Green Dragon Skrevet 6. oktober 2009 Del Skrevet 6. oktober 2009 Heisann ! Er det noen som kan sjekke denne loggen? Har mistanke om malware. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:09:43, on 07.10.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AuditVista] O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldnb-no.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 8723 bytes Lenke til kommentar
norbat Skrevet 7. oktober 2009 Del Skrevet 7. oktober 2009 Ser ikke noe malware i loggen din. Hva gjør at du mistenker dette? Lenke til kommentar
Green Dragon Skrevet 7. oktober 2009 Forfatter Del Skrevet 7. oktober 2009 Hva gjør at du mistenker dette? Når jeg lukker IE så får jeg opp en melding, DEP (Data Execution Prevention). Den sier at den lukker IE for å beskytte datamaskinen. Dette skjer bare noen ganger. Jeg har også opplevd og fått den samme meldingen når jeg lukker diverse programmer. Lenke til kommentar
norbat Skrevet 7. oktober 2009 Del Skrevet 7. oktober 2009 Fant Malwarebytes noe av interesse? Vi kan godt ta en dypere sjekk. Kjør Combofix og post loggen den lager (se instruks i veiledningen) Lenke til kommentar
Green Dragon Skrevet 7. oktober 2009 Forfatter Del Skrevet 7. oktober 2009 Fant Malwarebytes noe av interesse? Nei, Malwarebytes fant ingenting. Her er Combofix loggen: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-10-06.04 - Conradi 07.10.2009 23:12.1.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.1918.1051 [GMT 2:00] Kjører fra: c:\users\Conradi\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Anti-virus er aktiv . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-2491434725-1322537388-4209375457-500 c:\users\Conradi\AppData\Roaming\inst.exe c:\windows\struct~.ini c:\windows\system32\AutoRun.inf c:\windows\system32\vbzlib1.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-07 til 2009-10-07 ))))))))))))))))))))))))))))))))) . 2009-10-07 21:20 . 2009-10-07 21:20 -------- d-----w- c:\users\Conradi\AppData\Local\temp 2009-10-07 21:20 . 2009-10-07 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-06 22:09 . 2009-10-06 22:09 -------- d-----w- c:\program files\Trend Micro 2009-10-06 21:58 . 2009-10-06 21:58 -------- d-----w- c:\users\Conradi\AppData\Roaming\Malwarebytes 2009-10-06 21:58 . 2009-10-06 21:58 -------- d-----w- c:\programdata\Malwarebytes 2009-10-06 21:58 . 2009-10-07 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-06 14:48 . 2009-10-06 14:48 -------- d-----w- c:\programdata\TechSmith 2009-10-06 14:48 . 2009-10-06 14:48 -------- d-----w- c:\program files\Common Files\TechSmith Shared 2009-10-06 14:48 . 2009-10-06 14:48 -------- d-----w- c:\program files\TechSmith 2009-10-06 13:33 . 2009-10-06 15:42 -------- d-----w- c:\windows\system32\QuickTime 2009-10-03 23:04 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-03 23:04 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-03 23:04 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-03 23:04 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-03 23:04 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-03 23:04 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-03 23:04 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-03 23:03 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-03 23:03 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-03 00:25 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-27 10:59 . 2009-09-27 10:59 -------- d-----w- c:\program files\iPod 2009-09-27 10:59 . 2009-09-27 11:00 -------- d-----w- c:\program files\iTunes 2009-09-26 20:06 . 2009-09-26 20:06 -------- d-----w- c:\program files\Adobe Media Player 2009-09-26 20:04 . 2009-09-26 20:04 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-17 19:00 . 2009-09-17 19:01 -------- d-----w- c:\windows\system32\ca-ES 2009-09-17 19:00 . 2009-09-17 19:01 -------- d-----w- c:\windows\system32\eu-ES 2009-09-17 18:59 . 2009-09-17 19:01 -------- d-----w- c:\windows\system32\vi-VN 2009-09-17 17:39 . 2009-09-17 17:39 -------- d-----w- c:\users\Conradi\Office Genuine Advantage 2009-09-17 15:26 . 2009-09-17 15:26 -------- d-----w- c:\windows\system32\EventProviders 2009-09-16 23:11 . 2009-04-11 06:28 1316864 ----a-w- c:\windows\system32\ole32.dll 2009-09-16 23:10 . 2009-04-11 06:28 60416 ----a-w- c:\windows\system32\msscntrs.dll 2009-09-16 23:09 . 2009-04-11 06:28 83456 ----a-w- c:\windows\system32\wlgpclnt.dll 2009-09-16 23:08 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2009-09-16 23:08 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2009-09-16 23:08 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2009-09-16 23:08 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2009-09-16 23:08 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2009-09-16 23:08 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-09-16 23:08 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2009-09-16 23:08 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-09-16 23:08 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-09-16 23:08 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-09-16 23:07 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-09-12 23:22 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-09-12 23:22 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-12 23:21 . 2009-09-12 23:22 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-09 11:17 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-09-09 11:17 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-09-09 11:17 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-09-09 11:17 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-09-09 11:17 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-09-09 11:17 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-09-09 11:17 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-09-09 11:17 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-09-09 11:17 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe 2009-09-09 11:17 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-09-09 11:17 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll 2009-09-09 11:15 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll 2009-09-09 11:15 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll 2009-09-09 11:15 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-09-09 11:15 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-09-09 11:15 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-09-09 11:15 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll 2009-09-09 11:15 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll 2009-09-09 11:15 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll 2009-09-09 11:15 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe 2009-09-09 11:15 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe 2009-09-09 11:15 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-07 21:09 . 2007-12-22 20:35 -------- d-----w- c:\users\Conradi\AppData\Roaming\Azureus 2009-10-06 22:35 . 2006-11-21 05:16 94872 ----a-w- c:\windows\system32\perfc014.dat 2009-10-06 22:35 . 2006-11-21 05:16 491898 ----a-w- c:\windows\system32\perfh014.dat 2009-10-06 12:58 . 2009-01-14 15:31 -------- d-----w- c:\program files\QuickTime 2009-10-03 23:13 . 2008-11-23 00:51 -------- d-----w- c:\programdata\Soulseek 2009-09-27 10:59 . 2009-01-14 15:29 -------- d-----w- c:\program files\Common Files\Apple 2009-09-26 20:20 . 2007-12-22 16:33 112944 ----a-w- c:\users\Conradi\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-26 20:07 . 2008-05-11 17:15 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-26 19:36 . 2007-12-22 21:11 -------- d-----w- c:\program files\CCleaner 2009-09-18 17:57 . 2007-12-22 20:33 -------- d-----w- c:\program files\Azureus 2009-09-17 19:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-09-17 19:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-17 19:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-09-17 19:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-09-17 19:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-09-17 19:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-09-17 19:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-09-13 11:48 . 2009-01-14 15:34 -------- d-----w- c:\users\Conradi\AppData\Roaming\Apple Computer 2009-09-09 22:55 . 2009-01-25 20:26 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-09 22:55 . 2007-12-27 16:51 -------- d-----w- c:\programdata\Microsoft Help 2009-09-05 21:56 . 2008-01-08 17:07 -------- d-----w- c:\users\Conradi\AppData\Roaming\Vso 2009-09-03 20:51 . 2009-09-03 20:45 -------- d-----w- c:\users\Conradi\AppData\Roaming\HpUpdate 2009-09-03 20:51 . 2009-09-03 20:49 117751 ----a-w- c:\windows\hpqins00.dat 2009-08-29 10:13 . 2007-12-22 19:50 -------- d-----w- c:\program files\Java 2009-08-29 00:27 . 2009-09-02 21:14 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-02 21:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-17 23:20 . 2009-08-17 23:15 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-08-17 23:20 . 2009-08-17 23:15 -------- d-----w- c:\program files\AVS4YOU 2009-08-17 23:18 . 2009-08-17 23:18 -------- d-----w- c:\users\Conradi\AppData\Roaming\AVS4YOU 2009-08-17 23:18 . 2009-08-17 23:18 -------- d-----w- c:\programdata\AVS4YOU 2009-08-17 23:13 . 2008-06-30 17:32 721 ----a-w- c:\windows\eReg.dat 2009-08-09 18:18 . 2009-08-09 18:18 -------- d-----w- c:\programdata\TVU Networks 2009-08-09 18:18 . 2008-06-12 17:06 -------- d-----w- c:\program files\TVUPlayer 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.DLL 2009-07-25 03:23 . 2008-12-07 22:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-21 21:52 . 2009-07-29 19:14 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 19:14 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 19:14 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 19:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 13:54 . 2009-08-12 05:30 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-15 12:40 . 2009-08-12 05:30 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-07-15 12:39 . 2009-08-12 05:30 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-15 12:39 . 2009-08-12 05:30 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-15 12:39 . 2009-08-12 05:30 7680 ----a-w- c:\windows\system32\spwmp.dll 2006-05-03 09:06 . 2008-05-24 14:29 163328 --sh--r- c:\windows\System32\flvDX.dll 2009-01-11 12:54 . 2007-12-22 19:05 1682 --sha-w- c:\windows\System32\KGyGaAvL.sys 2007-02-21 10:47 . 2008-05-24 14:29 31232 --sh--r- c:\windows\System32\msfDX.dll 2007-12-17 12:43 . 2008-05-24 14:29 27648 --sh--w- c:\windows\System32\Smab0.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-03 486856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Telenorhjelpen"="c:\program files\Telenor\Telenorhjelpen\Telenor.exe" [2009-06-02 189152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-01 4702208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Telenorhjelpen"="c:\program files\Telenor\Telenorhjelpen\Telenor.exe" [2009-06-02 189152] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):0b,e0,25,ac,ca,37,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{ED7F1711-C031-4661-A8BA-9462DC9E28F5}"= %ProgramFiles%\Telenor\Online Start\Telenor.exe:Online Start "{E8C03944-8DDD-41C2-B455-4D61ABFE2A54}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{C98173AB-A847-478A-A481-0399BF63BC24}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{A73AFA69-8201-4752-940B-295926DF9F19}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus "TCP Query User{1DF0EE0F-E0E3-42D8-82F1-70857FE7086D}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{1E5AD9C9-D923-4964-9EAC-95C5348EB0C9}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "TCP Query User{1BB032A2-3EED-4499-92AD-D56B93F2C5FD}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher "UDP Query User{4B21A844-321D-4934-A4D9-412956F4530F}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher "TCP Query User{3F2FB463-D798-4218-83F9-4B9FBF69D314}c:\\program files\\valve\\hlds.exe"= UDP:c:\program files\valve\hlds.exe:HLDS Launcher "UDP Query User{8D2DBDB2-5572-4578-8153-5089E247FED2}c:\\program files\\valve\\hlds.exe"= TCP:c:\program files\valve\hlds.exe:HLDS Launcher "TCP Query User{902B8D79-4E89-4AD6-9F08-FA26190B3DB2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{3ED1702A-34DE-4CE8-A09D-913DDF75C7DA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{F6702403-917C-469E-B5F7-21E6F6CB704E}c:\\program files\\counter-strike 1.6\\hltv.exe"= UDP:c:\program files\counter-strike 1.6\hltv.exe:HLTV Launcher "UDP Query User{0059576D-529A-4CD7-BD3A-E5E5A8CDD61F}c:\\program files\\counter-strike 1.6\\hltv.exe"= TCP:c:\program files\counter-strike 1.6\hltv.exe:HLTV Launcher "{E7318F18-1E15-401E-9F8A-CC1DEA477F8A}"= UDP:27015:CS "TCP Query User{F214E659-3DD0-4263-A54A-D09CE68979DB}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{90BCE02C-5F1F-4C8C-A7B7-181A0B3DF308}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{B9F7DC9D-CA40-4FB5-8C93-364A6CFB088A}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{C6406B2F-2928-499C-B669-547E642F2E1C}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{73E52D73-0245-4289-A443-FC475BE444F7}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts "UDP Query User{65038DEA-3BA3-45D1-8120-42AC05CAF3B4}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts "TCP Query User{12793BA6-0FBF-4507-9AD3-EB0F4F0055D7}c:\\program files\\steam\\steamapps\\keletchi100\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\keletchi100\counter-strike source\hl2.exe:hl2 "UDP Query User{C4CD01C5-9513-40F3-849E-876E8DFA3A1F}c:\\program files\\steam\\steamapps\\keletchi100\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\keletchi100\counter-strike source\hl2.exe:hl2 "TCP Query User{05834DCE-7F79-4A37-8101-ADDBF39D5DC2}c:\\program files\\uusee\\uuseeplayer.exe"= UDP:c:\program files\uusee\uuseeplayer.exe:UUPlayer "UDP Query User{76994EA0-48EA-49F7-9426-806B85F14672}c:\\program files\\uusee\\uuseeplayer.exe"= TCP:c:\program files\uusee\uuseeplayer.exe:UUPlayer "TCP Query User{FC3E2C55-A0FD-424F-8C78-E2D2ACC6BA9A}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{ECB997FB-48EE-48FC-AB87-C63B0CABF68B}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player "{AAB8EEC7-4723-4CDF-9EAD-8E5242F26567}"= %ProgramFiles%\Telenor\Telenorhjelpen\Telenor.exe:Telenorhjelpen "TCP Query User{FE047EFD-410B-4D5C-ABF7-4A240E5E7669}c:\\program files\\steam\\steamapps\\keletchi100\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\keletchi100\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{272DFBEE-1CC5-442D-8BD0-5BB2CC9D8072}c:\\program files\\steam\\steamapps\\keletchi100\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\keletchi100\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{FB576013-64E6-43F6-9D8B-D71D67621885}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{76C068F9-1812-4452-B3CB-64115CDE6E29}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "{13378A92-BF20-4757-987B-080BE2965C04}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{55EF7575-3793-475D-934B-32FF2DAD0EEC}"= UDP:34569:Azureus "TCP Query User{9B5BFA95-125A-48EB-A73B-17494B1EAC8F}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{C0E3B142-7C09-4D2E-95E4-C12A5101DC94}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus "{0B94A2A2-D480-45AC-A08C-4F962B13FA4B}"= UDP:34569:Vuze "TCP Query User{22F9B448-796E-4F5D-B58A-0B49422D296A}c:\\program files\\blobby volley\\volley.exe"= UDP:c:\program files\blobby volley\volley.exe:volley "UDP Query User{D59F1547-80FB-4C9E-899F-B3E418E069FB}c:\\program files\\blobby volley\\volley.exe"= TCP:c:\program files\blobby volley\volley.exe:volley "TCP Query User{26B25906-BD80-41C4-9521-48E8E04E5CCE}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{2EC50B06-4A50-4DA2-9BAD-B35CBC0DC985}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "{7AF7908E-A6BD-491C-9AA0-54E3BD2FDC92}"= UDP:c:\program files\Soulseek\slsk.exe:slsk "{ECF44F5E-0A60-490D-BD62-FEDC59E0DB6F}"= TCP:c:\program files\Soulseek\slsk.exe:slsk "{6D29C246-28EF-4BB2-982B-D84B6BF5BBFB}"= UDP:2234:slsk "TCP Query User{347CDD8C-7123-41A4-AAC0-3EF4616B8F79}c:\\program files\\soulseekns\\slsk.exe"= UDP:c:\program files\soulseekns\slsk.exe:SoulSeek "UDP Query User{3083412D-ECC8-4EF1-81E7-1CC28B2C36EC}c:\\program files\\soulseekns\\slsk.exe"= TCP:c:\program files\soulseekns\slsk.exe:SoulSeek "TCP Query User{91626482-92CB-4241-8EFF-47D638D66A56}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{990C8AA4-746C-412A-980E-36C03A038857}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever "{34A2D671-5FAD-43B4-89CF-95F693479FB6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A350D73F-51E7-4203-9CB8-15F9DCCD6D3B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{31253BC2-9EB8-457C-B834-9AA911C143CE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{36B3B2A4-2FD6-42A8-AF70-6BC367CFB75B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{5BDCE512-2045-4005-BF32-CF76E1A8CE11}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9FA8FB84-88C1-476F-8D3E-88E95FC44843}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B4440C55-7D82-461E-A32E-F9DA8D49FF3B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{79F03CF6-4435-4225-AD6F-9F9583F82B81}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{078C197F-5B6D-4493-8296-08AB68E2AA6A}"= UDP:5353:Adobe CSI CS4 "{255882CE-77BB-4609-AA91-D84EED8E709F}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{16E9E77D-BDA9-41D2-921A-D5624795EFE3}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{590DB6C7-736B-4915-884E-37E2EB3D205E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{6B0A1331-BBC3-4CFC-B99E-FCDAD691666E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{96E25427-3B39-4699-B5A4-44D883EDDEFD}c:\\program files\\common files\\adobe\\cs4servicemanager\\cs4servicemanager.exe"= UDP:c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe:Adobe CS4 Service Manager "UDP Query User{DB38F3E3-E6F5-4320-A14B-2DAD4BB04A31}c:\\program files\\common files\\adobe\\cs4servicemanager\\cs4servicemanager.exe"= TCP:c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe:Adobe CS4 Service Manager [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\uusee\\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer "c:\\Users\\Conradi\\Desktop\\UUSee-2008-10.03.2009\\UUSeePlayer.exe"= c:\users\Conradi\Desktop\UUSee-2008-10.03.2009\UUSeePlayer.exe:*:Enabled:UUPlayer R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.05.2009 15:47 107256] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.05.2009 15:47 731840] R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.05.2009 15:49 93312] R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [03.04.2007 11:43 1131136] S3 HCW713x;Hauppauge 713x VU PCI TV Card;c:\windows\System32\drivers\HCW713x.sys [09.11.2007 17:59 827776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.online.no uInternet Settings,ProxyOverride = local IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-AuditVista - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-07 23:20 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\" "DataDir"="ESET\\ESET NOD32 Antivirus\\" "EditionName"=" " "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\" "LanguageId"=dword:00000409 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000000 "ProductCode"="{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" "ProductName"="ESET NOD32 Antivirus" "ProductType"="eav" "ProductVersion"="4.0.437.0" "UniqueId"="000586104AA4B636" "ScannerBuild"=dword:00001329 "ScannerVersionId"=dword:00000feb "ScannerVersion"="Open window for status." "FixId"=dword:00000005 . Tidspunkt ferdig: 2009-10-07 23:23 ComboFix-quarantined-files.txt 2009-10-07 21:23 Pre-Run: 135 738 339 328 byte ledig Post-Run: 135 731 961 856 byte ledig 305 --- E O F --- 2009-10-06 05:42 Lenke til kommentar
Shax# Skrevet 8. oktober 2009 Del Skrevet 8. oktober 2009 HJT LOGG: Dette er jeg ikke sikker på, men det som jeg fant via HiJackThis! Log auto analyzer V2 burde du slette disse: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file) Kan noen bekrefte eller avkrefte om dette er rett? Green Dragon: Jeg vet ikke om du bør gjøre dette før du var helt sikker, men jeg pleier å bruke den sida. Lenke til kommentar
norbat Skrevet 10. oktober 2009 Del Skrevet 10. oktober 2009 Linjaa O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) kan fjernes. Resten kan godt få være i fred. Så langt jeg ser, viser ikke combofix-loggen noe malware. Har du fortsatt problemer med melding om DEP? Lenke til kommentar
Shax# Skrevet 10. oktober 2009 Del Skrevet 10. oktober 2009 Off topic: Norbat, hvordan leser du HJT logger, det vil jeg godt lære meg :/ - Mini097 Lenke til kommentar
Green Dragon Skrevet 11. oktober 2009 Forfatter Del Skrevet 11. oktober 2009 Har du fortsatt problemer med melding om DEP? Ja, men nå får jeg bare opp meldingen når jeg bruker Quicktime. Lenke til kommentar
norbat Skrevet 11. oktober 2009 Del Skrevet 11. oktober 2009 Prøv og avinstallere quicktime og deretter installer det på nytt for å se om ikke det kan ordne DEP-problemet Lenke til kommentar
Green Dragon Skrevet 11. oktober 2009 Forfatter Del Skrevet 11. oktober 2009 Prøv og avinstallere quicktime og deretter installer det på nytt for å se om ikke det kan ordne DEP-problemet Jeg har prøvd dette uten hell. Lenke til kommentar
Bruker-158599 Skrevet 11. oktober 2009 Del Skrevet 11. oktober 2009 Off topic: Norbat, hvordan leser du HJT logger, det vil jeg godt lære meg :/ - Mini097 http://www.systemlookup.com/ Lenke til kommentar
Bruker-158599 Skrevet 11. oktober 2009 Del Skrevet 11. oktober 2009 Takk Forresten så trenger du litt erfaring også ved å skjekke hjt logger. Du må øve deg Lenke til kommentar
raWrz Skrevet 12. oktober 2009 Del Skrevet 12. oktober 2009 Du KAN skru av DEP 100% hvis du gjør følgende: trykk på start - søk etter CMD - høyere klikk på CMD og velg "kjør som administrator" - skriv dette inn i CMD: bcdedit.exe /set {current} nx AlwaysOff Nå skal ikke jeg si minus eller pluss med og skru det av men personelig så har jeg den av fordi den ofte "utløser" seg når jeg kjører et prog. gjennom et annet Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå