))))))))))))))))))

.

 

2009-01-23 19:19 . 2009-01-23 19:19 <DIR> d-------- c:\users\TEMP\AppData\Roaming\Malwarebytes

2009-01-23 19:00 . 2009-01-23 19:00 <DIR> dr------- c:\users\TEMP\Searches

2009-01-23 19:00 . 2009-01-23 19:00 <DIR> dr------- c:\users\TEMP\Contacts

2009-01-23 18:59 . 2009-01-23 19:00 <DIR> dr------- c:\users\TEMP\Videos

2009-01-23 18:59 . 2009-01-23 19:00 <DIR> dr------- c:\users\TEMP\Saved Games

2009-01-23 18:59 . 2009-01-23 19:00 <DIR> dr------- c:\users\TEMP\Pictures

2009-01-23 18:59 . 2009-01-23 19:00 <DIR> dr------- c:\users\TEMP\Music

2009-01-23 18:59 . 2009-01-23 19:00 <DIR> dr------- c:\users\TEMP\Links

2009-01-23 18:59 . 2009-01-23 21:17 <DIR> dr------- c:\users\TEMP\Downloads

2009-01-23 18:59 . 2009-01-23 19:00 <DIR> dr------- c:\users\TEMP\Documents

2009-01-23 18:59 . 2006-11-02 13:37 <DIR> d-------- c:\users\TEMP\AppData\Roaming\Media Center Programs

2009-01-23 18:59 . 2009-01-23 19:00 <DIR> d--h----- c:\users\TEMP\AppData

2009-01-23 18:59 . 2009-01-23 19:00 <DIR> d-------- c:\users\TEMP

2009-01-23 18:58 . 2009-01-23 18:59 292,701,422 --a------ c:\windows\MEMORY.DMP

2009-01-23 17:52 . 2009-01-23 17:52 <DIR> d-------- c:\users\Gjest\AppData\Roaming\Skype

2009-01-23 14:30 . 2009-01-23 14:30 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com

2009-01-23 14:30 . 2009-01-23 14:30 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

2009-01-23 14:30 . 2009-01-23 14:30 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-01-23 14:24 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-01-23 14:24 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-01-23 14:23 . 2009-01-23 14:24 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-23 14:23 . 2009-01-23 14:24 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-23 14:23 . 2009-01-23 14:24 <DIR> d-------- c:\program files\iTunes

2009-01-23 14:23 . 2009-01-23 14:23 <DIR> d-------- c:\program files\iPod

2009-01-23 14:23 . 2009-01-23 14:23 <DIR> d-------- c:\program files\Bonjour

2009-01-23 14:22 . 2009-01-23 14:23 <DIR> d-------- c:\program files\Common Files\Apple

2009-01-23 14:20 . 2009-01-23 14:20 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-01-23 14:20 . 2009-01-23 14:23 <DIR> d-------- c:\users\All Users\Apple Computer

2009-01-23 14:20 . 2009-01-23 14:20 <DIR> d-------- c:\programdata\Malwarebytes

2009-01-23 14:20 . 2009-01-23 14:23 <DIR> d-------- c:\programdata\Apple Computer

2009-01-23 14:20 . 2009-01-23 14:20 <DIR> d-------- c:\program files\QuickTime

2009-01-23 14:20 . 2009-01-23 14:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-23 14:20 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-23 14:20 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-22 23:25 . 2009-01-22 23:25 <DIR> d-------- c:\program files\Trend Micro

2009-01-22 16:11 . 2009-01-22 16:11 <DIR> d-------- c:\program files\CCleaner

2009-01-22 16:02 . 2009-01-23 19:21 <DIR> d-------- c:\users\All Users\2131496019

2009-01-22 16:02 . 2009-01-23 19:21 <DIR> d-------- c:\programdata\2131496019

2009-01-21 23:35 . 2009-01-21 23:35 <DIR> d-------- c:\users\All Users\33E7

2009-01-21 23:35 . 2009-01-21 23:35 <DIR> d-------- c:\programdata\33E7

2009-01-21 17:07 . 2009-01-21 17:07 <DIR> d-------- c:\users\All Users\12303

2009-01-21 17:07 . 2009-01-21 17:07 <DIR> d-------- c:\programdata\12303

2009-01-21 16:47 . 2009-01-21 16:47 <DIR> d-------- c:\users\All Users\18B3

2009-01-21 16:47 . 2009-01-21 16:47 <DIR> d-------- c:\programdata\18B3

2009-01-21 00:25 . 2009-01-21 00:25 <DIR> d-------- c:\users\All Users\331A6

2009-01-21 00:25 . 2009-01-21 00:25 <DIR> d-------- c:\programdata\331A6

2009-01-21 00:24 . 2009-01-21 00:24 <DIR> d-------- c:\users\All Users\121D4

2009-01-21 00:24 . 2009-01-21 00:24 <DIR> d-------- c:\programdata\121D4

2009-01-19 19:03 . 2009-01-19 19:03 <DIR> d-------- c:\program files\Ventrilo

2009-01-19 19:03 . 2009-01-19 19:03 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

2009-01-19 19:02 . 2009-01-23 14:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-01-17 13:22 . 2009-01-17 13:22 <DIR> d-------- c:\users\All Users\Avira

2009-01-17 13:22 . 2009-01-17 13:22 <DIR> d-------- c:\programdata\Avira

2009-01-17 13:22 . 2009-01-17 13:22 <DIR> d-------- c:\program files\Avira

2009-01-13 21:23 . 2008-09-17 23:55 1,108,512 --a------ c:\windows\System32\nvcpluir.dll

2009-01-13 21:01 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

2009-01-10 18:39 . 2009-01-10 18:39 107,888 --a------ c:\windows\System32\CmdLineExt.dll

2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx

2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\System32\QuickTime.qts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-23 19:39 --------- d-----w c:\program files\Steam

2009-01-23 13:34 --------- d-----w c:\program files\BearShare Applications

2009-01-17 12:23 --------- d-----w c:\program files\Common Files\Steam

2009-01-17 11:42 --------- d-----w c:\program files\Google

2009-01-13 22:12 --------- d-----w c:\programdata\NVIDIA

2009-01-13 20:12 --------- d-----w c:\program files\Windows Mail

2009-01-10 18:00 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-10 17:47 --------- d-----w c:\programdata\Electronic Arts

2009-01-06 22:42 --------- d-----w c:\program files\Electronic Arts

2008-12-20 14:23 --------- d-----w c:\program files\CabalOnline

2008-12-18 13:05 --------- d-----w c:\programdata\Sports Interactive

2008-12-14 22:33 --------- d-----w c:\program files\GameSpy Arcade

2008-12-14 12:05 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-12-14 12:05 --------- d-----w c:\program files\Java

2008-12-13 16:09 --------- d-----w c:\programdata\PopCap Games

2008-12-13 16:08 --------- d-----w c:\programdata\Steam

2008-12-13 02:03 --------- d-----w c:\programdata\Microsoft Help

2008-12-11 20:37 42,320 ----a-w c:\windows\System32\xfcodec.dll

2008-12-09 18:24 --------- d-----w c:\program files\Alwil Software

2008-12-09 18:10 --------- d-----w c:\programdata\avg8

2008-12-06 16:59 --------- d-----w c:\program files\Belkin CorporationBelkin

2008-11-28 17:34 --------- d-----w c:\program files\Games-Masters.com

2008-11-28 16:56 --------- d-----w c:\programdata\NOS

2008-11-28 16:56 --------- d-----w c:\program files\NOS

2008-11-26 22:21 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-26 22:20 --------- d-----w c:\program files\Common Files\Adobe

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-07-15 15:40 951 ----a-w c:\program files\Get OpenOffice.org.lnk

2008-07-14 16:10 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-14 16:10 56 ---ha-w c:\programdata\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2009-01-11 21:25 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

 

((((((((((((((((((((((((((((( snapshot_2009-01-23_18.56.08,75 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-23 17:25:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-01-23 17:59:12 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-01-23 17:25:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-01-23 17:59:12 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-01-23 17:26:30 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-23 18:01:05 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-23 18:01:05 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-01-23 17:55:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-23 20:19:11 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-23 20:19:11 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-01-23 17:27:14 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-23 18:34:09 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-23 17:27:14 2,080,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-23 18:34:09 2,080,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-23 17:27:14 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-23 18:34:09 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-23 17:30:13 101,052 ----a-w c:\windows\System32\perfc009.dat

+ 2009-01-23 18:04:58 101,052 ----a-w c:\windows\System32\perfc009.dat

- 2009-01-23 17:30:13 76,272 ----a-w c:\windows\System32\perfc014.dat

+ 2009-01-23 18:04:58 76,272 ----a-w c:\windows\System32\perfc014.dat

- 2009-01-23 17:30:13 586,980 ----a-w c:\windows\System32\perfh009.dat

+ 2009-01-23 18:04:58 586,980 ----a-w c:\windows\System32\perfh009.dat

- 2009-01-23 17:30:13 452,088 ----a-w c:\windows\System32\perfh014.dat

+ 2009-01-23 18:04:58 452,088 ----a-w c:\windows\System32\perfh014.dat

- 2009-01-23 17:27:23 6,630 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3313641878-1417431046-2429296989-1000_UserData.bin

+ 2009-01-23 18:01:24 6,646 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3313641878-1417431046-2429296989-1000_UserData.bin

- 2009-01-23 17:27:23 82,536 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-23 18:01:24 82,750 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-19 185872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-11 30192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=G

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{BBF4D8AF-831D-462E-9233-175C1DFA7F29}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2EAD67E1-76E3-4E02-951B-5D88E2ACA5DB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{4C88D6F4-327E-439E-807F-C7A0E5AAA79B}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"UDP Query User{EA177C2D-0CF0-4C65-A2AC-8873C812FE8A}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"{75FC5B14-F89B-438F-A7EF-F05AC54535A0}"= Disabled:UDP:c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe:Icon048298C91

"{03F545CA-FEC3-41BC-A76B-D3D1FE0B65F0}"= Disabled:TCP:c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe:Icon048298C91

"TCP Query User{0F21EA0A-705B-4AA6-B6DD-F81C70B4CA3D}c:\\program files\\steam\\steamapps\\lordbeiken\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\source dedicated server\srcds.exe:srcds

"UDP Query User{71746B54-8AA0-44CF-9AF4-A20A3621E521}c:\\program files\\steam\\steamapps\\lordbeiken\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\source dedicated server\srcds.exe:srcds

"TCP Query User{2F128A8C-8DE8-4C60-87F6-8B892C5155C2}c:\\program files\\steam\\steamapps\\lordbeiken\\source 2007 dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\source 2007 dedicated server\srcds.exe:srcds

"UDP Query User{4F08A351-36CC-4CB2-9171-FB06FEEA370F}c:\\program files\\steam\\steamapps\\lordbeiken\\source 2007 dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\source 2007 dedicated server\srcds.exe:srcds

"TCP Query User{0200E0AB-F10B-402D-BB27-B47FDB486C8C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{0050D2D8-48A6-4999-A68F-1A3C06E40D7B}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{FDDA0775-D226-49F2-B003-6566E2A27386}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{8FD632A2-C7EA-4079-B55E-F96F5D904EFC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{BB8022AE-29F4-4871-8227-1B140C160354}c:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest

"UDP Query User{AC6D2B88-FE3E-4E70-AB25-BF39F5B38D9E}c:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest

"TCP Query User{E2B62790-715C-46D3-A405-E61B279C97F3}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{6B53FE3D-414F-4C6C-A4DC-AD15B9FE8B57}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{21A3F195-1ACB-4211-99C3-73B8986A8376}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{AFF33EA2-B6B7-4A5C-8F2D-EE8D61552F91}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"TCP Query User{BE9E5D94-3A3C-4969-81BE-E3DF39848EDE}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{AD1CB6B5-B98C-45A7-96CD-CB385CBDAAE3}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{5AA2CF25-9509-4989-8C46-F138D11054F5}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

"UDP Query User{052BC555-9AAB-43B3-8CE7-187779CA6570}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

"{1E69F73A-3067-4B5C-A7F9-7ADA161DBBA6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{D140331C-5C26-4870-A67C-3C1327E0880E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{C7DC6BEE-FD81-4F8D-A8E4-FFA48357EEA4}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"{38D5D627-DB03-44E6-99A7-0DFC470D7A2E}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"{7C908BC8-79BC-4630-A9FF-626BDB1C0D4A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{58DE634F-2972-41AC-86C1-71B9C1532500}c:\\program files\\steam\\steamapps\\common\\left 4 dead demo\\srcds.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead demo\srcds.exe:srcds

"UDP Query User{F205E688-5491-4D43-A627-1E1039B2D7EF}c:\\program files\\steam\\steamapps\\common\\left 4 dead demo\\srcds.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead demo\srcds.exe:srcds

"TCP Query User{7ADFD4AE-E2ED-43EB-B06C-61F0E8F61C56}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire

"UDP Query User{C80AE4DD-731C-4FEB-A018-A9ECE7DC80B1}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

"TCP Query User{6BFFB302-EBD3-496E-9197-DA8C43F4282D}c:\\users\\lordbeiken\\downloads\\cabaltemp\\estsetuploader.exe"= UDP:c:\users\lordbeiken\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe

"UDP Query User{584B2871-7886-4D39-B749-7CBC92BFAF15}c:\\users\\lordbeiken\\downloads\\cabaltemp\\estsetuploader.exe"= TCP:c:\users\lordbeiken\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe

"TCP Query User{02B6EFD3-2E96-41F8-8EE0-87191DF1A5E9}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"UDP Query User{AB40FF91-92C0-4546-8E7A-7A9D5555F29D}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"TCP Query User{3313528A-9823-47C2-81FC-822D93D11D2D}c:\\users\\lordbeiken\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u0vtse2h\\cabaltemp\\estsetuploader.exe"= UDP:c:\users\lordbeiken\appdata\local\microsoft\windows\temporary internet files\content.ie5\u0vtse2h\cabaltemp\estsetuploader.exe:estsetuploader.exe

"UDP Query User{788E6DC4-ED5B-45CF-9412-86557924E280}c:\\users\\lordbeiken\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u0vtse2h\\cabaltemp\\estsetuploader.exe"= TCP:c:\users\lordbeiken\appdata\local\microsoft\windows\temporary internet files\content.ie5\u0vtse2h\cabaltemp\estsetuploader.exe:estsetuploader.exe

"TCP Query User{DDD3B1EC-2D96-44E9-B030-071F054D969D}c:\\users\\lordbeiken\\desktop\\launcher65\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\desktop\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{6F56B63E-294A-4F58-830E-5F54FA435BBE}c:\\users\\lordbeiken\\desktop\\launcher65\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\desktop\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{DD097A5D-1BB9-4906-9703-CED946727F7A}c:\\users\\lordbeiken\\desktop\\launcher656\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\desktop\launcher656\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{58C89BF8-1340-47F3-BABA-5EE0AAFE1A74}c:\\users\\lordbeiken\\desktop\\launcher656\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\desktop\launcher656\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{704DC3F7-8CAB-4917-AB12-FB5E5E2CC27C}c:\\users\\lordbeiken\\appdata\\local\\temp\\launcher65\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\appdata\local\temp\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{4C0B62EC-DF86-444F-AA12-3EFB3C65013C}c:\\users\\lordbeiken\\appdata\\local\\temp\\launcher65\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\appdata\local\temp\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{991E154D-7E33-4400-9E33-286D0C4D3572}c:\\users\\lordbeiken\\desktop\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\desktop\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{43119E78-FC12-4D28-B03C-8EEB22AC449F}c:\\users\\lordbeiken\\desktop\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\desktop\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{CC0A6D1A-6069-48B0-91F0-5229DCFE6E04}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"UDP Query User{69768982-EAFE-4024-B63F-68C6B3C9792F}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"TCP Query User{41984F4A-9404-4C96-BE10-D03EA9A72A22}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"UDP Query User{7F7664D9-55F3-43DD-8836-1C1D3EF53BCE}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"{83EC3D9D-D8A0-4342-8E88-AED7B55E6BAC}"= UDP:c:\program files\Games-Masters.com\CABAL Online (Europe)\cabal.exe:Cabal

"{08F55FAE-09E1-4220-B12C-1A139009380E}"= TCP:c:\program files\Games-Masters.com\CABAL Online (Europe)\cabal.exe:Cabal

"{C3FF65F8-A3E9-484E-B5FA-28715568F41F}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{7FBEC108-BC44-4200-84AA-427E63904528}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"TCP Query User{76744178-77B5-4176-AA03-E5EA526DCDE9}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"UDP Query User{91C854BD-6C31-4121-B806-1C2F9714A153}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"TCP Query User{2E1F5903-2FCA-45A2-8651-95844A0FCC8D}c:\\program files\\steam\\steamapps\\lordbeiken\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\team fortress 2\hl2.exe:hl2

"UDP Query User{4A01CCB1-F6A7-4FBA-9AF1-E4A68A948F27}c:\\program files\\steam\\steamapps\\lordbeiken\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\team fortress 2\hl2.exe:hl2

"TCP Query User{5F511399-C687-4CB2-8A67-00480535CCC6}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source beta\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\day of defeat source beta\hl2.exe:hl2

"UDP Query User{6DAA1B8A-4F7A-4F47-A7E0-3BE84B693D3D}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source beta\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\day of defeat source beta\hl2.exe:hl2

"TCP Query User{05A167A3-34D3-4A8C-8CB5-33A7052784F9}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\day of defeat source\hl2.exe:hl2

"UDP Query User{C0E413F3-228F-47AC-B943-8F6586C2CE4E}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\day of defeat source\hl2.exe:hl2

"TCP Query User{53931830-EE6C-4122-9B21-204457B7AB8A}c:\\program files\\steam\\steamapps\\mxxxh\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{8BD0D7D9-848D-4D11-BB73-1826E51B8F40}c:\\program files\\steam\\steamapps\\mxxxh\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\half-life 2 deathmatch\hl2.exe:hl2

"TCP Query User{9717DEE4-D013-49A5-A483-918DD741053F}c:\\program files\\steam\\steamapps\\mxxxh\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\counter-strike source\hl2.exe:hl2

"UDP Query User{53053BFA-F073-4612-91D7-7968FE6A312F}c:\\program files\\steam\\steamapps\\mxxxh\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\counter-strike source\hl2.exe:hl2

"TCP Query User{D485A25A-1153-4BD5-A4F8-4C708D908271}c:\\program files\\steam\\steamapps\\mxxxh\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\age of chivalry\hl2.exe:hl2

"UDP Query User{375CB536-CE18-4878-AC4D-E1401B0BF5C1}c:\\program files\\steam\\steamapps\\mxxxh\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\age of chivalry\hl2.exe:hl2

"TCP Query User{8195E510-1599-4873-A5DC-757128ACA08E}c:\\program files\\steam\\steamapps\\mxxxh\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\diprip warm up\hl2.exe:hl2

"UDP Query User{5577658A-A45A-4F8A-A8EB-9B6A88991670}c:\\program files\\steam\\steamapps\\mxxxh\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\diprip warm up\hl2.exe:hl2

"TCP Query User{B55B4997-C975-46B9-826E-B687E1630BF9}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"UDP Query User{C90F7FC7-4C2A-4E5E-9C3F-FAF6C9904D2D}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"TCP Query User{48AAC2CD-7FAF-4175-A54F-780F83F21917}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"UDP Query User{CD6068A1-E2CD-4DFC-A00D-94D75BECFDC0}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"TCP Query User{78B2FB5E-AD00-4C75-917E-021FF7B2471F}c:\\program files\\steam\\steamapps\\wannabegamer93\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\zombie panic! source\hl2.exe:hl2

"UDP Query User{5210465A-AA8D-49C9-84FF-2D2057EF3B88}c:\\program files\\steam\\steamapps\\wannabegamer93\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\zombie panic! source\hl2.exe:hl2

"TCP Query User{A875F87F-0551-455E-849D-68FAB12D2920}c:\\program files\\steam\\steamapps\\wannabegamer93\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\insurgency\hl2.exe:hl2

"UDP Query User{8A25E5E7-0C5A-4D36-B389-C480B56061C2}c:\\program files\\steam\\steamapps\\wannabegamer93\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\insurgency\hl2.exe:hl2

"TCP Query User{C197BC38-21E1-43EB-AA40-608573B3D3ED}c:\\program files\\steam\\steamapps\\wannabegamer93\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\age of chivalry\hl2.exe:hl2

"UDP Query User{62350548-489E-401E-8DC0-59AA0CC643A9}c:\\program files\\steam\\steamapps\\wannabegamer93\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\age of chivalry\hl2.exe:hl2

"TCP Query User{C3D4D934-3AB3-4FAB-A8C8-7154281E1D1B}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"UDP Query User{FFAF9A4E-6009-413B-8D41-640D493224B9}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"{21A3C14D-254D-4DB5-A5D3-89701FA358A8}"= UDP:c:\program files\Steam\Steam.exe:Steam

"{9B8B1CD5-F1DF-4014-B9A7-ED5E57F54841}"= TCP:c:\program files\Steam\Steam.exe:Steam

"{FC1A0108-F49E-47A4-B122-B2B2D3E30DCF}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{23DA6A04-5D68-4D53-89BE-C514A6C324EF}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{8573BA2B-84DE-4BE5-88B8-D4CC45795B99}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"{656EE746-BAC2-478F-811D-09F231D56B50}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"TCP Query User{425E2529-C4E6-4CF9-AE37-4377DEA6E795}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead

"UDP Query User{67AB0A08-5E6F-4F1D-9DF5-4D9F770D5103}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead

"TCP Query User{D15CD420-5D90-43F7-924D-5CB571A6FC98}c:\\program files\\steam\\steamapps\\wannabegamer93\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\source dedicated server\srcds.exe:srcds

"UDP Query User{8A19AB44-A321-46F1-AF8F-851299659A3D}c:\\program files\\steam\\steamapps\\wannabegamer93\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\source dedicated server\srcds.exe:srcds

"{38E7FBC8-3975-4B4E-A39F-244178183055}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{02C53056-FD95-4A11-BB28-35C16F003F69}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{9A8DCF6A-A00A-4FC1-9EC6-2B6F5820475D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{A020DA6E-C5AC-4DE8-957E-5AFCE41DEED1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{54E21049-4EBB-45AF-A7DE-EF3A1CA3950F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{1F524092-8D94-4C6F-BE73-D4A9A6C45CCC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]

R3 F5D5055;Belkin F5D5055 Gigabit USB 2.0 Network Adapter;c:\windows\System32\drivers\F5D5055.sys [2008-12-06 30336]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-11 30192]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-22 c:\windows\Tasks\At1.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At10.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At11.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At12.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At13.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At14.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At15.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-23 c:\windows\Tasks\At16.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At17.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At18.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-23 c:\windows\Tasks\At19.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At2.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-23 c:\windows\Tasks\At20.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-23 c:\windows\Tasks\At21.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-23 c:\windows\Tasks\At22.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At23.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At24.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At3.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At4.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At5.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At6.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At7.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At8.job

- c:\windows\system32\sLCf3grr.exe []

 

2009-01-22 c:\windows\Tasks\At9.job

- c:\windows\system32\sLCf3grr.exe []

.

.

------- Tilleggsskanning -------

.

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\w7fwo8v3.default\

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer:

 

**************************************************************************

.

Tidspunkt ferdig: 2009-01-23 21:20:50

ComboFix-quarantined-files.txt 2009-01-23 20:20:49

ComboFix2.txt 2009-01-23 17:57:32

ComboFix3.txt 2009-01-23 17:16:04

 

Pre-Run: 32 408 432 640 byte ledig

Post-Run: 32,370,012,160 byte ledig

 

351 --- E O F --- 2009-01-19 21:18:24

Endret 23. januar 2009 av lordbeiken

[r2d290]

Legg merke til at alle instruksjonene som blir gitt i denne tråden er skreddersydd for denne maskinen, og at verktøyene som blir brukt her, kan forårsake skade på en annen maskin med andre typer infeksjoner.

 

Hvis du tror du har det samme problemet, bør du følge veiledningen til norbat, og poste loggene i en ny tråd.

 

Hallo

 

Mitt navn er r2d290, og jeg skal være med på å hjelpe deg med å fjerne alle infeksjoner du måtte ha på PC-en.

• Det kommer til å bli gitt en rekke instruksjoner som må bli fulgt i den rekkefølgen vi skriver dem i.
   
  
• Ikke prøv å fjerne problemet på egenhånd. Når vi først er i gang med en prosess er det viktig at den blir gjort "uten avbrytelser".
   
  
• Hvis det er en instruksjon du ikke forstår, du er usikker på noe, eller det skjer noe uventet, må du ikke gjette/gå videre, men skrive en post på forumet der du spør om det du lurer på.
   
  
• Ikke start flere tråder (hverken her på diskusjon.no eller på andre forum). Dette vil bare forvirre oss som driver support.
   
  
• Det kan hende at opperasjonen vil gå i flere ledd, og det kan hende det tar litt tid før du får svar, men vi gir oss ikke hvis ikke du gjør det.
   
  
• Ikke gi opp og formater PC-en (selvom noen sier at det er det eneste som hjelper). Det er svært usansynlig at man må formatere grunnet virus.
   
  
• I noen tilfeller hender det at tråder går oss hus forbi, så hvis du ikke har fått svar innen 24 timer kan det være lurt å skrive en liten "purre-post" så tråden din havner øverst på lista.
  

Hvis du følger disse instruksjonene, skal vi nok få fikset problemet med maskinen.

Jeg analyserer loggene dine nå, og vil komme tilbake med respons så snart jeg kan...

 

PS: Det kan hende at sikkerhetsprogrammene dine gir advarsler på noen av verktøyene vi ber deg om å bruke.

sikkerhetsprogrammene kan ikke vite om verktøyene har gode eller dårlige hensikter. Verktøyene blir brukt av profesjonelle rundt om i hele verden, så du kan stole på at programmene er trygge.

[Gjest]

@ lordbeiken:

Nå er jeg i begynner stadiet så ikke alltid lurt å høre på meg

Men jeg prøver meg

Slik jeg ser det i loggen:

O4 - HKLM\..\Run: [1438816404] "C:\ProgramData\2131496019\1438816404.exe"

Eneste merkelig filnavn / fil?

Så får Norbat, SNIPPSAT eller r2d290 sjekke din logg.

 

PS: kommer egentlig fra enn anne tråd han hadde postet loggen i

Skaggen ba meg poste der her så jeg gjorde det! Så får jeg lære meg mer og lese hva dere mener er galt!

[r2d290]

Forstår jeg deg rett i at du ønsker å beholde BearShare (og limewire for den saks skyld)?

 

Først av alt: Ser at du har installert CCleaner. Rens opp maskinen med dette programmet før du fortsetter.

 

Kjenner du til innholdet i mappen c:\program files\CabalOnline ?

Kjenner du til c:\programdata\PopCap Games ?

 

Da fjerner vi alt som har med AVG å gjøre:

 

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

 

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

 

File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job


Folder::
c:\programdata\avg8

Registry::


Dirlook::
c:\users\All Users\2131496019
c:\users\All Users\33E7
c:\programdata\12303

 

Lagre det som CFScript på Skrivebordet

 

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

 

 

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

 

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet, sammen med svar ang. BearShare/Limewire, og svar på spørsmålene mine ang. om du kjenner de to mappene. Post gjerne også en ny HijackThis-logg

Endret 23. januar 2009 av r2d290

[lordbeiken]

jeg kjenner til innholdet i mappen c:\program files\CabalOnline og c:\programdata\PopCap Games

men trenger d ikke lenger... ska æ bare slett d ??

Takk for at du hjelper meg

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-01-21.04 - Lordbeiken 2009-01-24 18:14:13.5 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3326.2345 [GMT 1:00]

Kjører fra: c:\users\TEMP\Desktop\ComboFix.exe

Command switches brukt :: c:\users\TEMP\Desktop\CFScript.txt

* Opprettet nytt gjenopprettingspunkt

 

FILE ::

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\avg8

c:\programdata\avg8\Cfg\emssrv.cfg

c:\programdata\avg8\Cfg\krnl.cfg

c:\programdata\avg8\Cfg\mail.cfg

c:\programdata\avg8\Cfg\scan.cfg

c:\programdata\avg8\Cfg\sched.cfg

c:\programdata\avg8\Cfg\update.cfg

c:\programdata\avg8\Cfg\user.cfg

c:\programdata\avg8\emc\Log\emc.log

c:\programdata\avg8\Log\avgcfg.log.lock

c:\programdata\avg8\Log\avgcore.log

c:\programdata\avg8\Log\avgcore.log.1

c:\programdata\avg8\Log\avgcore.log.10

c:\programdata\avg8\Log\avgcore.log.2

c:\programdata\avg8\Log\avgcore.log.3

c:\programdata\avg8\Log\avgcore.log.4

c:\programdata\avg8\Log\avgcore.log.5

c:\programdata\avg8\Log\avgcore.log.6

c:\programdata\avg8\Log\avgcore.log.7

c:\programdata\avg8\Log\avgcore.log.8

c:\programdata\avg8\Log\avgcore.log.9

c:\programdata\avg8\Log\avgcore.log.lock

c:\programdata\avg8\Log\avglng.log

c:\programdata\avg8\Log\avglng.log.1

c:\programdata\avg8\Log\avglng.log.2

c:\programdata\avg8\Log\avglng.log.lock

c:\programdata\avg8\Log\avgrs.log

c:\programdata\avg8\Log\avgrs.log.1

c:\programdata\avg8\Log\avgrs.log.2

c:\programdata\avg8\Log\avgrs.log.3

c:\programdata\avg8\Log\avgrs.log.4

c:\programdata\avg8\Log\avgrs.log.5

c:\programdata\avg8\Log\avgrs.log.6

c:\programdata\avg8\Log\avgrs.log.lock

c:\programdata\avg8\Log\avgscan.log

c:\programdata\avg8\Log\avgscan.log.1

c:\programdata\avg8\Log\avgscan.log.2

c:\programdata\avg8\Log\avgscan.log.3

c:\programdata\avg8\Log\avgscan.log.4

c:\programdata\avg8\Log\avgscan.log.5

c:\programdata\avg8\Log\avgscan.log.lock

c:\programdata\avg8\Log\avgsched.log.1

c:\programdata\avg8\Log\avgsched.log.10

c:\programdata\avg8\Log\avgsched.log.2

c:\programdata\avg8\Log\avgsched.log.3

c:\programdata\avg8\Log\avgsched.log.4

c:\programdata\avg8\Log\avgsched.log.5

c:\programdata\avg8\Log\avgsched.log.6

c:\programdata\avg8\Log\avgsched.log.7

c:\programdata\avg8\Log\avgsched.log.8

c:\programdata\avg8\Log\avgsched.log.9

c:\programdata\avg8\Log\avgsched.log.lock

c:\programdata\avg8\Log\avgsrm.log

c:\programdata\avg8\Log\avgsrm.log.lock

c:\programdata\avg8\Log\avgui.log

c:\programdata\avg8\Log\avgui.log.lock

c:\programdata\avg8\Log\avgupd.log

c:\programdata\avg8\Log\avgupd.log.1

c:\programdata\avg8\Log\avgupd.log.2

c:\programdata\avg8\Log\avgupd.log.lock

c:\programdata\avg8\Log\avgwd.log.1

c:\programdata\avg8\Log\avgwd.log.2

c:\programdata\avg8\Log\avgwd.log.3

c:\programdata\avg8\Log\avgwd.log.4

c:\programdata\avg8\Log\avgwd.log.5

c:\programdata\avg8\Log\avgwd.log.lock

c:\programdata\avg8\Log\avgwdsvc.log

c:\programdata\avg8\Log\avgwdsvc.log.lock

c:\programdata\avg8\Log\avildr.log

c:\programdata\avg8\Log\commonpriv.log

c:\programdata\avg8\Log\commonpriv.log.lock

c:\programdata\avg8\Log\history.xml

c:\programdata\avg8\scanlogs\I_00000001.log

c:\programdata\avg8\scanlogs\I_00000005.log

c:\programdata\avg8\scanlogs\I_00000006.log

c:\programdata\avg8\scanlogs\I_00000007.log

c:\programdata\avg8\scanlogs\I_00000008.log

c:\programdata\avg8\scanlogs\I_00000009.log

c:\programdata\avg8\scanlogs\I_00000010.log

c:\programdata\avg8\scanlogs\I_00000011.log

c:\programdata\avg8\scanlogs\I_00000012.log

c:\programdata\avg8\scanlogs\I_00000013.log

c:\programdata\avg8\scanlogs\I_00000014.log

c:\programdata\avg8\scanlogs\I_00000015.log

c:\programdata\avg8\scanlogs\I_00000016.log

c:\programdata\avg8\scanlogs\I_00000017.log

c:\programdata\avg8\scanlogs\I_00000018.log

c:\programdata\avg8\scanlogs\I_00000019.log

c:\programdata\avg8\scanlogs\I_00000020.log

c:\programdata\avg8\scanlogs\I_00000021.log

c:\programdata\avg8\scanlogs\I_00000022.log

c:\programdata\avg8\scanlogs\I_00000023.log

c:\programdata\avg8\scanlogs\I_00000024.log

c:\programdata\avg8\scanlogs\I_00000025.log

c:\programdata\avg8\scanlogs\I_00000026.log

c:\programdata\avg8\scanlogs\I_00000027.log

c:\programdata\avg8\scanlogs\I_00000028.log

c:\programdata\avg8\scanlogs\I_00000029.log

c:\programdata\avg8\scanlogs\I_00000030.log

c:\programdata\avg8\scanlogs\I_00000031.log

c:\programdata\avg8\scanlogs\I_00000032.log

c:\programdata\avg8\scanlogs\I_00000033.log

c:\programdata\avg8\scanlogs\I_00000034.log

c:\programdata\avg8\scanlogs\I_00000035.log

c:\programdata\avg8\scanlogs\I_00000036.log

c:\programdata\avg8\scanlogs\I_00000037.log

c:\programdata\avg8\scanlogs\I_00000038.log

c:\programdata\avg8\scanlogs\I_00000039.log

c:\programdata\avg8\scanlogs\I_00000040.log

c:\programdata\avg8\scanlogs\I_00000041.log

c:\programdata\avg8\scanlogs\I_00000042.log

c:\programdata\avg8\scanlogs\I_00000043.log

c:\programdata\avg8\scanlogs\I_00000044.log

c:\programdata\avg8\scanlogs\I_00000045.log

c:\programdata\avg8\scanlogs\I_00000046.log

c:\programdata\avg8\scanlogs\I_00000047.log

c:\programdata\avg8\scanlogs\I_00000048.log

c:\programdata\avg8\scanlogs\I_00000049.log

c:\programdata\avg8\scanlogs\I_00000050.log

c:\programdata\avg8\scanlogs\I_00000051.log

c:\programdata\avg8\scanlogs\I_00000052.log

c:\programdata\avg8\scanlogs\I_00000053.log

c:\programdata\avg8\scanlogs\I_00000054.log

c:\programdata\avg8\scanlogs\I_00000055.log

c:\programdata\avg8\scanlogs\I_00000056.log

c:\programdata\avg8\scanlogs\I_00000057.log

c:\programdata\avg8\scanlogs\I_00000058.log

c:\programdata\avg8\scanlogs\I_00000059.log

c:\programdata\avg8\scanlogs\I_00000060.log

c:\programdata\avg8\scanlogs\I_00000061.log

c:\programdata\avg8\scanlogs\I_00000062.log

c:\programdata\avg8\scanlogs\I_00000063.log

c:\programdata\avg8\scanlogs\I_00000064.log

c:\programdata\avg8\scanlogs\I_00000065.log

c:\programdata\avg8\scanlogs\I_00000066.log

c:\programdata\avg8\scanlogs\I_00000067.log

c:\programdata\avg8\scanlogs\I_00000068.log

c:\programdata\avg8\scanlogs\I_00000069.log

c:\programdata\avg8\scanlogs\I_00000070.log

c:\programdata\avg8\scanlogs\I_00000071.log

c:\programdata\avg8\scanlogs\I_00000072.log

c:\programdata\avg8\scanlogs\I_00000073.log

c:\programdata\avg8\scanlogs\I_00000074.log

c:\programdata\avg8\scanlogs\I_00000075.log

c:\programdata\avg8\scanlogs\I_00000076.log

c:\programdata\avg8\scanlogs\I_00000077.log

c:\programdata\avg8\scanlogs\I_00000078.log

c:\programdata\avg8\scanlogs\I_00000079.log

c:\programdata\avg8\scanlogs\I_00000080.log

c:\programdata\avg8\scanlogs\I_00000081.log

c:\programdata\avg8\scanlogs\I_00000082.log

c:\programdata\avg8\scanlogs\I_00000083.log

c:\programdata\avg8\scanlogs\I_00000084.log

c:\programdata\avg8\scanlogs\I_00000085.log

c:\programdata\avg8\scanlogs\I_00000086.log

c:\programdata\avg8\scanlogs\I_00000087.log

c:\programdata\avg8\scanlogs\I_00000088.log

c:\programdata\avg8\scanlogs\I_00000089.log

c:\programdata\avg8\scanlogs\I_00000090.log

c:\programdata\avg8\scanlogs\I_00000091.log

c:\programdata\avg8\scanlogs\I_00000092.log

c:\programdata\avg8\scanlogs\I_00000093.log

c:\programdata\avg8\scanlogs\I_00000094.log

c:\programdata\avg8\scanlogs\I_00000095.log

c:\programdata\avg8\scanlogs\I_00000096.log

c:\programdata\avg8\scanlogs\I_00000097.log

c:\programdata\avg8\scanlogs\I_00000098.log

c:\programdata\avg8\scanlogs\I_00000099.log

c:\programdata\avg8\scanlogs\I_00000100.log

c:\programdata\avg8\scanlogs\I_00000101.log

c:\programdata\avg8\scanlogs\I_00000102.log

c:\programdata\avg8\scanlogs\I_00000103.log

c:\programdata\avg8\scanlogs\I_00000104.log

c:\programdata\avg8\scanlogs\I_00000105.log

c:\programdata\avg8\scanlogs\I_00000106.log

c:\programdata\avg8\scanlogs\I_00000107.log

c:\programdata\avg8\scanlogs\I_00000108.log

c:\programdata\avg8\scanlogs\I_00000109.log

c:\programdata\avg8\scanlogs\I_00000110.log

c:\programdata\avg8\scanlogs\I_00000111.log

c:\programdata\avg8\scanlogs\I_00000112.log

c:\programdata\avg8\scanlogs\I_00000113.log

c:\programdata\avg8\scanlogs\srm.idx

c:\programdata\avg8\update\backup\aAvgApi.exe

c:\programdata\avg8\update\backup\avg7api.dll

c:\programdata\avg8\update\backup\avg8us.lng

c:\programdata\avg8\update\backup\avgabout.dll

c:\programdata\avg8\update\backup\avgapix.dll

c:\programdata\avg8\update\backup\avgbat.bav

c:\programdata\avg8\update\backup\avgcfgex.exe

c:\programdata\avg8\update\backup\avgcfgx.dll

c:\programdata\avg8\update\backup\avgcmgr.exe

c:\programdata\avg8\update\backup\avgcorex.dll

c:\programdata\avg8\update\backup\avgcrlpx.dll

c:\programdata\avg8\update\backup\avgdumpx.exe

c:\programdata\avg8\update\backup\avgemc.exe

c:\programdata\avg8\update\backup\avgf8us.chm

c:\programdata\avg8\update\backup\avgfrw.exe

c:\programdata\avg8\update\backup\avginet.dll

c:\programdata\avg8\update\backup\avgiproxy.exe

c:\programdata\avg8\update\backup\avgldx86.sys

c:\programdata\avg8\update\backup\avglngx.dll

c:\programdata\avg8\update\backup\avglogx.dll

c:\programdata\avg8\update\backup\avgmail.dll

c:\programdata\avg8\update\backup\avgmfx86.sys

c:\programdata\avg8\update\backup\avgmvflx.dll

c:\programdata\avg8\update\backup\avgoff2k.dll

c:\programdata\avg8\update\backup\avgpp.dll

c:\programdata\avg8\update\backup\avgresf.dll

c:\programdata\avg8\update\backup\avgrsstx.dll

c:\programdata\avg8\update\backup\avgrsx.exe

c:\programdata\avg8\update\backup\avgscanx.dll

c:\programdata\avg8\update\backup\avgscanx.exe

c:\programdata\avg8\update\backup\avgsched.dll

c:\programdata\avg8\update\backup\avgse.dll

c:\programdata\avg8\update\backup\avgsrmax.exe

c:\programdata\avg8\update\backup\avgsrmx.dll

c:\programdata\avg8\update\backup\avgssie.dll

c:\programdata\avg8\update\backup\avgtbapi.dll

c:\programdata\avg8\update\backup\avgtoolbar.dll

c:\programdata\avg8\update\backup\avgtoolbartb0502.cfg

c:\programdata\avg8\update\backup\avgtray.exe

c:\programdata\avg8\update\backup\avgui.exe

c:\programdata\avg8\update\backup\avguiadv.dll

c:\programdata\avg8\update\backup\avguires.dll

c:\programdata\avg8\update\backup\avgupd.dll

c:\programdata\avg8\update\backup\avgupd.exe

c:\programdata\avg8\update\backup\avgvvx.dll

c:\programdata\avg8\update\backup\avgwd.dll

c:\programdata\avg8\update\backup\avgwdsvc.exe

c:\programdata\avg8\update\backup\avgwdwsc.dll

c:\programdata\avg8\update\backup\avgwfpx.sys

c:\programdata\avg8\update\backup\avgwsc.exe

c:\programdata\avg8\update\backup\avgxpl.dll

c:\programdata\avg8\update\backup\avi7.avg

c:\programdata\avg8\update\backup\contacts_us.html

c:\programdata\avg8\update\backup\dfncfg.dat

c:\programdata\avg8\update\backup\incavi.avm

c:\programdata\avg8\update\backup\libsasl.dll

c:\programdata\avg8\update\backup\microavi.avg

c:\programdata\avg8\update\backup\miniavi.avg

c:\programdata\avg8\update\backup\saslcrammd5.dll

c:\programdata\avg8\update\backup\sasldigestmd5.dll

c:\programdata\avg8\update\backup\sasllogin.dll

c:\programdata\avg8\update\backup\saslplain.dll

c:\programdata\avg8\update\backup\sb.dat

c:\programdata\avg8\update\backup\sb.dat.xcd

c:\programdata\avg8\update\backup\sb2.dat

c:\programdata\avg8\update\backup\sc.dat

c:\programdata\avg8\update\backup\sc.dat.xcd

c:\programdata\avg8\update\backup\scanlog.cfg

c:\programdata\avg8\update\backup\setup.dat

c:\programdata\avg8\update\backup\setup.exe

c:\programdata\avg8\update\backup\setupus.lns

c:\programdata\avg8\update\prepare\sb.dat.prepare

c:\programdata\avg8\update\prepare\sc.dat.prepare

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-24 til 2009-01-24 )))))))))))))))))))))))))))))))))

.

 

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> dr------- c:\users\TEMP\Videos

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> dr------- c:\users\TEMP\Searches

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> dr------- c:\users\TEMP\Saved Games

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> dr------- c:\users\TEMP\Pictures

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> dr------- c:\users\TEMP\Music

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> dr------- c:\users\TEMP\Links

2009-01-24 17:55 . 2009-01-24 18:05 <DIR> dr------- c:\users\TEMP\Downloads

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> dr------- c:\users\TEMP\Documents

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> dr------- c:\users\TEMP\Contacts

2009-01-24 17:55 . 2006-11-02 13:37 <DIR> d-------- c:\users\TEMP\AppData\Roaming\Media Center Programs

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> d--h----- c:\users\TEMP\AppData

2009-01-24 17:55 . 2009-01-24 17:55 <DIR> d-------- c:\users\TEMP

2009-01-23 18:58 . 2009-01-23 18:59 292,701,422 --a------ c:\windows\MEMORY.DMP

2009-01-23 17:52 . 2009-01-23 17:52 <DIR> d-------- c:\users\Gjest\AppData\Roaming\Skype

2009-01-23 14:30 . 2009-01-23 14:30 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com

2009-01-23 14:30 . 2009-01-23 14:30 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

2009-01-23 14:30 . 2009-01-23 14:30 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-01-23 14:24 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-01-23 14:24 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-01-23 14:23 . 2009-01-23 14:24 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-23 14:23 . 2009-01-23 14:24 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-23 14:23 . 2009-01-23 14:24 <DIR> d-------- c:\program files\iTunes

2009-01-23 14:23 . 2009-01-23 14:23 <DIR> d-------- c:\program files\iPod

2009-01-23 14:23 . 2009-01-23 14:23 <DIR> d-------- c:\program files\Bonjour

2009-01-23 14:22 . 2009-01-23 14:23 <DIR> d-------- c:\program files\Common Files\Apple

2009-01-23 14:20 . 2009-01-23 14:20 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-01-23 14:20 . 2009-01-23 14:23 <DIR> d-------- c:\users\All Users\Apple Computer

2009-01-23 14:20 . 2009-01-23 14:20 <DIR> d-------- c:\programdata\Malwarebytes

2009-01-23 14:20 . 2009-01-23 14:23 <DIR> d-------- c:\programdata\Apple Computer

2009-01-23 14:20 . 2009-01-23 14:20 <DIR> d-------- c:\program files\QuickTime

2009-01-23 14:20 . 2009-01-23 14:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-23 14:20 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-23 14:20 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-22 23:25 . 2009-01-22 23:25 <DIR> d-------- c:\program files\Trend Micro

2009-01-22 16:11 . 2009-01-22 16:11 <DIR> d-------- c:\program files\CCleaner

2009-01-22 16:02 . 2009-01-23 19:21 <DIR> d-------- c:\users\All Users\2131496019

2009-01-22 16:02 . 2009-01-23 19:21 <DIR> d-------- c:\programdata\2131496019

2009-01-21 23:35 . 2009-01-21 23:35 <DIR> d-------- c:\users\All Users\33E7

2009-01-21 23:35 . 2009-01-21 23:35 <DIR> d-------- c:\programdata\33E7

2009-01-21 17:07 . 2009-01-21 17:07 <DIR> d-------- c:\users\All Users\12303

2009-01-21 17:07 . 2009-01-21 17:07 <DIR> d-------- c:\programdata\12303

2009-01-21 16:47 . 2009-01-21 16:47 <DIR> d-------- c:\users\All Users\18B3

2009-01-21 16:47 . 2009-01-21 16:47 <DIR> d-------- c:\programdata\18B3

2009-01-21 00:25 . 2009-01-21 00:25 <DIR> d-------- c:\users\All Users\331A6

2009-01-21 00:25 . 2009-01-21 00:25 <DIR> d-------- c:\programdata\331A6

2009-01-21 00:24 . 2009-01-21 00:24 <DIR> d-------- c:\users\All Users\121D4

2009-01-21 00:24 . 2009-01-21 00:24 <DIR> d-------- c:\programdata\121D4

2009-01-19 19:03 . 2009-01-19 19:03 <DIR> d-------- c:\program files\Ventrilo

2009-01-19 19:03 . 2009-01-19 19:03 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

2009-01-19 19:02 . 2009-01-23 14:30 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-01-17 13:22 . 2009-01-17 13:22 <DIR> d-------- c:\users\All Users\Avira

2009-01-17 13:22 . 2009-01-17 13:22 <DIR> d-------- c:\programdata\Avira

2009-01-17 13:22 . 2009-01-17 13:22 <DIR> d-------- c:\program files\Avira

2009-01-13 21:23 . 2008-09-17 23:55 1,108,512 --a------ c:\windows\System32\nvcpluir.dll

2009-01-13 21:01 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

2009-01-10 18:39 . 2009-01-10 18:39 107,888 --a------ c:\windows\System32\CmdLineExt.dll

2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx

2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\System32\QuickTime.qts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-24 16:58 --------- d-----w c:\program files\Steam

2009-01-23 13:34 --------- d-----w c:\program files\BearShare Applications

2009-01-17 12:23 --------- d-----w c:\program files\Common Files\Steam

2009-01-17 11:42 --------- d-----w c:\program files\Google

2009-01-13 22:12 --------- d-----w c:\programdata\NVIDIA

2009-01-13 20:12 --------- d-----w c:\program files\Windows Mail

2009-01-10 18:00 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-10 17:47 --------- d-----w c:\programdata\Electronic Arts

2009-01-06 22:42 --------- d-----w c:\program files\Electronic Arts

2008-12-20 14:23 --------- d-----w c:\program files\CabalOnline

2008-12-18 13:05 --------- d-----w c:\programdata\Sports Interactive

2008-12-14 22:33 --------- d-----w c:\program files\GameSpy Arcade

2008-12-14 12:05 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-12-14 12:05 --------- d-----w c:\program files\Java

2008-12-13 16:09 --------- d-----w c:\programdata\PopCap Games

2008-12-13 16:08 --------- d-----w c:\programdata\Steam

2008-12-13 02:03 --------- d-----w c:\programdata\Microsoft Help

2008-12-11 20:37 42,320 ----a-w c:\windows\System32\xfcodec.dll

2008-12-09 18:24 --------- d-----w c:\program files\Alwil Software

2008-12-06 16:59 --------- d-----w c:\program files\Belkin CorporationBelkin

2008-11-28 17:34 --------- d-----w c:\program files\Games-Masters.com

2008-11-28 16:56 --------- d-----w c:\programdata\NOS

2008-11-28 16:56 --------- d-----w c:\program files\NOS

2008-11-26 22:21 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-26 22:20 --------- d-----w c:\program files\Common Files\Adobe

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-07-15 15:40 951 ----a-w c:\program files\Get OpenOffice.org.lnk

2008-07-14 16:10 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-14 16:10 56 ---ha-w c:\programdata\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2009-01-11 21:25 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of c:\programdata\12303 ----

 

2008-12-01 17:12 2242 --a------ c:\programdata\12303\{26E42639-CAC0-48AC-9025-73F9F7E3AED2}.swf

 

---- Directory of c:\users\All Users\2131496019 ----

 

2009-01-23 17:43 97 --a------ c:\users\All Users\2131496019\config.udb

2009-01-22 16:02 241 --a------ c:\users\All Users\2131496019\init.udb

2009-01-22 16:02 12930 --a------ c:\users\All Users\2131496019\Langs.udb

 

---- Directory of c:\users\All Users\33E7 ----

 

2008-12-01 17:12 2242 --a------ c:\users\All Users\33E7\{A9FE6B2D-7268-41D5-90DF-5027C78AF41C}.swf

 

 

((((((((((((((((((((((((((((( snapshot_2009-01-23_18.56.08,75 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-23 17:25:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-01-24 16:54:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-01-23 17:25:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-01-24 16:54:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-01-23 17:26:30 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-24 16:56:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-24 16:56:17 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-01-23 17:55:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-24 17:17:53 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-24 17:17:53 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-01-23 17:27:14 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-24 16:56:51 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-23 17:27:14 2,080,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-24 16:56:51 2,080,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-23 17:27:14 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-24 16:56:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-23 17:30:13 101,052 ----a-w c:\windows\System32\perfc009.dat

+ 2009-01-24 17:01:16 101,052 ----a-w c:\windows\System32\perfc009.dat

- 2009-01-23 17:30:13 76,272 ----a-w c:\windows\System32\perfc014.dat

+ 2009-01-24 17:01:16 76,272 ----a-w c:\windows\System32\perfc014.dat

- 2009-01-23 17:30:13 586,980 ----a-w c:\windows\System32\perfh009.dat

+ 2009-01-24 17:01:16 586,980 ----a-w c:\windows\System32\perfh009.dat

- 2009-01-23 17:30:13 452,088 ----a-w c:\windows\System32\perfh014.dat

+ 2009-01-24 17:01:16 452,088 ----a-w c:\windows\System32\perfh014.dat

- 2009-01-23 17:27:23 6,630 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3313641878-1417431046-2429296989-1000_UserData.bin

+ 2009-01-24 16:57:06 6,670 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3313641878-1417431046-2429296989-1000_UserData.bin

- 2009-01-23 17:27:23 82,536 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-24 16:57:06 82,878 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-11 171448]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-19 185872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-11 30192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=G

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{BBF4D8AF-831D-462E-9233-175C1DFA7F29}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2EAD67E1-76E3-4E02-951B-5D88E2ACA5DB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{4C88D6F4-327E-439E-807F-C7A0E5AAA79B}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"UDP Query User{EA177C2D-0CF0-4C65-A2AC-8873C812FE8A}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"{75FC5B14-F89B-438F-A7EF-F05AC54535A0}"= Disabled:UDP:c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe:Icon048298C91

"{03F545CA-FEC3-41BC-A76B-D3D1FE0B65F0}"= Disabled:TCP:c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe:Icon048298C91

"TCP Query User{0F21EA0A-705B-4AA6-B6DD-F81C70B4CA3D}c:\\program files\\steam\\steamapps\\lordbeiken\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\source dedicated server\srcds.exe:srcds

"UDP Query User{71746B54-8AA0-44CF-9AF4-A20A3621E521}c:\\program files\\steam\\steamapps\\lordbeiken\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\source dedicated server\srcds.exe:srcds

"TCP Query User{2F128A8C-8DE8-4C60-87F6-8B892C5155C2}c:\\program files\\steam\\steamapps\\lordbeiken\\source 2007 dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\source 2007 dedicated server\srcds.exe:srcds

"UDP Query User{4F08A351-36CC-4CB2-9171-FB06FEEA370F}c:\\program files\\steam\\steamapps\\lordbeiken\\source 2007 dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\source 2007 dedicated server\srcds.exe:srcds

"TCP Query User{0200E0AB-F10B-402D-BB27-B47FDB486C8C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{0050D2D8-48A6-4999-A68F-1A3C06E40D7B}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{FDDA0775-D226-49F2-B003-6566E2A27386}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{8FD632A2-C7EA-4079-B55E-F96F5D904EFC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{BB8022AE-29F4-4871-8227-1B140C160354}c:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest

"UDP Query User{AC6D2B88-FE3E-4E70-AB25-BF39F5B38D9E}c:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest

"TCP Query User{E2B62790-715C-46D3-A405-E61B279C97F3}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{6B53FE3D-414F-4C6C-A4DC-AD15B9FE8B57}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{21A3F195-1ACB-4211-99C3-73B8986A8376}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{AFF33EA2-B6B7-4A5C-8F2D-EE8D61552F91}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"TCP Query User{BE9E5D94-3A3C-4969-81BE-E3DF39848EDE}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{AD1CB6B5-B98C-45A7-96CD-CB385CBDAAE3}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{5AA2CF25-9509-4989-8C46-F138D11054F5}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

"UDP Query User{052BC555-9AAB-43B3-8CE7-187779CA6570}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

"{1E69F73A-3067-4B5C-A7F9-7ADA161DBBA6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{D140331C-5C26-4870-A67C-3C1327E0880E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{C7DC6BEE-FD81-4F8D-A8E4-FFA48357EEA4}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"{38D5D627-DB03-44E6-99A7-0DFC470D7A2E}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"{7C908BC8-79BC-4630-A9FF-626BDB1C0D4A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{58DE634F-2972-41AC-86C1-71B9C1532500}c:\\program files\\steam\\steamapps\\common\\left 4 dead demo\\srcds.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead demo\srcds.exe:srcds

"UDP Query User{F205E688-5491-4D43-A627-1E1039B2D7EF}c:\\program files\\steam\\steamapps\\common\\left 4 dead demo\\srcds.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead demo\srcds.exe:srcds

"TCP Query User{7ADFD4AE-E2ED-43EB-B06C-61F0E8F61C56}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire

"UDP Query User{C80AE4DD-731C-4FEB-A018-A9ECE7DC80B1}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

"TCP Query User{6BFFB302-EBD3-496E-9197-DA8C43F4282D}c:\\users\\lordbeiken\\downloads\\cabaltemp\\estsetuploader.exe"= UDP:c:\users\lordbeiken\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe

"UDP Query User{584B2871-7886-4D39-B749-7CBC92BFAF15}c:\\users\\lordbeiken\\downloads\\cabaltemp\\estsetuploader.exe"= TCP:c:\users\lordbeiken\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe

"TCP Query User{02B6EFD3-2E96-41F8-8EE0-87191DF1A5E9}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"UDP Query User{AB40FF91-92C0-4546-8E7A-7A9D5555F29D}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"TCP Query User{3313528A-9823-47C2-81FC-822D93D11D2D}c:\\users\\lordbeiken\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u0vtse2h\\cabaltemp\\estsetuploader.exe"= UDP:c:\users\lordbeiken\appdata\local\microsoft\windows\temporary internet files\content.ie5\u0vtse2h\cabaltemp\estsetuploader.exe:estsetuploader.exe

"UDP Query User{788E6DC4-ED5B-45CF-9412-86557924E280}c:\\users\\lordbeiken\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u0vtse2h\\cabaltemp\\estsetuploader.exe"= TCP:c:\users\lordbeiken\appdata\local\microsoft\windows\temporary internet files\content.ie5\u0vtse2h\cabaltemp\estsetuploader.exe:estsetuploader.exe

"TCP Query User{DDD3B1EC-2D96-44E9-B030-071F054D969D}c:\\users\\lordbeiken\\desktop\\launcher65\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\desktop\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{6F56B63E-294A-4F58-830E-5F54FA435BBE}c:\\users\\lordbeiken\\desktop\\launcher65\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\desktop\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{DD097A5D-1BB9-4906-9703-CED946727F7A}c:\\users\\lordbeiken\\desktop\\launcher656\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\desktop\launcher656\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{58C89BF8-1340-47F3-BABA-5EE0AAFE1A74}c:\\users\\lordbeiken\\desktop\\launcher656\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\desktop\launcher656\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{704DC3F7-8CAB-4917-AB12-FB5E5E2CC27C}c:\\users\\lordbeiken\\appdata\\local\\temp\\launcher65\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\appdata\local\temp\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{4C0B62EC-DF86-444F-AA12-3EFB3C65013C}c:\\users\\lordbeiken\\appdata\\local\\temp\\launcher65\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\appdata\local\temp\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{991E154D-7E33-4400-9E33-286D0C4D3572}c:\\users\\lordbeiken\\desktop\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\desktop\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{43119E78-FC12-4D28-B03C-8EEB22AC449F}c:\\users\\lordbeiken\\desktop\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\desktop\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{CC0A6D1A-6069-48B0-91F0-5229DCFE6E04}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"UDP Query User{69768982-EAFE-4024-B63F-68C6B3C9792F}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"TCP Query User{41984F4A-9404-4C96-BE10-D03EA9A72A22}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"UDP Query User{7F7664D9-55F3-43DD-8836-1C1D3EF53BCE}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"{83EC3D9D-D8A0-4342-8E88-AED7B55E6BAC}"= UDP:c:\program files\Games-Masters.com\CABAL Online (Europe)\cabal.exe:Cabal

"{08F55FAE-09E1-4220-B12C-1A139009380E}"= TCP:c:\program files\Games-Masters.com\CABAL Online (Europe)\cabal.exe:Cabal

"{C3FF65F8-A3E9-484E-B5FA-28715568F41F}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{7FBEC108-BC44-4200-84AA-427E63904528}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"TCP Query User{76744178-77B5-4176-AA03-E5EA526DCDE9}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"UDP Query User{91C854BD-6C31-4121-B806-1C2F9714A153}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"TCP Query User{2E1F5903-2FCA-45A2-8651-95844A0FCC8D}c:\\program files\\steam\\steamapps\\lordbeiken\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\team fortress 2\hl2.exe:hl2

"UDP Query User{4A01CCB1-F6A7-4FBA-9AF1-E4A68A948F27}c:\\program files\\steam\\steamapps\\lordbeiken\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\team fortress 2\hl2.exe:hl2

"TCP Query User{5F511399-C687-4CB2-8A67-00480535CCC6}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source beta\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\day of defeat source beta\hl2.exe:hl2

"UDP Query User{6DAA1B8A-4F7A-4F47-A7E0-3BE84B693D3D}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source beta\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\day of defeat source beta\hl2.exe:hl2

"TCP Query User{05A167A3-34D3-4A8C-8CB5-33A7052784F9}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\day of defeat source\hl2.exe:hl2

"UDP Query User{C0E413F3-228F-47AC-B943-8F6586C2CE4E}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\day of defeat source\hl2.exe:hl2

"TCP Query User{53931830-EE6C-4122-9B21-204457B7AB8A}c:\\program files\\steam\\steamapps\\mxxxh\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{8BD0D7D9-848D-4D11-BB73-1826E51B8F40}c:\\program files\\steam\\steamapps\\mxxxh\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\half-life 2 deathmatch\hl2.exe:hl2

"TCP Query User{9717DEE4-D013-49A5-A483-918DD741053F}c:\\program files\\steam\\steamapps\\mxxxh\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\counter-strike source\hl2.exe:hl2

"UDP Query User{53053BFA-F073-4612-91D7-7968FE6A312F}c:\\program files\\steam\\steamapps\\mxxxh\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\counter-strike source\hl2.exe:hl2

"TCP Query User{D485A25A-1153-4BD5-A4F8-4C708D908271}c:\\program files\\steam\\steamapps\\mxxxh\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\age of chivalry\hl2.exe:hl2

"UDP Query User{375CB536-CE18-4878-AC4D-E1401B0BF5C1}c:\\program files\\steam\\steamapps\\mxxxh\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\age of chivalry\hl2.exe:hl2

"TCP Query User{8195E510-1599-4873-A5DC-757128ACA08E}c:\\program files\\steam\\steamapps\\mxxxh\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\diprip warm up\hl2.exe:hl2

"UDP Query User{5577658A-A45A-4F8A-A8EB-9B6A88991670}c:\\program files\\steam\\steamapps\\mxxxh\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\diprip warm up\hl2.exe:hl2

"TCP Query User{B55B4997-C975-46B9-826E-B687E1630BF9}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"UDP Query User{C90F7FC7-4C2A-4E5E-9C3F-FAF6C9904D2D}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"TCP Query User{48AAC2CD-7FAF-4175-A54F-780F83F21917}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"UDP Query User{CD6068A1-E2CD-4DFC-A00D-94D75BECFDC0}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"TCP Query User{78B2FB5E-AD00-4C75-917E-021FF7B2471F}c:\\program files\\steam\\steamapps\\wannabegamer93\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\zombie panic! source\hl2.exe:hl2

"UDP Query User{5210465A-AA8D-49C9-84FF-2D2057EF3B88}c:\\program files\\steam\\steamapps\\wannabegamer93\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\zombie panic! source\hl2.exe:hl2

"TCP Query User{A875F87F-0551-455E-849D-68FAB12D2920}c:\\program files\\steam\\steamapps\\wannabegamer93\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\insurgency\hl2.exe:hl2

"UDP Query User{8A25E5E7-0C5A-4D36-B389-C480B56061C2}c:\\program files\\steam\\steamapps\\wannabegamer93\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\insurgency\hl2.exe:hl2

"TCP Query User{C197BC38-21E1-43EB-AA40-608573B3D3ED}c:\\program files\\steam\\steamapps\\wannabegamer93\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\age of chivalry\hl2.exe:hl2

"UDP Query User{62350548-489E-401E-8DC0-59AA0CC643A9}c:\\program files\\steam\\steamapps\\wannabegamer93\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\age of chivalry\hl2.exe:hl2

"TCP Query User{C3D4D934-3AB3-4FAB-A8C8-7154281E1D1B}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"UDP Query User{FFAF9A4E-6009-413B-8D41-640D493224B9}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"{21A3C14D-254D-4DB5-A5D3-89701FA358A8}"= UDP:c:\program files\Steam\Steam.exe:Steam

"{9B8B1CD5-F1DF-4014-B9A7-ED5E57F54841}"= TCP:c:\program files\Steam\Steam.exe:Steam

"{FC1A0108-F49E-47A4-B122-B2B2D3E30DCF}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{23DA6A04-5D68-4D53-89BE-C514A6C324EF}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{8573BA2B-84DE-4BE5-88B8-D4CC45795B99}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"{656EE746-BAC2-478F-811D-09F231D56B50}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"TCP Query User{425E2529-C4E6-4CF9-AE37-4377DEA6E795}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead

"UDP Query User{67AB0A08-5E6F-4F1D-9DF5-4D9F770D5103}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead

"TCP Query User{D15CD420-5D90-43F7-924D-5CB571A6FC98}c:\\program files\\steam\\steamapps\\wannabegamer93\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\source dedicated server\srcds.exe:srcds

"UDP Query User{8A19AB44-A321-46F1-AF8F-851299659A3D}c:\\program files\\steam\\steamapps\\wannabegamer93\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\source dedicated server\srcds.exe:srcds

"{38E7FBC8-3975-4B4E-A39F-244178183055}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{02C53056-FD95-4A11-BB28-35C16F003F69}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{9A8DCF6A-A00A-4FC1-9EC6-2B6F5820475D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{A020DA6E-C5AC-4DE8-957E-5AFCE41DEED1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{54E21049-4EBB-45AF-A7DE-EF3A1CA3950F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{1F524092-8D94-4C6F-BE73-D4A9A6C45CCC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]

S3 F5D5055;Belkin F5D5055 Gigabit USB 2.0 Network Adapter;c:\windows\System32\drivers\F5D5055.sys [2008-12-06 30336]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-11 30192]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

.

.

------- Tilleggsskanning -------

.

FF - ProfilePath - c:\users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\9au9byr9.default\

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer:

 

**************************************************************************

.

Tidspunkt ferdig: 2009-01-24 18:19:13

ComboFix-quarantined-files.txt 2009-01-24 17:19:11

ComboFix2.txt 2009-01-23 20:20:51

ComboFix3.txt 2009-01-23 17:57:32

ComboFix4.txt 2009-01-23 17:16:04

 

Pre-Run: 33 013 190 656 byte ledig

Post-Run: 32,770,273,280 byte ledig

 

621 --- E O F --- 2009-01-19 21:18:24

Endret 24. januar 2009 av lordbeiken

[lordbeiken]

Siden dataen ikke starter som normalt har jeg prøvd et av norbats sine tips mot dette https://www.diskusjon.no/index.php?showtopic=691246" under overskriften

Når pc'n ikke vil starte verken i normal eller sikker modus

 

etter jeg har brent den plata kommer det opp et program som heter isobuster

vet ikke hva jeg skal gjøre herfra...

[lordbeiken]

dataen restartet da jeg plugget inn internetts adaptern min....

så jeg er tilbake på scratch...

 

gjorde en skan med combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-01-21.04 - Lordbeiken 2009-01-24 20:42:27.6 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3326.2865 [GMT 1:00]

Kjører fra: c:\users\TEMP\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-24 til 2009-01-24 )))))))))))))))))))))))))))))))))

.

 

Ingen nye filer opprettet i dette tidsrommet

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-24 19:18 --------- d-----w c:\program files\Steam

2009-01-24 17:51 --------- d-----w c:\program files\Smart Projects

2009-01-24 17:31 --------- d-----w c:\program files\ImgBurn

2009-01-23 18:21 --------- d-----w c:\programdata\2131496019

2009-01-23 16:52 --------- d-----w c:\users\Gjest\AppData\Roaming\Skype

2009-01-23 13:34 --------- d-----w c:\program files\BearShare Applications

2009-01-23 13:30 --------- d-----w c:\programdata\SUPERAntiSpyware.com

2009-01-23 13:30 --------- d-----w c:\program files\SUPERAntiSpyware

2009-01-23 13:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-23 13:24 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-23 13:24 --------- d-----w c:\program files\iTunes

2009-01-23 13:23 --------- d-----w c:\programdata\Apple Computer

2009-01-23 13:23 --------- d-----w c:\program files\iPod

2009-01-23 13:23 --------- d-----w c:\program files\Common Files\Apple

2009-01-23 13:23 --------- d-----w c:\program files\Bonjour

2009-01-23 13:20 --------- d-----w c:\programdata\Malwarebytes

2009-01-23 13:20 --------- d-----w c:\program files\QuickTime

2009-01-23 13:20 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-22 22:25 --------- d-----w c:\program files\Trend Micro

2009-01-22 15:11 --------- d-----w c:\program files\CCleaner

2009-01-21 22:35 --------- d-----w c:\programdata\33E7

2009-01-21 16:07 --------- d-----w c:\programdata\12303

2009-01-21 15:47 --------- d-----w c:\programdata\18B3

2009-01-20 23:25 --------- d-----w c:\programdata\331A6

2009-01-20 23:24 --------- d-----w c:\programdata\121D4

2009-01-19 18:03 --------- d-----w c:\program files\Ventrilo

2009-01-17 12:23 --------- d-----w c:\program files\Common Files\Steam

2009-01-17 12:22 --------- d-----w c:\programdata\Avira

2009-01-17 12:22 --------- d-----w c:\program files\Avira

2009-01-17 11:42 --------- d-----w c:\program files\Google

2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-13 22:12 --------- d-----w c:\programdata\NVIDIA

2009-01-13 20:12 --------- d-----w c:\program files\Windows Mail

2009-01-10 18:00 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-10 17:47 --------- d-----w c:\programdata\Electronic Arts

2009-01-10 17:39 107,888 ----a-w c:\windows\System32\CmdLineExt.dll

2009-01-06 22:42 --------- d-----w c:\program files\Electronic Arts

2008-12-18 13:05 --------- d-----w c:\programdata\Sports Interactive

2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-14 22:33 --------- d-----w c:\program files\GameSpy Arcade

2008-12-14 12:05 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-12-14 12:05 --------- d-----w c:\program files\Java

2008-12-13 16:09 --------- d-----w c:\programdata\PopCap Games

2008-12-13 16:08 --------- d-----w c:\programdata\Steam

2008-12-13 02:03 --------- d-----w c:\programdata\Microsoft Help

2008-12-11 20:37 42,320 ----a-w c:\windows\System32\xfcodec.dll

2008-12-09 18:24 --------- d-----w c:\program files\Alwil Software

2008-12-06 16:59 --------- d-----w c:\program files\Belkin CorporationBelkin

2008-11-28 17:34 --------- d-----w c:\program files\Games-Masters.com

2008-11-28 16:56 --------- d-----w c:\programdata\NOS

2008-11-28 16:56 --------- d-----w c:\program files\NOS

2008-11-26 22:21 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-26 22:20 --------- d-----w c:\program files\Common Files\Adobe

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-07-15 15:40 951 ----a-w c:\program files\Get OpenOffice.org.lnk

2008-07-14 16:10 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-14 16:10 56 ---ha-w c:\programdata\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

2009-01-11 21:25 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

 

((((((((((((((((((((((((((((( snapshot_2009-01-24_18.18.14,18 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-24 17:17:53 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-24 19:33:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-24 19:33:10 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-01-24 16:56:51 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-24 18:34:09 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-24 16:56:51 2,080,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-24 18:34:09 2,080,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-24 16:56:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-24 18:34:09 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-24 17:01:16 101,052 ----a-w c:\windows\System32\perfc009.dat

+ 2009-01-24 19:39:21 100,640 ----a-w c:\windows\System32\perfc009.dat

- 2009-01-24 17:01:16 76,272 ----a-w c:\windows\System32\perfc014.dat

+ 2009-01-24 19:39:21 75,894 ----a-w c:\windows\System32\perfc014.dat

- 2009-01-24 17:01:16 586,980 ----a-w c:\windows\System32\perfh009.dat

+ 2009-01-24 19:39:21 586,568 ----a-w c:\windows\System32\perfh009.dat

- 2009-01-24 17:01:16 452,088 ----a-w c:\windows\System32\perfh014.dat

+ 2009-01-24 19:39:21 451,340 ----a-w c:\windows\System32\perfh014.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-21 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-19 185872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-11 30192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=G

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{BBF4D8AF-831D-462E-9233-175C1DFA7F29}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2EAD67E1-76E3-4E02-951B-5D88E2ACA5DB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{4C88D6F4-327E-439E-807F-C7A0E5AAA79B}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"UDP Query User{EA177C2D-0CF0-4C65-A2AC-8873C812FE8A}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"{75FC5B14-F89B-438F-A7EF-F05AC54535A0}"= Disabled:UDP:c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe:Icon048298C91

"{03F545CA-FEC3-41BC-A76B-D3D1FE0B65F0}"= Disabled:TCP:c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe:Icon048298C91

"TCP Query User{0F21EA0A-705B-4AA6-B6DD-F81C70B4CA3D}c:\\program files\\steam\\steamapps\\lordbeiken\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\source dedicated server\srcds.exe:srcds

"UDP Query User{71746B54-8AA0-44CF-9AF4-A20A3621E521}c:\\program files\\steam\\steamapps\\lordbeiken\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\source dedicated server\srcds.exe:srcds

"TCP Query User{2F128A8C-8DE8-4C60-87F6-8B892C5155C2}c:\\program files\\steam\\steamapps\\lordbeiken\\source 2007 dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\source 2007 dedicated server\srcds.exe:srcds

"UDP Query User{4F08A351-36CC-4CB2-9171-FB06FEEA370F}c:\\program files\\steam\\steamapps\\lordbeiken\\source 2007 dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\source 2007 dedicated server\srcds.exe:srcds

"TCP Query User{0200E0AB-F10B-402D-BB27-B47FDB486C8C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{0050D2D8-48A6-4999-A68F-1A3C06E40D7B}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{FDDA0775-D226-49F2-B003-6566E2A27386}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{8FD632A2-C7EA-4079-B55E-F96F5D904EFC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{BB8022AE-29F4-4871-8227-1B140C160354}c:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest

"UDP Query User{AC6D2B88-FE3E-4E70-AB25-BF39F5B38D9E}c:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest

"TCP Query User{E2B62790-715C-46D3-A405-E61B279C97F3}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{6B53FE3D-414F-4C6C-A4DC-AD15B9FE8B57}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{21A3F195-1ACB-4211-99C3-73B8986A8376}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{AFF33EA2-B6B7-4A5C-8F2D-EE8D61552F91}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"TCP Query User{BE9E5D94-3A3C-4969-81BE-E3DF39848EDE}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{AD1CB6B5-B98C-45A7-96CD-CB385CBDAAE3}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{5AA2CF25-9509-4989-8C46-F138D11054F5}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

"UDP Query User{052BC555-9AAB-43B3-8CE7-187779CA6570}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

"{1E69F73A-3067-4B5C-A7F9-7ADA161DBBA6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{D140331C-5C26-4870-A67C-3C1327E0880E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{C7DC6BEE-FD81-4F8D-A8E4-FFA48357EEA4}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"{38D5D627-DB03-44E6-99A7-0DFC470D7A2E}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"{7C908BC8-79BC-4630-A9FF-626BDB1C0D4A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{58DE634F-2972-41AC-86C1-71B9C1532500}c:\\program files\\steam\\steamapps\\common\\left 4 dead demo\\srcds.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead demo\srcds.exe:srcds

"UDP Query User{F205E688-5491-4D43-A627-1E1039B2D7EF}c:\\program files\\steam\\steamapps\\common\\left 4 dead demo\\srcds.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead demo\srcds.exe:srcds

"TCP Query User{7ADFD4AE-E2ED-43EB-B06C-61F0E8F61C56}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire

"UDP Query User{C80AE4DD-731C-4FEB-A018-A9ECE7DC80B1}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

"TCP Query User{6BFFB302-EBD3-496E-9197-DA8C43F4282D}c:\\users\\lordbeiken\\downloads\\cabaltemp\\estsetuploader.exe"= UDP:c:\users\lordbeiken\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe

"UDP Query User{584B2871-7886-4D39-B749-7CBC92BFAF15}c:\\users\\lordbeiken\\downloads\\cabaltemp\\estsetuploader.exe"= TCP:c:\users\lordbeiken\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe

"TCP Query User{02B6EFD3-2E96-41F8-8EE0-87191DF1A5E9}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"UDP Query User{AB40FF91-92C0-4546-8E7A-7A9D5555F29D}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"TCP Query User{3313528A-9823-47C2-81FC-822D93D11D2D}c:\\users\\lordbeiken\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u0vtse2h\\cabaltemp\\estsetuploader.exe"= UDP:c:\users\lordbeiken\appdata\local\microsoft\windows\temporary internet files\content.ie5\u0vtse2h\cabaltemp\estsetuploader.exe:estsetuploader.exe

"UDP Query User{788E6DC4-ED5B-45CF-9412-86557924E280}c:\\users\\lordbeiken\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\u0vtse2h\\cabaltemp\\estsetuploader.exe"= TCP:c:\users\lordbeiken\appdata\local\microsoft\windows\temporary internet files\content.ie5\u0vtse2h\cabaltemp\estsetuploader.exe:estsetuploader.exe

"TCP Query User{DDD3B1EC-2D96-44E9-B030-071F054D969D}c:\\users\\lordbeiken\\desktop\\launcher65\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\desktop\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{6F56B63E-294A-4F58-830E-5F54FA435BBE}c:\\users\\lordbeiken\\desktop\\launcher65\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\desktop\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{DD097A5D-1BB9-4906-9703-CED946727F7A}c:\\users\\lordbeiken\\desktop\\launcher656\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\desktop\launcher656\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{58C89BF8-1340-47F3-BABA-5EE0AAFE1A74}c:\\users\\lordbeiken\\desktop\\launcher656\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\desktop\launcher656\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{704DC3F7-8CAB-4917-AB12-FB5E5E2CC27C}c:\\users\\lordbeiken\\appdata\\local\\temp\\launcher65\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\appdata\local\temp\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{4C0B62EC-DF86-444F-AA12-3EFB3C65013C}c:\\users\\lordbeiken\\appdata\\local\\temp\\launcher65\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\appdata\local\temp\launcher65\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{991E154D-7E33-4400-9E33-286D0C4D3572}c:\\users\\lordbeiken\\desktop\\launcher\\update\\estdnheadless.exe"= UDP:c:\users\lordbeiken\desktop\launcher\update\estdnheadless.exe:estdnheadless.exe

"UDP Query User{43119E78-FC12-4D28-B03C-8EEB22AC449F}c:\\users\\lordbeiken\\desktop\\launcher\\update\\estdnheadless.exe"= TCP:c:\users\lordbeiken\desktop\launcher\update\estdnheadless.exe:estdnheadless.exe

"TCP Query User{CC0A6D1A-6069-48B0-91F0-5229DCFE6E04}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"UDP Query User{69768982-EAFE-4024-B63F-68C6B3C9792F}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"TCP Query User{41984F4A-9404-4C96-BE10-D03EA9A72A22}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"UDP Query User{7F7664D9-55F3-43DD-8836-1C1D3EF53BCE}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"{83EC3D9D-D8A0-4342-8E88-AED7B55E6BAC}"= UDP:c:\program files\Games-Masters.com\CABAL Online (Europe)\cabal.exe:Cabal

"{08F55FAE-09E1-4220-B12C-1A139009380E}"= TCP:c:\program files\Games-Masters.com\CABAL Online (Europe)\cabal.exe:Cabal

"{C3FF65F8-A3E9-484E-B5FA-28715568F41F}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{7FBEC108-BC44-4200-84AA-427E63904528}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"TCP Query User{76744178-77B5-4176-AA03-E5EA526DCDE9}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"UDP Query User{91C854BD-6C31-4121-B806-1C2F9714A153}c:\\program files\\steam\\steamapps\\lordbeiken\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\counter-strike source\hl2.exe:hl2

"TCP Query User{2E1F5903-2FCA-45A2-8651-95844A0FCC8D}c:\\program files\\steam\\steamapps\\lordbeiken\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\team fortress 2\hl2.exe:hl2

"UDP Query User{4A01CCB1-F6A7-4FBA-9AF1-E4A68A948F27}c:\\program files\\steam\\steamapps\\lordbeiken\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\team fortress 2\hl2.exe:hl2

"TCP Query User{5F511399-C687-4CB2-8A67-00480535CCC6}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source beta\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\day of defeat source beta\hl2.exe:hl2

"UDP Query User{6DAA1B8A-4F7A-4F47-A7E0-3BE84B693D3D}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source beta\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\day of defeat source beta\hl2.exe:hl2

"TCP Query User{05A167A3-34D3-4A8C-8CB5-33A7052784F9}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\lordbeiken\day of defeat source\hl2.exe:hl2

"UDP Query User{C0E413F3-228F-47AC-B943-8F6586C2CE4E}c:\\program files\\steam\\steamapps\\lordbeiken\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\lordbeiken\day of defeat source\hl2.exe:hl2

"TCP Query User{53931830-EE6C-4122-9B21-204457B7AB8A}c:\\program files\\steam\\steamapps\\mxxxh\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{8BD0D7D9-848D-4D11-BB73-1826E51B8F40}c:\\program files\\steam\\steamapps\\mxxxh\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\half-life 2 deathmatch\hl2.exe:hl2

"TCP Query User{9717DEE4-D013-49A5-A483-918DD741053F}c:\\program files\\steam\\steamapps\\mxxxh\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\counter-strike source\hl2.exe:hl2

"UDP Query User{53053BFA-F073-4612-91D7-7968FE6A312F}c:\\program files\\steam\\steamapps\\mxxxh\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\counter-strike source\hl2.exe:hl2

"TCP Query User{D485A25A-1153-4BD5-A4F8-4C708D908271}c:\\program files\\steam\\steamapps\\mxxxh\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\age of chivalry\hl2.exe:hl2

"UDP Query User{375CB536-CE18-4878-AC4D-E1401B0BF5C1}c:\\program files\\steam\\steamapps\\mxxxh\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\age of chivalry\hl2.exe:hl2

"TCP Query User{8195E510-1599-4873-A5DC-757128ACA08E}c:\\program files\\steam\\steamapps\\mxxxh\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\mxxxh\diprip warm up\hl2.exe:hl2

"UDP Query User{5577658A-A45A-4F8A-A8EB-9B6A88991670}c:\\program files\\steam\\steamapps\\mxxxh\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\mxxxh\diprip warm up\hl2.exe:hl2

"TCP Query User{B55B4997-C975-46B9-826E-B687E1630BF9}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"UDP Query User{C90F7FC7-4C2A-4E5E-9C3F-FAF6C9904D2D}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"TCP Query User{48AAC2CD-7FAF-4175-A54F-780F83F21917}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"UDP Query User{CD6068A1-E2CD-4DFC-A00D-94D75BECFDC0}c:\\program files\\steam\\steamapps\\wannabegamer93\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\counter-strike source\hl2.exe:hl2

"TCP Query User{78B2FB5E-AD00-4C75-917E-021FF7B2471F}c:\\program files\\steam\\steamapps\\wannabegamer93\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\zombie panic! source\hl2.exe:hl2

"UDP Query User{5210465A-AA8D-49C9-84FF-2D2057EF3B88}c:\\program files\\steam\\steamapps\\wannabegamer93\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\zombie panic! source\hl2.exe:hl2

"TCP Query User{A875F87F-0551-455E-849D-68FAB12D2920}c:\\program files\\steam\\steamapps\\wannabegamer93\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\insurgency\hl2.exe:hl2

"UDP Query User{8A25E5E7-0C5A-4D36-B389-C480B56061C2}c:\\program files\\steam\\steamapps\\wannabegamer93\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\insurgency\hl2.exe:hl2

"TCP Query User{C197BC38-21E1-43EB-AA40-608573B3D3ED}c:\\program files\\steam\\steamapps\\wannabegamer93\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\age of chivalry\hl2.exe:hl2

"UDP Query User{62350548-489E-401E-8DC0-59AA0CC643A9}c:\\program files\\steam\\steamapps\\wannabegamer93\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\age of chivalry\hl2.exe:hl2

"TCP Query User{C3D4D934-3AB3-4FAB-A8C8-7154281E1D1B}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"UDP Query User{FFAF9A4E-6009-413B-8D41-640D493224B9}c:\\program files\\steam\\steamapps\\wannabegamer93\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\team fortress 2\hl2.exe:hl2

"{21A3C14D-254D-4DB5-A5D3-89701FA358A8}"= UDP:c:\program files\Steam\Steam.exe:Steam

"{9B8B1CD5-F1DF-4014-B9A7-ED5E57F54841}"= TCP:c:\program files\Steam\Steam.exe:Steam

"{FC1A0108-F49E-47A4-B122-B2B2D3E30DCF}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{23DA6A04-5D68-4D53-89BE-C514A6C324EF}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{8573BA2B-84DE-4BE5-88B8-D4CC45795B99}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"{656EE746-BAC2-478F-811D-09F231D56B50}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"TCP Query User{425E2529-C4E6-4CF9-AE37-4377DEA6E795}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead

"UDP Query User{67AB0A08-5E6F-4F1D-9DF5-4D9F770D5103}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead

"TCP Query User{D15CD420-5D90-43F7-924D-5CB571A6FC98}c:\\program files\\steam\\steamapps\\wannabegamer93\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\wannabegamer93\source dedicated server\srcds.exe:srcds

"UDP Query User{8A19AB44-A321-46F1-AF8F-851299659A3D}c:\\program files\\steam\\steamapps\\wannabegamer93\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\wannabegamer93\source dedicated server\srcds.exe:srcds

"{38E7FBC8-3975-4B4E-A39F-244178183055}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{02C53056-FD95-4A11-BB28-35C16F003F69}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{9A8DCF6A-A00A-4FC1-9EC6-2B6F5820475D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{A020DA6E-C5AC-4DE8-957E-5AFCE41DEED1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{54E21049-4EBB-45AF-A7DE-EF3A1CA3950F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{1F524092-8D94-4C6F-BE73-D4A9A6C45CCC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

 

R3 F5D5055;Belkin F5D5055 Gigabit USB 2.0 Network Adapter;c:\windows\System32\drivers\F5D5055.sys [2008-12-06 30336]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-11 30192]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - ECACHE

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-RunOnce-<NO NAME> - (no file)

 

 

.

------- Tilleggsskanning -------

.

FF - ProfilePath - c:\users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\gwuhio17.default\

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-24 20:45:16

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-01-24 20:46:21

ComboFix-quarantined-files.txt 2009-01-24 19:46:20

ComboFix2.txt 2009-01-24 17:19:13

ComboFix3.txt 2009-01-23 20:20:51

ComboFix4.txt 2009-01-23 17:57:32

ComboFix5.txt 2009-01-24 19:42:19

 

Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 43,588,882,432 byte ledig

 

270 --- E O F --- 2009-01-19 21:18:24

[lordbeiken]

en skan i sikkerhetsmudus

problem løst ?? dataen vil ennå ikke starte riktig...

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.33

Database version: 1682

Windows 6.0.6001 Service Pack 1

 

24.01.2009 23:47:49

mbam-log-2009-01-24 (23-47-49).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 195335

Time elapsed: 21 minute(s), 2 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Endret 24. januar 2009 av lordbeiken

[Patience]

#10: Blant andre ting regnes f. eks tre eller flere like tråder/innlegg som uønsket innhold (heretter referert til som "spam"), og kan føre til advarsler eller midlertidig/permanent utestengelse. Brukere som deltar i slike tråder kan straffes på lik linje med trådstarter. Ulovlig bumping er heller ikke tillatt og kan bli straffet på samme måte som spam. Korte, unødvendige innlegg kun egnet til å øke brukerens antall poster regnes som spam, og kan straffes deretter. Det samme gjelder unødvendig/overdrevet bruk av smiles, eller innlegg som ikke inneholder annet enn smiley's.

 

Hva er bumping?:

Bumping er posting i gamle tråder, slik at de skal komme lengre opp på lister over de siste postede meldingene. Dette blir gjort av enkelte, og slike meldinger inneholder ofte bare "*bump*". Dette vil i første forsøk bli slettet, men hvis brukeren fortsetter bumpingen kan stenging av tråder og advarsler bli brukt. En har likevel lov til å svare på sine egne tråder, dersom en har ny informasjon å komme med. Bumping av egne tråder skal begrenses til maksimum to ganger med minimum 24 timer mellom hver. En har likevel lov til å svare på sine egne tråder dersom man har ny informasjon å komme med.

Endret 24. januar 2009 av Patience

[r2d290]

Lordbeiken:

 

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

2009-01-23 17:43 97 --a------ c:\users\All Users\2131496019\config.udb

2009-01-22 16:02 241 --a------ c:\users\All Users\2131496019\init.udb

2009-01-22 16:02 12930 --a------ c:\users\All Users\2131496019\Langs.udb

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

[lordbeiken]

c:\users\All Users\2131496019\config.udb : ingenting ble funnet

c:\users\All Users\2131496019\init.udb : ingenting funnet

c:\users\All Users\2131496019\Langs.udb :ingenting funnet

 

Er jeg kvitt alle malwares nå da ?

Jeg har kun et problem i såfall, dataen starter kun i en midlertidig profil hver gang jeg starter maskinen.

Vet du hvordan jeg fikser dette ? Skal jeg starte en ny tråd for dette problemet

[r2d290]

Du kan se om forslaget i denne tråden: https://www.diskusjon.no/index.php?s=tek.no...howtopic=986499 hjelper noe. Hvis ikke kan du sikkert bumpe den tråden, og be om videre assistanse

 

Loggene ser ut til å være rene (gitt at det stemmer at de filene du scannet er trygge).

 

Combofix må avinstalleres.

 

Gå til Start > Kjør

Skriv følgende i boksen:

• ComboFix /u
  

PS: legg merke til mellomrommet mellom X og /u

 

Du skal nå ha noe som tilsvarer bildet nedenfor:

 

Trykk Enter.

 

Denne kommandoen vil:

• Fjerne følgende:
  • ComboFix og dets tilhørende filer og mapper.
    VundoFix backups, hvis de eksisterer.
    Mappen C:\Deckard, hvis den eksisterer
    Mappen C:\OtMoveIt, hvis den eksisterer
    

  [*] Nullstille klokke-instillingene.

   

  [*] Skjule filetternavn hvis det er nødvendig.

   

  [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

   

  [*] Nullstille systemgjennoprettingspunkter.

-Surf trygt-