Akrobaten Skrevet 11. april 2009 Forfatter Del Skrevet 11. april 2009 (endret) Så selv i sikker modus får du ikke kjørt verken Combofix eller Malwarebytes? Prøv da følgende: Last ned SDFix.exe. Pakk ut programmet. Restart i sikker modus (tapp f8 under oppstart) Kjør RunThis.bat i SDfix-mappa. Det lages en rapport (Report.txt) som du poster. Combofix og Malwarebytes funker ikke i sikker modus, nei. Og i vanlig modus får jeg ikke startet PCen ordentlig. Nettet fungerer heller ikke. Programmet er nå brent over på en CD; skal få kjørt det på den infiserte PCen straks Endret 11. april 2009 av Akrobaten Lenke til kommentar
Akrobaten Skrevet 11. april 2009 Forfatter Del Skrevet 11. april 2009 Når jeg kjører SDFix, og velger "Y" (å kjøre programmet, i motsetning til bare en diagnose), skjer det ingen ting. Alt på skjermen forsvinner, bortsett fra Sikkermodus-ikonene i hvert hjørne av skjermen, teksten øverst på skjermen og musepekeren... Virker ikke som om programmet fungerer for meg :S Lenke til kommentar
norbat Skrevet 12. april 2009 Del Skrevet 12. april 2009 Ok, prøv følgende: Fra Start->Kjør, skriv: msconfig Gå til fanearket Tjenester og fjern merket framfor følgende tjenester: sopidkc tdctxte at1394.sys afisicx.exe Gå til fanearket Oppstart og fjern merket framfor oppstartselementene: svchost.exe *ctfmon32 reader_s Framework Windows Restart pc'n og prøv combofix og malwarebytes en gang til. Lenke til kommentar
Akrobaten Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 (endret) Ok, prøv følgende: Fra Start->Kjør, skriv: msconfig Gå til fanearket Tjenester og fjern merket framfor følgende tjenester: sopidkc tdctxte at1394.sys afisicx.exe Gå til fanearket Oppstart og fjern merket framfor oppstartselementene: svchost.exe *ctfmon32 reader_s Framework Windows Restart pc'n og prøv combofix og malwarebytes en gang til. Skal jeg restarte i sikker modus eller vanlig? Finner forresten ikke at1394.sys på fanearket tjenester :/ Endret 12. april 2009 av Akrobaten Lenke til kommentar
Akrobaten Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 Neida... Malwarebytes og Combofix virker ikke nå heller. Kan det ha noe med at det var en ting jeg ikke fikk fjernet fra Tjenester? Lenke til kommentar
Akrobaten Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 (endret) Oi, nå skjedde det noe her. Endret navnet på Combofixe.exe på skrivebordet til "knoboc.exe" (tilfeldig navn). Nå vil programmet kjøre! Får beskjeden "Combofix has expired. Click Yes to run in REDUCED FUNCTIONALITY mode. Click No to exit" EDIT: programmet ble borte da jeg trykket No, så jeg flyttet det til skrivebordet igjen. Nå kan jeg kjøre det, MED det originale navnet! Endret 12. april 2009 av Akrobaten Lenke til kommentar
norbat Skrevet 12. april 2009 Del Skrevet 12. april 2009 (endret) Edit: Da lar du combofix kjøre. Post loggen så tar vi det derfra. ---------------- Det er nok er rootkit som forhindrer programmene i å kjøre. Prøv å endre filnavnet til malwarebytes. Du finner programfila under programfiler/malwarebytes anti-malware. Fila heter mbam.exe. Endre navnet til noe helt annet, eks. akrobaten.exe Reboot pc'n og se om du nå ikke får startet malwarebytes. Hvis dette heller ikke fungerer, så kan du forsøke å bruke DrWeb. Dette er en 'engangsskanner'. Mulig rootkitet forhindrer dette også, men det er verdt et forsøk: Hent DrWeb Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Innstillinger->Endre innstillinger. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions/avgjørelser, skal alle punkt under Malware settes til Rename/endre. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Når scanningen er ferdig, gå til "file" – Trykk på- "Save Report list". En fil med navn "drweb.csv" vil da ligge på skrivebordet. Post loggfilen, hvis mulig. Prøv deretter å kjøre malwarebytes og combofix igjen. Endret 12. april 2009 av norbat Lenke til kommentar
Akrobaten Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 (endret) Argh, jeg får ikke kjørt combofix riktig fordi jeg får beskjed om at Norman Virus Control kjører... Hvordan skal jeg få stoppet Norman når jeg ikke kommer meg inn på programmet gjennom oppgavelinjen eller start-menyen... Endret 12. april 2009 av Akrobaten Lenke til kommentar
norbat Skrevet 12. april 2009 Del Skrevet 12. april 2009 Selv om du får melding om at det kjøres et av-prog. så går dette stort sett greit å kjøre combofix (du må ignorere meldingene fra Norman og tillate at div. prosesser kjører). Uansett, du kan bruke msconfig til å slå av tjenester og oppstartsprosesser knyttet til Norman Lenke til kommentar
Akrobaten Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 Ser ut til at jeg ikke har "WINDOWS RECOVERY CONSOLE" installert. Det kreves en internettilgang for å installere dette, og det har jo ikke jeg nå i sikkermodus... Lenke til kommentar
Akrobaten Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 (endret) Sånn, da var ComboFix ferdig. Her er loggen ComboFix 09-04-04.01 - Martin 2009-04-12 13:44:11.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1733 [GMT 2:00] Kjører fra: c:\documents and settings\Martin\Skrivebord\ComboFix.exe AV: Norman Virus Control ver. 5.99 *On-access scanning enabled* (Updated) FW: Norman Personal Firewall v. 1.4 *disabled* ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Martin\reader_s.exe C:\install.exe c:\windows\dhcp\svchost.exe c:\windows\Install.txt c:\windows\system32\afisicx.exe c:\windows\system32\at1394.sys c:\windows\system32\comsa32.sys c:\windows\system32\fhpatch.dll c:\windows\system32\fiplock.dll c:\windows\system32\frmwrk32.exe c:\windows\system32\Install.txt c:\windows\system32\iphy.dll c:\windows\system32\kernel32_check.dll c:\windows\system32\mukmil.dll c:\windows\system32\pmnljJaW.dll c:\windows\system32\reader_s.exe c:\windows\system32\sopidkc.exe c:\windows\system32\tdctxte.exe c:\windows\system32\tpszxyd.sys c:\windows\system32\w.exe c:\windows\system32\IpSvchostF.dll . . . . kunne ikke slettes ----- BITS: Mulige infiserte sider ----- hxxp://codecs.sytes.net . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_afisicx -------\Legacy_AT1394 -------\Legacy_dhcpsrv -------\Legacy_sopidkc -------\Legacy_tdctxte -------\Service_6to4 -------\Service_afisicx -------\Service_at1394 -------\Service_dhcpsrv -------\Service_sopidkc -------\Service_tdctxte ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-12 til 2009-04-12 ))))))))))))))))))))))))))))))))) . 2009-04-12 13:07 . 2009-04-12 13:07 <DIR> d-------- c:\windows\LastGood 2009-04-12 12:16 . 2009-04-12 12:19 <DIR> d-------- C:\knoboc 2009-04-11 20:42 . 2009-04-11 20:42 <DIR> d-------- c:\windows\ERUNT 2009-04-11 20:40 . 2009-04-12 11:51 <DIR> d-------- C:\SDFix 2009-04-11 20:30 . 2009-04-12 11:52 <DIR> dr-h----- c:\documents and settings\Martin\Siste 2009-04-11 17:12 . 2009-04-11 17:12 <DIR> d-------- c:\documents and settings\Martin\Programdata\pidle 2009-04-11 17:12 . 2009-04-11 17:12 <DIR> d-------- c:\documents and settings\Martin\Programdata\_3b7b6d2e6768485b115c4e5260a73461 2009-04-11 11:46 . 2009-04-11 11:46 44 --a------ c:\windows\system32\2.tmp 2009-04-11 11:46 . 2009-04-11 11:46 0 --a------ c:\windows\system32\4.tmp 2009-04-11 11:41 . 2009-04-11 11:41 2,560 --a------ c:\windows\system32\drivers\mchInjDrv.sys 2009-04-11 11:40 . 2009-04-12 13:48 0 --------- c:\windows\system32\IpSvchostF.dll 2009-04-11 01:34 . 2009-04-01 16:22 921,387 --a------ c:\documents and settings\Martin\Programdata\svchost.exe 2009-04-11 01:34 . 2009-04-11 01:34 32 --a------ c:\documents and settings\Martin\Programdata\__t.bin 2009-04-11 01:30 . 2009-04-11 01:30 143,904 --a------ c:\windows\system32\4cb3f66f1cf909d49157377d43771549.exe 2009-04-11 01:23 . 2009-04-12 12:16 <DIR> d-------- c:\windows\system32\3361 2009-04-11 01:23 . 2009-04-12 13:44 <DIR> d-------- c:\windows\dhcp 2009-04-11 01:23 . 2009-04-11 01:23 <DIR> d-------- C:\program Files 2009-04-11 01:23 . 2009-04-11 01:23 172,032 --a------ c:\windows\system32\tcpcon.dll 2009-04-11 01:23 . 2009-04-11 11:47 110,318 --a------ c:\windows\system32\drivers\c46a8ad0.sys 2009-04-11 01:23 . 2009-04-11 01:23 108,336 --a------ c:\windows\system32\MSWINSCK.OCX 2009-04-11 01:23 . 2009-04-11 01:23 61,440 --a------ c:\windows\system32\tcpd.exe 2009-04-11 01:23 . 2009-04-10 15:00 21,704 --a------ c:\windows\system32\kk.exe 2009-04-11 01:23 . 2009-04-11 01:23 20,992 --a------ c:\windows\system32\AUTMGR.EXE 2009-04-11 01:23 . 2009-04-11 01:23 10,240 --a------ c:\windows\system32\Packer.dll 2009-04-11 01:22 . 2009-04-11 01:22 46,592 --a------ C:\ijlbdn.exe 2009-04-11 01:22 . 2009-04-11 01:22 30,208 --a------ C:\yttbgn.exe 2009-04-11 01:22 . 2009-04-11 01:22 2 --a------ C:\344307038 2009-04-11 00:40 . 2009-04-11 17:13 <DIR> d-------- c:\programfiler\Alcohol Soft 2009-04-10 21:37 . 2009-04-10 21:37 <DIR> d-------- c:\windows\LastGood.Tmp 2009-04-10 16:36 . 2009-04-10 16:36 <DIR> d-------- c:\windows\Caps 2009-04-07 17:27 . 2009-04-07 17:27 <DIR> d-------- c:\windows\nview 2009-04-07 17:27 . 2009-03-27 10:03 453,152 --a------ c:\windows\system32\nvudisp.exe 2009-04-07 17:27 . 2009-04-07 18:02 215,383 --a------ c:\windows\system32\nvapps.xml 2009-04-07 17:27 . 2009-03-27 10:03 19,054 --a------ c:\windows\system32\nvdisp.nvu 2009-04-07 17:26 . 2009-03-27 08:14 453,152 --a------ c:\windows\system32\NVUNINST.EXE 2009-03-22 18:00 . 2009-04-11 01:12 <DIR> d-------- c:\documents and settings\Martin\Tracing 2009-03-22 17:56 . 2009-03-22 17:56 <DIR> d-------- c:\programfiler\Windows Live SkyDrive 2009-03-22 17:56 . 2009-03-22 17:56 <DIR> d-------- c:\programfiler\Microsoft 2009-03-22 17:52 . 2009-03-22 17:52 <DIR> d-------- c:\programfiler\Fellesfiler\Windows Live 2009-03-14 17:16 . 2009-03-14 18:46 23,392 --a------ c:\windows\system32\nscompat.tlb 2009-03-14 17:16 . 2009-03-14 18:46 16,832 --a------ c:\windows\system32\amcompat.tlb 2009-03-12 21:05 . 2009-03-12 21:05 <DIR> d-------- c:\programfiler\Auslogics 2009-03-12 16:15 . 2009-03-12 16:15 <DIR> d-------- c:\programfiler\iTunes 2009-03-12 16:15 . 2009-03-12 16:15 <DIR> d-------- c:\programfiler\iPod 2009-03-12 16:15 . 2009-03-12 16:15 <DIR> d-------- c:\documents and settings\All Users\Programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-12 16:13 . 2009-03-12 16:14 <DIR> d-------- c:\programfiler\QuickTime 2009-03-12 16:12 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-12 10:43 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-04-11 15:12 --------- d-----w c:\documents and settings\Martin\Programdata\uTorrent 2009-04-11 15:09 --------- d-----w c:\programfiler\Messenger Plus! Live 2009-04-11 09:41 --------- d-----w c:\documents and settings\Martin\Programdata\OpenOffice.org2 2009-04-09 19:01 --------- d-----w c:\documents and settings\Martin\Programdata\Spotify 2009-04-09 19:00 --------- d-----w c:\programfiler\foobar2000 2009-04-07 15:28 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-04-07 15:27 --------- d-----w c:\programfiler\AGEIA Technologies 2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-28 17:41 --------- d-----w c:\programfiler\Steam 2009-03-27 08:03 6,280,416 ----a-w c:\windows\system32\drivers\nv4_mini.sys 2009-03-22 15:57 --------- d-----w c:\programfiler\Windows Live 2009-03-21 13:00 --------- d-----w c:\programfiler\Download Manager 2009-03-21 13:00 --------- d-----w c:\documents and settings\Martin\Programdata\IGN_DLM 2009-03-16 17:11 --------- d-----w c:\programfiler\Java 2009-03-14 16:37 --------- d-----w c:\programfiler\Windows Media Connect 2 2009-03-12 14:15 --------- d-----w c:\programfiler\Fellesfiler\Apple 2009-03-12 14:14 --------- d-----w c:\programfiler\Bonjour 2009-03-11 18:00 --------- d-----w c:\programfiler\CCleaner 2009-03-10 11:32 --------- d-----w c:\programfiler\Emote 2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-03 20:11 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-02-26 20:36 --------- d-----w c:\programfiler\Rhiannon Demo C1 2009-02-26 18:16 --------- d-----w c:\documents and settings\Martin\Programdata\Inkscape 2009-02-24 20:54 --------- d-----w c:\programfiler\MP3MyMP3 2009-02-24 20:51 --------- d-----w c:\programfiler\Replay Music 3 2009-02-21 12:09 --------- d-----w c:\programfiler\Spotify 2009-02-12 20:46 53,472 ----a-w c:\documents and settings\Martin\Programdata\GDIPFONTCACHEV1.DAT 2008-11-13 18:54 22,328 ----a-w c:\documents and settings\Martin\Programdata\PnkBstrK.sys 2008-04-05 12:39 411,248 ----a-w c:\programfiler\FLV PlayerRCSetup.exe 2008-03-03 16:29 357,768 ----a-w c:\documents and settings\Martin\SymXPep2.dll 2008-05-22 10:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008052220080523\index.dat . ------- Sigcheck ------- 2004-08-04 14:00 33792 7809a384de83e6e7256e9f033e0e87e4 c:\windows\$NtServicePackUninstall$\svchost.exe 2008-04-14 18:23 33792 c3601fe2a7510e5ed99276a4063eddcf c:\windows\ServicePackFiles\i386\svchost.exe 2008-04-14 18:23 33792 82bb2888626872654ec2d01c836b6052 c:\windows\system32\svchost.exe 2009-04-11 01:23 86016 6f78266e7ec82a1094acfd3ffbbe2414 c:\windows\system32\3361\SVCHOST.EXE 2008-04-14 18:22 1053184 2665ef77478c0356a94712aa5013d002 c:\windows\explorer.exe 2007-06-13 15:12 1052672 93f4a6da13cd7db98ec30a86636af9d3 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:24 1052672 5dc0a5e9bc389d8815e28c56e13f647f c:\windows\$NtServicePackUninstall$\explorer.exe 2008-04-14 18:22 1053184 0aa1abf15b05a9e908567d886ab5bd5c c:\windows\ServicePackFiles\i386\explorer.exe 2004-08-04 14:00 128000 fe9f47e493d5a9dd515520f9c010ce84 c:\windows\$NtServicePackUninstall$\services.exe 2008-04-14 18:23 128000 d6cc00e1830b0e9c33f0e848b79096a7 c:\windows\ServicePackFiles\i386\services.exe 2008-04-14 18:23 128000 6c375c89dcc11c51bc8e78a5d1dde7d9 c:\windows\system32\services.exe 2004-08-04 14:00 34816 7c505bad347cce38734deedc94a65903 c:\windows\$NtServicePackUninstall$\ctfmon.exe 2008-04-14 18:22 34816 3c22972b861428d357ad1540b0c1151d c:\windows\ServicePackFiles\i386\ctfmon.exe 2008-04-14 18:22 34816 8a7eb929a27d19f9dbbe0d2a78733b42 c:\windows\system32\ctfmon.exe 2005-06-11 02:17 77312 6993e18da4610ff88e2c0642a4ea85b2 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2005-06-11 01:53 77312 97b33b279be90897d62cf16ce25d01f8 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2008-04-14 18:23 77312 1022f9f2799e5e0c914cd5f35595744d c:\windows\ServicePackFiles\i386\spoolsv.exe 2008-04-14 18:23 77312 af56c8f22fa4d294f5fcc1a766bc2e95 c:\windows\system32\spoolsv.exe 2004-08-04 14:00 44032 34c8296f5c7320670ede66e845ac94c0 c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 18:23 45568 d14af883fabe2d4a2e1dac99f1f1cb5a c:\windows\ServicePackFiles\i386\userinit.exe 2008-04-14 18:23 45568 2cdb802457960646c23eafb21c1aa7fb c:\windows\system32\userinit.exe 2008-04-14 18:23 45568 abf69dcc2ad3cc90e8543071a8231428 c:\windows\system32\dllcache\userinit.exe 2006-07-05 12:58 986112 084211c19f21fbf01181bb546ee360a2 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll 2007-04-16 18:11 987136 fd6d59e9457019f2c28ea68292ebb6e4 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll 2007-04-16 17:54 985600 5eed88700755d8e9b07b8abd21f4c3e3 c:\windows\$NtServicePackUninstall$\kernel32.dll 2008-04-14 18:22 990720 a865544d4bf02c7641bb388899557137 c:\windows\ServicePackFiles\i386\kernel32.dll 2009-04-11 01:23 990720 aec857fa614e07d459b7b182c1461942 c:\windows\system32\kernel32.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 102400] "igndlm.exe"="c:\programfiler\Download Manager\dlm.exe" [2009-02-24 1103216] "Google Update"="c:\documents and settings\Martin\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-12-20 133104] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrayServer"="c:\programfiler\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 106496] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 176128] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 61276] "JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1974272] "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 69632] "AWU"="c:\programfiler\Jensen AirLink\AWU.exe" [2005-08-09 327680] "Norman ZANDA"="c:\norman\Npm\bin\ZLH.EXE" [2008-06-02 294000] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-01-05 434176] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-03-11 342312] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 189440] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE] "CTHelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 34816] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "ati2sgav"="c:\windows\system32\ati2sgav.exe" [2008-09-25 239683] c:\documents and settings\Martin\Start-meny\Programmer\Oppstart\ FIFA 09 Registration.lnk - c:\programfiler\EA Sports\FIFA 09\Support\EAregister.exe [2008-08-13 4388864] OpenOffice.org 2.4.lnk - c:\programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 413696] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2009-01-20 809488] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] NCProTray.lnk - c:\programfiler\SEC\Natural Color Pro\NCProTray.exe [2007-05-29 69700] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcbbaffba] 2003-08-23 06:10 280079 c:\windows\system32\fcbbaffba.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 17:41 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aavgapi.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aawdrivertool.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aawservice.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aawtray.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aawwsc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\acthosp.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ad-aware.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ad-awareadmin.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ad-awarecommand.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\advxdwin.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentw.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alogserv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon9x.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ants.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashbug.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashchest.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashcnsnt.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashdisp.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashlogv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashmaisv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashpopwz.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashquick.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashserv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashsimp2.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashsimpl.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashskpcc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashskpck.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashupd.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashwebsv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswchlic.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswlsvc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswmem64.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswregsvr.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswrundll.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswupdsv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atcon.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atupdater.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atwatch.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autostart manager.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autotrace.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avciman.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcfgex.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcmgr.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgfrw.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgiproxy.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnsx.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscanx.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv9.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgsrmax.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgtray.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupd.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avupgsvc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwinnt.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwsc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitor9x.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitornt.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxquar.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxw.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blindman.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootsafe.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccpxysvc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cdp.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgwiz.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmgrdian.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\connectionmonitor.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpd.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpdclnt.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctrl.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctxcleanup.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dds.scr.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defwatch.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\devcon.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\doors.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drvins32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ecls.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ecmd.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eeclnt.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\efpeadm.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehttpsrv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\etrustcipe.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\evpn.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\expert.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fact.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32fih32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fixcfg.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbpoll.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\generics.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guarddog.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gwfeed.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hostfileeditor.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamstats.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\inicio.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isrv95.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldnetmon.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpromenu.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldscan.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdown.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luspt.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mainstub.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbam-dor.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbam-setup.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbam.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbamgui.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbamservice.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mbklaunch.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcenui.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinst.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinsupd.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmscsvc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcods.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcsacore.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcshell.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mctool.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdate.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsrte.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrtcl.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrte.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\minilog.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\monitor.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfagent.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfalert.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfservice.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msksrver.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mwatch.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neowatchlog.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netcfg.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nprotect.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntvdm.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntxconfig.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nui.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwnt.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwservice.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwtool16.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\panicsh.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavbckpt.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavfnsvr.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavjobs.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavscrip.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcciomon.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccntmon.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin97.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfinder.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\platasks.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppfw.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\processwatch.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psclean.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pshost.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psksvc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psrol.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runsas.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sasinsst.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scanstub.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdfiles.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdisk32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdmain.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdshred.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfctlcom.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sffnwsc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sosliveprotect.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\soslocalbackup.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sosonlinebackupservice.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sosuploadagent.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spybotsd.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spysweeper.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spysweeperui.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srvload.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sstorage.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssu.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssupdate.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\superantispyware.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\suppstub.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysinspector.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sysrescue.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\teatimer.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\threatwork.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tisscan.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tisspwiz.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tistool.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmarsvc.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmas_au.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmas_oe.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmas_oeimp.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmas_oemon.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmbmsrv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmpfw.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tmproxy.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tpsrv.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tscfaubroker.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tscfcmdrlauncher.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tscfcommander.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tscfplatformcomsvr.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufifavim.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufnavi.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufseagnt.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufupdui.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upgrader.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\visthaux.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\visthlic.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\visthupd.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmain.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\washengine.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\watchdog.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webproxy.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webtrap.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wgfe95.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wimmun32.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wizhosp.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wradmin.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wrconsumerservice.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wrctrl.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wrutil.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe] "Debugger"=svchost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^NkvMon.exe.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\NkvMon.exe.lnk backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*ctfmon32] --a------ 2009-04-01 16:22 921387 c:\documents and settings\Martin\Programdata\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 18:22 34816 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2009-03-27 10:03 13684736 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2009-03-27 10:03 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost.exe] --a------ 2009-04-11 01:23 86016 c:\windows\system32\3361\SVCHOST.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=2 (0x2) "tdctxte"=2 (0x2) "sopidkc"=2 (0x2) "afisicx"=2 (0x2) "eLoggerSvc6"=2 (0x2) "Norman ZANDA"=2 (0x2) "nvcoas"=3 (0x3) "NVCScheduler"=3 (0x3) "Norman Type-R"=2 (0x2) "nsesvc"=3 (0x3) "Norman NJeeves"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Electronic Arts\\Kampen om Midgard II\\game.dat"= "c:\\Programfiler\\Electronic Arts\\Heksekongen\\game.dat"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\Autodesk\\3ds Max 9\\3dsmax.exe"= "c:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"= "c:\\Programfiler\\Autodesk\\Backburner\\manager.exe"= "c:\\Programfiler\\Autodesk\\Backburner\\server.exe"= "c:\\Programfiler\\Crazybump Beta Test\\CrazyBump.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"= "c:\\WINDOWS\\system32\\3361\\svchost.exe"= S0 NDIS_RD;Firewall Engine Type-R2; [x] S0 sfstx;sfstx;c:\windows\system32\drivers\wuno.sys --> c:\windows\system32\drivers\wuno.sys [?] S1 c46a8ad0;c46a8ad0;c:\windows\system32\drivers\c46a8ad0.sys [2009-04-11 110318] S1 TDI_RD;Firewall Engine Type-R;\??\c:\windows\system32\drivers\tdi_rd.sys --> c:\windows\system32\drivers\tdi_rd.sys [?] S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-01-20 10384] S2 Ndiskio;Ndiskio;c:\norman\Nse\Bin\Ndiskio.sys [2008-06-03 20448] S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?] S3 mbamswissarmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-30 38496] S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-06-03 19512] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-12-18 36864] S4 nsesvc;Norman Scanner Engine Service;c:\norman\Nse\Bin\Nsesvc.exe [2009-04-10 203832] S4 nvcoas;Norman Virus Control on-access component;c:\norman\NVC\Bin\Nvcoas.exe [2009-04-10 203832] S4 NVCScheduler;Norman Virus Control Scheduler;c:\norman\NVC\Bin\Nvcsched.exe [2008-06-03 166968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-11-13 c:\windows\Tasks\Crysis Wars® Updates.job - c:\windows\Installer\Crysis Wars® Updates for All Users.lnk [2008-11-13 20:54] 2009-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3176759873-1977204866-1923448002-1006.job - c:\documents and settings\Martin\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-12-20 15:22] 2009-04-10 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 18:04] 2009-04-11 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 18:04] . - - - - TOMME PEKERE FJERNET - - - - BHO-{2315EED1-377B-4937-BF84-D96F8129CA89} - (no file) HKU-Default-Run-reader_s - c:\documents and settings\Martin\reader_s.exe MSConfigStartUp-reader_s - c:\windows\System32\reader_s.exe MSConfigStartUp-Framework Windows - frmwrk32.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.online.no/ uInternet Connection Wizard,ShellNext = hxxp://www.logitech.com/index.cfm?page=downloads/finder&CRID=270&countryid=19&languageid=1 uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Read with DeskBot DPF: DirectEdit - hxxps://www.itslearning.com//file/DirectEdit.CAB DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-12 13:49:15 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwOpenFile skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-3176759873-1977204866-1923448002-1006\Software\SecuROM\License information*] "datasecu"=hex:c7,86,83,11,55,ef,ad,00,7d,27,24,f4,5c,ce,b0,33,17,bc,e4,21,04, 95,3f,8c,3c,4e,7e,34,de,ed,71,64,bf,37,d7,0b,28,a3,39,8b,9b,42,0e,92,91,aa,\ "rkeysecu"=hex:e8,10,6e,45,9b,f5,01,02,44,9b,71,d0,bf,bb,9d,e2 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):c6,f7,9e,ac,5c,a5,75,7e,9c,c0,a2,1f,36,4f,62,0f,dc,c8,57,9f,08, b5,b8,b0,73,94,a6,7b,a5,91,00,2a,ca,f3,da,b9,08,02,ee,fc,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):04,5b,b9,aa,56,e0,f5,10,28,a7,57,9d,2e,a7,a6,58,d1,17,32,d4,88, d2,75,b1,a1,25,2c,b8,25,46,0d,05,f9,9c,be,98,a0,e0,c2,66,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a3c28736-fefe-4ea9-90ff-22b18e655e1e}] @Denied: (Full) (Everyone) "Model"=dword:0000006c "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cfe39b15-758d-44b3-840a-6b64467b742d}] @Denied: (Full) (Everyone) "Model"=dword:00000095 "Therad"=dword:0000000f "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(252) c:\windows\system32\tcpcon.dll c:\windows\system32\fcbbaffba.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll c:\programfiler\Bonjour\mdnsNSP.dll . Tidspunkt ferdig: 2009-04-12 13:54:28 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-04-12 11:54:25 ComboFix2.txt 2008-09-30 09:15:36 Pre-Run: 276 670 947 328 byte ledig Post-Run: 276,826,685,440 byte ledig 860 --- E O F --- 2009-03-14 17:05:22 Endret 12. april 2009 av Akrobaten Lenke til kommentar
norbat Skrevet 12. april 2009 Del Skrevet 12. april 2009 Får du kjørt malwarebytes nå (evt. om du endrer filnavn). Hvis, kjør en rask skann. Lenke til kommentar
Akrobaten Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 (endret) Får du kjørt malwarebytes nå (evt. om du endrer filnavn). Hvis, kjør en rask skann. Får ikke kjørt malwarebytes. Jeg får derimot kjørt Dr.Web, men denne skanninga kommer jo til å ta flere timer . Finner temmelig mange filer der som er infiserte (Win32.Virut.56)... Dette lover vel ikke bra? Ser ut til at nesten hver eneste .exe fil på maskinen inneholder dette viruset Endret 12. april 2009 av Akrobaten Lenke til kommentar
norbat Skrevet 12. april 2009 Del Skrevet 12. april 2009 En virut-infeksjon er dessverre noe herk å få fjernet. Den infiserer .exe og .scr-filer. Selv om DrWeb finner mange nå, så vil du etter en reboot og ny skanning antakelig finne like mange (om ikke flere). Min anbefaling er at du tar backup av data du trenger å ta vare på (ikke .exe el. scr-filer) og kjører en reinstallering. Lenke til kommentar
Akrobaten Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 Så det er rett og slett bare å gi opp? Lenke til kommentar
norbat Skrevet 12. april 2009 Del Skrevet 12. april 2009 For å være helt ærlig, ja. Virut har bla. en del bugs i koden slik at når man forsøker å reparere systemfilene, vil disse bli skadet - og man er like langt. Det beste, enkleste og raskeste er å kjøre en ren installering av OS igjen. Det er dumt å bruke 5 timer på å forsøke å fjerne malwaren og deretter må kjøre en repair av windows i etterkant. Da kan man likegodt kjøre en ny installering først som sist. Lenke til kommentar
norbat Skrevet 12. april 2009 Del Skrevet 12. april 2009 Hva har du tenkt å gjøre? Forsøke å rense eller kjøre en reinstallering? Avg har et verktøy for infeksjonen, men som nevnt, exe-filer kan uansett bli korrupte etter forsøk på rensing og om avg sitt verktøy er godt nok, vites ikke. Last ned og kjør rmvirut.exe Lenke til kommentar
Akrobaten Skrevet 12. april 2009 Forfatter Del Skrevet 12. april 2009 Hm, jeg skjønner... Litt kjip hele greia Men jeg tror jeg tar og kopierer alle de nødvendige filene (bilder, dokumenter og musikk) over på en DVD eller CD, for SÅ å prøve verktøyet du linket til. Det er jo greit å ha en CD/DVD med viktige filer uansett om jeg får fjernet problemet. Er det noe annet viktig jeg burde få over på disker, som ikke blir installert når jeg reinstallerer Windows? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå