Gjest Skrevet 24. oktober 2009 Del Skrevet 24. oktober 2009 (endret) Maleware logg: Malwarebytes' Anti-Malware 1.41Databaseversjon: 3024 Windows 6.0.6001 Service Pack 1 24.10.2009 15:30:27 mbam-log-2009-10-24 (15-30-27).txt Skanntype: Rask Skann Objekter skannet: 93739 Tid tilbakelagt: 13 minute(s), 37 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 5 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\System32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. Hijackthis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:17:55, on 24.10.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18319) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Windows\system32\svchost.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\mobsync.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\System32\msra.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m O4 - HKLM\..\Run: [PC ScanAndSweep] C:\Program Files\Ascentive\PC ScanAndSweep\PCScanAndSweep.exe -m O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldnb-no.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing) O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4Qlb - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (file missing) O23 - Service: Google Update Service (gupdate1c98d57a5fcf760) (gupdate1c98d57a5fcf760) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe (file missing) O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Messenger Sharing Folders USN Journal Reader-tjeneste (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 16224 bytes Combofix: ComboFix 09-10-23.01 - Expert Stormarked 24.10.2009 17:34.4.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2046.1097 [GMT 2:00] Kjører fra: c:\users\Expert Stormarked\Documents\Downloads\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Forrige skanning ------- . c:\$recycle.bin\S-1-5-21-3066751414-385381288-1727878320-500 c:\$recycle.bin\S-1-5-21-3522495347-3552900226-3149808774-500 . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-24 til 2009-10-24 ))))))))))))))))))))))))))))))))) . 2009-10-24 16:12 . 2009-10-24 16:13 -------- d-----w- c:\users\Expert Stormarked\AppData\Local\temp 2009-10-24 16:12 . 2009-10-24 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-24 15:16 . 2009-10-24 15:16 -------- d-----w- c:\program files\Trend Micro 2009-10-24 13:15 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-24 13:15 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-24 13:15 . 2009-10-24 13:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-22 22:33 . 2009-08-27 12:40 834048 ----a-w- c:\windows\system32\wininet.dll 2009-10-22 22:33 . 2009-08-27 10:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-10-22 22:32 . 2009-08-27 13:29 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-20 14:01 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-20 14:01 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-10-19 14:10 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-19 14:10 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-10-19 14:07 . 2009-10-19 14:07 -------- d-----w- c:\program files\iPod 2009-10-19 14:07 . 2009-10-19 14:10 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-19 14:07 . 2009-10-19 14:10 -------- d-----w- c:\program files\iTunes 2009-10-19 13:55 . 2009-10-19 13:56 -------- d-----w- c:\program files\QuickTime 2009-10-16 15:45 . 2009-08-27 05:17 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-10-13 19:15 . 2009-10-13 19:16 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-04 13:35 . 2009-08-05 20:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-24 15:42 . 2009-02-12 21:18 -------- d-----w- c:\programdata\Google Updater 2009-10-24 15:29 . 2009-04-08 17:56 212183 ----a-w- c:\programdata\nvModes.dat 2009-10-24 15:08 . 2008-02-26 01:56 520848 ----a-w- c:\windows\system32\perfh014.dat 2009-10-24 15:08 . 2008-02-26 01:56 106708 ----a-w- c:\windows\system32\perfc014.dat 2009-10-24 14:59 . 2009-03-03 22:26 12 ----a-w- c:\windows\bthservsdp.dat 2009-10-24 12:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-10-24 12:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-10-24 12:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-10-24 12:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-10-24 12:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-10-24 12:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-24 11:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-10-24 10:48 . 2008-12-23 17:34 -------- d-----w- c:\program files\Spyware Doctor 2009-10-23 12:27 . 2009-08-03 20:27 -------- d-----w- c:\users\Expert Stormarked\AppData\Roaming\Spotify 2009-10-22 22:22 . 2008-04-29 08:22 103552 ----a-w- c:\users\Expert Stormarked\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-22 18:53 . 2008-10-25 21:51 -------- d-----w- c:\users\Expert Stormarked\AppData\Roaming\Uniblue 2009-10-22 15:53 . 2008-10-26 18:30 1836 ----a-w- c:\users\Expert Stormarked\AppData\Roaming\wklnhst.dat 2009-10-21 20:43 . 2008-05-20 22:16 -------- d-----w- c:\programdata\LightScribe 2009-10-21 18:41 . 2008-05-11 16:53 -------- d-----w- c:\users\Expert Stormarked\AppData\Roaming\Apple Computer 2009-10-21 15:29 . 2009-08-04 15:01 -------- d-----w- c:\users\Expert Stormarked\AppData\Roaming\vlc 2009-10-19 14:07 . 2008-05-11 16:49 -------- d-----w- c:\program files\Common Files\Apple 2009-10-17 01:09 . 2008-12-22 18:09 -------- d-----w- c:\programdata\Microsoft Help 2009-10-11 16:45 . 2009-08-02 20:02 -------- d-----w- c:\users\Expert Stormarked\AppData\Roaming\dvdcss 2009-10-04 13:35 . 2008-05-07 19:24 -------- d-----w- c:\program files\Windows Live 2009-09-28 12:29 . 2008-02-26 04:32 -------- d-----w- c:\program files\Java 2009-09-25 15:43 . 2008-08-12 19:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-25 15:41 . 2008-08-12 19:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-09-13 17:52 . 2009-09-13 15:33 -------- d-----w- c:\program files\Error Fix 2009-09-13 16:02 . 2009-09-13 15:33 -------- d-----w- c:\users\Expert Stormarked\AppData\Roaming\Error Fix 2009-09-10 19:29 . 2008-08-28 20:10 -------- d-----w- c:\programdata\McAfee 2009-09-10 19:22 . 2009-09-10 19:22 -------- d-----w- c:\programdata\McAfee Security Scan 2009-09-10 16:57 . 2009-09-03 16:11 -------- d-----w- c:\users\Expert Stormarked\AppData\Roaming\HpUpdate 2009-09-10 14:30 . 2008-05-31 16:17 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-05 14:55 . 2009-09-05 14:55 1183744 ----a-w- c:\windows\system32\drivers\athr.sys 2009-09-03 16:12 . 2008-04-14 01:50 -------- d-----w- c:\program files\HP 2009-09-01 12:07 . 2009-09-01 12:07 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-01 12:07 . 2009-05-08 22:31 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-08-28 21:37 . 2008-06-16 20:13 1356 ----a-w- c:\users\Expert Stormarked\AppData\Local\d3d9caps.dat 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll 2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2008-12-27 12:12 . 2008-12-27 12:12 321 --sh--w- c:\windows\System32\1925965306.sys 2008-02-26 02:57 . 2008-02-26 02:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-10-24_14.48.46 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-26 03:24 . 2009-10-24 15:04 81448 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-04-29 08:13 . 2009-10-24 15:05 16490 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3066751414-385381288-1727878320-1000_UserData.bin - 2008-04-29 08:13 . 2009-10-24 13:40 16490 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3066751414-385381288-1727878320-1000_UserData.bin - 2008-04-29 08:07 . 2009-10-24 14:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-29 08:07 . 2009-10-24 15:42 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-29 08:07 . 2009-10-24 15:42 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-29 08:07 . 2009-10-24 14:16 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-10-24 13:36 . 2009-10-24 13:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-10-24 15:01 . 2009-10-24 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-10-24 13:36 . 2009-10-24 13:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-10-24 15:01 . 2009-10-24 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 13:05 . 2009-10-24 15:05 142102 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2006-11-02 10:33 . 2009-10-24 15:08 648412 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-10-24 13:43 648412 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-10-24 13:43 129636 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-10-24 15:08 129636 c:\windows\System32\perfc009.dat - 2008-04-29 08:07 . 2009-10-24 14:16 376832 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-29 08:07 . 2009-10-24 15:42 376832 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2007-12-10 11:46 1510424 ----a-w- c:\program files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-08-24 1181064] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [bU] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-12-04 711200] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [bU] "PC SpeedScan Pro"="c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [bU] "PC ScanAndSweep"="c:\program files\Ascentive\PC ScanAndSweep\PCScanAndSweep.exe" [bU] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] c:\users\Expert Stormarked\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):ad,dc,aa,bf,c2,37,ca,01 R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [09.05.2009 00:31 206256] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.10.2009 16:01 108289] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12.08.2008 21:35 1153368] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [23.12.2008 19:35 348752] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?] S2 gupdate1c98d57a5fcf760;Google Update Service (gupdate1c98d57a5fcf760);c:\program files\Google\Update\GoogleUpdate.exe [12.02.2009 23:19 133104] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.03.2009 16:28 1533808] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [04.10.2009 15:35 54632] S3 fsssvc;Windows Live Tryggere for familien-tjenesten;c:\program files\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-10-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-05 18:51] 2009-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 21:19] 2009-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 21:19] 2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{6A651C92-299F-42C9-8C6F-F92601943D25}.job - c:\windows\system32\msfeedssync.exe [2008-06-05 07:33] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm . - - - - TOMME PEKERE FJERNET - - - - AddRemove-Uniblue RegistryBooster 2009 - c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe AddRemove-{323C7763-A048-4E06-A339-729632A3F95E} - c:\program files\InstallShield Installation Information\{323C7763-A048-4E06-A339-729632A3F95E}\setup.exe AddRemove-{34D2AB40-150D-475D-AE32-BD23FB5EE355} - c:\program files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe AddRemove-{7DCA3763-701D-45DD-8F6B-A8C3206C0289} - c:\program files\InstallShield Installation Information\{7DCA3763-701D-45DD-8F6B-A8C3206C0289}\setup.exe AddRemove-{80F24F31-F641-4349-83F3-59E335976D16} - c:\program files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA} - c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-24 18:12 Windows 6.0.6001 Service Pack 1 NTFS detected NTDLL code modification: ZwClose skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-3066751414-385381288-1727878320-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a4,b2,50,2a,a7,f0,18,1d,44,a4,f9,08,91,6e,11,df,d5,26,77,0d,4c,c8,df, b1,36,87,37,e5,66,0d,7e,83,c7,aa,f2,78,44,cc,c4,cc,d3,75,70,fd,0c,d7,ce,fe,\ "??"=hex:07,68,c9,8a,4e,dc,d4,78,96,0d,62,a6,c2,a4,8c,99 [HKEY_USERS\S-1-5-21-3066751414-385381288-1727878320-1000\Software\SecuROM\License information*] "datasecu"=hex:2f,33,ce,c9,52,07,f0,62,e0,0a,fc,a8,85,ee,ea,08,eb,7b,4e,7b,b6, a6,6b,a0,b0,84,d7,fa,e1,76,6f,0c,98,ce,30,4f,04,93,ae,db,a9,7f,2c,59,4f,79,\ "rkeysecu"=hex:af,ab,ef,68,5d,d3,23,09,07,6d,c6,0d,75,f7,ee,83 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(2192) c:\windows\System32\msxml3.dll . Tidspunkt ferdig: 2009-10-24 18:25 ComboFix-quarantined-files.txt 2009-10-24 16:24 Pre-Run: 32 205 508 608 byte ledig Post-Run: 32 207 060 992 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=41 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,3 ,33,34,35,36,37,38,39,40,41 - - End Of File - - 272DD7E068C6210FC6CFFFCE94FC7E8C Endret 24. oktober 2009 av Gjest Lenke til kommentar
norbat Skrevet 24. oktober 2009 Del Skrevet 24. oktober 2009 Noe opprydding gjenstår, men ut over det er det ikke noe spesielt å se. Problemer? Lenke til kommentar
Gjest Skrevet 24. oktober 2009 Del Skrevet 24. oktober 2009 Ingen problemer, hvilken opprydding? Lenke til kommentar
norbat Skrevet 24. oktober 2009 Del Skrevet 24. oktober 2009 PC SpeedScan Pro og Error Fix avinstallerer du, hvis mulig. Følgende mapper kan fjernes: c:\program files\Error Fix c:\users\***\AppData\Roaming\Error Fix c:\program files\Ascentive Bruker du AVG eller Avira - det ligger tjenester fra begge prog. Etter dette kan du avinstallere combofix. Det gjør du ved å skrive: combofix /uninstall i kjør-feltet (start->kjør). Lenke til kommentar
snippsat Skrevet 24. oktober 2009 Del Skrevet 24. oktober 2009 Litt mere opprydding. Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) Fjerne tjenester fra avg som du har avinnstallert kjør cmd som administrator start->kjør(søk)->cmd Skriv dette. sc stop avg8emc sc delete avg8emc sc stop avg8wd sc delete avg8wd Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå