TheThrone Skrevet 29. april 2009 Del Skrevet 29. april 2009 Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2056 Windows 6.0.6001 Service Pack 1 4/28/2009 8:05:23 PM mbam-log-2009-04-28 (20-05-23).txt Skanntype: Rask Skann Objekter skannet: 71526 Tid tilbakelagt: 20 minute(s), 24 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) COMBOFIX: ComboFix 09-04-28.02 - Petter 04/28/2009 20:11.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2269.1270 [GMT -7:00] Kjører fra: c:\users\Petter\Downloads\ComboFix.exe AV: Norman Security Suite ver. 7.00 *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-28 til 2009-4-29 ))))))))))))))))))))))))))))))))) . 2009-04-29 00:01 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll 2009-04-29 00:00 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll 2009-04-29 00:00 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll 2009-04-29 00:00 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll 2009-04-28 23:59 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll 2009-04-28 23:49 . 2009-03-08 11:32 72704 ----a-w c:\windows\system32\admparse.dll 2009-04-28 23:49 . 2009-03-08 11:31 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-04-28 23:49 . 2009-03-08 11:22 156160 ----a-w c:\windows\system32\msls31.dll 2009-04-28 23:49 . 2009-03-08 11:33 18944 ----a-w c:\windows\system32\corpol.dll 2009-04-27 22:56 . 2009-04-27 22:56 -------- d-----w c:\users\Petter\AppData\Local\Aspyr 2009-04-27 22:12 . 2009-04-27 22:12 -------- d-----w c:\program files\Aspyr 2009-04-27 22:10 . 2007-07-20 01:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll 2009-04-27 22:10 . 2007-04-05 01:53 81768 ----a-w c:\windows\system32\xinput1_3.dll 2009-04-27 00:19 . 2009-04-27 00:19 -------- d-----w c:\programdata\Blizzard 2009-04-27 00:19 . 2009-04-27 00:19 -------- d-----w c:\users\All Users\Blizzard 2009-04-26 23:40 . 2009-04-28 23:21 -------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-04-23 23:25 . 2009-04-23 23:25 -------- d-----w c:\programdata\POP3Profiles 2009-04-23 23:25 . 2009-04-23 23:25 -------- d-----w c:\users\All Users\POP3Profiles 2009-04-23 22:57 . 2009-04-23 23:11 -------- d-----w c:\programdata\POPWWPROFILES 2009-04-23 22:57 . 2009-04-23 23:11 -------- d-----w c:\users\All Users\POPWWPROFILES 2009-04-23 20:39 . 2003-10-27 22:06 505104 ----a-r c:\windows\system32\msxml.dll 2009-04-23 20:38 . 2003-10-27 22:06 69632 ----a-r c:\windows\system32\xmltok.dll 2009-04-23 20:38 . 2003-10-27 22:06 36864 ----a-r c:\windows\system32\xmlparse.dll 2009-04-23 20:38 . 2003-10-27 22:06 26096 ----a-r c:\windows\system32\xmlinst.exe 2009-04-23 20:38 . 2003-10-27 22:06 24576 ----a-r c:\windows\system32\msxml3a.dll 2009-04-23 20:38 . 2003-10-27 22:06 28432 ----a-r c:\windows\system32\msxmlr.dll 2009-04-23 20:38 . 2003-10-27 22:06 89360 ----a-r c:\windows\system32\VB5DB.DLL 2009-04-23 20:38 . 2009-04-23 20:38 -------- d-----w c:\program files\Ubisoft 2009-04-23 02:21 . 2009-04-23 02:21 -------- d-----w c:\users\Petter\AppData\Roaming\DataCast 2009-04-23 02:21 . 2009-04-23 02:21 -------- d-----w c:\program files\MarkAny 2009-04-23 02:20 . 2009-04-23 02:20 -------- d-----w c:\program files\Samsung 2009-04-17 22:24 . 2009-04-17 22:24 -------- d-----w c:\users\Petter\AppData\Roaming\Malwarebytes 2009-04-17 22:23 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-17 22:23 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-17 22:23 . 2009-04-17 22:23 -------- d-----w c:\programdata\Malwarebytes 2009-04-17 22:23 . 2009-04-17 22:23 -------- d-----w c:\users\All Users\Malwarebytes 2009-04-17 22:23 . 2009-04-29 02:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-17 22:00 . 2008-12-11 15:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys 2009-04-17 22:00 . 2009-04-20 22:48 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys 2009-04-17 22:00 . 2008-12-18 19:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys 2009-04-17 22:00 . 2009-04-29 02:26 -------- d---a-w c:\programdata\TEMP 2009-04-17 22:00 . 2009-04-29 02:26 -------- d---a-w c:\users\All Users\TEMP 2009-04-17 22:00 . 2009-04-17 22:01 -------- d-----w c:\program files\Common Files\PC Tools 2009-04-17 22:00 . 2008-12-10 19:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys 2009-04-17 22:00 . 2009-04-17 22:00 -------- d-----w c:\programdata\PC Tools 2009-04-17 22:00 . 2009-04-17 22:00 -------- d-----w c:\users\All Users\PC Tools 2009-04-17 22:00 . 2009-04-17 22:00 -------- d-----w c:\users\Petter\AppData\Roaming\PC Tools 2009-04-17 22:00 . 2009-04-22 01:19 -------- d-----w c:\program files\Spyware Doctor 2009-04-12 02:48 . 2009-04-12 02:49 -------- d-----w c:\program files\ApexFitness 2009-04-08 18:49 . 2009-04-08 18:49 -------- d-----w c:\users\Petter\AppData\Roaming\Media Player Classic 2009-04-06 03:33 . 2009-04-26 02:21 -------- d-----w c:\program files\InterActual . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-29 02:26 . 2008-12-24 20:25 -------- d-----w c:\program files\Norman 2009-04-29 00:12 . 2008-04-10 08:19 452326 ----a-w c:\windows\system32\perfh014.dat 2009-04-29 00:12 . 2008-04-10 08:19 76478 ----a-w c:\windows\system32\perfc014.dat 2009-04-28 22:11 . 2009-03-07 18:52 1356 ----a-w c:\users\Petter\AppData\Local\d3d9caps.dat 2009-04-23 23:20 . 2008-06-19 10:29 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-23 02:14 . 2009-04-23 02:14 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-04-12 02:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat 2009-04-12 02:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-04-12 02:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-03-17 03:38 . 2009-04-16 01:17 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-16 01:17 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 01:17 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-08 11:34 . 2009-04-28 23:48 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 11:34 . 2009-04-28 23:48 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 11:33 . 2009-04-28 23:48 109056 ----a-w c:\windows\system32\iesysprep.dll 2009-03-08 11:33 . 2009-04-28 23:48 109568 ----a-w c:\windows\system32\PDMSetup.exe 2009-03-08 11:33 . 2009-04-28 23:48 132608 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-08 11:33 . 2009-04-28 23:48 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe 2009-03-08 11:33 . 2009-04-28 23:48 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe 2009-03-08 11:33 . 2009-04-28 23:48 103936 ----a-w c:\windows\system32\SetDepNx.exe 2009-03-08 11:33 . 2009-04-28 23:48 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 11:32 . 2009-04-28 23:48 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 11:32 . 2009-04-28 23:48 66560 ----a-w c:\windows\system32\wextract.exe 2009-03-08 11:32 . 2009-04-28 23:48 169472 ----a-w c:\windows\system32\iexpress.exe 2009-03-08 11:31 . 2009-04-28 23:48 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 11:31 . 2009-04-28 23:48 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-03 21:43 . 2009-03-03 21:43 -------- d-----w c:\program files\Microsoft Silverlight 2009-03-03 04:46 . 2009-04-16 01:17 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 01:17 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:39 . 2009-04-16 01:17 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 01:17 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 01:17 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 01:17 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 01:17 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-16 01:17 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-16 01:17 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 01:17 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-01 20:20 . 2008-12-24 20:36 101856 ----a-w c:\users\Petter\AppData\Local\GDIPFONTCACHEV1.DAT 2009-02-26 23:41 . 2009-02-26 23:41 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-02-13 08:49 . 2009-04-16 01:17 72704 ----a-w c:\windows\system32\secur32.dll 2009-02-13 08:49 . 2009-04-16 01:17 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 03:10 . 2009-03-10 21:31 2033152 ----a-w c:\windows\system32\win32k.sys 2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w c:\program files\mozilla firefox\plugins\MyCamera.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] 2008-07-27 20:11 1606680 ----a-w c:\program files\TorrentMan\tbTorr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-07-27 1606680] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-07-27 1606680] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-03-26 188416] "WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896] "LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-04 258048] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-05-08 268096] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-01 6025216] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 470288] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{ABAF4093-1C97-4FBF-8035-13CA3501A110}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{184FFF45-23A8-4DFC-8201-003A17D8C519}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F56D0D45-F7E9-4A4F-B534-BE592FCF37EA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{C56DF415-0936-4B96-81BD-22E8442CDCC0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{B6536A3B-2AB9-4A9E-AD65-89977D660534}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{189AEDCA-0EFF-4172-90B4-56CF50826F30}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{918B9DE6-8794-413D-87A9-F81DF2DE5CE3}"= UDP:c:\program files\BitLord2\BitLord.exe:Bitlord2 "{23B42C92-B0F7-4402-9DE4-B9CA751DCF43}"= TCP:c:\program files\BitLord2\BitLord.exe:Bitlord2 "{99D11414-A0D9-4E18-9A33-9803778050BF}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{568A92A0-3018-4E86-8D01-13271D7FEC0B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{AFF9D3CE-1A12-4A03-B440-C381BD941857}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{BD6A2773-586C-4ADE-B7F6-62D7342A92F9}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{96F57BDE-04C7-428B-BC19-7BF78BE6F1B1}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{E24F430D-B05F-421C-83BB-54D21410CCBB}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{1FC4DE8E-DA91-435A-89BE-660AC2E3FD08}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{0540B064-3AAD-4E0A-ACF3-08F23C16A505}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A5D6517D-0E95-4F2B-9038-8059613F7CCF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{DF5DDD34-46AD-4784-90B8-19ED9DE86062}d:\\programmer\\tortun\\gui.exe"= UDP:d:\programmer\tortun\gui.exe:gui "UDP Query User{73AE8445-D5AA-48A8-976B-9DB82FD19C66}d:\\programmer\\tortun\\gui.exe"= TCP:d:\programmer\tortun\gui.exe:gui "{1F725A9D-8553-4232-AA34-80AF1B6AD673}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{F52385FF-32E1-4138-A9D8-EFA2A38ED61F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{2A2474A2-9FBF-42F4-A94F-A6F3D009789C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FD5457AB-E357-496B-90BA-BC7541D3A68A}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player "{3A37A196-6664-4A5D-8492-98E99A4E68D3}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player "TCP Query User{2CE2E889-B986-4001-B963-D26BFB3D798E}d:\\spill\\world of warcraft\\repair.exe"= UDP:d:\spill\world of warcraft\repair.exe:Blizzard Repair Utility "UDP Query User{079E2A88-E22F-4618-854B-09BDEAA0AA3B}d:\\spill\\world of warcraft\\repair.exe"= TCP:d:\spill\world of warcraft\repair.exe:Blizzard Repair Utility "TCP Query User{FC874CF9-B10F-4CD0-8D16-3D56CE87BA49}d:\\spill\\world of warcraft\\launcher.exe"= UDP:d:\spill\world of warcraft\launcher.exe:Blizzard Launcher "UDP Query User{25711806-286F-48D6-B9C9-542AA0C7AC88}d:\\spill\\world of warcraft\\launcher.exe"= TCP:d:\spill\world of warcraft\launcher.exe:Blizzard Launcher "TCP Query User{DAC098D5-63C1-4960-AD55-5B4C7E81C866}c:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= UDP:c:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III "UDP Query User{EA5ACA56-81EC-486C-B96A-0109D142685C}c:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= TCP:c:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III "TCP Query User{591AB16D-2A31-4AAE-840D-755CE8DA7E38}c:\\users\\petter\\appdata\\local\\temp\\rar$ex00.290\\repair.exe"= UDP:c:\users\petter\appdata\local\temp\rar$ex00.290\repair.exe:repair.exe "UDP Query User{233F6DB5-FD53-4122-A32D-F2489F68CE19}c:\\users\\petter\\appdata\\local\\temp\\rar$ex00.290\\repair.exe"= TCP:c:\users\petter\appdata\local\temp\rar$ex00.290\repair.exe:repair.exe R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-08-23 313344] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-20 130936] S1 Hotkey;Hotkey; [x] S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-02-11 22712] S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2007-01-02 20448] S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2009-01-20 126008] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240] S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2008-11-27 183352] S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2009-01-22 19512] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2009-02-05 195640] S3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Npm\bin\NVCSCHED.EXE [2007-09-18 154680] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-01-15 118784] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - f:\wd_windows_tools\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a47c273-0652-11de-902d-001f16072112}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be7f653d-d205-11dd-8114-001f16072112}] \shell\AutoRun\command - f:\wd_windows_tools\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce6d21c5-eef4-11dd-8d9b-001f16072112}] \shell\AutoRun\command - wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d984d310-f938-11dd-9d2a-001f16072112}] \shell\AutoRun\command - F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da367666-d20e-11dd-ba12-001f16072112}] \shell\AutoRun\command - F:\Launch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5e8490c-0463-11de-a473-001f16072112}] \shell\AutoRun\command - F:\SETUP.EXE \shell\configure\command - F:\SETUP.EXE \shell\install\command - F:\SETUP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.myapex.com/ uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Petter\AppData\Roaming\Mozilla\Firefox\Profiles\elzx2lik.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - Web Search FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-28 20:21 Windows 6.0.6001 Service Pack 1 NTFS detected NTDLL code modification: ZwClose skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(4056) c:\windows\system32\SHDOCVW.dll c:\program files\Spyware Doctor\pctgmhk.dll c:\program files\Norman\nvc\bin\Niphk.dll . Tidspunkt ferdig: 2009-04-29 20:24 ComboFix-quarantined-files.txt 2009-04-29 03:24 Pre-Run: 45,836,881,920 byte ledig Post-Run: 45,500,481,536 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 254 --- E O F --- 2009-04-29 00:33 Lenke til kommentar
norbat Skrevet 29. april 2009 Del Skrevet 29. april 2009 Umiddelbart ser jeg ikke noe relatert til malware. Var det bare en sjekk? Lenke til kommentar
TheThrone Skrevet 29. april 2009 Forfatter Del Skrevet 29. april 2009 Vel, har brukt et par dager på den dataen her nå. Nesten hivd den i veggen. Den frøs konstant, noen ganger bare ved et høyreklikk på et ikon, eller når jeg prøvde å slette en fil. Windows Utforsker fryser ofte. Har tømt dataen for mye dritt og greier. Hadde en trojaner noen uker siden, men fikk fjerna den. Da dreiv dataen å nekte å skru seg på en hel dag. Så tenkte kanskje denne tjænesten her ville hjelpe. Men hvis dere her ikke finner noe, så regner jeg med at det bare er at dataen min suger ^^ Lenke til kommentar
norbat Skrevet 29. april 2009 Del Skrevet 29. april 2009 Er det noen prosesser som bruker mye cpu når pc'n fryser? (start opp oppgavebehandlingen og se) Lenke til kommentar
PzMan Skrevet 29. april 2009 Del Skrevet 29. april 2009 (endret) Vel, har brukt et par dager på den dataen her nå. Nesten hivd den i veggen. Den frøs konstant, noen ganger bare ved et høyreklikk på et ikon, eller når jeg prøvde å slette en fil. Windows Utforsker fryser ofte. Har tømt dataen for mye dritt og greier. Hadde en trojaner noen uker siden, men fikk fjerna den. Da dreiv dataen å nekte å skru seg på en hel dag. Så tenkte kanskje denne tjænesten her ville hjelpe. Men hvis dere her ikke finner noe, så regner jeg med at det bare er at dataen min suger ^^ Jeg er nesten sikker på at du har ikke samme problem som jeg hadde for en stund siden, men for å være på den sikre siden sjekk denne tråden: https://www.diskusjon.no/index.php?showtopic=1086316&hl= Endret 29. april 2009 av PzMan Lenke til kommentar
TheThrone Skrevet 1. mai 2009 Forfatter Del Skrevet 1. mai 2009 Sjekket ut ShellExView, og jaggu hjalp det gitt! Kan høyreklikke på ikoner og slette filer igjen det var NeroCoverEdContextMenu Class (Cover Designer) Takk for all hjelp folkens ^^ Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå