nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Loggen: ComboFix 09-02-07.01 - sysop 2009-02-08 19:44:55.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1479 [GMT 1:00] Kjører fra: c:\documents and settings\sysop\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\sysop\Skrivebord\cfscript.txt AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-08 til 2009-02-08 ))))))))))))))))))))))))))))))))) . 2009-02-08 14:11 . 2008-12-26 07:20 290,816 --a------ c:\windows\system32\nvwrsth.dll 2009-02-08 14:11 . 2008-12-26 07:20 253,952 --a------ c:\windows\system32\nvrsth.dll 2009-02-08 14:11 . 2008-12-26 07:20 211,067 --a------ c:\windows\system32\nvapps.nvb 2009-02-08 14:10 . 2008-12-26 07:20 1,650,688 --a------ c:\windows\system32\nvcuda.dll 2009-02-08 12:48 . 2009-02-08 12:48 12,126 --a------ c:\windows\system32\rundll32-1.rar 2009-02-08 03:25 . 2008-04-14 09:22 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-02-08 03:25 . 2001-08-18 06:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-02-08 03:25 . 2001-10-06 14:03 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-02-08 03:25 . 2001-10-06 14:02 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-02-08 03:25 . 2008-04-14 09:22 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-02-08 03:25 . 2001-10-06 14:03 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-02-08 03:23 . 2001-08-17 21:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys 2009-02-08 03:22 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2009-02-08 03:21 . 2001-10-06 14:02 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-02-08 03:21 . 2001-10-06 14:02 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll 2009-02-08 03:21 . 2001-10-06 14:02 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll 2009-02-08 03:21 . 2001-10-06 14:02 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll 2009-02-08 03:21 . 2001-08-17 20:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys 2009-02-08 03:21 . 2001-08-17 20:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys 2009-02-08 03:21 . 2001-10-06 14:02 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll 2009-02-08 03:21 . 2001-10-06 14:02 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll 2009-02-08 03:21 . 2001-08-17 21:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys 2009-02-08 03:21 . 2001-08-17 21:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys 2009-02-08 03:20 . 2001-10-06 14:02 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll 2009-02-08 03:20 . 2001-08-17 22:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys 2009-02-08 03:20 . 2001-08-17 22:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys 2009-02-08 03:20 . 2001-08-17 20:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys 2009-02-08 03:20 . 2008-04-14 09:23 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe 2009-02-08 03:20 . 2001-10-06 14:01 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll 2009-02-08 03:20 . 2001-08-17 20:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys 2009-02-08 03:20 . 2001-10-06 14:02 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll 2009-02-08 03:20 . 2001-10-06 13:30 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys 2009-02-08 03:19 . 2001-10-06 14:02 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll 2009-02-08 03:19 . 2008-04-13 11:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys 2009-02-08 03:19 . 2001-08-17 20:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys 2009-02-08 03:19 . 2001-08-17 20:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys 2009-02-08 03:19 . 2001-10-06 14:02 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll 2009-02-08 03:19 . 2001-08-17 20:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys 2009-02-08 03:19 . 2001-08-17 20:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys 2009-02-08 03:19 . 2001-08-17 21:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys 2009-02-08 03:19 . 2001-08-17 20:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys 2009-02-08 03:19 . 2001-08-17 20:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys 2009-02-08 03:19 . 2001-08-17 21:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys 2009-02-08 03:18 . 2001-08-17 21:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys 2009-02-08 03:18 . 2001-10-06 14:02 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll 2009-02-08 03:18 . 2001-08-17 22:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys 2009-02-08 03:18 . 2001-08-17 22:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys 2009-02-08 03:18 . 2001-08-17 22:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys 2009-02-08 03:18 . 2001-08-17 22:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys 2009-02-08 03:18 . 2001-10-06 14:02 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll 2009-02-08 03:18 . 2001-08-17 22:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys 2009-02-08 03:17 . 2001-10-06 13:24 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys 2009-02-08 03:17 . 2001-10-06 14:02 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll 2009-02-08 03:17 . 2001-10-06 14:02 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll 2009-02-08 03:17 . 2001-10-06 14:02 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll 2009-02-08 03:17 . 2001-08-17 20:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys 2009-02-08 03:17 . 2001-10-06 14:02 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll 2009-02-08 03:17 . 2001-10-06 13:23 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys 2009-02-08 03:17 . 2001-10-06 14:02 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll 2009-02-08 03:16 . 2001-10-06 14:02 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll 2009-02-08 03:16 . 2001-10-06 14:02 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll 2009-02-08 03:16 . 2001-10-06 14:02 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll 2009-02-08 03:16 . 2001-08-17 21:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys 2009-02-08 03:16 . 2001-08-17 20:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys 2009-02-08 03:16 . 2001-10-06 14:02 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll 2009-02-08 03:16 . 2001-08-17 22:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys 2009-02-08 03:16 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys 2009-02-08 03:15 . 2001-10-06 14:02 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll 2009-02-08 03:15 . 2001-08-17 20:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys 2009-02-08 03:15 . 2001-08-17 20:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys 2009-02-08 03:15 . 2001-08-17 20:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys 2009-02-08 03:15 . 2001-08-17 21:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys 2009-02-08 03:15 . 2008-04-13 11:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys 2009-02-08 03:15 . 2001-08-17 21:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys 2009-02-08 03:14 . 2001-10-06 14:02 45,568 --a--c--- c:\windows\system32\dllcache\smb3w.dll 2009-02-08 03:14 . 2001-10-06 13:45 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys 2009-02-08 03:14 . 2001-10-06 14:02 33,792 --a--c--- c:\windows\system32\dllcache\smb0w.dll 2009-02-08 03:14 . 2001-10-06 14:02 28,672 --a--c--- c:\windows\system32\dllcache\sma0w.dll 2009-02-08 03:14 . 2001-10-06 14:02 28,160 --a--c--- c:\windows\system32\dllcache\sm91w.dll 2009-02-08 03:14 . 2001-08-17 20:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys 2009-02-08 03:14 . 2008-04-13 11:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys 2009-02-08 03:14 . 2008-04-13 11:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys 2009-02-08 03:14 . 2001-08-17 21:57 6,784 --a--c--- c:\windows\system32\dllcache\smbhc.sys 2009-02-08 03:13 . 2001-10-06 14:02 238,592 --a--c--- c:\windows\system32\dllcache\sisgrv.dll 2009-02-08 03:13 . 2001-10-06 14:02 157,696 --a--c--- c:\windows\system32\dllcache\sisv256.dll 2009-02-08 03:13 . 2001-10-06 14:02 150,144 --a--c--- c:\windows\system32\dllcache\sis6306v.dll 2009-02-08 03:13 . 2001-08-17 20:50 104,064 --a--c--- c:\windows\system32\dllcache\sisgrp.sys 2009-02-08 03:13 . 2001-10-06 13:45 94,794 --a--c--- c:\windows\system32\dllcache\sk98xwin.sys 2009-02-08 03:13 . 2001-08-17 20:12 91,294 --a--c--- c:\windows\system32\dllcache\skfpwin.sys 2009-02-08 03:13 . 2001-08-17 20:50 68,608 --a--c--- c:\windows\system32\dllcache\sis6306p.sys 2009-02-08 03:13 . 2008-04-13 09:35 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys 2009-02-08 03:13 . 2001-08-17 20:50 50,432 --a--c--- c:\windows\system32\dllcache\sisv.sys 2009-02-08 03:13 . 2008-04-13 09:35 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys 2009-02-08 03:12 . 2001-10-06 14:02 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll 2009-02-08 03:12 . 2001-10-06 14:02 252,032 --a--c--- c:\windows\system32\dllcache\sis300iv.dll 2009-02-08 03:12 . 2001-10-06 13:43 161,600 --a--c--- c:\windows\system32\dllcache\sgsmusb.sys 2009-02-08 03:12 . 2001-08-17 20:50 101,760 --a--c--- c:\windows\system32\dllcache\sis300ip.sys 2009-02-08 03:12 . 2001-08-17 20:51 98,080 --a--c--- c:\windows\system32\dllcache\sgiulnt5.sys 2009-02-08 03:12 . 2001-08-17 20:19 36,480 --a--c--- c:\windows\system32\dllcache\sfmanm.sys 2009-02-08 03:12 . 2001-07-21 22:29 18,400 --a--c--- c:\windows\system32\dllcache\sgsmld.sys 2009-02-08 03:11 . 2001-08-17 21:51 23,936 --a--c--- c:\windows\system32\dllcache\sccmusbm.sys 2009-02-08 03:11 . 2001-10-06 13:43 17,664 --a--c--- c:\windows\system32\dllcache\sermouse.sys 2009-02-08 03:11 . 2001-10-06 13:42 17,280 --a--c--- c:\windows\system32\dllcache\scr111.sys 2009-02-08 03:11 . 2001-10-06 13:42 16,640 --a--c--- c:\windows\system32\dllcache\scmstcs.sys 2009-02-08 03:11 . 2001-08-17 21:52 11,648 --a--c--- c:\windows\system32\dllcache\scsiprnt.sys 2009-02-08 03:11 . 2008-04-13 11:45 11,520 --a--c--- c:\windows\system32\dllcache\scsiscan.sys 2009-02-08 03:11 . 2001-08-17 21:53 6,912 --a--c--- c:\windows\system32\dllcache\seaddsmc.sys 2009-02-08 03:11 . 2001-10-06 13:43 6,784 --a--c--- c:\windows\system32\dllcache\serscan.sys 2009-02-08 03:10 . 2001-10-06 14:01 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll 2009-02-08 03:10 . 2001-10-06 14:02 245,632 --a--c--- c:\windows\system32\dllcache\s3savmx.dll 2009-02-08 03:10 . 2001-10-06 14:02 210,496 --a--c--- c:\windows\system32\dllcache\s3mvirge.dll 2009-02-08 03:10 . 2001-10-06 14:02 198,400 --a--c--- c:\windows\system32\dllcache\s3sav4.dll 2009-02-08 03:10 . 2001-10-06 14:02 179,264 --a--c--- c:\windows\system32\dllcache\s3sav3d.dll 2009-02-08 03:10 . 2001-08-17 20:50 77,824 --a--c--- c:\windows\system32\dllcache\s3sav4m.sys 2009-02-08 03:10 . 2001-08-17 20:50 75,392 --a--c--- c:\windows\system32\dllcache\s3savmxm.sys 2009-02-08 03:10 . 2001-08-17 20:50 61,504 --a--c--- c:\windows\system32\dllcache\s3sav3dm.sys 2009-02-08 03:10 . 2008-04-13 11:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys 2009-02-08 03:10 . 2001-10-06 13:42 23,936 --a--c--- c:\windows\system32\dllcache\sccmn50m.sys 2009-02-08 03:09 . 2001-10-06 14:02 182,272 --a--c--- c:\windows\system32\dllcache\s3mt3d.dll 2009-02-08 03:09 . 2001-08-17 20:50 166,720 --a--c--- c:\windows\system32\dllcache\s3m.sys 2009-02-08 03:09 . 2001-10-06 14:02 82,944 --a--c--- c:\windows\system32\dllcache\rwia450.dll 2009-02-08 03:09 . 2001-10-06 14:02 80,384 --a--c--- c:\windows\system32\dllcache\rwia430.dll 2009-02-08 03:09 . 2001-08-17 21:57 65,664 --a--c--- c:\windows\system32\dllcache\s3legacy.sys 2009-02-08 03:09 . 2001-10-06 14:02 62,496 --a--c--- c:\windows\system32\dllcache\s3mtrio.dll 2009-02-08 03:09 . 2001-08-17 20:50 41,216 --a--c--- c:\windows\system32\dllcache\s3mt3d.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-08 15:45 --------- d-----w c:\programfiler\Starcraft 2009-02-08 02:34 96,384 ----a-w c:\windows\system32\drivers\sptd8333.sys 2009-02-04 19:06 --------- d-----w c:\documents and settings\sysop\Programdata\dvdcss 2009-02-03 14:49 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-01 20:10 --------- d-----w c:\documents and settings\sysop\Programdata\uTorrent 2009-01-24 00:43 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-24 00:43 --------- d-----w c:\programfiler\Ubisoft 2009-01-24 00:43 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-02 00:15 --------- d-----w c:\documents and settings\sysop\Programdata\DivX 2008-12-28 20:55 --------- d-----w c:\programfiler\Left 4 Dead 2008-12-27 14:20 --------- d-----w c:\programfiler\Diablo II 2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-19 13:03 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-10-25 12:11 22,328 -c--a-w c:\documents and settings\sysop\Programdata\PnkBstrK.sys 2008-07-18 08:55 1,598,010,535 ----a-w c:\programfiler\Diablo II1.12.rar 2006-12-29 01:07 38,912 ----a-w c:\programfiler\D2Loader-1.11b.exe 2004-06-15 06:00 13,824 ----a-w c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "Steam"="c:\steam\steam.exe" [2008-10-08 1410296] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-03-29 190000] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975] "DAEMON Tools"="c:\programfiler\DAEMON Tools\daemon.exe" [2005-12-10 133016] "nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2008-05-17 950664] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-04-13 947760] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13729792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\sysop\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] BJ Status Monitor Canon PIXMA iP3000.lnk - c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe [2008-03-03 13824] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-09-11 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-08-04 13:44 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.i420"= i420vfw.dll "msacm.imc"= imc32.acm "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^sysop^Start-meny^Programmer^Oppstart^BJ Status Monitor Canon PIXMA iP3000.lnk] backup=c:\windows\pss\BJ Status Monitor Canon PIXMA iP3000.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 09:47 289064 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 08:34 167936 c:\programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-12 11:45 1576176 c:\programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Steam\\Steam.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Programfiler\\Starcraft\\StarCraft.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\utorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "c:\\Programfiler\\Diablo II\\D2Loader-1.11b.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Steam\\steamapps\\d2l_zod\\dedicated server\\hlds.exe"= "c:\\Steam\\steamapps\\tomcat409\\counter-strike\\hl.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\sysop\\Skrivebord\\RM\\RatioMaster.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Awesom-O 3.6\\Redvex\\AO.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\TeamViewer3\\TeamViewer.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Left 4 Dead\\left4dead.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4000:TCP"= 4000:TCP:d2 "4000:UDP"= 4000:UDP:d2 R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-03-14 9856] R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2007-12-12 44480] R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-15 2915944] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-17 15424] R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024] R2 LF30FS;LF30FS;c:\programfiler\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408] S3 w3304an5;WN3X0X Wireless Adapter;\??\c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS --> c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS [?] S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Tilleggsskanning ------- . uStart Page = about:blank IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/ FF - component: c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 19:47:58 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\windows\system32\timedate.cpl 93696 bytes executable skanning vellykket skjulte filer: 1 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:52,15,63,f5,85,7f,e0,8a,7d,61,0c,46,f5,02,a4,98,37,e3,7a,0f,6f,16,18, 30,2b,9d,5f,d8,6b,09,33,09,71,4b,4f,2c,3e,cc,5f,c4,23,0f,d1,66,8e,e0,56,41,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:fc,fe,5b,55,a4,a0,24,28,bd,d9,5f,a5,16,27,84,c1,a2,cd,a1,f0,e3, 8c,7c,bc,f4,95,92,1e,a7,64,90,fc,d3,05,79,f2,6a,50,45,f6,cc,03,5c,01,de,ff,\ "rkeysecu"=hex:38,2d,20,88,7d,46,60,62,5d,99,cd,2a,13,88,0f,7a . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1036) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-02-08 19:49:28 ComboFix-quarantined-files.txt 2009-02-08 18:49:25 ComboFix2.txt 2009-02-08 13:49:40 ComboFix3.txt 2009-02-08 00:08:17 ComboFix4.txt 2008-10-08 07:17:26 Pre-Run: 31 822 241 792 byte ledig Post-Run: 31,803,842,560 byte ledig 338 --- E O F --- 2009-01-15 00:18:31 Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 (endret) Hmm, Åpne cmd (start->kjør, skriv cmd) skriv: cd\windows\system32 (klikk Enter) Skriv: dir *.cpl /a /b >c:\cplliste.txt (klikk Enter) Lukk cmd og post innholdet i c:\cplliste.txt-fila. Endret 8. februar 2009 av norbat Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Følgende står i cplliste.txt: access.cpl ALSndMgr.cpl appwiz.cpl bthprops.cpl desk.cpl firewall.cpl hdwwiz.cpl inetcpl.cpl infocardcpl.cpl intl.cpl irprops.cpl ISUSPM.cpl joy.cpl jpicpl32.cpl main.cpl mmsys.cpl ncpa.cpl netsetup.cpl nusrmgr.cpl nvcpl.cpl nvtuicpl.cpl nwc.cpl odbccp32.cpl powercfg.cpl RTSndMgr.cpl sysdm.cpl telephon.cpl wscui.cpl wuaucpl.cpl WVAProp.cpl Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 Er dette noe som oppsto plutselig eller var det i forbindelse med installering av ett eller annet? Hvis dette er noe som nylig har oppstått, kan en systemgjenoppretting til en dato før probl. oppsto muligends løse problemet (tilbehør->systemverktøy->systemgjenoppretting) Hvorfor fila rundll32.exe og timedate.cpl er skjult, er jeg litt usikker på. Kan det tenkes at noen har vært i gpedit.msc (group policyen) og endret på noen innstillinger? Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Hadde virtumonde for en god stund siden, var stress å bli kvitt den. Kom tilbake hele tiden, men gikk vekk tilslutt. Vet ikke hvor sannsynlig det er at dette foresaket feilen. Systemgjennopretting er for seint, merket egentlig nylig at jeg ikke kan trykke på klokken / egenskaper bakgrunn. Om noen har vært i gpedit.msc og endret noe må det ha vært et virus. Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 Hvis du oppretter en ny bruker på pc'n, fungerer alt normalt da (og finner du rundll32.exe og timedate.cpl i system32-mappa) Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Et problem, når jeg skal lage ny bruker kommer "finner ikke rundll32.exe" igjen. Lenke til kommentar
norbat Skrevet 8. februar 2009 Del Skrevet 8. februar 2009 Får du dette problemet om du prøver å åpne noe av de andre programmene i kontrollpanelet også? Lenke til kommentar
nilsso Skrevet 8. februar 2009 Forfatter Del Skrevet 8. februar 2009 Ja, ser sånn ut! Får det på det meste, med få unntak. Lenke til kommentar
norbat Skrevet 9. februar 2009 Del Skrevet 9. februar 2009 (endret) Hvis alt fungerer i sikker modus- har du kanskje mulighet til å opprette ny bruker derfra. Hvis, sjekk om alt fungerer som normalt i normal modus fra denne brukeren. Deretter, prøv følgende: Fra cmd, skriv: sfc /purgecache Mulig du trenger xp cd'n. Vi kan titte på en annen logg for å se om den kan vise hvorfor rundll32 blir skjult Last ned OTViewIT, legg det på skrivebordet. Start programmet Sett merke i 'Scan all users" Endre 'File Age' fra 30 til 90 dager (hvis det er lengre siden du hadde infeksjonene, setter du All). Klikk Run scan. Dette kan gi en monster-logg, så legg den mellom (skjul)....(/skjul)-tagger Endret 9. februar 2009 av norbat Lenke til kommentar
nilsso Skrevet 9. februar 2009 Forfatter Del Skrevet 9. februar 2009 (endret) Å lage ny bruker i safemod fungerte, men får opp at rundll32.exe fila er borte på den nye brukeren i normalmod. cmdcommanden: Filbeskyttelse for windows har utført den forespurte endringen. Logg kommer snart. Edit: Logg: OTViewIt logfile created on: 09.02.2009 17:26:17 - Run 3 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\sysop\Skrivebord Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,48% Memory free 3,85 Gb Paging File | 3,42 Gb Available in Paging File | 88,79% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 149,04 Gb Total Space | 29,67 Gb Free Space | 19,90% Space Free | Partition Type: NTFS Drive D: | 488,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 7,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 298,09 Gb Total Space | 29,23 Gb Free Space | 9,81% Space Free | Partition Type: NTFS Computer Name: PWNAGE2 Current User Name: sysop Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = All Days [color=orange]========== Processes ==========[/color] [2008.11.07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008.05.17 20:18:17 | 00,549,256 | ---- | M] (Eset ) -- C:\Programfiler\ESET\nod32krn.exe [2007.09.04 18:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe [2008.12.26 07:20:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [2008.10.22 05:27:07 | 00,063,040 | ---- | M] () -- C:\Programfiler\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe [2008.04.14 08:23:20 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe [2004.08.09 06:03:38 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe [2007.04.10 01:28:44 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe [2007.03.29 14:00:46 | 00,190,000 | ---- | M] (Compal Electronics, Inc.) -- C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe [2005.04.13 03:48:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe [2005.12.10 15:57:19 | 00,133,016 | ---- | M] (DT Soft Ltd.) -- C:\Programfiler\DAEMON Tools\daemon.exe [2008.05.17 20:18:17 | 00,950,664 | ---- | M] (Eset ) -- C:\Programfiler\ESET\nod32kui.exe [2006.11.22 03:31:00 | 00,630,784 | ---- | M] (Motorola Inc.) -- C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe [2001.08.17 22:36:56 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\rundll32.exe [2007.04.13 00:59:28 | 00,947,760 | ---- | M] () -- C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe [2007.01.19 12:54:44 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\msnmsgr.exe [2008.10.08 13:01:24 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Steam\steam.exe [2008.05.02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008.05.02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe [2009.02.09 17:05:00 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sysop\Skrivebord\OTViewIt.exe [2007.01.19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\usnsvc.exe [2009.02.05 13:03:49 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Programfiler\Mozilla Firefox\firefox.exe [2008.12.26 07:20:00 | 00,801,312 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvcplui.exe [2008.04.14 08:23:04 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe [color=orange]========== (O23) Win32 Services ==========[/color] [2007.11.04 12:59:22 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) [2008.09.15 20:35:22 | 00,304,528 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\appdrvrem01.exe -- (appdrvrem01 [Disabled | Stopped]) [2008.11.07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) [2007.10.24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2007.10.24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2007.10.09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2004.10.22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2007.10.11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) [2008.07.30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) [2008.05.02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped]) [2006.08.31 13:49:32 | 01,101,824 | ---- | M] (Language Engineering Corporation, LLC) -- C:\Programfiler\Power Translator 11\LogoMedia TranslateDotNet Server.exe -- (LEC TranslateDotNet Server [On_Demand | Stopped]) [2006.08.08 21:15:50 | 00,208,896 | ---- | M] (Nero AG) -- C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) [2007.10.11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2008.05.17 20:18:17 | 00,549,256 | ---- | M] (Eset ) -- C:\Programfiler\ESET\nod32krn.exe -- (NOD32krn [Auto | Running]) [2007.09.04 18:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running]) [2008.12.26 07:20:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2003.07.28 17:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2008.10.22 05:27:07 | 00,063,040 | ---- | M] () -- C:\Programfiler\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) [2008.08.07 10:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) [2007.01.19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running]) [2006.11.15 09:46:18 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=orange]========== Driver Services ==========[/color] [2008.05.17 20:18:17 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running]) [2008.09.15 20:35:23 | 02,915,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01 [System | Running]) [2007.02.16 15:46:42 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running]) [2007.11.11 13:06:09 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Running]) [2007.03.14 10:16:42 | 00,009,856 | ---- | M] () -- C:\WINDOWS\system32\drivers\EMSC.sys -- (EMSC [Boot | Running]) [2008.01.29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2008.04.13 08:36:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2003.05.11 22:20:34 | 00,044,480 | ---- | M] (HyWave Corporation) -- C:\WINDOWS\system32\drivers\HWFProt.sys -- (HWFProt [Boot | Running]) [2007.04.10 05:04:40 | 04,397,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) [2008.04.14 07:50:12 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running]) [2007.04.11 15:32:30 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running]) [2007.04.11 15:32:38 | 00,063,248 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou [On_Demand | Running]) [2004.11.19 18:07:00 | 00,101,488 | ---- | M] () -- C:\Programfiler\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS [Auto | Running]) [2008.02.29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running]) [2007.04.11 15:32:58 | 00,036,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running]) [2007.04.11 15:33:06 | 00,079,376 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE [On_Demand | Running]) [2008.02.29 02:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt [On_Demand | Running]) [2007.02.24 23:05:24 | 02,203,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand | Running]) [2008.05.17 20:18:17 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running]) [2008.12.26 07:20:00 | 07,962,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2007.09.04 18:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running]) [2007.09.17 14:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) [2007.07.15 02:37:04 | 00,027,992 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\pstrip.sys -- (PStrip [System | Running]) [2004.08.04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) [2007.02.24 14:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running]) [2007.01.23 16:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running]) [2008.05.28 09:33:36 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running]) [2008.05.28 09:33:38 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped]) [2008.05.28 09:33:36 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running]) [2008.07.07 08:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running]) [2008.04.13 10:36:46 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running]) [2008.04.13 08:39:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2006.11.22 03:35:00 | 00,982,272 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running]) [2007.11.11 02:44:52 | 00,642,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running]) [2008.04.13 10:45:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped]) [2008.04.13 10:46:22 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running]) [2006.11.02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running]) [2008.04.13 10:36:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running]) [2004.08.04 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running]) [color=orange]========== (R ) Internet Explorer ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=about:blank [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] "provider"= [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=about:blank [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL] "provider"= [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1006\Software\Microsoft\Internet Explorer\SearchURL] "provider"= [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1006\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [color=orange]========== (O1) Hosts File ==========[/color] HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost [color=orange]========== (O2) BHO's ==========[/color] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [color=orange]========== (O3) Toolbars ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{1DBAB667-A486-421e-AFE4-CF07DD0088E5}" (HKLM) -- C:\Programfiler\Power Translator 11\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC) [color=orange]========== (O4) Run Keys ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.) "ISUSPM Startup"=c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (InstallShield Software Corporation) "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation) "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech Inc.) "Logitech Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech Inc.) "NeroFilterCheck"=C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe (Nero AG) "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE (Eset ) "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) "nwiz"=nwiz.exe /install () "RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.) "SMSERIAL"=C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) "SunJavaUpdateSched"=C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.) "WLSS"=C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe (Compal Electronics, Inc.) "Wow Video&Audio"=C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe () [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation) "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA) "Steam"="c:\steam\steam.exe" -silent (Valve Corporation) [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation) "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA) "Steam"="c:\steam\steam.exe" -silent (Valve Corporation) [color=orange]========== (O4) Startup Folders ==========[/color] [2008.05.02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2005.03.16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\sysop\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [color=orange]========== (O6 & O7) Current Version Policies ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableRegistryTools"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoInstrumentation"=1 "NoDriveAutoRun"=67108863 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutoRun"=67108863 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutoRun"=67108863 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoInstrumentation"=1 "NoDriveAutoRun"=67108863 [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [color=orange]========== (O8) IE Context Menu Extensions ==========[/color] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] E&ksporter til Microsoft Excel: C:\Programfiler\Microsoft Office\OFFICE11\EXCEL.EXE [2008.10.13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation) E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Programfiler\Microsoft Office\OFFICE11\EXCEL.EXE [2008.10.13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Programfiler\Microsoft Office\OFFICE11\EXCEL.EXE [2008.10.13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\] E&ksporter til Microsoft Excel: C:\Programfiler\Microsoft Office\OFFICE11\EXCEL.EXE [2008.10.13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation) E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1006\Software\Microsoft\Internet Explorer\MenuExt\] E&ksporter til Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found [color=orange]========== (O9) IE Extensions ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007.04.19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008.04.13 10:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008.04.14 08:23:02 | 01,695,232 | -HS- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008.04.14 08:23:02 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007.04.19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 10:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 08:23:02 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007.04.19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 10:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 08:23:02 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007.04.19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 10:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 08:23:02 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007.04.19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 10:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 08:23:02 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007.04.19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008.04.13 10:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008.04.14 08:23:02 | 01,695,232 | -HS- | M] (Microsoft Corporation) [color=orange]========== (O12) Internet Explorer Plugins ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX-galleri [color=orange]========== (O13) Default Prefixes ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [color=orange]========== (O15) Trusted Sites ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 32 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 31 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 31 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 31 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 31 domain(s) and sub-domain(s) not assigned to a zone. [color=orange]========== (O16) DPF ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193760440125 -- WUWebControl Class {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab -- Java Plug-in 1.5.0_03 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab -- Java Plug-in 1.5.0_03 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab -- Shockwave Flash Object [color=orange]========== (O17) DNS Name Servers ==========[/color] {1E7F51E4-68C1-4F2C-B30A-18A41AB3A9B1} (Servers: | Description: ) {55D2D4FE-1A53-4BBC-A326-BD9CDD7F8E95} (Servers: | Description: Broadcom NetLink (TM) Gigabit Ethernet) {59D93AB5-C9B2-4735-9EA7-59B0B085155E} (Servers: | Description: Intel(R) Wireless WiFi Link 4965AGN) {C43F56BD-8A7C-4ED4-A7F6-15D81C08C966} (Servers: | Description: 1394-nettverkskort) [color=orange]========== (O20) Winlogon Notify Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] !SASWinLogon: "DllName" = C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL -- C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) LBTWlgn: "DllName" = c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll -- c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) [color=orange]========== Shell Execute Hooks ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) [color=orange]========== HKLM *SecurityProviders* ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll >File not found -- [color=orange]========== Safeboot Options ==========[/color] "AlternateShell"=cmd.exe [color=orange]========== CDRom AutoRun Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 [color=orange]========== Autorun Files on Drives ==========[/color] AUTOEXEC.BAT [] [2009.02.07 19:35:25 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] AUTOEXEC.CAM [] [2007.10.30 14:22:01 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.CAM -- [ NTFS ] AUTORUN.INF [[AutoRun] | open=setup.exe | icon=setup.exe,0 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ] [2001.08.23 13:00:00 | 00,000,110 | R--- | M] () -- D:\AUTORUN.INF -- [ CDFS ] Autorun.inf [[autorun] | open=autorun.exe | icon=DevilMayCry4.ico | ] [2008.04.04 07:18:54 | 00,000,052 | R--- | M] () -- E:\Autorun.inf -- [ UDF ] autorun.exe [MZ | ] [2008.07.28 02:49:18 | 00,251,192 | R--- | M] (CAPCOM CO., LTD.) -- E:\autorun.exe -- [ UDF ] [color=orange]========== MountPoints2 ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d17f768-904e-11dc-9a17-0013e863ae95}\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d17f768-904e-11dc-9a17-0013e863ae95}\Shell\AutoRun\command] ""=E:\autorun.exe -- [2008.07.28 02:49:18 | 00,251,192 | R--- | M] (CAPCOM CO., LTD.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command] ""=D:\setup.exe -- [2001.08.23 13:00:00 | 01,310,720 | R--- | M] (Microsoft Corporation) Endret 9. februar 2009 av nilsso Lenke til kommentar
nilsso Skrevet 9. februar 2009 Forfatter Del Skrevet 9. februar 2009 Logg nr2: OTViewIt Extras logfile created on: 09.02.2009 17:26:17 - Run 3 OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\sysop\Skrivebord Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,48% Memory free 3,85 Gb Paging File | 3,42 Gb Available in Paging File | 88,79% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 149,04 Gb Total Space | 29,67 Gb Free Space | 19,90% Space Free | Partition Type: NTFS Drive D: | 488,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 7,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 298,09 Gb Total Space | 29,23 Gb Free Space | 9,81% Space Free | Partition Type: NTFS Computer Name: PWNAGE2 Current User Name: sysop Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = All Days [color=orange]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\WINDOWS\system32\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Programfiler\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\WINDOWS\system32\notepad.exe (Microsoft Corporation) .ini [@ = inifile] -- C:\WINDOWS\system32\notepad.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) .js [@ = JSFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation) .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .txt [@ = txtfile] -- C:\WINDOWS\system32\notepad.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\system32\wscript.exe (Microsoft Corporation) [color=orange]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=0 "DisableNotifications"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [color=orange]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008.04.14 08:23:12 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008.04.13 10:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2007.01.19 12:54:44 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 [2007.01.04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008.10.08 13:01:24 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Steam\Steam.exe:*:Enabled:Steam [2008.04.14 08:22:58 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console [2009.01.09 23:57:43 | 01,220,608 | ---- | M] (Blizzard Entertainment) -- C:\Programfiler\Starcraft\StarCraft.exe:*:Enabled:Starcraft [2006.11.23 16:45:34 | 02,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Programfiler\mIRC\mirc.exe:*:Enabled:mIRC [2006.06.21 15:58:33 | 00,159,744 | ---- | M] () -- C:\Programfiler\LimeWire\LimeWire.exe:*:Enabled:LimeWire [2007.11.16 14:13:32 | 00,177,152 | ---- | M] () -- C:\Programfiler\utorrent\utorrent.exe:*:Enabled:µTorrent [2008.04.14 08:23:12 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 [2007.11.19 14:13:12 | 00,274,432 | ---- | M] () -- C:\Programfiler\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv [2006.12.29 02:07:44 | 00,038,912 | ---- | M] (Tsinghua Unversity) -- C:\Programfiler\Diablo II\D2Loader-1.11b.exe:*:Enabled:Diablo II [2008.04.14 08:22:48 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test [2007.10.04 08:14:26 | 03,325,952 | ---- | M] () -- C:\Programfiler\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) [2008.05.05 12:25:39 | 24,662,016 | ---- | M] (Ubisoft) -- C:\Programfiler\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 [2008.04.16 16:35:22 | 25,667,160 | ---- | M] (Ubisoft) -- C:\Programfiler\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 [2008.02.22 10:08:44 | 00,619,144 | ---- | M] (Ubisoft) -- C:\Programfiler\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update [2008.07.06 16:09:30 | 00,397,312 | ---- | M] (Valve) -- C:\Steam\steamapps\d2l_zod\dedicated server\hlds.exe:*:Enabled:HLDS Launcher [2009.02.02 23:16:57 | 00,086,077 | ---- | M] (Valve) -- C:\Steam\steamapps\tomcat409\counter-strike\hl.exe:*:Disabled:Half-Life Launcher [2008.03.12 12:19:26 | 00,888,320 | ---- | M] () -- C:\Programfiler\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) [2008.08.02 00:56:49 | 01,598,144 | ---- | M] () -- C:\Programfiler\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) [2008.07.30 09:47:50 | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes [2007.02.16 04:40:50 | 00,274,432 | ---- | M] (www.moofdev.org) -- C:\Documents and Settings\sysop\Skrivebord\RM\RatioMaster.exe:*:Enabled:Ratio Master [2008.08.21 22:41:44 | 01,954,496 | ---- | M] () -- C:\Programfiler\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI) [2008.08.21 21:51:14 | 01,909,440 | ---- | M] () -- C:\Programfiler\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV) [2008.04.13 10:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008.04.14 08:23:12 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008.07.08 01:25:36 | 01,160,192 | ---- | M] () -- C:\Program Files\Awesom-O 3.6\Redvex\AO.exe:*:Enabled:AO [2008.10.22 10:49:47 | 00,035,270 | ---- | M] (Ubisoft Entertainment) -- C:\Programfiler\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 [2008.09.30 18:09:18 | 00,619,144 | ---- | M] (Ubisoft) -- C:\Programfiler\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater [2008.09.30 18:05:34 | 01,175,552 | ---- | M] (Ubisoft Entertainment) -- C:\Programfiler\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor [2008.10.25 13:10:44 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA [2008.11.19 14:03:01 | 00,183,112 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB [2008.10.07 07:53:00 | 03,307,304 | ---- | M] (TeamViewer GmbH) -- C:\Programfiler\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application [2007.01.19 12:54:44 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 [2007.01.04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [2008.11.22 14:19:09 | 00,088,606 | ---- | M] () -- C:\Programfiler\Left 4 Dead\left4dead.exe:*:Enabled:left4dead [color=orange]========== (O10) Winsock2 Catalogs ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] Protocol_Catalog9\Catalog_Entries00000000001 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000002 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000003 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000004 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000005 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000006 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000007 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000008 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000009 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000010 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000011 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000012 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000013 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000014 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000015 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000016 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000017 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000018 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000019 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000020 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000021 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000022 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries00000000023 -- C:\WINDOWS\system32\imon.dll (Eset ) [color=orange]========== (O18) Protocol Handlers ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007.08.28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.01.19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Programfiler\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007.08.28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007.08.28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.01.19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Programfiler\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.03.14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007.05.10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler]) [color=orange]========== (O18) Protocol Filters ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2007.04.19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.] [color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam "{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}"=Wireless Select Switch "{0C123C63-84FD-4D13-96E7-EEB5C11893F2}"=LEC Translate "{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer "{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate "{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}"=PC Connectivity Solution "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth "{1D46A3A0-B37D-423A-91C2-101A49E2FF80}"=Ventrilo Server "{20071984-5EB1-4881-8EDB-082532ACEC6D}"=Heroes of Might and Magic V "{212748BB-0DA5-46DE-82A1-403736DC9F27}"=MSVC80_x86 "{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1 "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5 "{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0150030}"=J2SE Runtime Environment 5.0 Update 3 "{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{38E0C491-5230-4373-B62E-F1A6E94B1044}"=Nero 7 Ultra Edition "{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes "{3EAC35F4-FF26-4123-9404-0B5B93DAB570}"=Microsoft .NET Framework 1.1 Norwegian Language Pack "{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}"=Lock Folder XP 3.6 "{59F6A514-9813-47A3-948C-8A155460CC2A}"=RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA nTune "{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player "{8BFBADC2-C108-3153-8097-8F8C27743D36}"=Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NOR "{8CFA9151-6404-409A-AF22-4632D04582FD}"=Assassin's Creed "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer "{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system "{91142D56-7A29-37FE-AA96-A76BA0D8BC26}"=Microsoft .NET Framework 3.5 Language Pack - nor "{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel "{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}"=Microsoft Games for Windows - LIVE Redistributable "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}"=Hitman Blood Money "{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}"=Nokia PC Suite "{AC76BA86-7AD7-1044-7B44-A81200000003}"=Adobe Reader 8.1.2 - Norsk "{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8 "{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy "{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}"=Windows Live Messenger "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player "{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0 "{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}"=Nokia Connectivity Cable Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}"=Broadcom Gigabit Integrated Controller "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}"=DEVIL MAY CRY 4 "{D588BCF9-803F-3E89-AC4F-BE04C9D39E3D}"=Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NOR "{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1"=NOD32 FiX v2.1 "{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty(R) 4 - Modern Warfare(TM) "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}"=Need for Speed™ Undercover "{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0 "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver "{F2835483-37F2-4123-B4FE-0E77D58447F2}"=Far Cry 2 "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint "{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}"=Wow Video&Audio utility "{FEF06E73-A519-4510-8CF3-B66041B91D8A}"=EMSC "22Pixels Photoshop Flock"=22Pixels Photoshop Flock "2B77EDB2643AA62CA7DD23F4E52CA138F61AF7B8"=Windows Driver Package - Intel net (02/25/2007 11.1.0.86) "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F"=Windows-driverpakke - Nokia pccsmcfd (10/12/2007 6.85.4.0) "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B"=Windows-driverpakke - Nokia Modem (05/22/2008 7.00.0.1) "A5F682C869AF68EB8EDD49BDADFC08B7DF1C11C3"=Windows Driver Package - Intel (NETw4x32) net (02/25/2007 11.1.0.86) "Ad-Aware SE Professional"=Ad-Aware SE Professional "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX "Adobe Flash Player Plugin"=Adobe Flash Player Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "ATMA V"=ATMA V 5.05 "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD"=Windows-driverpakke - Nokia Modem (05/22/2008 3.8) "CANONBJ_Deinstall_CNMCP61.DLL"=Canon PIXMA iP3000 "CCleaner"=CCleaner (remove only) "D1E8C9A9258DD7BF813A3525430A4EB3576736EA"=Windows Driver Package - Intel net (02/25/2007 11.1.0.86) "Diablo II"=Diablo II "ExpressBurn"=Express Burn "FC9E80E6E67400E836A009325C6E1CF5D77EFB1D"=Windows Driver Package - Intel (w29n51) net (02/08/2007 9.0.4.33) "Heroes of Might and Magic IV"=Heroes of Might and Magic® IV The Gathering Storm "HijackThis"=HijackThis 2.0.2 "HyperCam 2"=HyperCam 2 "InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}"=Wireless Select Switch "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA nTune "InstallShield_{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}"=Wow Video&Audio utility "KLiteCodecPack_is1"=K-Lite Mega Codec Pack 2.1.0 "Left 4 Dead"=Left 4 Dead "Leo(Lett Oversettelse)_is1"=Leo v1.06 "LimeWire"=LimeWire PRO 4.12.3 "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5 "Microsoft .NET Framework 3.5 Language Pack - nor"=Språkpakke for Microsoft .NET Framework 3.5 – NOR "mIRC"=mIRC "mm.BOT5.44"=mm.BOT "Mozilla Firefox (3.0.6)"=Mozilla Firefox (3.0.6) "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP "NOD32"=NOD32 antivirus system "Nokia PC Suite"=Nokia PC Suite "NVIDIA Drivers"=NVIDIA Drivers "PowerISO"=PowerISO "PowerStrip 3 (remove only)"=PowerStrip 3 (remove only) "PunkBusterSvc"=PunkBuster Services "ReXplorer"=ReXplorer "S.T.A.L.K.E.R. - Clear Sky_is1"=S.T.A.L.K.E.R. - Clear Sky [v1.0003] "S.T.A.L.K.E.R. - Shadow of Chernobyl_is1"=S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] "SMSERIAL"=Motorola SM56 Data Fax Modem "ST6UNST #1"=Hero Editor V0.96 "Starcraft"=Starcraft "Steam App 10"=Counter-Strike "Steam App 130"=Half-Life: Blue Shift "Steam App 220"=Half-Life 2 "Steam App 3270"=Painkiller Overdose "Steam App 3800"=Advent Rising "Steam App 400"=Portal "Steam App 4000"=Garry's Mod "Steam App 440"=Team Fortress 2 "Steam App 4500"=STALKER: Shadow of Chernobyl "Steam App 5"=Dedicated Server "Steam App 6200"=Ghost Master "Steam App 6850"=Hitman 2: Silent Assassin "Steam App 70"=Half-Life "Steam App 7670"=Bioshock "Steam App 7940"=Call of Duty 4 Modern Warfare "Switch"=Switch "TeamViewer 3"=TeamViewer 3 "Tweak UI 2.10"=Tweak UI "VentriloMIX"=VentriloMIX "VLC media player"=VLC media player 0.9.8a "WavePad"=WavePad Uninstall "Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC"=Windows Imaging Component "Winamp"=Winamp "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "Windows XP Service Pack"=Windows XP Service Pack 3 "WinRAR archiver"=WinRAR archiver "WinUtilities"=WinUtilities 5.2 "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Tools_is1"=XP Tools Pro 6.3 "XpsEPSC"=XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0 "xqdcXSP_is1"=XQDC X-Setup Pro 9.0.100 [color=orange]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 07.02.2009 09:20:32 | Computer Name = PWNAGE2 | Source = PerfNet | ID = 2004 Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli returnert. Den returnerte feilkoden er i data DWORD 0. [ System Events ] Error - 09.02.2009 12:11:30 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. Error - 09.02.2009 12:11:31 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. Error - 09.02.2009 12:11:32 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. Error - 09.02.2009 12:11:33 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. Error - 09.02.2009 12:11:34 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. Error - 09.02.2009 12:11:34 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. Error - 09.02.2009 12:11:35 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. Error - 09.02.2009 12:11:36 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. Error - 09.02.2009 12:11:37 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. Error - 09.02.2009 12:11:38 | Computer Name = PWNAGE2 | Source = Cdrom | ID = 262151 Description = Enheten \Device\CdRom1 har en dårlig blokk. < End of report > Lenke til kommentar
norbat Skrevet 9. februar 2009 Del Skrevet 9. februar 2009 Gå til Virustotal.com igjen og sjekk følgende fil: C:\WINDOWS\rundll32.exe Lenke til kommentar
nilsso Skrevet 9. februar 2009 Forfatter Del Skrevet 9. februar 2009 Virustotal logg1: File has already been analysed: MD5: 0fb22dd37c17f80ad71316049f725170 First received: 11.15.2007 00:20:22 (CET) Date: 02.09.2009 12:00:49 (CET) [<1D] Results: 0/39 Permalink: analisis/7573fbef6577b1b15bfa15b68bf48ae2 Virustotal logg2: Additional information File size: 31744 bytes MD5...: 0fb22dd37c17f80ad71316049f725170 SHA1..: 809b41c6d1232246bcf3b1a24da326188220c30c SHA256: 54fd5ddc2ff45ebcda9bb9f88ef4d823c3c234a287751f796d3519712074a532 SHA512: a6f3b37ec0e7b0e58f5c81c3785ca0b266bd821626ca92f5a08a2ad676211894 3b5efc8e2213dbe6ce8d026e87717faffc87758b984fd68eafd22c826478e100 ssdeep: 384:I/mBoZXx5p7uNRhbHeJh8+oXBjxJd5IyYQGSbdkDjkoebjDISYW3gW:IuBoZ XNybSEln5IyYpamDjobj8Sh PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1818 timedatestamp.....: 0x3b7d8492 (Fri Aug 17 20:54:42 2001) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xcc6 0xe00 5.88 2824b3d5de91cc5961fc31376ceae388 .data 0x2000 0x2c 0x200 0.09 13bc3d11970f7bb304eb058e83cefb1e .rsrc 0x3000 0x6720 0x6800 5.55 06b7e5c62794ddc7ede5487a5b17f93a ( 5 imports ) > msvcrt.dll: _except_handler3, wcslen, wcscpy > KERNEL32.dll: FreeLibrary, LocalFree, GetProcAddress, lstrlenA, WideCharToMultiByte, LocalAlloc, FormatMessageW, GetLastError, LoadLibraryW, ActivateActCtx, CreateActCtxW, lstrcatW, lstrcpyW, lstrlenW, SearchPathW, GetFileAttributesW, ReleaseActCtx, DeactivateActCtx, SetErrorMode, ExitProcess, GetModuleHandleW, GetStartupInfoW, GetCommandLineW > GDI32.dll: GetStockObject > USER32.dll: LoadCursorW, LoadStringW, CharNextW, SetClassLongW, LoadIconW, DefWindowProcW, CreateWindowExW, RegisterClassW, wsprintfW, DestroyWindow, MessageBoxW > IMAGEHLP.dll: ImageDirectoryEntryToData ( 0 exports ) ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=0fb22dd37c17f80ad71316049f725170 Lenke til kommentar
norbat Skrevet 9. februar 2009 Del Skrevet 9. februar 2009 Har du selv plassert rundll32.exe fila i Windows-mappa? Lenke til kommentar
nilsso Skrevet 9. februar 2009 Forfatter Del Skrevet 9. februar 2009 Det er mulig ja, drev å romsterte litt med rundll32.exe filer for å prøve å fikse det selv. Lenke til kommentar
norbat Skrevet 9. februar 2009 Del Skrevet 9. februar 2009 Ta og kjør en rootkitsjekk:Gmer.zip Når Gmer er ferdigskannet, klikk på SAVE og lagre loggen en plass du finner igjen. Post loggen. Hvis dette heller ikke gir noen pekepinn, så begynner jeg å gå tom for ideer. Lenke til kommentar
nilsso Skrevet 9. februar 2009 Forfatter Del Skrevet 9. februar 2009 GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-02-09 23:17:39 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF750BB3A] SSDT sptd.sys ZwEnumerateKey [0xF750BC7E] SSDT sptd.sys ZwEnumerateValueKey [0xF750BFF6] SSDT sptd.sys ZwOpenKey [0xF750BA18] SSDT sptd.sys ZwQueryKey [0xF750C0C0] SSDT sptd.sys ZwQueryValueKey [0xF750BF58] SSDT sptd.sys ZwSetValueKey [0xF750C148] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Prosessen får ikke tilgang til filen fordi den brukes av en annen prosess. ? C:\WINDOWS\System32\Drivers\SPTD8333.SYS Prosessen får ikke tilgang til filen fordi den brukes av en annen prosess. .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B710F4D0 16 Bytes [ 29, 9A, 58, A0, 32, 6B, 62, ... ] .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B710F4E1 31 Bytes [ E0, 10, B7, 68, 39, A8, 69, ... ] ? C:\WINDOWS\System32\Drivers\dtscsi.sys Prosessen får ikke tilgang til filen fordi den brukes av en annen prosess. ---- User code sections - GMER 1.0.14 ---- .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] kernel32.dll!DeviceIoControl 7C801629 7 Bytes JMP 0045C360 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00465930 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00465A00 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] kernel32.dll!IsDebuggerPresent 7C813123 6 Bytes JMP 004C6410 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegOpenKeyExW 77DC6A9F 5 Bytes JMP 00419F00 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegCloseKey 77DC6C17 5 Bytes JMP 00419C30 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegQueryValueExW 77DC6FEF 5 Bytes JMP 0041A020 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegCreateKeyExW 77DC775C 5 Bytes JMP 00419CF0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegOpenKeyExA 77DC7842 5 Bytes JMP 00419ED0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegOpenKeyW 77DC7936 5 Bytes JMP 00419EB0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegQueryValueExA 77DC7AAB 5 Bytes JMP 00419FF0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegEnumKeyExW 77DC7BC9 5 Bytes JMP 00419E00 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegEnumValueW 77DC7EDD 5 Bytes JMP 00419E60 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegSetValueExW 77DCD757 7 Bytes JMP 0041A0E0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegQueryValueW 77DCD86A 5 Bytes JMP 00419FC0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegCreateKeyExA 77DCE9E4 5 Bytes JMP 00419CD0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegSetValueExA 77DCEAD7 7 Bytes JMP 0041A0B0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegDeleteValueA 77DCECD5 5 Bytes JMP 00419D70 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegDeleteValueW 77DCEDE1 5 Bytes JMP 00419DA0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegOpenKeyA 77DCEFB8 5 Bytes JMP 00419E90 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegDeleteKeyA 77DD4280 5 Bytes JMP 00419D10 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegQueryInfoKeyA 77DD4312 5 Bytes JMP 00419F30 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegQueryInfoKeyW 77DD49AE 2 Bytes JMP 00419F60 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegQueryInfoKeyW + 3 77DD49B1 2 Bytes [ 64, 88 ] .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegEnumKeyExA 77DD5196 5 Bytes JMP 00419DD0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegDeleteKeyW 77DD557B 5 Bytes JMP 00419D40 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegFlushKey 77DE4CB0 5 Bytes JMP 00419C60 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegEnumValueA 77DE9B8F 5 Bytes JMP 00419E30 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegCreateKeyW 77DEBA25 5 Bytes JMP 00419CB0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegQueryValueA 77DEBB5D 5 Bytes JMP 00419F90 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegCreateKeyA 77DEBCC3 5 Bytes JMP 00419C90 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegSetValueA 77DEC76E 5 Bytes JMP 0041A050 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ADVAPI32.dll!RegSetValueW 77E260EE 5 Bytes JMP 0041A080 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 0041A210 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 004658D0 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe[3288] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00465900 C:\Programfiler\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (Media Player Classic/Gabest) .text C:\Programfiler\MSN Messenger\MsnMsgr.Exe[3584] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Programfiler\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7514DB2] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A71E] sptd.sys IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F75153B2] sptd.sys IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F75152B6] sptd.sys IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F7515482] sptd.sys IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F7515482] sptd.sys IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F75153B2] sptd.sys IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F75152B6] sptd.sys IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A032] sptd.sys IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F7514F6E] sptd.sys IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7529C76] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514E06] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7507A32] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7507B6E] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7507AF6] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75086CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75085A2] sptd.sys IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A864] sptd.sys IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7519F78] sptd.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7529C76] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7529C82] sptd.sys IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752A864] sptd.sys IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F7507020] sptd.sys IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F7507020] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs LF30XP.sys AttachedDevice \FileSystem\Ntfs \Ntfs HWFProt.sys (Windows NT File System Protector/HyWave Corporation) Device \FileSystem\Udfs \UdfsCdRom LF30XP.sys Device \FileSystem\Mup \Dfs LF30XP.sys Device \FileSystem\Udfs \UdfsDisk LF30XP.sys Device \Driver\smserial \Device\SMSERIAL LF30XP.sys Device \Driver0000054 \Device0000050 sptd.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A70AC78 Device \Driver\dmio \Device\DmControl\DmConfig 8A70AC78 Device \Driver\dmio \Device\DmControl\DmPnP 8A70AC78 Device \Driver\dmio \Device\DmControl\DmInfo 8A70AC78 Device \FileSystem\RAW \Device\RawTape LF30XP.sys Device \FileSystem\MRxDAV \Device\WebDavRedirector LF30XP.sys Device \Driver\rdpdr \Device\RdpDrPort LF30XP.sys Device \Driver\rdpdr \Device\RdpDr LF30XP.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8A70AEB0 Device \Driver\smserial \Device\SmSrl LF30XP.sys Device \Driver\Cdrom \Device\CdRom0 8A4460E8 Device \FileSystem\Rdbss \Device\FsWrap LF30XP.sys Device \Driver\Cdrom \Device\CdRom1 8A4460E8 Device \Driver\Cdrom \Device\CdRom2 8A4460E8 Device \Driver\Cdrom \Device\CdRom3 8A4460E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 874044B8 Device \Driver\NetBT \Device\NetbiosSmb 874044B8 Device \FileSystem\Mup \Device\Mup LF30XP.sys Device \Driver\Disk \Device\Harddisk0\DR0 8A70A708 Device \Driver\NetBT \Device\NetBT_Tcpip_{59D93AB5-C9B2-4735-9EA7-59B0B085155E} 874044B8 Device \FileSystem\RAW \Device\RawDisk LF30XP.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver LF30XP.sys Device \FileSystem\MRxSmb \Device\LanmanRedirector LF30XP.sys Device \FileSystem\Npfs \Device\NamedPipe LF30XP.sys Device \Driver\Ftdisk \Device\FtControl 8A70AEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{55D2D4FE-1A53-4BBC-A326-BD9CDD7F8E95} 874044B8 Device \FileSystem\Msfs \Device\Mailslot LF30XP.sys Device \Driver\AFD \Device\Afd LF30XP.sys Device \FileSystem\RAW \Device\RawCdRom LF30XP.sys Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target1Lun0 8A4DCEB0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target2Lun0 8A4DCEB0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 8A4DCEB0 Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A4DCEB0 Device \FileSystem\Mup \Device\WinDfs\Root LF30XP.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer LF30XP.sys Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr LF30XP.sys Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer LF30XP.sys Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer LF30XP.sys Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer LF30XP.sys Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer LF30XP.sys Device \FileSystem\Cdfs \Cdfs LF30XP.sys ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1173953186 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1065605330 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1332478717 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programfiler\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0x74 0xE8 0xFA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001@khjeh 0x53 0xA2 0x45 0xA9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x06 0x7D 0x93 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41@khjeh 0x40 0x2C 0x56 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf42@khjeh 0x1B 0xF3 0x05 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf43@khjeh 0x56 0x4C 0xC6 0x66 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programfiler\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0x74 0xE8 0xFA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001@khjeh 0x53 0xA2 0x45 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x06 0x7D 0x93 0x1B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41@khjeh 0x40 0x2C 0x56 0xF9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf42 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf42@khjeh 0x1B 0xF3 0x05 0xE4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf43 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf43@khjeh 0x56 0x4C 0xC6 0x66 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programfiler\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0x74 0xE8 0xFA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001@khjeh 0x21 0x24 0xE4 0xF2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40@khjeh 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41@khjeh 0x38 0xDF 0xB8 0xB1 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf42 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf42@khjeh 0xE0 0xD2 0xB2 0xC8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf43 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf43@khjeh 0x56 0x4C 0xC6 0x66 ... ---- Files - GMER 1.0.14 ---- File C:\WINDOWS\system32\rundll32.exe 33280 bytes executable File C:\WINDOWS\system32\timedate.cpl 93696 bytes executable ---- EOF - GMER 1.0.14 ---- Lenke til kommentar
norbat Skrevet 11. februar 2009 Del Skrevet 11. februar 2009 (endret) Du er ikke glemt. Jeg driver og undersøker saken... Hvis det drøyer for lenge, så er alltids en reinstallering evt. repair av windows en løsning selv om det burde være mulig å unngå dette. Men som nevnt, du er ikke glemt Endret 11. februar 2009 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå