Kan noen hjelpe meg med denne HiJackthis fila?

norbat · 18. februar 2009

Tenkte nok mer på NÅR oppsto problemet.

Sjekk følgende:

Et rootkit som kan gi symptomer som du har, er TDSSserv

Hvis den liggerpå pc'n kan du deaktivere den for så å se om du ikke får kjørt f.eks. mbam og combofix.

Du stopper tjenesten ved å gjøre følgende:

Gå til Kontrollpanel->System->Maskinvare->Enhetsbehandling

Velg Vis->Vis skjulte enheter

Klikk på plusstegnet framfor "Drivere som ikke er Plug and Play-kompatible"

Bla deg ned til TDSSserv.sys, høyreklikk på fila og velg Deaktiver.

Restart pc'n etterpå.

snippsat · 18. februar 2009

Nei når problemet oppsto.

Tenke på en dato da du fikk kjørt programmer.

Setter vi den tilbake med systemgjennoppretting blir kun det siste som du innstallerte fjernet.

MrLuni · 18. februar 2009

Yes fikk startet Combofix etter at jeg kjørte Spyware Cease!

Her er rapporten

ComboFix 09-02-17.02 - Frank Robert 2009-02-18 19:45:02.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3581.2510 [GMT 1:00]

Kjører fra: c:\users\Frank Robert\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Spyware Cease

c:\program files\Spyware Cease\AutoUpdate.exe

c:\program files\Spyware Cease\LSR.lsr

c:\program files\Spyware Cease\md5.dll

c:\program files\Spyware Cease\networkdll.dll

c:\program files\Spyware Cease\opfile.dll

c:\program files\Spyware Cease\RegDefend.ini

c:\program files\Spyware Cease\rgp.tmp

c:\program files\Spyware Cease\RKHit.sys

c:\program files\Spyware Cease\RkHitApi.dll

c:\program files\Spyware Cease\spkdll.dll

c:\program files\Spyware Cease\SpywareCease.chm

c:\program files\Spyware Cease\SpywareCease.exe

c:\program files\Spyware Cease\SpywareCease.url

c:\program files\Spyware Cease\swdb.ssk

c:\program files\Spyware Cease\unins000.dat

c:\program files\Spyware Cease\unins000.exe

c:\program files\Spyware Cease\update\md5.dll

c:\program files\Spyware Cease\update\networkdll.dll

c:\program files\Spyware Cease\update\opfile.dll

c:\program files\Spyware Cease\update\RKHit.sys

c:\program files\Spyware Cease\update\RkHitApi.dll

c:\program files\Spyware Cease\update\spkdll.dll

c:\program files\Spyware Cease\update\SpywareCease.exe

c:\program files\Spyware Cease\update\swdb.ssk

c:\program files\Spyware Cease\update\Update.ini

c:\program files\Spyware Cease\update\zlib1.dll

c:\program files\Spyware Cease\zlib1.dll

c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease

c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk

c:\windows\system32\drivers\RKHit.sys

c:\windows\system32\drivers\TDSSmbcb.sys

c:\windows\system32\TDSScrrx.dll

c:\windows\system32\TDSSdotf.log

c:\windows\system32\TDSSfopt.dll

c:\windows\system32\TDSSntlv.dll

c:\windows\system32\TDSSnyfn.log

c:\windows\system32\TDSSqycx.dll

c:\windows\system32\TDSSrfpp.dll

c:\windows\system32\TDSSsbxq.log

c:\windows\system32\TDSStmei.dll

c:\windows\system32\TDSSwqsc.dat

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_TDSSserv.sys

-------\Legacy_RKHIT

-------\Legacy_TDSSSERV.SYS

-------\Service_RkHit

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-18 til 2009-02-18 )))))))))))))))))))))))))))))))))

.

2009-02-18 19:38 . 2009-02-18 19:38 42 --a------ c:\windows\System32\SpywareCease.lie

2009-02-08 13:45 . 2009-02-08 13:45 <DIR> d-------- c:\users\Frank Robert\AppData\Roaming\SUPERAntiSpyware.com

2009-02-08 13:45 . 2009-02-08 13:47 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-01-31 00:45 . 2009-01-31 00:45 <DIR> d-------- c:\program files\AVG

2009-01-30 23:49 . 2009-01-30 23:49 163,378 ---hs---- c:\windows\System32\svsccs.exe

2009-01-27 12:21 . 2009-02-18 19:18 <DIR> d-------- c:\users\Frank Robert\Tracing

2009-01-27 12:21 . 2009-01-27 12:21 <DIR> d-------- c:\program files\Microsoft

2009-01-27 12:20 . 2009-01-27 12:20 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-01-27 12:20 . 2009-01-27 12:21 <DIR> d-------- c:\program files\Windows Live

2009-01-27 12:10 . 2009-01-27 12:10 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-20 09:50 . 2009-01-27 17:39 <DIR> d-------- c:\program files\Common Files\Adobe

2009-01-19 21:55 . 2009-01-19 21:55 <DIR> d-------- c:\windows\Left 4 Dead

2009-01-19 21:55 . 2009-01-19 22:28 <DIR> d-------- c:\program files\Left 4 Dead

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-18 17:36 --------- d-----w c:\users\Frank Robert\AppData\Roaming\Azureus

2009-02-17 17:22 --------- d-----w c:\program files\CyberLink

2009-02-15 02:01 --------- d-----w c:\programdata\Microsoft Help

2009-02-14 20:01 --------- d-----w c:\users\Frank Robert\AppData\Roaming\Spotify

2009-02-14 18:25 55,428 ----a-w c:\users\Frank Robert\AppData\Roaming\nvModes.dat

2009-02-12 12:44 --------- d-----w c:\program files\Windows Mail

2009-02-08 20:08 --------- d-----w c:\programdata\Lx_cats

2009-02-08 10:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-31 16:03 --------- d-----w c:\program files\Serious Sam 2

2009-01-27 11:20 --------- d-----w c:\program files\Azureus

2009-01-26 23:22 --------- d-----w c:\programdata\media center programs

2009-01-23 19:46 --------- d-----w c:\program files\Common Files\Steam

2009-01-16 20:42 --------- d-----w c:\program files\Spotify

2009-01-13 13:22 --------- d-----w c:\users\Frank Robert\AppData\Roaming\Nokia

2009-01-13 13:02 --------- d-----w c:\programdata\VIZ_MPS

2009-01-13 12:57 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-01-13 12:54 --------- d-----w c:\programdata\Nokia

2009-01-13 12:54 --------- d-----w c:\programdata\Installations

2009-01-13 12:54 --------- d-----w c:\program files\Nokia

2009-01-13 12:54 --------- d-----w c:\program files\Common Files\Nokia

2009-01-13 12:48 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf

2009-01-13 12:48 --------- d-----w c:\users\Frank Robert\AppData\Roaming\PC Suite

2009-01-13 12:48 --------- d-----w c:\programdata\PC Suite

2009-01-13 12:47 --------- d-----w c:\program files\PC Connectivity Solution

2009-01-13 12:47 --------- d-----w c:\program files\Common Files\PCSuite

2009-01-13 12:33 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-13 12:29 --------- d-----w c:\users\Frank Robert\AppData\Roaming\OpenOffice.org

2009-01-13 12:19 --------- d-----w c:\program files\OpenOffice.org 3

2009-01-13 12:19 --------- d-----w c:\program files\JRE

2009-01-13 12:19 --------- d-----w c:\program files\Java

2009-01-12 19:56 --------- d-----w c:\program files\MSBuild

2009-01-12 19:51 --------- d-----w c:\program files\Microsoft Visual Studio 8

2009-01-12 13:05 --------- d-----w c:\program files\BestGameEver

2009-01-11 19:20 --------- d-----w c:\users\Frank Robert\AppData\Roaming\Download Manager

2009-01-10 21:08 --------- d-----w c:\program files\TVersity Codec Pack

2009-01-06 10:41 --------- d-----w c:\programdata\Roxio

2008-12-20 14:08 --------- d-----w c:\program files\GameSpy

2008-12-20 14:07 22,328 ----a-w c:\users\Frank Robert\AppData\Roaming\PnkBstrK.sys

2008-12-20 13:56 --------- d-----w c:\program files\Electronic Arts

2008-06-04 11:42 61,224 ----a-w c:\users\Frank Robert\GoToAssistDownloadHelper.exe

2008-05-25 09:59 174 --sha-w c:\program files\desktop.ini

2008-05-19 14:51 74 --sh--r c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((( snapshot@2009-01-27_12.06.10.94 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-27 11:01:39 2,484 ----a-w c:\windows\bthservsdp.dat

+ 2009-02-18 18:49:43 2,484 ----a-w c:\windows\bthservsdp.dat

- 2009-01-24 23:12:32 51,200 ----a-w c:\windows\inf\infpub.dat

+ 2009-02-04 15:41:11 51,200 ----a-w c:\windows\inf\infpub.dat

- 2009-01-24 23:12:32 143,360 ----a-w c:\windows\inf\infstrng.dat

+ 2009-02-04 15:41:11 143,360 ----a-w c:\windows\inf\infstrng.dat

+ 2009-01-27 11:21:15 80,395 ----a-r c:\windows\Installer\{33FE4D58-2D62-4969-8B0F-7F7ACBB7BD23}\MsblIco.Exe

- 2009-01-14 10:27:20 20,240 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-02-15 02:01:08 20,240 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-01-14 10:27:20 217,864 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\misc.exe

+ 2009-02-15 02:01:08 217,864 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\misc.exe

- 2009-01-14 10:27:20 18,704 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-02-15 02:01:08 18,704 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-01-14 10:27:20 35,088 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-02-15 02:01:08 35,088 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-01-14 10:27:20 845,584 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-02-15 02:01:08 845,584 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\outicon.exe

- 2009-01-14 10:27:20 888,080 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-02-15 02:01:08 888,080 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-01-14 10:27:20 1,172,240 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-02-15 02:01:08 1,172,240 ----a-r c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-01-27 16:39:31 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe

+ 2009-02-08 12:45:09 34,304 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe

- 2009-01-27 11:02:53 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-18 18:51:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-18 18:51:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-01-27 11:02:53 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-18 18:51:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-18 18:51:02 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-01-25 10:55:00 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-18 18:14:28 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-25 10:55:00 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-18 18:14:28 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-25 10:55:00 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-18 18:14:28 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-27 10:58:39 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-02-18 18:43:10 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-02-18 18:43:10 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe

+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\System32\mrt.exe

- 2009-01-25 17:54:46 106,120 ----a-w c:\windows\System32\perfc009.dat

+ 2009-02-18 18:49:52 106,120 ----a-w c:\windows\System32\perfc009.dat

- 2009-01-25 17:54:46 81,782 ----a-w c:\windows\System32\perfc014.dat

+ 2009-02-18 18:49:52 81,782 ----a-w c:\windows\System32\perfc014.dat

- 2009-01-25 17:54:46 598,850 ----a-w c:\windows\System32\perfh009.dat

+ 2009-02-18 18:49:52 598,850 ----a-w c:\windows\System32\perfh009.dat

- 2009-01-25 17:54:46 463,256 ----a-w c:\windows\System32\perfh014.dat

+ 2009-02-18 18:49:52 463,256 ----a-w c:\windows\System32\perfh014.dat

+ 2008-12-02 21:37:20 49,480 ----a-w c:\windows\System32\sirenacm.dll

- 2009-01-14 10:55:26 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-02-16 02:07:04 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2009-01-25 10:56:44 8,494 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1650987812-827251279-1942349854-1000_UserData.bin

+ 2009-02-18 18:16:20 10,694 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1650987812-827251279-1942349854-1000_UserData.bin

- 2009-01-25 10:56:44 90,422 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-02-18 18:46:28 101,570 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-01-25 10:56:43 47,982 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-02-18 18:46:22 51,570 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-01-25 11:24:42 383,488 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-02-17 22:29:58 393,152 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-01-27 10:30:58 418,288 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2009-02-18 14:12:05 435,144 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin

- 2009-01-14 08:46:58 159,139,920 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2009-02-16 02:06:58 167,692,503 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-01-18 21:34:46 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18177_none_33e53ce1da2ca44a\McrMgr.dll

+ 2008-05-23 18:42:34 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WininetPlugin.dll

+ 2008-05-19 22:19:53 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dat

+ 2008-05-19 22:19:53 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dat

+ 2008-01-18 21:36:36 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\sqmapi.dll

+ 2008-01-18 21:34:32 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieui.dll

+ 2009-01-09 23:21:31 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16808_none_f0a9e19a6e4c873c\OESpamFilter.dat

+ 2009-01-08 23:21:51 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20995_none_f0cf2e3b87b5d67a\OESpamFilter.dat

+ 2009-01-08 23:21:09 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18202_none_f28a1e846b788023\OESpamFilter.dat

+ 2009-01-08 23:21:04 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22353_none_f2deabfd84bdc4f9\OESpamFilter.dat

+ 2008-12-05 04:28:37 292,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20969_none_da68bd2d732f3959\psisdecd.dll

+ 2008-12-05 04:32:36 293,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18177_none_dbb88ca25742169c\psisdecd.dll

+ 2008-12-05 04:34:10 293,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22322_none_dc73397d703ba925\psisdecd.dll

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-04-16 23:13 721408 --a------ c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-04-16 23:13 721408 --a------ c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

"Steam"="c:\program files\Valve\Steam\\Steam.exe" [2008-10-11 1410296]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-29 136600]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]

"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]

"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]

"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]

"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\users\Frank Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"DisableCAD"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-04-16 23:04 86528 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1650987812-827251279-1942349854-1000]

"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CB96C650-9241-47A5-976D-BB6A1A463C16}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{F7AA5417-657B-4D36-92CE-B46F0732DAF9}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{4CA1DD9D-DD17-4C25-909C-2DE5CF362DD0}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{682959C0-90A0-4EE4-A6BF-DC2842D8E484}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{CA26F5AE-DEAC-494E-B1F2-3055EB370495}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus

"UDP Query User{4D6BF0F8-AEFD-4F1D-971A-A3B871C76FD3}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus

"TCP Query User{A3790015-0C72-4152-A28B-C806980B3129}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{3AFC92CE-6C5E-41D7-B972-84B299DEE66C}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{9BB56AB0-B335-46AD-A3F9-AB1CE25CCED0}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{B80AB85F-E5F6-41D9-886D-664DDB5693E1}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{57A21BDE-83B9-498C-94D4-AD8205AF62D1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{32E84CB2-1950-4F70-B10B-4A0C3BAE0A83}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{ED9E5E1D-9BE0-44DD-A95F-1379DB5383F6}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile

"UDP Query User{5ED39A73-A845-4AC1-B93C-6797C028A0F9}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile

"TCP Query User{DFAF153C-8747-479D-ABEF-5B9BAA752135}c:\\users\\frank robert\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\frank robert\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe

"UDP Query User{F8B7661B-9B48-4969-99F5-1B10131F637A}c:\\users\\frank robert\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\frank robert\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe

"TCP Query User{4BF7346E-72A3-48D0-A4ED-914FD9C2E23B}c:\\users\\frank robert\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\frank robert\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe

"UDP Query User{78067BB8-E1D9-424B-BE11-06B495D8F161}c:\\users\\frank robert\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\frank robert\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe

"{3091120E-D1EB-4F60-9A85-1F7147F859F6}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{7FF634EB-C013-45E9-A6F2-F03CA338C59E}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"TCP Query User{450BCC70-2E91-4061-8DAB-EAE711BC3643}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"UDP Query User{C857F973-C8E2-4891-932F-89053B89171C}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"{6EFBB604-2D51-47F8-8F3E-AB7FC266EB89}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{F034AF7F-8AB6-4D8E-B746-08FB30E1C39C}c:\\downloads\\wow-engb-installer-downloader.exe"= UDP:c:\downloads\wow-engb-installer-downloader.exe:WoW-enGB-Installer-downloader

"UDP Query User{6AD9A9A8-5A5F-4595-BC19-7D952DF39F5D}c:\\downloads\\wow-engb-installer-downloader.exe"= TCP:c:\downloads\wow-engb-installer-downloader.exe:WoW-enGB-Installer-downloader

"TCP Query User{EC0AE23B-50FE-4265-977E-8B35AC6364E3}c:\\downloads\\wow-burningcrusade-engb-installer-downloader.exe"= UDP:c:\downloads\wow-burningcrusade-engb-installer-downloader.exe:WoW-BurningCrusade-enGB-Installer-downloader

"UDP Query User{93F73056-E4BA-4AD6-A47C-4629875A8F80}c:\\downloads\\wow-burningcrusade-engb-installer-downloader.exe"= TCP:c:\downloads\wow-burningcrusade-engb-installer-downloader.exe:WoW-BurningCrusade-enGB-Installer-downloader

"TCP Query User{F77C4FD8-F9AC-47A7-A56A-4040E81DCB38}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{B7578ADF-B49F-445A-B021-60FB8334515B}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{D59F80B9-1FEE-48FE-A453-843AEB5AD6B3}c:\\program files\\valve\\steam\\steamapps\\mrluni\\garrysmod\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\mrluni\garrysmod\hl2.exe:hl2

"UDP Query User{99BCB164-26EE-4776-BD84-D861954498FB}c:\\program files\\valve\\steam\\steamapps\\mrluni\\garrysmod\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\mrluni\garrysmod\hl2.exe:hl2

"TCP Query User{A3D6EEC6-B678-4E57-A085-33C957BFDE88}c:\\program files\\valve\\steam\\steamapps\\mrluni\\team fortress 2\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\mrluni\team fortress 2\hl2.exe:hl2

"UDP Query User{9B52AA91-C494-47DE-9996-D43B9AEA6A1C}c:\\program files\\valve\\steam\\steamapps\\mrluni\\team fortress 2\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\mrluni\team fortress 2\hl2.exe:hl2

"{C9C055A8-4B10-4C78-A246-20124BCD2E6D}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{C66FD1B8-91C1-49C0-AFA4-4C0C6C60AD08}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"TCP Query User{F363C438-F1E0-4415-BB9A-50F87DE33D88}c:\\program files\\valve\\steam\\steamapps\\mrluni\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\mrluni\counter-strike source\hl2.exe:hl2

"UDP Query User{50269C45-C945-4BBB-A8DB-3A59E0DB7629}c:\\program files\\valve\\steam\\steamapps\\mrluni\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\mrluni\counter-strike source\hl2.exe:hl2

"TCP Query User{089942F5-3364-44F4-B8AB-F9CE2984F9C4}c:\\program files\\valve\\steam\\steamapps\\mrluni\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\mrluni\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{C1E629A6-94E3-4004-A365-BB52833F6BF9}c:\\program files\\valve\\steam\\steamapps\\mrluni\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\mrluni\half-life 2 deathmatch\hl2.exe:hl2

"{D66CAA42-BF59-4F49-A7C5-49B4A72E7EE1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{0CEA9592-D30A-4B4A-9CC1-C0498B887BE1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{87468150-0EF2-4935-897E-0AA9C94F7C88}c:\\users\\frank robert\\documents\\azureus downloads\\keyclone\\keyclone.exe"= UDP:c:\users\frank robert\documents\azureus downloads\keyclone\keyclone.exe:keyclone.exe

"UDP Query User{BFBA55AF-0F9C-48AE-8ACE-ACA8D36C55D9}c:\\users\\frank robert\\documents\\azureus downloads\\keyclone\\keyclone.exe"= TCP:c:\users\frank robert\documents\azureus downloads\keyclone\keyclone.exe:keyclone.exe

"TCP Query User{18B6A8BE-7535-495D-86FD-2D09AA2C500E}c:\\downloads\\wotlk-intro_en_gb-downloader.exe"= UDP:c:\downloads\wotlk-intro_en_gb-downloader.exe:wotlk-intro_en_gb-downloader

"UDP Query User{54E283A6-1075-42FD-AD08-45CB1BFA4495}c:\\downloads\\wotlk-intro_en_gb-downloader.exe"= TCP:c:\downloads\wotlk-intro_en_gb-downloader.exe:wotlk-intro_en_gb-downloader

"TCP Query User{B304E9FB-F6C7-4635-87A9-AF518422CD13}e:\\d-link.exe"= UDP:E:\d-link.exe:Setup Wizard Template

"UDP Query User{789C6714-5E91-4204-B1A1-84C7A9B48032}e:\\d-link.exe"= TCP:E:\d-link.exe:Setup Wizard Template

"TCP Query User{95DC54B6-AE79-4311-9B4D-4E19C947D889}e:\\d-link.exe"= UDP:E:\d-link.exe:Setup Wizard Template

"UDP Query User{599C44C0-D222-4ABC-809F-C3EC12A14F2F}e:\\d-link.exe"= TCP:E:\d-link.exe:Setup Wizard Template

"{9F0E5381-AD51-48F6-9EDD-E46CD9C9A0FC}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System

"{CC6AE983-7183-4E73-BF72-B6164E1FB405}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System

"{D2A601CF-1861-4032-ABCD-6B75DBCAF449}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor

"{B86B4A71-A736-4406-B1D1-8C65861B6EFF}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor

"{773A20A4-4050-4F96-9391-AB637C95D60D}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio

"{17488534-6EFF-4CB5-9C91-A4A27041437B}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio

"{B519A21E-6EC3-4E61-93CE-BD1195111C0D}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader

"{341DEEE1-1833-4435-914C-27A129CB3D97}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader

"{76E3387D-45D4-4F6C-97B5-25D92BA16026}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software

"{4F10F5AB-C8F0-424F-BD2C-0FC5904ECDAF}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software

"{15761749-46D3-4FD6-ABE4-513F747C6ABC}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor

"{31C06171-81C7-4CDD-AF05-38DC0AA0F4DA}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor

"{F37BF44A-3FB7-40FA-9431-CB38D57A00BB}"= UDP:c:\users\Frank Robert\AppData\Local\Temp\lxdi\wireless\NORWEGAN\lxdiwpss.exe:

"{F0DCB7BE-5159-47CD-AB9D-A52E75E6084F}"= TCP:c:\users\Frank Robert\AppData\Local\Temp\lxdi\wireless\NORWEGAN\lxdiwpss.exe:

"{10909E8E-1684-4015-B7F8-19C4587F3DF2}"= UDP:c:\windows\System32\lxdicfg.exe:Printer Communication System

"{E8ECB0FD-4CF8-47F8-941C-F1F980FA782B}"= TCP:c:\windows\System32\lxdicfg.exe:Printer Communication System

"{81284AB5-A97C-4FA8-81E7-3399057C375E}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface

"{E3E0C258-3824-4B25-B187-7FBA01EA7EE4}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface

"{8C134831-F6CC-4612-A6D8-45D05AEFD129}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable

"{D91D30EC-38E9-4E60-B15D-1402C741628E}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable

"{61788538-A2BB-456D-B2D8-81AE33748CED}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface

"{DA22C32C-B488-4863-9E4A-7494A2722FA5}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface

"TCP Query User{85EA034B-5FDE-426E-82C9-8827630DF63A}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor

"UDP Query User{223706E5-6F28-4574-B620-39EECE91CE57}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor

"TCP Query User{4FFDB5E6-679E-4740-AC08-EE4CB7C7569F}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application

"UDP Query User{8C6D8C75-6851-4853-AE22-1B815780E197}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application

"TCP Query User{09A3D587-0613-44A9-92E2-985273434F2E}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{EAAB73EB-F795-4883-B3BE-2BAC409932D1}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"{DB15ED69-EB97-49C6-BE8A-98575D3C1A56}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader

"{0A204730-AA7A-42BF-A1EE-62C494AF80C8}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader

"{BDA25312-F054-47EC-95A6-33355189FA11}"= UDP:3724:Blizzard Downloader: 3724

"TCP Query User{172C0390-30DB-4829-8507-3BFD70FA9C98}c:\\program files\\multiwinia\\multiwinia.exe"= UDP:c:\program files\multiwinia\multiwinia.exe:multiwinia

"UDP Query User{039F8C03-9E29-4E23-8959-EFA9757E9A93}c:\\program files\\multiwinia\\multiwinia.exe"= TCP:c:\program files\multiwinia\multiwinia.exe:multiwinia

"{4E0C65F6-0704-4FC5-B92E-CE2890F50FBE}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{9324D606-B776-4B46-AD2B-16A2BE447FAC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{1F903E0F-6C71-45E0-8878-CF6EEDB9D5F5}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A58F8D06-F301-40F6-B295-68766CB81365}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A687BD3D-74C5-4BB3-B858-449677492AEF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{4587AFD5-9D75-47FE-A12A-20D83ACCDE9E}c:\\program files\\java\\jre1.6.0\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0\bin\java.exe:Java Platform SE binary

"UDP Query User{1380138D-D446-4B6B-9E0E-5FF8FF73A0A4}c:\\program files\\java\\jre1.6.0\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0\bin\java.exe:Java Platform SE binary

"{27D2243B-5F00-4C0A-804D-7657075A38AA}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client

"{5512C38A-BA6C-4FDA-A546-6B65BE702B3D}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client

"TCP Query User{5336050C-14DC-4CE4-BFDE-87EBAAC0FB01}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop

"UDP Query User{0D75BC3E-0E4B-40EA-B83A-D1EAA767CD67}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty®: World at War Campaign/Coop

"TCP Query User{FC5B6296-6AAD-4B72-AF92-A857E16416FD}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= UDP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer

"UDP Query User{47927C75-47CC-4A19-AE7D-4BB5D35D808D}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= TCP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty®: World at War Multiplayer

"TCP Query User{31AB83C1-86AB-4012-BF22-58222F762502}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3

"UDP Query User{55A6F7D6-6EE7-4D8C-B9FC-10612EE1557E}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3

"{C53B5537-62BC-4942-85F1-B78BE9E4E5E7}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{79E868C4-1B08-409A-8CC7-89C6188BE653}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"TCP Query User{D62787D0-9DA6-4F19-8E69-10421880CED8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{0E7860C6-FB16-4644-AD2A-D6CFE74D3231}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{948D6D09-1B59-464C-9C8A-34F2A128FA76}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server

"{66E5F79F-D4CC-4503-8996-27B30A5C2F55}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server

"{A6911F54-E9A0-4CF9-828F-A97C3D12063F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{1F228A16-6B7A-486D-8721-2C287529F23F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{89D90E70-21D9-4A29-BDFF-4F4E6A988699}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D0881AE5-7933-42E9-B7D6-E89BE54BBDF2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{5DF59B1E-AA3C-4ED5-B465-C981AB2646B2}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"UDP Query User{1AB58976-F9F6-41D4-A189-5B52E75A429F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"TCP Query User{A6FAD99A-3901-4984-A7AF-774785B06861}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"UDP Query User{6B9CD00A-58BF-4247-B1AC-260896FD7F58}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

"{831C08E3-42A6-4469-999E-9A2A17A78B32}"= UDP:c:\program files\Spotify\spotify.exe:Spotify

"{65E336BC-6081-48BB-83E4-9ED0B68E0685}"= TCP:c:\program files\Spotify\spotify.exe:Spotify

"TCP Query User{992DD2B7-13CE-48E4-A3B8-0FC4CDDEF9B8}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead

"UDP Query User{AA8B0D06-DBC3-4B48-B216-3781A97B184F}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead

"TCP Query User{C1DC0F53-8AC5-4BBB-9197-D943E29BDF9E}c:\\users\\frank robert\\appdata\\local\\temp\\blizzard launcher temporary - 2335e188\\launcher.exe"= UDP:c:\users\frank robert\appdata\local\temp\blizzard launcher temporary - 2335e188\launcher.exe:launcher.exe

"UDP Query User{822472AC-B77F-43DD-8A6E-8CADD4B39F2D}c:\\users\\frank robert\\appdata\\local\\temp\\blizzard launcher temporary - 2335e188\\launcher.exe"= TCP:c:\users\frank robert\appdata\local\temp\blizzard launcher temporary - 2335e188\launcher.exe:launcher.exe

"TCP Query User{4FDC55CE-E043-4C29-B837-F03B30069D35}c:\\users\\frank robert\\appdata\\local\\temp\\blizzard launcher temporary - 53b9f1d8\\launcher.exe"= UDP:c:\users\frank robert\appdata\local\temp\blizzard launcher temporary - 53b9f1d8\launcher.exe:launcher.exe

"UDP Query User{24A9D10A-95DC-4E9A-8ABE-D7935E405151}c:\\users\\frank robert\\appdata\\local\\temp\\blizzard launcher temporary - 53b9f1d8\\launcher.exe"= TCP:c:\users\frank robert\appdata\local\temp\blizzard launcher temporary - 53b9f1d8\launcher.exe:launcher.exe

"{AB84569E-2CE1-4C8B-A001-A552E0835CA7}"= UDP:c:\program files\Spotify\spotify.exe:Spotify

"{52CFD97D-87B8-433E-97EA-E7AA70E55142}"= TCP:c:\program files\Spotify\spotify.exe:Spotify

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-05-31 73728]

R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-05-19 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-05-19 7424]

S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdiserv.exe [2007-06-11 99248]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2008-05-19 209408]

--- Andre tjenester/drivere lastet i minnet ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca35b13e-2a40-11dd-9b71-001f3ad99b65}]

\shell\AutoRun\command - F:\AUTORUN.EXE

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-02-18 c:\windows\Tasks\User_Feed_Synchronization-{502CB381-31CA-48D7-9A0F-3386962A057B}.job

- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]

.

- - - - TOMME PEKERE FJERNET - - - -

HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe

.

------- Tilleggsskanning -------

.

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Frank Robert\AppData\Roaming\Mozilla\Firefox\Profiles\j61rl92e.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.diskusjon.no/index.php?autocom=my_forum

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-18 19:51:08

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'lsass.exe'(692)

c:\windows\system32\psqlpwd.dll

c:\program files\Fingerprint Reader Suite\homefus2.dll

c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(2376)

c:\program files\Fingerprint Reader Suite\farchns.dll

c:\program files\Fingerprint Reader Suite\infra.dll

c:\program files\Dell\QuickSet\dadkeyb.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\audiodg.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\BCMWLTRY.EXE

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Fingerprint Reader Suite\upeksvr.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\windows\System32\lxdicoms.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\System32\stacsv.exe

c:\program files\TVersity\Media Server\MediaServer.exe

c:\windows\System32\conime.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\rundll32.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\Fingerprint Reader Suite\psqltray.exe

c:\windows\System32\rundll32.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\ApntEx.exe

c:\program files\DellTPad\hidfind.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

c:\program files\Mozilla Firefox\firefox.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-02-18 19:55:46 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-02-18 18:55:43

ComboFix2.txt 2009-01-27 11:07:48

Pre-Run: 50,375,757,824 byte ledig

Post-Run: 50,136,842,240 byte ledig

477 --- E O F --- 2009-02-16 10:06:14

Og Mbam starter!

Problemet med at programer ikke startet er ganske mange dager siden. Men WoW og Torrent (vuze) Sluttet å virke igår morrest

Det sto noe om TDSS når combofix

Endret 18. februar 2009 av MrSmile

MrLuni · 18. februar 2009

Tenkte nok mer på NÅR oppsto problemet.

Sjekk følgende:

Et rootkit som kan gi symptomer som du har, er TDSSserv

Hvis den liggerpå pc'n kan du deaktivere den for så å se om du ikke får kjørt f.eks. mbam og combofix.

Du stopper tjenesten ved å gjøre følgende:

Gå til Kontrollpanel->System->Maskinvare->Enhetsbehandling

Velg Vis->Vis skjulte enheter

Klikk på plusstegnet framfor "Drivere som ikke er Plug and Play-kompatible"

Bla deg ned til TDSSserv.sys, høyreklikk på fila og velg Deaktiver.

Restart pc'n etterpå.

Det står ikke noe om TDSSserv.sys der

Dette er HiJackthis rapporten nå

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:10:09, on 18.02.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\conime.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Fingerprint Reader Suite\psqltray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\mmc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Frank Robert\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"

O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe

O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 7919 bytes

Endret 18. februar 2009 av MrSmile

MrLuni · 18. februar 2009

WoW og torrents funker fremdels ikke.. Men jeg klarer nå å komme inne på dei sidene som jeg ikke klarte før f.eks. AVG sin side

snippsat · 18. februar 2009

Oppdatere MBAM kjør den og post loggen den lager.

norbat · 18. februar 2009

For å få litt klarhet:

Fjernet Spyware Cease noe av det den evt. fant?

Mener de sier at testversjonen ikke fjerner noe før man betaler?

Spyware Cease er i flere sammenhenger klassifisert som er Rogue antiprogram - den sier at pc'n er mer infisert enn det den er....

Combofix fjernet TDSSserv.sys

MrLuni · 18. februar 2009

Mbabm rapport

Malwarebytes' Anti-Malware 1.34

Databaseversjon: 1775

Windows 6.0.6001 Service Pack 1

18.02.2009 20:39:22

mbam-log-2009-02-18 (20-39-22).txt

Skanntype: Rask Skann

Objekter skannet: 62732

Tid tilbakelagt: 2 minute(s), 24 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert: