NeverWinter Skrevet 26. juli 2009 Del Skrevet 26. juli 2009 Siden I går etter at jeg kom hjem fra sommerferien, har det dukket opp trojaner meldinger hver time og annenhver halv-time. Hver gang jeg slår på dataen, dukker det opp en melding som sier: D.exe har sluttet og virke og vil derfor termineres. (eller noe slikt) Etter det mister jeg Oppgavebehandlings muligheten. Jeg fikset dette med oppgave behandling, med TaskManagerFix, men D.exe vil stadig crashe på nytt og jeg må bruke taskmanagerfix igjen. Så for mitt andre problem: Hver gang jeg går inn på en nettside jeg åpner Mozilla dukker det opp en liten "Advertising" side også. Men denne blir aldri fullkommen så jeg kan ikke stenge den av med mindre jeg bruker Oppgavebehandlingen. Men vis jeg stenger denne Advertisingen stenger jeg hele Mozilla samtidig. Uten tvil at jeg har med trojanere og gjøre, er det en måte å begå en rensing UTEN at jeg må re-formatere datamaskinen? (Bruker Ad-Aware og AVG Anti-Virus samt. Windows Defender.) Lenke til kommentar
fenderebest Skrevet 26. juli 2009 Del Skrevet 26. juli 2009 Du bør heller sjekke ut dette forumet her: https://www.diskusjon.no/index.php?showforum=131 Lenke til kommentar
NeverWinter Skrevet 26. juli 2009 Forfatter Del Skrevet 26. juli 2009 Oi, la ikke merke til den. Beklager dette. Lenke til kommentar
Svenni212000 Skrevet 26. juli 2009 Del Skrevet 26. juli 2009 Du kan følge norbat sin guide: https://www.diskusjon.no/index.php?showtopic=691246 Selv vil jeg si: 1. Kjør hurtig systemskann med Malwarebytes 2. Kjør Smart scan med a-squared Free 3. Kjør Combofix 4. Kjør HijackThis 5. Post loggene fra MBAM, a2Free, Combofix og Hijackthis i denne tråden. Lenke til kommentar
NeverWinter Skrevet 26. juli 2009 Forfatter Del Skrevet 26. juli 2009 Vel jeg kjørte Mbam, Combifix, og Hijack. Problemet ser ut til å ha fikset seg selv fordi jeg ikke har fått noen meldinger etter restarten, men her er loggene. Mbam Log: Malwarebytes' Anti-Malware 1.39Databaseversjon: 2504 Windows 6.0.6001 Service Pack 1 26.07.2009 17:38:32 mbam-log-2009-07-26 (17-38-32).txt Skanntype: Rask Skann Objekter skannet: 78587 Tid tilbakelagt: 21 minute(s), 21 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 23 Registerverdier infisert: 4 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 9 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\Program Files\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot. Registernøkler infisert: HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mjcore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mjcore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_CPV.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\MJCore.dll (Trojan.BHO) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\monopod (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\coldware (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DigiFast (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pridl (Trojan.Downloader) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Users\Sin\AppData\Roaming\cft (Trojan.Downloader) -> Quarantined and deleted successfully. Filer infisert: C:\Program Files\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot. C:\Users\Sin\AppData\Local\Temp\d.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\msa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully. c:\Windows\msb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\System32\AVR09.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Windows\System32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\winhelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. CombiFix Log: ComboFix 09-07-25.06 - Sin 26.07.2009 17:19.1.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2815.1451 [GMT 2:00] Kjører fra: c:\users\Sin\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\program files\AdvancedVirusRemover c:\program files\Jcore c:\program files\Jcore\Jcore2.dll c:\program files\WWShow c:\program files\WWShow\WWShow.dll c:\users\Sin\AppData\Local\Microsoft\Windows\Temporary Internet Files\bestwiner.stt c:\users\Sin\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts c:\users\Sin\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat c:\users\Sin\AppData\Roaming\digifast c:\users\Sin\AppData\Roaming\digifast\config.cfg c:\users\Sin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk c:\users\Sin\AppData\Roaming\Microsoft\Windows\Start Menu\Advanced Virus Remover.lnk c:\windows\msa.exe c:\windows\system32\AVR09.exe c:\windows\system32\winupdate.exe c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-26 til 2009-07-26 ))))))))))))))))))))))))))))))))) . 2009-07-26 15:14 . 2009-07-26 15:14 -------- d-----w- c:\users\Sin\AppData\Roaming\Malwarebytes 2009-07-26 15:14 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-26 15:14 . 2009-07-26 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-26 15:14 . 2009-07-26 15:14 -------- d-----w- c:\programdata\Malwarebytes 2009-07-26 15:14 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-26 05:44 . 2009-07-26 05:44 -------- d-----w- c:\program files\AdvancedVirusRemover 2009-07-26 05:44 . 2009-07-26 05:44 20992 ------w- c:\windows\system32\winhelper.dll 2009-07-26 04:37 . 2009-07-26 15:12 -------- dc-h--w- c:\programdata\~0 2009-07-26 04:37 . 2009-07-08 17:28 2920112 -c----w- c:\programdata\~0\Ad-AwareAE.exe 2009-07-26 04:37 . 2009-07-26 15:12 -------- d-----w- c:\programdata\Lavasoft 2009-07-26 03:02 . 2009-07-26 03:04 -------- d-----w- c:\users\Sin\AppData\Roaming\SPORE 2009-07-26 02:40 . 2009-07-26 02:41 -------- d-----w- c:\users\Sin\AppData\Roaming\cft 2009-07-26 02:12 . 2009-07-26 02:12 142336 ----a-w- c:\windows\msb.exe 2009-07-25 13:28 . 2009-07-25 13:56 -------- d-----w- C:\Root 2009-07-25 13:28 . 2009-07-25 13:28 -------- d-----w- c:\program files\Activision 2009-07-25 13:25 . 2009-07-25 13:25 -------- d-sh--w- c:\windows\ftpcache 2009-07-25 13:13 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-25 13:13 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-25 13:13 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-25 13:13 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-26 15:31 . 2009-05-03 16:58 -------- d-----w- c:\users\Sin\AppData\Roaming\Skype 2009-07-26 15:25 . 2009-03-20 16:35 -------- d-----w- c:\users\Sin\AppData\Roaming\DNA 2009-07-26 14:36 . 2009-02-10 11:30 -------- d-----w- c:\program files\Steam 2009-07-26 14:36 . 2009-05-03 17:00 -------- d-----w- c:\users\Sin\AppData\Roaming\skypePM 2009-07-26 14:35 . 2009-03-20 16:35 -------- d-----w- c:\program files\DNA 2009-07-26 04:41 . 2009-01-31 14:57 -------- d-----w- c:\programdata\avg8 2009-07-26 03:10 . 2009-01-27 16:02 -------- d-----w- c:\users\Sin\AppData\Roaming\Xfire 2009-07-26 03:02 . 2009-01-28 13:42 -------- d-----w- c:\users\Sin\AppData\Roaming\uTorrent 2009-07-26 02:49 . 2009-03-19 14:10 -------- d-----w- c:\program files\Electronic Arts 2009-07-26 02:49 . 2009-01-27 15:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-25 19:04 . 2009-02-10 11:30 -------- d-----w- c:\program files\Common Files\Steam 2009-07-25 18:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-25 17:41 . 2009-03-12 14:50 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-25 17:41 . 2009-03-12 14:50 189672 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-25 13:23 . 2009-01-27 16:02 -------- d-----w- c:\programdata\Xfire 2009-07-14 10:51 . 2009-01-31 14:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-14 10:51 . 2009-01-31 14:57 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-14 10:51 . 2009-01-31 14:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-25 04:55 . 2006-11-21 05:16 80592 ----a-w- c:\windows\system32\perfc014.dat 2009-06-25 04:55 . 2006-11-21 05:16 460388 ----a-w- c:\windows\system32\perfh014.dat 2009-06-23 21:03 . 2009-04-04 13:53 -------- d-----w- c:\users\Sin\AppData\Roaming\Hamachi 2009-06-17 14:30 . 2009-01-30 19:34 -------- d-----w- c:\programdata\TrackMania 2009-06-14 01:36 . 2009-04-18 16:06 -------- d-----w- c:\programdata\IJJIGame 2009-06-04 13:42 . 2009-03-19 14:34 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-06-04 13:11 . 2009-06-04 13:11 -------- d-----w- c:\program files\CAPCOM 2009-06-03 15:48 . 2009-06-03 17:43 779720 ----a-w- c:\programdata\IJJIGame\PurpleBean.exe 2009-05-12 18:48 . 2009-04-26 17:51 710064 ----a-w- c:\windows\system32\ijjiSetup.exe 2009-05-12 11:26 . 2009-01-31 14:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-09 05:50 . 2009-06-11 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-11 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-08 17:34 . 2009-05-08 17:34 94208 ----a-r- c:\users\Sin\AppData\Roaming\Microsoft\Installer\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}\python_icon.exe 2009-05-04 14:35 . 2009-01-27 15:19 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-03 17:00 . 2009-05-03 17:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-05-01 14:59 . 2009-05-01 14:59 25214 ----a-r- c:\users\Sin\AppData\Roaming\Microsoft\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe 2009-04-30 12:37 . 2009-06-13 21:17 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-04-30 12:37 . 2009-06-13 21:17 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-04-29 17:11 . 2009-05-20 14:54 66992 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe 2009-07-25 19:06 . 2009-01-27 14:58 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-07-13 10:07 . 2009-07-13 10:07 89600 ----a-w- c:\program files\mozilla firefox\components\WWShow.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Steam"="c:\program files\steam\steam.exe" [2009-06-11 1217784] "GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-12-03 2181672] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-20 342848] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-08 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-05-05 221300] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-14 1948440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-10-07 23552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CtxfiReg"="CTXFIREG.exe" - c:\windows\System32\CTxfiReg.exe [2008-10-07 47104] c:\users\Sin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784] Xfire.lnk - c:\spill\Xfire\Xfire.exe [2009-7-8 3190096] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{69F98EB8-FBB3-477A-80AF-D36DA7CA4BF4}c:\\spill\\xfire\\xfire.exe"= UDP:c:\spill\xfire\xfire.exe:Xfire "UDP Query User{D0A4C45E-76CA-45BB-A1D7-D14D977DAC1A}c:\\spill\\xfire\\xfire.exe"= TCP:c:\spill\xfire\xfire.exe:Xfire "{871FCAFE-AB30-41C5-9821-73AB3856E08B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{BA2717E0-6532-4E93-8509-3D655A00BDBF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{1AA8AC8B-2DBE-4FEA-B389-67AF9D845C9F}c:\\users\\sin\\desktop\\halo\\halo\\halo.exe"= UDP:c:\users\sin\desktop\halo\halo\halo.exe:halo.exe "UDP Query User{13029F51-1C73-4FF4-8F6A-C07FB308A1BC}c:\\users\\sin\\desktop\\halo\\halo\\halo.exe"= TCP:c:\users\sin\desktop\halo\halo\halo.exe:halo.exe "TCP Query User{A3A52415-3C95-4A2F-8100-9C8528F61613}c:\\spill\\track mania nations\\tmnationsforever\\tmforever.exe"= UDP:c:\spill\track mania nations\tmnationsforever\tmforever.exe:TmForever "UDP Query User{784C75A5-9C01-4E55-A1BD-5B42E880AE68}c:\\spill\\track mania nations\\tmnationsforever\\tmforever.exe"= TCP:c:\spill\track mania nations\tmnationsforever\tmforever.exe:TmForever "TCP Query User{13868583-81D8-4F7E-A91C-89865188B82D}c:\\spill\\avp2\\lithtech.exe"= UDP:c:\spill\avp2\lithtech.exe:Client "UDP Query User{3F9535E6-EDB0-4691-9BFC-7079672948A6}c:\\spill\\avp2\\lithtech.exe"= TCP:c:\spill\avp2\lithtech.exe:Client "TCP Query User{79DA06C6-A6D0-4533-9BE2-EF11E54809BE}c:\\spill\\soldat\\soldat.exe"= UDP:c:\spill\soldat\soldat.exe:Soldat "UDP Query User{7DB4D1CF-C6D9-425D-9F2A-F760339CD25F}c:\\spill\\soldat\\soldat.exe"= TCP:c:\spill\soldat\soldat.exe:Soldat "{F9C67E32-CE10-4746-869F-DCB554146F3B}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{EA353B8C-A618-4E7F-8CC9-90B6EC754EBC}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{903C3CD5-CB83-4A67-8F8B-8D028B89BACD}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{86AE77BD-4214-4296-9E7C-325DAF1A2D67}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{129852AD-A6DF-4768-9E6E-5E27CA84040C}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{D983CFA4-AE55-4717-A129-7AEA01C9B078}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{2B93F4C6-DFD0-446B-AFD4-1AF0D9FF8F87}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault "UDP Query User{EE321901-0A50-4CDB-A283-A0839C1CE2A4}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault "TCP Query User{E2C9022A-5B50-4058-A23C-56CFE8E80B46}c:\\spill\\jedi academy\\gamedata\\jamp.exe"= UDP:c:\spill\jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer "UDP Query User{7538C453-BA21-4428-9EDB-A6E153D09927}c:\\spill\\jedi academy\\gamedata\\jamp.exe"= TCP:c:\spill\jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer "{A84ED147-4D78-4F9E-94EF-9E73B4439700}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{4FE104E9-44EA-451C-8D96-9C67FD4DA3A9}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{3A74B531-2B4F-4D36-913E-B2A4FD10078B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{8D06528D-F856-41EE-B839-4BFF5989AD14}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{55AB14A4-2423-4E2F-AB92-B64F909332A5}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{E2FC7414-0450-4326-A944-945B78271E11}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{25E5B033-B6A9-4855-97B8-CAA6615A2C0A}"= UDP:c:\spill\BFME\game.dat:The Battle for Middle-earth "{05277685-81C2-4C6C-9CF3-75E8545A330C}"= TCP:c:\spill\BFME\game.dat:The Battle for Middle-earth "{97D3EED3-4ACF-41E3-A5DD-666A63C99364}"= UDP:c:\spill\BFME II\game.dat:The Battle for Middle-earth II "{AADD232D-27B0-48DE-AD71-A368A67668C1}"= TCP:c:\spill\BFME II\game.dat:The Battle for Middle-earth II "{1B9660C1-1C2D-4818-B8AE-B082E12F98D6}"= UDP:c:\spill\BFME II Rise of the witch king\game.dat:The Lord of the Rings, The Rise of the Witch-king "{42F2017C-65FF-4784-B03E-4A40D7BC865D}"= TCP:c:\spill\BFME II Rise of the witch king\game.dat:The Lord of the Rings, The Rise of the Witch-king "TCP Query User{62998D43-C8C1-4C85-B819-448B85A5F6DC}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{C4FADB64-7002-4A19-8268-D42872DAA46F}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "{14B94AD4-C778-4DAB-A13C-340C8ADD7636}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{AABD9912-5EB1-4910-B811-AFC55598EFA5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "TCP Query User{0A093282-C598-42AE-A145-64780969F00E}c:\\program files\\electronic arts\\crytek\\crysis wars\\bin32\\crysis.exe"= UDP:c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe:Crysis "UDP Query User{8FFECC9B-05C8-48AA-AA12-C683A8EC042C}c:\\program files\\electronic arts\\crytek\\crysis wars\\bin32\\crysis.exe"= TCP:c:\program files\electronic arts\crytek\crysis wars\bin32\crysis.exe:Crysis "{29A7348B-6478-4872-818A-BEAD8E5D6C51}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead "{8848E045-054E-4EDC-95CC-A15F79E56006}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead "{07FACDA3-1102-4570-AE25-D0767CF2DBAD}"= UDP:c:\program files\Spotify\spotify.exe:Spotify "{EF2338F8-3CA8-408E-A1EF-ABDADBBE2399}"= TCP:c:\program files\Spotify\spotify.exe:Spotify "{8D358E77-AA1B-4473-B06D-49DFCC7AD671}"= UDP:c:\spill\BFME II - Rise of the Witch King\game.dat:The Lord of the Rings, The Rise of the Witch-king "{60439F06-6020-412C-984B-2E2A55EDBD5D}"= TCP:c:\spill\BFME II - Rise of the Witch King\game.dat:The Lord of the Rings, The Rise of the Witch-king "TCP Query User{CD99EEAF-767B-40B5-BE83-83F1794DCCD1}c:\\spill\\bfme ii - rise of the witch king\\game.dat"= UDP:c:\spill\bfme ii - rise of the witch king\game.dat:The Battle for Middle-earth™ II "UDP Query User{DAD72946-F08B-4697-98BF-5E9A2C25588D}c:\\spill\\bfme ii - rise of the witch king\\game.dat"= TCP:c:\spill\bfme ii - rise of the witch king\game.dat:The Battle for Middle-earth™ II "TCP Query User{46F20950-B6EC-4D80-83AB-A4297A368B5A}c:\\spill\\xfire\\xfire.exe"= UDP:c:\spill\xfire\xfire.exe:Xfire "UDP Query User{F65EBEAD-2C3E-4884-B02E-F79047F61F70}c:\\spill\\xfire\\xfire.exe"= TCP:c:\spill\xfire\xfire.exe:Xfire "TCP Query User{0B02E4B1-7051-47F2-827B-04294DE55AD9}c:\\spill\\track mania nations\\tmnationsforever\\tmforever.exe"= UDP:c:\spill\track mania nations\tmnationsforever\tmforever.exe:TmForever "UDP Query User{C643481F-5A91-4807-9FAD-9B4A3FD87D84}c:\\spill\\track mania nations\\tmnationsforever\\tmforever.exe"= TCP:c:\spill\track mania nations\tmnationsforever\tmforever.exe:TmForever "TCP Query User{F4FD01B3-B0B5-424F-B116-9755A3F54044}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA "UDP Query User{15883867-61B9-4A40-A491-5E2E8B045298}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA "TCP Query User{70E942BC-A61F-4D24-854A-7B4052D7723D}c:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:c:\program files\ea games\battlefield 2\bf2.exe:BF2 "UDP Query User{9D99FCC7-D720-433C-B705-FDDED585A5BB}c:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:c:\program files\ea games\battlefield 2\bf2.exe:BF2 "TCP Query User{5332012C-5B2C-43B2-B72D-0288E58EA764}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "UDP Query User{934C4787-15E9-4E09-8C10-40D675EE0772}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "TCP Query User{66F4F9CD-759E-4FDD-B2A6-BC8AB0D8E978}c:\\spill\\soldat\\soldat.exe"= UDP:c:\spill\soldat\soldat.exe:Soldat "UDP Query User{C7E35599-2A5E-42BB-A858-67439FE3E109}c:\\spill\\soldat\\soldat.exe"= TCP:c:\spill\soldat\soldat.exe:Soldat "TCP Query User{BDE3EC8B-C9BA-4B4C-A0EA-7E1C6504F129}c:\\spill\\jedi academy\\gamedata\\jamp.exe"= UDP:c:\spill\jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer "UDP Query User{6492C034-1BF6-4820-B1A0-92BDB7EB7F18}c:\\spill\\jedi academy\\gamedata\\jamp.exe"= TCP:c:\spill\jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer "TCP Query User{3C5CFE6C-226B-4B4A-BCBA-670E8B5E1C74}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{DAEC5B46-6D81-4E43-AAC6-8B2619295660}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{BDF41D9A-F803-4CE8-B10D-987051DCB412}"= UDP:c:\program files\Spotify\spotify.exe:Spotify "{3363E68E-60BE-481C-BF7A-EBB709DA8675}"= TCP:c:\program files\Spotify\spotify.exe:Spotify "TCP Query User{BFACC12C-2678-43B3-83E7-3D61084A2D60}c:\\spill\\lord of the rings - conquest\\conquest.exe"= UDP:c:\spill\lord of the rings - conquest\conquest.exe:Game "UDP Query User{5B74BEA0-F308-4DD3-82F3-0CCC7FE1BB21}c:\\spill\\lord of the rings - conquest\\conquest.exe"= TCP:c:\spill\lord of the rings - conquest\conquest.exe:Game "{06EC5699-2047-48B2-B18C-3AA4F1FAD979}"= UDP:c:\ijji\ENGLISH\Gunz\GunzLauncher.exe:Gunz "{B7C58637-F57B-4E77-B202-E4DFF1829CE0}"= TCP:c:\ijji\ENGLISH\Gunz\GunzLauncher.exe:Gunz "{B5F63854-A709-4545-BFC2-33F9C5F034CC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5CAD3F5A-B9DB-402C-AA7B-6A60563FEFAE}"= c:\program files\Skype\Phone\Skype.exe:Skype "{B668983D-535D-4AD6-81B1-2355BFE7A4BC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{DB2D8404-EAB5-4EE9-9925-26C09FDE56E8}"= c:\program files\Skype\Phone\Skype.exe:Skype "{1BCA25F5-3C37-4B9C-B51B-9EF0BF0407AC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{163456A1-3A9C-4252-BDCB-B2E3BB50E9BB}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C27BDF69-40D1-430B-8C4E-07EF0931CC2D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D00B65A5-1F09-40FF-8AB8-E47AEE6382F0}"= c:\program files\Skype\Phone\Skype.exe:Skype "{13079013-FA26-40D4-8057-CC54EF6F1F6C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{56A10431-7A94-4019-AD27-86466368C38E}"= c:\program files\Skype\Phone\Skype.exe:Skype "{98DA7F36-0FA2-4BE1-AF60-AAB441C0F2CD}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E56BAAA6-396F-4C13-B768-48DF9E93C0ED}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6C966E55-B273-4A62-97A6-4BDB525FC785}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6A529D61-2CC1-403D-98B6-6E4E94FF37B8}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{33F0B41E-845E-4EBE-A435-3D824CF3EDBE}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz "UDP Query User{911AD837-3683-48F9-80AB-5B3D9B0D758F}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz "{E357B1B0-E8FB-4C12-8B43-BE9D8CE82641}"= c:\program files\Skype\Phone\Skype.exe:Skype "{130BBA4E-820C-499B-ACA4-1B05FEB5CA6D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{E74AABB3-C595-4C75-867E-E52C0B3F1487}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{43A332C4-C6DC-43C4-AA30-DBDCD7A164A2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{EAACF1C1-D34D-4C12-9A73-49F40FD600FF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{DF3E06A7-9E9D-4842-A3F0-EFD70F413B75}"= c:\program files\Skype\Phone\Skype.exe:Skype "{99F002AA-3D0D-4DD7-ABAB-A79CAA9B293E}"= c:\program files\Skype\Phone\Skype.exe:Skype "{1DDF3466-2A92-467B-9231-48660A430737}"= c:\program files\Skype\Phone\Skype.exe:Skype "{56799ED3-5229-46F2-BEC6-968425BC8895}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E47EFD4C-FEBD-4E7C-AE11-3964B4E25121}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E1AB726F-2952-4715-B30F-0E19C5BFAE3E}"= c:\program files\Skype\Phone\Skype.exe:Skype "{99E166F3-7D83-4853-AEB0-020BA6D4AAAF}"= c:\program files\Skype\Phone\Skype.exe:Skype "{7CF18638-BA3A-4C4E-91DA-83FF2BEC6518}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D09B62F4-0960-4A9B-AE9A-111A73F19436}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6601ABD1-054B-4ED5-B4B0-2A3CD8192061}"= c:\program files\Skype\Phone\Skype.exe:Skype "{34F4EF9B-F60E-41EF-9D16-0394995B21A5}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A719B5F3-A2F3-4243-98A0-95EE51FB659F}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E959FD04-C86A-4F98-83E8-E60D4ECC8048}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5307D484-3A34-4EDF-B69B-27A2DA375DD2}"= c:\program files\Skype\Phone\Skype.exe:Skype "{B3988035-ED1F-42D4-BACD-99FD8255B55D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{15A7A80A-A019-49E1-BA37-62C98AF45CE9}"= c:\program files\Skype\Phone\Skype.exe:Skype "{BA69431E-5B61-44DF-B459-4D5B988BC6E6}"= c:\program files\Skype\Phone\Skype.exe:Skype "{4D1823A3-CA64-46C6-BC83-70843B0D0021}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2VoiceSetup.exe:BF2VoiceSetup "{A76CA7F3-4CB4-4E98-B5FE-9571AA9100F3}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2VoiceSetup.exe:BF2VoiceSetup "TCP Query User{6EC30D93-87C1-40A9-848C-BD43841991C9}c:\\program files\\ea games\\battlefield 2\\bf2voipserver_w32ded.exe"= UDP:c:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe:BF2VoipServer_w32ded "UDP Query User{6AC5467C-B32C-4D5D-86FE-A95181D5D957}c:\\program files\\ea games\\battlefield 2\\bf2voipserver_w32ded.exe"= TCP:c:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe:BF2VoipServer_w32ded "TCP Query User{65DBEC12-D2E2-4256-B25A-3E87311A32E8}c:\\program files\\ea games\\battlefield 2\\bf2voipserver.exe"= UDP:c:\program files\ea games\battlefield 2\bf2voipserver.exe:BF2VoipServer "UDP Query User{D423F854-727F-44FB-BF1C-2AB3C12108C0}c:\\program files\\ea games\\battlefield 2\\bf2voipserver.exe"= TCP:c:\program files\ea games\battlefield 2\bf2voipserver.exe:BF2VoipServer "{6B904182-4570-4FA8-9B8B-24BE487BA655}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A7C487DF-CC2D-4439-984C-9D6F32CCFE52}"= c:\program files\Skype\Phone\Skype.exe:Skype "{304C376E-35E4-4135-84F8-B9D7B0D661D4}"= c:\program files\Skype\Phone\Skype.exe:Skype "{449A960A-3B8C-41E2-BA61-2E7EAD39D8E8}"= c:\program files\Skype\Phone\Skype.exe:Skype "{1F7DA38B-7DD1-4A45-B915-D8F1B5E5973D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D5A58C1A-9E46-41AD-BD87-BD1C02BDACE0}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D74F7E14-D595-4372-838C-0E37AFB6F8D6}"= c:\program files\Skype\Phone\Skype.exe:Skype "{30624A59-5425-4F21-8135-36A448DF4329}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E822DA0C-7DF9-4A1E-ACF6-B373AB823100}"= c:\program files\Skype\Phone\Skype.exe:Skype "{3A6CF79A-9EC5-4811-870D-92C71C6581F5}"= c:\program files\Skype\Phone\Skype.exe:Skype "{0443E20A-37C4-4072-AC62-D62B7B524625}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6180EED4-ECAE-4DD5-A456-1271C0A2BB35}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FA333F9D-FF13-4025-AD46-000C2E8EC8F3}"= c:\program files\Skype\Phone\Skype.exe:Skype "{591EC986-F633-45BE-BA77-DA129A84682B}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead "{B726D568-08C2-4C98-BAB8-83B0CC0BE9B1}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead "{8D8D8970-5293-45BD-9FC1-62CDB15AB247}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype "{D82176C1-B14C-4E41-BA2E-EC44F6F7A7FA}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype "TCP Query User{3783B964-FB2A-4CBC-85CD-5A8C46E22581}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{6A406868-391D-4513-9CDF-8E5D5E360535}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "{355F1552-2638-421B-A1F1-B66B6E48A0B8}"= c:\program files\Skype\Phone\Skype.exe:Skype "{D1A4E007-E642-4C00-91E6-2BED34C8C3AB}"= c:\program files\Skype\Phone\Skype.exe:Skype R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-01-27 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-27 79360] R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-01-27 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728] R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280] R3 fsssvc;Windows Live Tryggere for familien;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-17 2741114] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-14 327688] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-12 108552] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-14 906520] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-14 298776] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-07-13 38160] S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-04-10 20480] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MBAMSWISSARMY . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-ColdWare - c:\windows\msa.exe HKCU-Run-pridl - c:\users\Sin\AppData\Roaming\pridl\pridl.exe HKCU-Run-DigiFast - c:\users\Sin\AppData\Roaming\digifast\digifast.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\users\Sin\AppData\Roaming\Mozilla\Firefox\Profiles\2fcs0hyq.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - www.google.no FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\components\WWShow.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-26 17:30 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1653483811-1938132633-3469907279-1000\Software\SecuROM\License information*] "datasecu"=hex:d8,1e,97,48,e0,69,de,ec,d4,e0,27,64,21,0d,95,d5,ab,3c,45,61,36, 9e,dd,36,3c,67,a2,7c,2b,76,46,39,24,df,2e,56,77,a1,57,47,46,ca,d1,9e,a7,e5,\ "rkeysecu"=hex:8c,1a,6f,e4,d9,ea,1a,d1,8c,a9,95,74,9f,b8,cf,d7 . Tidspunkt ferdig: 2009-07-26 17:37 ComboFix-quarantined-files.txt 2009-07-26 15:37 Pre-Run: 68 166 942 720 byte ledig Post-Run: 69 284 454 400 byte ledig 335 --- E O F --- 2009-07-25 18:49 HiJack This Log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:49:01, on 26.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Steam\steam.exe C:\Program Files\EXPERTool\TBPANEL.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\SPILL\Xfire\Xfire.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user') O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: Xfire.lnk = C:\SPILL\Xfire\Xfire.exe O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative HOAL Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 8419 bytes Lenke til kommentar
Jarmo Skrevet 27. juli 2009 Del Skrevet 27. juli 2009 Oi, la ikke merke til den. Beklager dette. Fixet nå. Lenke til kommentar
raWrz Skrevet 27. juli 2009 Del Skrevet 27. juli 2009 (endret) skal starte litt. er det reklame for Advanced Virus Remover som kommer opp? KAN NOEN TA OVER SIDEN JEG DRAR PÅ FERIE IMORRA (tirsdag 28.juli) Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: c:\windows\system32\ijjiSetup.exe c:\windows\system32\ijjiProcessRestarter.exe c:\programdata\~0\Ad-AwareAE.exe Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. NeverWinter, hvis det ser ut som om tråden din blir glemt så er jeg tilbake på onsdag og fikser resten hvis ingen andre kommer (og hvis jeg ikke glemmer det da ) Endret 27. juli 2009 av Submit Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå