Krissma512 Skrevet 26. august 2009 Del Skrevet 26. august 2009 jeg har et problem jeg får ikke sletta load[1].exe selv om jeg har Avast, hver gang jeg starter kommer det en varsel der det står at jeg har fått en trojan som heter load[1].exe. Så trykker jeg på slett når det har gått 30 min så kommer det den samme varslen. det virker ut som Avast ikke greier og slette denne trojanen. jeg trenger hjelp! please svar meg Lenke til kommentar
Krissma512 Skrevet 26. august 2009 Forfatter Del Skrevet 26. august 2009 her er det er bilde Lenke til kommentar
Krissma512 Skrevet 26. august 2009 Forfatter Del Skrevet 26. august 2009 jeg får også varsel om 20699.exe som er en trojan. og den trojanen bytter tall noen ganger så heter den 18919.exe. se her Lenke til kommentar
Atiks Skrevet 26. august 2009 Del Skrevet 26. august 2009 (endret) Les denne Veiledning og post loggene i denne tråden. Endret 26. august 2009 av snippern Lenke til kommentar
Atiks Skrevet 27. august 2009 Del Skrevet 27. august 2009 (endret) For å slette filen manuelt gjør du som jeg gjorde på bilde under. Først velg du Flere Verktøy der etter trykker du på det jeg har markert. Etter det skal det komme opp et vindu som du skal velge den filen du skal slette og da skal den være borte. Endret 27. august 2009 av snippern Lenke til kommentar
kris98 Skrevet 27. august 2009 Del Skrevet 27. august 2009 PC'n trenger ikke være infisert selv om den finner en infisert fil i Temporary Internet Files. Bare du ikke åpner den så regner jeg vel med du er trygg, men ser jo at du vil ha den vekk ifra PC'n. Lenke til kommentar
Krissma512 Skrevet 27. august 2009 Forfatter Del Skrevet 27. august 2009 (endret) dette er loggen: Malwarebytes' Anti-Malware 1.40 Databaseversjon: 2700 Windows 5.1.2600 Service Pack 3 26.08.2009 20:48:02 mbam-log-2009-08-26 (20-48-02).txt Skanntype: Rask Skann Objekter skannet: 96565 Tid tilbakelagt: 4 minute(s), 37 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: C:\WINDOWS\system32\drivers\etc\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\%s (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\drivers\etc\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. Endret 27. august 2009 av Krissma512 Lenke til kommentar
Atiks Skrevet 27. august 2009 Del Skrevet 27. august 2009 oppdater MBAM kjør en ny skann. Lenke til kommentar
Krissma512 Skrevet 27. august 2009 Forfatter Del Skrevet 27. august 2009 oppdater MBAM kjør en ny skann. Malwarebytes' Anti-Malware 1.40 Databaseversjon: 2706 Windows 5.1.2600 Service Pack 3 27.08.2009 16:28:14 mbam-log-2009-08-27 (16-28-14).txt Skanntype: Rask Skann Objekter skannet: 96264 Tid tilbakelagt: 5 minute(s), 25 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
Atiks Skrevet 27. august 2009 Del Skrevet 27. august 2009 Ja MBAM fant ingen virus den. Men Kjør HJT og post loggen den tar ikke lang tid. Lenke til kommentar
Atiks Skrevet 27. august 2009 Del Skrevet 27. august 2009 Og vis du får opp en feilmelding med HJT så venstre klikk på musen og velg kjør som admistrator da går det. Lenke til kommentar
Krissma512 Skrevet 27. august 2009 Forfatter Del Skrevet 27. august 2009 Og vis du får opp en feilmelding med HJT så venstre klikk på musen og velg kjør som admistrator da går det. men Avast varsler ikke nå mer etter jeg skanna i går med Malwarebytes Anti-Malware jeg tror viruse er borte men kan jeg være helt sikker? Lenke til kommentar
Krissma512 Skrevet 27. august 2009 Forfatter Del Skrevet 27. august 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:44:35, on 27.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programfiler\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe C:\WINDOWS\system32\LckFldService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ASUS\TurboV\TurboV.exe C:\Programfiler\ASUS\EPU\EPU.exe C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe D:\Programfiler\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Kristian Andersen\Mine dokumenter\Ting\anti virus scanning\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [TurboV] C:\Programfiler\ASUS\TurboV\TurboV.exe O4 - HKLM\..\Run: [six Engine] C:\Programfiler\ASUS\EPU\EPU.exe -r O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\Q-Button\QButton.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [start WingMan Profiler] C:\Programfiler\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [CTSysVol.exe] "C:\Documents and Settings\Kristian Andersen\Lokale innstillinger\Programdata\Microsoft\Windows\CTSysVol.exe" O4 - HKCU\..\Run: [RGSC] D:\Programfiler\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MSN.lnk = C:\Program Files\MSN Messenger\msnmsgr.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1245955912100 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1246973070218 O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab O23 - Service: AODService - Unknown owner - C:\Programfiler\AMD\OverDrive\AODAssist (file missing) O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Programfiler\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe -- End of file - 7764 bytes Lenke til kommentar
Atiks Skrevet 27. august 2009 Del Skrevet 27. august 2009 Hvis du vil være helt sikker på at du ikke har virus prøv heller ta en full MBAM skann isteden for en rask. Lenke til kommentar
snippsat Skrevet 27. august 2009 Del Skrevet 27. august 2009 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Lenke til kommentar
Krissma512 Skrevet 28. august 2009 Forfatter Del Skrevet 28. august 2009 jeg har ikke noe mer Virus på pc tusen takk for all hjelpen jeg fikk! Lenke til kommentar
Tosha0007 Skrevet 31. august 2009 Del Skrevet 31. august 2009 Du må poste heile Combofix loggen som ligg her; C:\combofix.txt Lenke til kommentar
Krissma512 Skrevet 25. september 2009 Forfatter Del Skrevet 25. september 2009 DETTE ER ComboFix logen: ComboFix 09-09-25.01 - Kristian Andersen 26.09.2009 0:45.1.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.3327.2706 [GMT 2:00] Kjører fra: c:\documents and settings\Kristian Andersen\Mine dokumenter\Ting\anti virus scanning\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 090925-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\KRISTI~1\LOKALE~1\Temp\install_flash_player.exe c:\docume~1\KRISTI~1\LOKALE~1\Temp\sfamcc00001.dll c:\docume~1\KRISTI~1\LOKALE~1\Temp\sfareca00001.dll c:\documents and settings\Kristian Andersen\Lokale innstillinger\Programdata\DoubleD c:\documents and settings\Kristian Andersen\Lokale innstillinger\Programdata\DoubleD\GamingHarbor Toolbar\4.2.4.23050\bin\stbup.exe c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temp\sfamcc00001.dll c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temp\sfareca00001.dll c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe c:\documents and settings\Kristian Andersen\Lokale innstillinger\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat c:\windows\system32\advapi32new.dll c:\windows\system32\apphelpnew.dll c:\windows\system32\BReWErS.dll c:\windows\system32\crypt32new.dll c:\windows\system32\d3d10core.dll c:\windows\system32\dwmapi.dll c:\windows\system32\kernel32new.dll c:\windows\system32\Mlkf.dll c:\windows\system32\msvcrtnew.dll c:\windows\system32\ntdsapinew.dll c:\windows\system32\ntSVc.ocx c:\windows\system32\powrprofnew.dll c:\windows\system32\secur32new.dll c:\windows\system32\user32new.dll c:\windows\system32\winstanew.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-08-25 til 2009-09-25 ))))))))))))))))))))))))))))))))) . 2009-09-24 16:45 . 2009-09-24 16:45 -------- d-----w- c:\documents and settings\NetworkService\Lokale innstillinger\Programdata\Apple 2009-09-23 14:55 . 2009-09-23 14:55 -------- d-----w- c:\programfiler\NVIDIA Corporation 2009-09-23 14:55 . 2009-09-23 14:55 -------- d-----w- c:\documents and settings\All Users\Programdata\NVIDIA Corporation 2009-09-23 14:34 . 2009-09-23 14:55 -------- d-----w- c:\programfiler\AGEIA Technologies 2009-09-23 14:34 . 2009-09-23 14:34 -------- d-----w- c:\windows\system32\AGEIA 2009-09-22 17:04 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-09-22 17:04 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-09-22 17:04 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-09-22 17:04 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-09-22 17:04 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-09-22 17:04 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-09-22 17:04 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-09-19 08:54 . 2009-09-19 08:54 -------- d-----w- c:\programfiler\Fellesfiler\xing shared 2009-09-18 19:43 . 2009-09-18 19:46 -------- d-----w- c:\documents and settings\Kristian Andersen\amsn 2009-09-16 20:15 . 2009-09-16 20:15 -------- d-----w- c:\programfiler\Microsoft 2009-09-16 20:15 . 2009-09-16 20:16 -------- d-----w- c:\programfiler\Windows Live 2009-09-15 21:08 . 2009-09-25 22:40 -------- d-----w- c:\documents and settings\Kristian Andersen\Tracing 2009-09-15 21:07 . 2009-09-15 21:07 -------- d-----w- c:\programfiler\Windows Live SkyDrive 2009-09-15 18:21 . 2009-09-15 18:21 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2009-09-15 10:32 . 2009-09-16 12:10 -------- d-----w- c:\programfiler\ZenoClash 2009-09-15 09:27 . 2009-09-15 09:34 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\ImgBurn 2009-09-15 09:16 . 2009-09-15 09:16 -------- d-----w- c:\programfiler\ImgBurn 2009-09-13 11:47 . 2009-09-13 11:47 -------- d-----w- c:\windows\A6D96D8E04C447E8A681F7C9C6444B9A.TMP 2009-09-12 19:44 . 2009-09-12 19:44 -------- d-----w- c:\documents and settings\Kristian Andersen\Lokale innstillinger\Programdata\id Software 2009-09-12 08:25 . 2009-09-12 08:25 -------- d-----w- c:\programfiler\LucasArts 2009-09-08 17:44 . 2009-09-08 17:45 -------- d-----w- c:\programfiler\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition 2009-09-08 17:00 . 2009-09-08 17:00 -------- d-----w- c:\programfiler\Lavalys 2009-09-07 19:01 . 2009-09-08 20:55 -------- d-----w- c:\programfiler\LcdStudio 2009-09-07 18:50 . 2009-09-07 18:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Logitech 2009-09-07 15:28 . 2009-09-07 15:28 -------- d-----w- c:\programfiler\DIFX 2009-09-07 15:28 . 2007-08-02 15:32 22784 ----a-w- c:\windows\system32\drivers\dadder.sys 2009-09-07 15:28 . 2005-03-03 17:47 31104 ----a-w- c:\windows\system32\drivers\CYUSB.sys 2009-09-07 15:27 . 2009-09-07 15:27 -------- d-----w- c:\programfiler\Razer 2009-09-05 11:42 . 2009-09-05 11:42 -------- d-----w- c:\documents and settings\Kristian Andersen\Lokale innstillinger\Programdata\CAPCOM 2009-09-05 10:37 . 2009-09-05 10:37 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-05 10:28 . 2009-09-06 11:04 -------- d-----w- c:\programfiler\DEVILMAYCRY4 2009-09-04 15:01 . 2009-09-05 10:52 -------- d-----w- c:\programfiler\Activision 2009-08-29 16:13 . 2009-08-29 16:21 -------- d-----w- c:\programfiler\Medal of honor 2 underground 2009-08-28 14:18 . 2009-08-28 14:18 -------- d-----w- C:\users 2009-08-27 17:35 . 2009-08-27 17:35 -------- d-----w- c:\programfiler\Fellesfiler\DirectX 2009-08-27 17:34 . 2009-08-27 17:34 -------- d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP 2009-08-27 17:34 . 2009-08-27 17:34 -------- d-----w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-25 22:42 . 2009-06-26 14:45 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2009-09-25 22:41 . 2009-06-30 14:49 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\uTorrent 2009-09-25 22:39 . 2009-06-27 18:29 -------- d-----w- c:\programfiler\SpeedFan 2009-09-25 22:38 . 2009-07-29 23:48 390320 ----a-w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\FontCache3.0.0.0.dat 2009-09-23 15:00 . 2009-07-30 20:59 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-23 15:00 . 2009-06-30 14:51 -------- d-----w- c:\programfiler\uTorrent 2009-09-23 14:55 . 2009-06-30 20:46 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-09-19 08:55 . 2009-07-01 12:20 -------- d-----w- c:\programfiler\Fellesfiler\Real 2009-09-18 13:06 . 2009-06-26 14:28 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-18 13:06 . 2009-06-26 14:28 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-13 11:44 . 2009-06-26 14:13 -------- d-----w- c:\programfiler\Electronic Arts 2009-09-12 08:25 . 2009-06-20 14:48 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2009-09-09 20:45 . 2001-10-09 12:00 79648 ----a-w- c:\windows\system32\perfc014.dat 2009-09-09 20:45 . 2001-10-09 12:00 444036 ----a-w- c:\windows\system32\perfh014.dat 2009-09-08 20:31 . 2009-06-20 16:12 37416 ----a-w- c:\documents and settings\Kristian Andersen\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-09-07 18:50 . 2009-08-07 21:29 -------- d-----w- c:\programfiler\Logitech 2009-09-04 15:44 . 2009-06-26 14:49 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-08-26 18:40 . 2009-08-26 18:40 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\Malwarebytes 2009-08-26 18:40 . 2009-08-26 18:40 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-08-26 18:40 . 2009-08-26 18:40 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-08-25 18:35 . 2009-08-14 00:19 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\Spotify 2009-08-23 12:14 . 2009-08-23 12:14 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\Apple Computer 2009-08-22 16:05 . 2009-08-22 16:05 -------- d-----w- c:\programfiler\QuickTime 2009-08-22 16:05 . 2009-08-22 16:05 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple Computer 2009-08-22 16:04 . 2009-08-22 16:04 -------- d-----w- c:\programfiler\Apple Software Update 2009-08-22 16:04 . 2009-08-22 16:04 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple 2009-08-22 15:32 . 2009-08-22 15:32 -------- d-----w- c:\programfiler\Advanced MID Converter 2009-08-22 10:55 . 2009-08-22 10:55 -------- d-----w- c:\documents and settings\All Users\Programdata\Blizzard Entertainment 2009-08-22 01:02 . 2009-08-22 01:02 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\Nokia Multimedia Player 2009-08-22 01:00 . 2009-08-22 01:00 -------- d-----w- c:\programfiler\Nokia 2009-08-22 01:00 . 2009-08-22 01:00 -------- d-----w- c:\programfiler\Fellesfiler\PCSuite 2009-08-22 01:00 . 2009-08-22 01:00 -------- d-----w- c:\programfiler\Fellesfiler\Nokia 2009-08-21 16:37 . 2009-07-12 00:38 -------- d-----w- c:\programfiler\Cheat Engine 2009-08-17 16:10 . 2009-06-25 20:11 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-06-25 20:11 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-06-25 20:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-06-25 20:11 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-06-25 20:11 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-06-25 20:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-06-25 20:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-06-25 20:11 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-06-25 20:11 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-17 01:04 . 2009-08-17 01:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-08-17 01:04 . 2009-08-17 01:04 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-08-17 01:03 . 2009-08-17 01:03 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-08-17 01:03 . 2009-08-17 01:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 01:03 . 2009-08-17 01:03 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-08-17 01:03 . 2009-08-17 01:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-08-17 01:03 . 2009-08-17 01:03 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-08-17 01:03 . 2009-08-17 01:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-08-17 01:03 . 2009-08-17 01:03 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-08-17 01:03 . 2009-08-17 01:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-08-17 01:03 . 2009-08-17 01:03 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-08-17 01:03 . 2009-08-17 01:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-16 22:57 . 2009-06-20 15:57 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-16 22:57 . 2009-06-20 15:57 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-16 22:57 . 2009-06-20 15:57 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-16 22:57 . 2009-06-20 15:57 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-16 22:57 . 2009-06-20 15:57 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-16 22:57 . 2009-06-20 15:57 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-16 22:57 . 2009-06-20 15:57 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-16 22:57 . 2009-06-20 15:57 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-16 22:57 . 2009-06-10 04:03 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-16 22:57 . 2009-06-10 04:03 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-16 22:57 . 2009-06-10 04:03 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-14 00:13 . 2009-08-14 00:13 -------- d-----w- c:\programfiler\Spotify 2009-08-13 00:07 . 2009-08-13 00:07 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\TeamViewer 2009-08-13 00:07 . 2009-08-13 00:07 -------- d-----w- c:\programfiler\TeamViewer 2009-08-12 17:51 . 2009-08-12 17:51 740745 ----a-w- c:\windows\M4A79-Deluxe-1804.zip 2009-08-12 17:18 . 2009-08-12 17:18 -------- d-----w- c:\programfiler\Sun 2009-08-12 13:19 . 2009-08-12 13:19 -------- d-----w- c:\programfiler\OpenAL 2009-08-12 13:19 . 2009-07-08 21:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2009-08-12 13:19 . 2009-07-08 21:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2009-08-12 12:40 . 2009-06-20 18:36 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\AdobeUM 2009-08-11 21:58 . 2009-06-26 14:28 22328 ----a-w- c:\documents and settings\Kristian Andersen\Programdata\PnkBstrK.sys 2009-08-11 21:58 . 2009-06-26 14:28 682280 ----a-w- c:\windows\system32\pbsvc.exe 2009-08-11 21:58 . 2009-06-26 14:28 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-08-11 10:35 . 2009-06-20 15:57 485920 ----a-w- c:\windows\system32\nvuninst.exe 2009-08-10 21:19 . 2009-08-10 21:19 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\Sony 2009-08-10 20:07 . 2009-06-26 19:51 -------- d-----w- c:\programfiler\Windows Media Connect 2 2009-08-08 01:13 . 2009-08-08 01:13 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live 2009-08-07 21:29 . 2009-08-07 21:29 -------- d-----w- c:\programfiler\Fellesfiler\Logitech 2009-08-06 23:04 . 2009-08-06 23:04 -------- d-----w- c:\programfiler\Pure Motion 2009-08-06 23:04 . 2009-08-06 23:04 -------- d-----w- c:\programfiler\Sonic Foundry 2009-08-06 23:04 . 2009-08-06 23:04 -------- d-----w- c:\programfiler\DebugMode 2009-08-05 14:21 . 2009-08-12 17:18 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2009-08-05 14:20 . 2009-08-05 14:20 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll 2009-08-05 14:20 . 2009-08-12 17:18 91472 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2009-08-05 14:20 . 2009-08-05 14:20 99472 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2009-08-05 14:19 . 2009-08-12 17:18 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2009-08-05 09:01 . 2009-06-20 15:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 11:36 . 2009-08-26 18:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 11:36 . 2009-08-26 18:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll 2009-07-31 11:29 . 2009-06-20 17:27 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\U3 2009-07-28 02:27 . 2009-07-04 23:48 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\DMCache 2009-07-28 02:27 . 2009-07-04 23:48 -------- d-----w- c:\documents and settings\Kristian Andersen\Programdata\IDM 2009-07-28 01:48 . 2009-07-11 01:06 89 ----a-w- c:\windows\system32\mslck.dat 2009-06-20 16:12 . 2009-06-20 16:12 8 --sh--r- c:\windows\system329161193E6.sys 2009-06-20 20:10 . 2009-06-20 16:12 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "uTorrent"="c:\programfiler\uTorrent\uTorrent.exe" [2009-07-27 288048] "CTSysVol.exe"="c:\documents and settings\Kristian Andersen\Lokale innstillinger\Programdata\Microsoft\Windows\CTSysVol.exe" [2009-07-09 611328] "RGSC"="d:\programfiler\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-07-15 306088] "Fraps"="c:\fraps\FRAPS.EXE" [2008-01-14 3182248] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TurboV"="c:\programfiler\ASUS\TurboV\TurboV.exe" [2008-12-19 5381120] "Six Engine"="c:\programfiler\ASUS\EPU\EPU.exe" [2008-12-20 4066816] "Ai Nap"="c:\program files\ASUS\Ai Suite\Q-Button\QButton.exe" [2008-12-22 1953280] "QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432] "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152] "Ulead AutoDetector v2"="c:\programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-06-30 148888] "Start WingMan Profiler"="c:\programfiler\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-05-26 413696] "DeathAdder"="c:\programfiler\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "Launch LCDMon"="c:\programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824] "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2009-09-19 198160] "nwiz"="c:\programfiler\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Kristian Andersen\Start-meny\Programmer\Oppstart\ Snarvei til G15SpeedFan.lnk - c:\programfiler\SpeedFan\G15SpeedFan.exe [2009-9-8 53424] Snarvei til speedfan.lnk - c:\programfiler\SpeedFan\speedfan.exe [2009-4-22 3921528] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Ralink Wireless Utility.lnk - c:\programfiler\RALINK\Common\RaUI.exe [2009-6-26 606208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\ [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2008-09-17 06:05 210168 ----a-w- c:\programfiler\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "d:\\Programfiler\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= "c:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"= "d:\\Programfiler\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"= "d:\\Programfiler\\Steam\\steamapps\\kriss423\\garrysmod\\hl2.exe"= "d:\\Program files\\Bohemia Interactive\\ArmA 2 Demo\\ArmA2Demo.exe"= "d:\\Programfiler\\Codemasters\\FUEL\\FUEL.exe"= "d:\\Programfiler\\Steam\\steamapps\\kriss423\\day of defeat source\\hl2.exe"= "d:\\Programfiler\\World of Warcraft\\Launcher.exe"= "d:\\Programfiler\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "d:\\Programfiler\\Steam\\steamapps\\kriss423\\counter-strike\\hl.exe"= "d:\\Programfiler\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "d:\\Programfiler\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "d:\\Programfiler\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "d:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "d:\\Programfiler\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"= "d:\\Programfiler\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"= "d:\\Programfiler\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"= "d:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "d:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Programfiler\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "d:\\Programfiler\\Steam\\steamapps\\kriss423\\counter-strike source\\hl2.exe"= "d:\\Programfiler\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"= "d:\\Programfiler\\Steam\\steamapps\\common\\darkest of days demo\\darkestofdays.exe"= "d:\\Programfiler\\Steam\\steamapps\\common\\overlord ii - demo\\Overlord2Demo.exe"= "d:\\Programfiler\\Steam\\steamapps\\common\\overlord ii - demo\\Config.exe"= "d:\\Programfiler\\Steam\\steamapps\\common\\dawn of war ii - spd\\DOW2.exe"= "d:\\Programfiler\\Steam\\steamapps\\common\\last remnant - demo sel\\Binaries\\TLRDemo.exe"= "d:\\Programfiler\\Steam\\steamapps\\common\\necrovision - demo\\Bin\\NecroVisioN.exe"= "d:\\Programfiler\\Steam\\steamapps\\common\\enemy territory quake wars demo 2\\etqw.exe"= "d:\\Programfiler\\Steam\\steamapps\\common\\trine demo\\trine_launcher.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "g:\\Left 4 Dead\\left4dead.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.06.2009 22:11 114768] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [12.08.2009 19:18 115856] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [12.08.2009 19:18 41424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.06.2009 22:11 20560] R2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [27.06.2009 20:17 14416] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [07.09.2009 17:28 22784] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [05.08.2009 16:20 99472] S2 AODService;AODService;c:\programfiler\AMD\OverDrive\AODAssist --> c:\programfiler\AMD\OverDrive\AODAssist [?] S2 AsSysCtrlService;ASUS System Control Service;c:\programfiler\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [20.06.2009 16:55 86016] S3 ALSysIO;ALSysIO;\??\c:\docume~1\KRISTI~1\LOKALE~1\Temp\ALSysIO.sys --> c:\docume~1\KRISTI~1\LOKALE~1\Temp\ALSysIO.sys [?] S3 cpuz130;cpuz130;\??\c:\docume~1\KRISTI~1\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\KRISTI~1\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?] S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [01.08.2009 01:54 4544] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12.08.2009 19:18 91472] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab . - - - - TOMME PEKERE FJERNET - - - - AddRemove-DAEMON Tools Toolbar - c:\programfiler\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-26 00:54 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AODService] "ImagePath"="c:\programfiler\AMD\OverDrive\AODAssist" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-448539723-2000478354-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:50,9e,0a,fa,9c,f5,0d,ed,ae,9f,4c,e9,13,79,3f,3e,a0,06,21,77,3f, d2,2b,84,0c,48,fa,1d,28,e3,a6,89,b6,8d,e4,74,0b,32,e4,ae,02,65,05,83,85,5f,\ "rkeysecu"=hex:18,8c,b2,ae,a2,7d,7a,c5,50,d7,7c,ce,47,02,11,0f [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{316FCAB8-3DEA-8863-0E07-775062495980}\InProcServer32*] "jahhdjalkmdibmifaohl"=hex:6a,61,66,6b,6d,6a,63,6d,61,6b,6e,65,6d,64,65,6c,65, 67,6d,64,00,fa "iahhbmoanjnbkehejj"=hex:6a,61,66,6b,6d,6a,63,6d,61,6b,6e,65,6d,64,65,6c,65,67, 6d,64,00,bb [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*] "DisplayName"="???\17?\119" "DeviceDesc"="???\17?\119" "ProviderName"="???\11?\17?\11??" "MFG"="???????" "ReinstallString"=".10.1000.7" "DeviceInstanceIds"=multi:"e:\\drivers\\chipset\\x86_x64\\smbus\\smbusati.inf0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(804) c:\programfiler\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - - - - - - - > 'explorer.exe'(2948) c:\windows\system32\SHDOCVW.dll c:\programfiler\NVIDIA Corporation\nView\nview.dll c:\programfiler\NVIDIA Corporation\nView\NVWRSNO.DLL c:\windows\system32\ntshrui.dll c:\windows\system32\msi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\nvsvc32.exe c:\programfiler\Alwil Software\Avast4\aswUpdSv.exe c:\programfiler\Alwil Software\Avast4\ashServ.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\programfiler\Java\jre6\bin\jqs.exe c:\windows\system32\rundll32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PSIService.exe c:\windows\system32\rundll32.exe c:\programfiler\Alwil Software\Avast4\ashMaiSv.exe c:\programfiler\Razer\DeathAdder\razertra.exe c:\programfiler\Razer\DeathAdder\razerofa.exe c:\programfiler\Alwil Software\Avast4\ashWebSv.exe d:\programfiler\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe . ************************************************************************** . Tidspunkt ferdig: 2009-09-25 0:59 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-09-25 22:59 Pre-Run: 47 878 426 624 byte ledig Post-Run: 51 927 302 144 byte ledig 382 --- E O F --- 2009-08-12 18:02 Lenke til kommentar
Patience Skrevet 26. september 2009 Del Skrevet 26. september 2009 Kidnapping av tråd fjernet. Har du samme problem; start en ny tråd! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå