morgan_kane Skrevet 6. november 2009 Del Skrevet 6. november 2009 (endret) MBR Malwarebytes' Anti-Malware 1.41 Databaseversjon: 2775 Windows 6.0.6001 Service Pack 1 06.11.2009 13:00:19 mbam-log-2009-11-06 (13-00-19).txt Skanntype: Rask Skann Objekter skannet: 96207 Tid tilbakelagt: 4 minute(s), 57 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Hijackthis logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:10:17, on 06.11.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe C:\Windows\system32\Dwm.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Windows\System32\WDBtnMgr.exe C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe C:\Windows\System32\rundll32.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hp\HP Software Update\hpwuschd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\Taskmgr.exe C:\Users\Jan-Robin\Desktop\lol\lol.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [softGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [iFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no O17 - HKLM\Software\..\Telephony: DomainName = skole.troms.vgs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no O20 - AppInit_DLLs: C:\Windows\System32\cwAgent.dll C:\Windows\System32\APSHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: cwBCClient (BC-Agent) - Codework Limited - C:\Windows\system32\cwClient.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- COMBOFIX ComboFix 09-11-05.05 - Jan-Robin 06.11.2009 13:09.1.2 - NTFSx86 Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.47.1044.18.1919.1104 [GMT 1:00] Kjører fra: c:\users\Jan-Robin\Desktop\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525} SP: Trend Micro OfficeScan Anti-spyware *disabled* (Updated) {6D124117-24A2-4555-BD42-A763D52CFEB2} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-130138720-939633000-316282223-500 c:\$recycle.bin\S-1-5-21-3240435999-3422821505-2373028590-500 . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-06 til 2009-11-06 ))))))))))))))))))))))))))))))))) . 2009-11-06 12:23 . 2009-11-06 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-06 12:23 . 2009-11-06 12:23 -------- d-----w- c:\users\19041JABR5\AppData\Local\temp 2009-11-06 11:54 . 2009-11-06 11:54 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Malwarebytes 2009-11-06 11:54 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-06 11:54 . 2009-11-06 11:54 -------- d-----w- c:\programdata\Malwarebytes 2009-11-06 11:54 . 2009-11-06 11:54 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-06 11:54 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-04 21:01 . 2009-11-04 21:01 4096 d-----w- c:\program files\Leo 2009-11-04 20:43 . 2009-11-06 09:23 8192 d-----w- C:\NYNO31 2009-10-28 13:50 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 13:50 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-25 14:20 . 2009-10-25 14:25 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Spotify 2009-10-25 14:20 . 2009-10-25 14:20 -------- d-----w- c:\users\19041JABR5\AppData\Local\Spotify 2009-10-24 18:28 . 2009-10-24 18:28 680 ----a-w- c:\users\Jan-Robin\AppData\Local\d3d9caps.dat 2009-10-20 06:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-20 06:38 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-20 06:38 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-20 06:38 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-20 06:37 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-20 06:37 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-20 06:37 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-20 06:37 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-20 06:37 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-17 10:40 . 2009-10-17 10:40 -------- d-----w- c:\program files\CCleaner 2009-10-15 11:48 . 2009-10-15 11:48 4096 d-----w- c:\users\19041JABR5\diablo 2 ekspesion pack 2009-10-14 08:46 . 2009-10-15 11:52 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\DAEMON Tools Lite 2009-10-13 19:58 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2009-10-13 19:58 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-13 19:58 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-13 07:31 . 2009-10-13 07:31 -------- d-----w- c:\windows\system32\log 2009-10-13 07:26 . 2009-02-23 10:32 235024 ----a-w- c:\windows\system32\drivers\tmwfp.sys 2009-10-13 07:26 . 2009-04-03 17:47 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2009-10-13 07:26 . 2009-02-23 10:32 143376 ----a-w- c:\windows\system32\drivers\tmlwf.sys 2009-10-13 07:25 . 2009-04-03 17:47 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2009-10-09 09:38 . 2009-10-09 09:38 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Canneverbe_Limited 2009-10-08 12:53 . 2009-10-08 12:53 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-07 20:43 . 2009-10-07 20:43 -------- d-----w- c:\users\19041JABR5\AppData\Local\MicroVision Applications . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-06 11:48 . 2007-07-12 09:22 836 ----a-w- c:\windows\bthservsdp.dat 2009-11-06 11:48 . 2009-08-19 12:25 4096 d-----w- c:\users\Jan-Robin\AppData\Roaming\SoftGrid Client 2009-11-06 11:04 . 2006-11-21 05:21 84990 ----a-w- c:\windows\system32\perfc014.dat 2009-11-06 11:04 . 2006-11-21 05:21 473858 ----a-w- c:\windows\system32\perfh014.dat 2009-11-06 10:34 . 2009-08-27 13:17 4096 d-----w- c:\users\19041JABR5\AppData\Roaming\SoftGrid Client 2009-11-06 07:58 . 2009-08-31 07:24 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2009-11-04 22:48 . 2009-08-19 13:12 98304 d-----w- c:\users\Jan-Robin\AppData\Roaming\uTorrent 2009-10-30 23:48 . 2009-08-19 17:01 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Spotify 2009-10-29 13:02 . 2009-08-28 20:23 12288 d-----w- c:\program files\Diablo II 2009-10-24 22:22 . 2009-08-19 17:10 4096 d-----w- c:\users\Jan-Robin\AppData\Roaming\vlc 2009-10-14 08:41 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-10-14 08:28 . 2007-07-12 10:18 12288 d-----w- c:\programdata\Microsoft Help 2009-10-13 07:28 . 2009-08-19 12:25 -------- d-----w- c:\program files\Trend Micro 2009-10-08 12:59 . 2009-08-31 07:20 -------- d-----w- c:\program files\Common Files\TI Shared 2009-10-01 21:09 . 2009-10-01 21:09 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Canneverbe_Limited 2009-10-01 21:09 . 2009-10-01 21:09 -------- d-----w- c:\programdata\Canneverbe Limited 2009-10-01 21:09 . 2009-10-01 21:09 12288 d-----w- c:\program files\CDBurnerXP 2009-10-01 20:29 . 2009-10-01 20:29 -------- d-----w- c:\programdata\LightScribe 2009-10-01 08:29 . 2009-10-02 18:21 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-25 08:35 . 2009-09-25 08:35 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Hewlett-Packard 2009-09-17 15:54 . 2009-09-18 20:04 2491192 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\npTVUAx.dll 2009-09-14 08:12 . 2009-08-27 13:19 99864 ----a-w- c:\users\19041JABR5\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-13 12:20 . 2009-09-12 21:31 4096 d-----w- c:\program files\Microsoft Silverlight 2009-09-13 10:08 . 2009-09-13 10:08 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-09-12 21:49 . 2009-08-19 12:29 99864 ----a-w- c:\users\Jan-Robin\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-12 21:39 . 2007-07-12 10:22 4096 d-----w- c:\program files\Microsoft Works 2009-09-12 17:25 . 2009-08-28 20:34 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-09-10 17:30 . 2009-10-13 19:59 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 09:48 . 2009-09-25 08:35 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe 2009-09-10 09:48 . 2009-09-25 08:35 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll 2009-09-10 09:48 . 2009-09-25 08:35 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL 2009-09-02 14:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-09-02 14:04 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2009-09-02 14:04 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2009-08-31 07:24 . 2009-08-31 07:24 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll 2009-08-31 07:24 . 2009-08-31 07:24 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll 2009-08-28 20:34 . 2009-08-28 20:26 36607 ----a-w- c:\windows\DIIUnin.dat 2009-08-28 20:26 . 2009-08-28 20:26 2829 ----a-w- c:\windows\DIIUnin.pif 2009-08-28 20:26 . 2009-08-28 20:26 94208 ----a-w- c:\windows\DIIUnin.exe 2009-08-28 20:14 . 2009-08-28 20:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-28 12:39 . 2009-09-01 19:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-01 19:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 05:22 . 2009-10-13 19:59 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-13 19:59 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-13 19:59 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-13 19:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-22 13:45 . 2009-08-22 13:45 409600 ----a-w- c:\windows\system32\wrap_oal.dll 2009-08-22 13:45 . 2009-08-22 13:45 114688 ----a-w- c:\windows\system32\OpenAL32.dll 2009-08-22 13:39 . 2009-08-22 13:33 12846328 ----a-w- c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe 2009-08-22 13:33 . 2009-08-22 13:28 29616696 ----a-w- c:\programdata\Creative\Software Update\cache\Creative Sound Blaster USB Series Windows Vista Driver 1.01.0002__\USB_VTDRV_LB_1_01_0002.exe 2009-08-22 13:28 . 2009-08-22 13:23 37406376 ----a-w- c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe 2009-08-21 12:38 . 2009-08-21 12:38 269312 ----a-w- c:\windows\system32\es.dll 2009-08-21 12:33 . 2009-08-21 12:33 6656 ----a-w- c:\windows\system32\kbd106n.dll 2009-08-21 12:33 . 2009-08-21 12:33 988216 ----a-w- c:\windows\system32\winload.exe 2009-08-21 12:33 . 2009-08-21 12:33 927288 ----a-w- c:\windows\system32\winresume.exe 2009-08-21 12:33 . 2009-08-21 12:33 40960 ----a-w- c:\windows\system32\srclient.dll 2009-08-21 12:33 . 2009-08-21 12:33 378368 ----a-w- c:\windows\system32\srcore.dll 2009-08-21 12:33 . 2009-08-21 12:33 318464 ----a-w- c:\windows\system32\rstrui.exe 2009-08-21 12:33 . 2009-08-21 12:33 14848 ----a-w- c:\windows\system32\srdelayed.exe 2009-08-21 12:33 . 2009-08-21 12:33 19000 ----a-w- c:\windows\system32\kd1394.dll 2009-08-21 12:33 . 2009-08-21 12:33 46592 ----a-w- c:\windows\system32\setbcdlocale.dll 2009-08-21 12:33 . 2009-08-21 12:33 615992 ----a-w- c:\windows\system32\ci.dll 2009-08-19 17:31 . 2009-08-19 17:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-19 17:29 . 2009-08-19 17:29 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll 2009-08-19 17:29 . 2009-08-19 17:29 61440 ----a-w- c:\windows\system32\winipsec.dll 2009-08-19 17:29 . 2009-08-19 17:29 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2009-08-19 17:29 . 2009-08-19 17:29 272896 ----a-w- c:\windows\system32\polstore.dll 2009-08-19 17:21 . 2009-08-19 17:21 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-08-19 17:21 . 2009-08-19 17:21 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-08-19 17:21 . 2009-08-19 17:21 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-08-19 17:03 . 2009-08-19 17:03 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-08-19 16:59 . 2009-08-19 16:59 34304 ----a-w- c:\windows\system32\atmlib.dll 2009-08-19 16:59 . 2009-08-19 16:59 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-08-19 16:59 . 2009-08-19 16:59 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-08-19 16:59 . 2009-08-19 16:59 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-08-19 16:59 . 2009-08-19 16:59 23552 ----a-w- c:\windows\system32\lpk.dll 2009-08-19 16:59 . 2009-08-19 16:59 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-08-19 16:46 . 2009-08-19 16:46 376832 ----a-w- c:\windows\system32\winhttp.dll 2009-08-19 16:42 . 2009-08-19 16:42 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-19 16:36 . 2009-08-19 16:36 296960 ----a-w- c:\windows\system32\gdi32.dll 2009-08-19 16:29 . 2009-08-19 16:29 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-08-19 16:26 . 2009-08-19 16:26 562176 ----a-w- c:\windows\system32\msdtcprx.dll 2009-08-19 16:26 . 2009-08-19 16:26 38912 ----a-w- c:\windows\system32\xolehlp.dll 2009-08-19 16:23 . 2009-08-19 16:23 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-19 16:19 . 2009-08-19 16:19 53248 ----a-w- c:\windows\system32\tsgqec.dll 2009-08-19 16:19 . 2009-08-19 16:19 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-19 16:19 . 2009-08-19 16:19 136192 ----a-w- c:\windows\system32\aaclient.dll 2009-08-19 16:15 . 2009-08-19 16:15 1695744 ----a-w- c:\windows\system32\gameux.dll 2009-08-19 16:12 . 2009-08-19 16:12 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2009-08-19 16:09 . 2009-08-19 16:09 2048 ----a-w- c:\windows\system32\msxml3r.dll 2009-08-19 16:09 . 2009-08-19 16:09 1191936 ----a-w- c:\windows\system32\msxml3.dll 2009-08-19 15:45 . 2009-08-19 15:45 636928 ----a-w- c:\windows\system32\localspl.dll 2009-08-19 15:41 . 2009-08-19 15:41 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-19 15:41 . 2009-08-19 15:41 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-08-19 15:41 . 2009-08-19 15:41 65024 ----a-w- c:\windows\system32\avicap32.dll 2009-08-19 15:41 . 2009-08-19 15:41 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-08-19 15:41 . 2009-08-19 15:41 31232 ----a-w- c:\windows\system32\msvidc32.dll 2009-08-19 15:41 . 2009-08-19 15:41 12800 ----a-w- c:\windows\system32\msrle32.dll 2009-08-19 15:32 . 2009-08-19 15:32 2927104 ----a-w- c:\windows\explorer.exe 2009-08-19 15:16 . 2009-08-19 15:16 72704 ----a-w- c:\windows\system32\secur32.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SoftGridTray"="c:\program files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-05-03 308592] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "VolPanel"="c:\program files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe" [2007-02-28 180224] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-15 1097728] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WD Button Manager"="WDBtnMgr.exe" - c:\windows\System32\WDBtnMgr.exe [2009-08-19 364544] "Creative SB Monitoring Utility"="sbavmon.dll" - c:\windows\System32\SBAVMon.dll [2007-06-28 93696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-7-12 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,\"c:\program files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\System32\cwAgent.dll c:\windows\System32\APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] SetupExecute REG_MULTI_SZ [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup] "Script"=byttlokaladmin.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1] "Script"=\\nvgs-fs\scripts\startup.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-44494\Scripts\Logon] "Script"=\\nvgs-fs\scripts\elevscript.vbs [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [09.10.2006 12:31 44720] R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [29.03.2007 15:54 13696] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [18.04.2007 20:32 39080] R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [22.04.2007 15:25 5808] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [13.10.2009 08:26 143376] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [30.08.2009 00:48 21504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [30.08.2009 00:48 21504] R2 BC-Agent;cwBCClient;c:\windows\System32\cwClient.exe [26.09.2008 11:24 315392] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [22.04.2007 15:32 221184] R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [05.01.2007 02:00 18944] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12.07.2007 12:09 540448] R2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [03.05.2007 12:39 525680] R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [04.12.2006 15:13 292384] R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [13.10.2009 08:26 50192] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [22.06.2007 10:42 225296] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [22.06.2007 10:42 36368] R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [13.10.2009 08:26 235024] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.02.2007 13:52 179712] R3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftFSLH.sys [03.05.2007 12:40 559984] R3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys [03.05.2007 12:39 134000] R3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftVolLH.sys [03.05.2007 12:38 17776] R3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [03.05.2007 12:39 206192] S3 ksaud;Creative USB Audio Driver;c:\windows\System32\drivers\ksaud.sys [06.08.2007 15:36 422144] S4 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [22.06.2007 10:42 488768] S4 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [22.06.2007 10:42 652552] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{846048E9-94EB-4C3A-9123-E456D1111FBF}.job - c:\windows\system32\msfeedssync.exe [2009-10-13 03:41] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.hp.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: %SystemRoot%\system32\wsck32.dll FF - ProfilePath - c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\ FF - plugin: c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . . ------- Filassosiasjoner ------- . regedit=regedit.exe "%1" . - - - - TOMME PEKERE FJERNET - - - - BHO-{AE48B4E7-002B-4891-8E26-ED5E888FAE7D} - (no file) HKCU-Run-<NO NAME> - (no file) HKLM-Run-<NO NAME> - (no file) AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-HijackThis - c:\users\Jan-Robin\Desktop\lol\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-06 13:24 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x843AB1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x843ab1f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec /V" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(768) c:\windows\system32\APSHook.dll - - - - - - - > 'lsass.exe'(720) c:\windows\system32\APSHook.dll c:\windows\SbHpNp.dll c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll - - - - - - - > 'explorer.exe'(3336) c:\windows\System32\cwAgent.dll c:\windows\System32\APSHook.dll c:\windows\system32\btmmhook.dll . Tidspunkt ferdig: 2009-11-06 13:28 ComboFix-quarantined-files.txt 2009-11-06 12:28 Pre-Run: 8 288 509 952 byte ledig Post-Run: 8 722 399 232 byte ledig - - End Of File - - 8D79B0FB0C41D9F728EAEC5A435A8982 Har hat conficker C en gang tidligere i høst, men windowws removal tools fjerna det. Men PCen prøvde hele tiden og gå inn på en link på skolebruker men ble blokket av antivirus, dette skjedde ikke på hjemmebrukern min som er admin. har hatt varierende oppstartslangde på PCen en stund. Den brukte vanlig tid på å starte opp, og plutselig ble den superaskt i stadiumet som kommer før man må trykke ctrl+alt+del. Endret 6. november 2009 av morgan_kane Lenke til kommentar
norbat Skrevet 6. november 2009 Del Skrevet 6. november 2009 Du har et mulig MBR-rootkit. Det kan du ordne ved å benytte kommandoen fixmbr via bootrec i gjenopprettingsmodus (du må boote pc'n med Vista-cd'n) Lenke til kommentar
morgan_kane Skrevet 6. november 2009 Forfatter Del Skrevet 6. november 2009 Du har et mulig MBR-rootkit. Det kan du ordne ved å benytte kommandoen fixmbr via bootrec i gjenopprettingsmodus (du må boote pc'n med Vista-cd'n) aha, men eg har ikke Vista cd, lasta ned nokka Vista recovery CD engang antar at denne vil duge. fikk det anbefalt av en her på forumet for å fikse Vista. kan den fixmbr gjøre at PCen klikker på noen måte? er skolePCen så jeg vil helst at filene mine skal være hele. foresten så trur eg at eg har fått conficker på en ekstern harddisk også, regner med at dette er i form av en autorun fil, holder det da å skru av autokjør filer? hvor er det foresten man gjør det i Vista? Lenke til kommentar
morgan_kane Skrevet 6. november 2009 Forfatter Del Skrevet 6. november 2009 (endret) Legger til at siste viruset trend micro scan fant lå i WORM_DOWNAD.AD from C:\Users\19041JABR5\AppData\Roaming\opiuqqw.dll får også opp denne når jeg kobler til den ene eksterne harddisken min. ser ut som en fil fra WD prøve å gjøre noka med autorunn fila, skjønne ikka ka, får heller ikke slettet autorun fila. søkte med trend antivirus på autorun fila og fant ingenting. er når jeg skal søke på fila eller prøve å åpne den. prøvde også å kjøre wd_setup. det va da den ruta der kom fram. når eg koble til harddisken så e det explorer.exe som prøve seg på fila tur eg det sto. Endret 6. november 2009 av morgan_kane Lenke til kommentar
morgan_kane Skrevet 6. november 2009 Forfatter Del Skrevet 6. november 2009 (endret) en liten oppdatering. Har nå kjørt fixmbr, va litt knotete å finne fram men løsninga ble. gå inn i gjennopprettingskonsolen på repair CDen min-> command prompt, skreiv inn bootrex.exe/fixmbr. Endret 6. november 2009 av morgan_kane Lenke til kommentar
norbat Skrevet 6. november 2009 Del Skrevet 6. november 2009 Kjør og post ny combofix-logg Lenke til kommentar
morgan_kane Skrevet 6. november 2009 Forfatter Del Skrevet 6. november 2009 (endret) LOGG ComboFix 09-11-05.05 - Jan-Robin 06.11.2009 18:20.2.2 - NTFSx86 Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.47.1044.18.1919.1076 [GMT 1:00] Kjører fra: c:\users\Jan-Robin\Desktop\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525} SP: Trend Micro OfficeScan Anti-spyware *disabled* (Updated) {6D124117-24A2-4555-BD42-A763D52CFEB2} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Mulige infiserte sider ----- hxxp://pdisp01.c-wss.com . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-06 til 2009-11-06 ))))))))))))))))))))))))))))))))) . 2009-11-06 17:34 . 2009-11-06 17:34 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-11-06 17:34 . 2009-11-06 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-06 17:34 . 2009-11-06 17:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2009-11-06 17:34 . 2009-11-06 17:34 -------- d-----w- c:\users\19041JABR5\AppData\Local\temp 2009-11-06 17:02 . 2009-11-06 17:02 -------- d--h--w- c:\programdata\CanonIJSolutionMenu 2009-11-06 16:51 . 2009-11-06 16:51 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\CD-LabelPrint 2009-11-06 16:50 . 2009-11-06 16:51 -------- d-----w- c:\users\Jan-Robin\AppData\Local\Canon Easy-PhotoPrint EX 2009-11-06 16:50 . 2009-11-06 16:50 -------- d--h--w- c:\programdata\CanonIJEPPEX 2009-11-06 16:33 . 2009-11-06 16:33 -------- d--h--w- c:\programdata\CanonIJMyPrinter 2009-11-06 16:33 . 2009-11-06 17:05 4096 d-----w- c:\programdata\CanonIJPLM 2009-11-06 16:32 . 2009-04-28 14:41 303104 ----a-w- c:\windows\system32\CNC640L.dll 2009-11-06 16:32 . 2009-04-03 15:00 1310720 ----a-w- c:\windows\system32\CNC640C.dll 2009-11-06 16:32 . 2009-04-03 14:59 110592 ----a-w- c:\windows\system32\CNC640I.dll 2009-11-06 16:32 . 2009-04-03 14:57 106496 ----a-w- c:\windows\system32\CNC640U.dll 2009-11-06 16:32 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2009-11-06 16:26 . 2009-11-06 16:26 -------- d-----w- c:\program files\Common Files\CANON 2009-11-06 16:20 . 2009-11-06 16:20 -------- d--h--w- c:\programdata\CanonBJ 2009-11-06 16:17 . 2009-11-06 16:17 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2009-11-06 16:15 . 2009-05-26 04:00 272384 ----a-w- c:\windows\system32\CNMLMA2.DLL 2009-11-06 16:14 . 2009-03-18 00:09 178176 ----a-w- c:\windows\system32\CNMIUA2.DLL 2009-11-06 16:14 . 2009-11-06 16:14 -------- d--h--w- c:\program files\CanonBJ 2009-11-06 16:14 . 2009-11-06 16:14 4096 d-----w- c:\windows\system32\STRING 2009-11-06 16:14 . 2009-04-03 07:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL 2009-11-06 16:14 . 2009-04-03 07:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL 2009-11-06 16:13 . 2009-11-06 16:14 4096 d-----w- c:\windows\system32\CHM 2009-11-06 16:13 . 2009-11-06 16:33 4096 d-----w- c:\program files\Canon 2009-11-06 15:53 . 2009-11-06 15:53 -------- d-----w- c:\program files\Buypass 2009-11-06 14:57 . 2009-11-06 14:58 4096 d-----w- c:\program files\Picasa2 2009-11-06 14:56 . 2009-11-06 14:56 -------- d-----w- c:\program files\Western Digital 2009-11-06 11:54 . 2009-11-06 11:54 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Malwarebytes 2009-11-06 11:54 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-06 11:54 . 2009-11-06 11:54 -------- d-----w- c:\programdata\Malwarebytes 2009-11-06 11:54 . 2009-11-06 11:54 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-06 11:54 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-04 21:01 . 2009-11-04 21:01 4096 d-----w- c:\program files\Leo 2009-11-04 20:43 . 2009-11-06 09:23 8192 d-----w- C:\NYNO31 2009-10-28 13:50 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 13:50 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-25 14:20 . 2009-10-25 14:25 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Spotify 2009-10-25 14:20 . 2009-10-25 14:20 -------- d-----w- c:\users\19041JABR5\AppData\Local\Spotify 2009-10-24 18:28 . 2009-10-24 18:28 680 ----a-w- c:\users\Jan-Robin\AppData\Local\d3d9caps.dat 2009-10-20 06:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-20 06:38 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-20 06:38 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-20 06:38 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-20 06:37 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-20 06:37 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-20 06:37 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-20 06:37 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-20 06:37 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-17 10:40 . 2009-10-17 10:40 -------- d-----w- c:\program files\CCleaner 2009-10-15 11:48 . 2009-10-15 11:48 4096 d-----w- c:\users\19041JABR5\diablo 2 ekspesion pack 2009-10-14 08:46 . 2009-10-15 11:52 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\DAEMON Tools Lite 2009-10-13 19:58 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2009-10-13 19:58 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-13 19:58 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-13 07:31 . 2009-10-13 07:31 -------- d-----w- c:\windows\system32\log 2009-10-13 07:26 . 2009-02-23 10:32 235024 ----a-w- c:\windows\system32\drivers\tmwfp.sys 2009-10-13 07:26 . 2009-04-03 17:47 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2009-10-13 07:26 . 2009-02-23 10:32 143376 ----a-w- c:\windows\system32\drivers\tmlwf.sys 2009-10-13 07:25 . 2009-04-03 17:47 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2009-10-09 09:38 . 2009-10-09 09:38 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Canneverbe_Limited 2009-10-08 12:53 . 2009-10-08 12:53 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-07 20:43 . 2009-10-07 20:43 -------- d-----w- c:\users\19041JABR5\AppData\Local\MicroVision Applications . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-06 17:12 . 2007-07-12 09:22 836 ----a-w- c:\windows\bthservsdp.dat 2009-11-06 17:12 . 2009-08-19 12:25 4096 d-----w- c:\users\Jan-Robin\AppData\Roaming\SoftGrid Client 2009-11-06 17:04 . 2009-08-19 13:12 98304 d-----w- c:\users\Jan-Robin\AppData\Roaming\uTorrent 2009-11-06 16:35 . 2009-08-31 07:24 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2009-11-06 15:54 . 2007-07-12 10:33 8192 d--h--w- c:\program files\InstallShield Installation Information 2009-11-06 14:58 . 2007-07-12 11:10 4096 d-----w- c:\program files\Google 2009-11-06 14:57 . 2006-11-21 05:21 84990 ----a-w- c:\windows\system32\perfc014.dat 2009-11-06 14:57 . 2006-11-21 05:21 473858 ----a-w- c:\windows\system32\perfh014.dat 2009-11-06 10:34 . 2009-08-27 13:17 4096 d-----w- c:\users\19041JABR5\AppData\Roaming\SoftGrid Client 2009-10-30 23:48 . 2009-08-19 17:01 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Spotify 2009-10-29 13:02 . 2009-08-28 20:23 12288 d-----w- c:\program files\Diablo II 2009-10-24 22:22 . 2009-08-19 17:10 4096 d-----w- c:\users\Jan-Robin\AppData\Roaming\vlc 2009-10-14 08:41 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-10-14 08:28 . 2007-07-12 10:18 12288 d-----w- c:\programdata\Microsoft Help 2009-10-13 07:28 . 2009-08-19 12:25 -------- d-----w- c:\program files\Trend Micro 2009-10-08 12:59 . 2009-08-31 07:20 -------- d-----w- c:\program files\Common Files\TI Shared 2009-10-01 21:09 . 2009-10-01 21:09 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Canneverbe_Limited 2009-10-01 21:09 . 2009-10-01 21:09 -------- d-----w- c:\programdata\Canneverbe Limited 2009-10-01 21:09 . 2009-10-01 21:09 12288 d-----w- c:\program files\CDBurnerXP 2009-10-01 20:29 . 2009-10-01 20:29 -------- d-----w- c:\programdata\LightScribe 2009-10-01 08:29 . 2009-10-02 18:21 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-25 08:35 . 2009-09-25 08:35 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Hewlett-Packard 2009-09-17 15:54 . 2009-09-18 20:04 2491192 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\npTVUAx.dll 2009-09-14 08:12 . 2009-08-27 13:19 99864 ----a-w- c:\users\19041JABR5\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-13 12:20 . 2009-09-12 21:31 4096 d-----w- c:\program files\Microsoft Silverlight 2009-09-13 10:08 . 2009-09-13 10:08 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-09-12 21:49 . 2009-08-19 12:29 99864 ----a-w- c:\users\Jan-Robin\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-12 21:39 . 2007-07-12 10:22 4096 d-----w- c:\program files\Microsoft Works 2009-09-12 17:25 . 2009-08-28 20:34 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-09-10 17:30 . 2009-10-13 19:59 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 09:48 . 2009-09-25 08:35 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe 2009-09-10 09:48 . 2009-09-25 08:35 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll 2009-09-10 09:48 . 2009-09-25 08:35 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL 2009-09-02 14:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-09-02 14:04 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2009-09-02 14:04 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2009-08-31 07:24 . 2009-08-31 07:24 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll 2009-08-31 07:24 . 2009-08-31 07:24 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll 2009-08-28 20:34 . 2009-08-28 20:26 36607 ----a-w- c:\windows\DIIUnin.dat 2009-08-28 20:26 . 2009-08-28 20:26 2829 ----a-w- c:\windows\DIIUnin.pif 2009-08-28 20:26 . 2009-08-28 20:26 94208 ----a-w- c:\windows\DIIUnin.exe 2009-08-28 20:14 . 2009-08-28 20:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-28 12:39 . 2009-09-01 19:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-01 19:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 05:22 . 2009-10-13 19:59 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-13 19:59 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-13 19:59 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-13 19:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-22 13:45 . 2009-08-22 13:45 409600 ----a-w- c:\windows\system32\wrap_oal.dll 2009-08-22 13:45 . 2009-08-22 13:45 114688 ----a-w- c:\windows\system32\OpenAL32.dll 2009-08-22 13:39 . 2009-08-22 13:33 12846328 ----a-w- c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe 2009-08-22 13:33 . 2009-08-22 13:28 29616696 ----a-w- c:\programdata\Creative\Software Update\cache\Creative Sound Blaster USB Series Windows Vista Driver 1.01.0002__\USB_VTDRV_LB_1_01_0002.exe 2009-08-22 13:28 . 2009-08-22 13:23 37406376 ----a-w- c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe 2009-08-21 12:38 . 2009-08-21 12:38 269312 ----a-w- c:\windows\system32\es.dll 2009-08-21 12:33 . 2009-08-21 12:33 6656 ----a-w- c:\windows\system32\kbd106n.dll 2009-08-21 12:33 . 2009-08-21 12:33 988216 ----a-w- c:\windows\system32\winload.exe 2009-08-21 12:33 . 2009-08-21 12:33 927288 ----a-w- c:\windows\system32\winresume.exe 2009-08-21 12:33 . 2009-08-21 12:33 40960 ----a-w- c:\windows\system32\srclient.dll 2009-08-21 12:33 . 2009-08-21 12:33 378368 ----a-w- c:\windows\system32\srcore.dll 2009-08-21 12:33 . 2009-08-21 12:33 318464 ----a-w- c:\windows\system32\rstrui.exe 2009-08-21 12:33 . 2009-08-21 12:33 14848 ----a-w- c:\windows\system32\srdelayed.exe 2009-08-21 12:33 . 2009-08-21 12:33 19000 ----a-w- c:\windows\system32\kd1394.dll 2009-08-21 12:33 . 2009-08-21 12:33 46592 ----a-w- c:\windows\system32\setbcdlocale.dll 2009-08-21 12:33 . 2009-08-21 12:33 615992 ----a-w- c:\windows\system32\ci.dll 2009-08-19 17:31 . 2009-08-19 17:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-19 17:29 . 2009-08-19 17:29 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll 2009-08-19 17:29 . 2009-08-19 17:29 61440 ----a-w- c:\windows\system32\winipsec.dll 2009-08-19 17:29 . 2009-08-19 17:29 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2009-08-19 17:29 . 2009-08-19 17:29 272896 ----a-w- c:\windows\system32\polstore.dll 2009-08-19 17:21 . 2009-08-19 17:21 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-08-19 17:21 . 2009-08-19 17:21 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-08-19 17:21 . 2009-08-19 17:21 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-08-19 17:03 . 2009-08-19 17:03 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-08-19 16:59 . 2009-08-19 16:59 34304 ----a-w- c:\windows\system32\atmlib.dll 2009-08-19 16:59 . 2009-08-19 16:59 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-08-19 16:59 . 2009-08-19 16:59 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-08-19 16:59 . 2009-08-19 16:59 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-08-19 16:59 . 2009-08-19 16:59 23552 ----a-w- c:\windows\system32\lpk.dll 2009-08-19 16:59 . 2009-08-19 16:59 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-08-19 16:46 . 2009-08-19 16:46 376832 ----a-w- c:\windows\system32\winhttp.dll 2009-08-19 16:42 . 2009-08-19 16:42 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-19 16:36 . 2009-08-19 16:36 296960 ----a-w- c:\windows\system32\gdi32.dll 2009-08-19 16:29 . 2009-08-19 16:29 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-08-19 16:26 . 2009-08-19 16:26 562176 ----a-w- c:\windows\system32\msdtcprx.dll 2009-08-19 16:26 . 2009-08-19 16:26 38912 ----a-w- c:\windows\system32\xolehlp.dll 2009-08-19 16:23 . 2009-08-19 16:23 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-19 16:19 . 2009-08-19 16:19 53248 ----a-w- c:\windows\system32\tsgqec.dll 2009-08-19 16:19 . 2009-08-19 16:19 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-19 16:19 . 2009-08-19 16:19 136192 ----a-w- c:\windows\system32\aaclient.dll 2009-08-19 16:15 . 2009-08-19 16:15 1695744 ----a-w- c:\windows\system32\gameux.dll 2009-08-19 16:12 . 2009-08-19 16:12 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2009-08-19 16:09 . 2009-08-19 16:09 2048 ----a-w- c:\windows\system32\msxml3r.dll 2009-08-19 16:09 . 2009-08-19 16:09 1191936 ----a-w- c:\windows\system32\msxml3.dll 2009-08-19 15:45 . 2009-08-19 15:45 636928 ----a-w- c:\windows\system32\localspl.dll 2009-08-19 15:41 . 2009-08-19 15:41 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-19 15:41 . 2009-08-19 15:41 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-08-19 15:41 . 2009-08-19 15:41 65024 ----a-w- c:\windows\system32\avicap32.dll 2009-08-19 15:41 . 2009-08-19 15:41 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-08-19 15:41 . 2009-08-19 15:41 31232 ----a-w- c:\windows\system32\msvidc32.dll 2009-08-19 15:41 . 2009-08-19 15:41 12800 ----a-w- c:\windows\system32\msrle32.dll 2009-11-06 14:57 . 2009-11-06 14:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "VolPanel"="c:\program files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe" [2007-02-28 180224] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-15 1097728] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-06 30192] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544] "WD Button Manager"="WDBtnMgr.exe" - c:\windows\System32\WDBtnMgr.exe [2009-08-19 364544] "Creative SB Monitoring Utility"="sbavmon.dll" - c:\windows\System32\SBAVMon.dll [2007-06-28 93696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-7-12 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,\"c:\program files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_Dlls"=1 (0x1) "AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-44494\Scripts\Logon] "Script"=\\nvgs-fs\scripts\elevscript.vbs [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [09.10.2006 12:31 44720] R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [29.03.2007 15:54 13696] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [18.04.2007 20:32 39080] R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [22.04.2007 15:25 5808] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [13.10.2009 08:26 143376] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [30.08.2009 00:48 21504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [30.08.2009 00:48 21504] R2 BC-Agent;cwBCClient;c:\windows\System32\cwClient.exe [26.09.2008 11:24 315392] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [22.04.2007 15:32 221184] R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [05.01.2007 02:00 18944] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12.07.2007 12:09 540448] R2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [03.05.2007 12:39 525680] R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [04.12.2006 15:13 292384] R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [13.10.2009 08:26 50192] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [22.06.2007 10:42 225296] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [22.06.2007 10:42 36368] R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [13.10.2009 08:26 235024] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.02.2007 13:52 179712] R3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftFSLH.sys [03.05.2007 12:40 559984] R3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys [03.05.2007 12:39 134000] R3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftVolLH.sys [03.05.2007 12:38 17776] R3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [03.05.2007 12:39 206192] S3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [16.10.2006 08:30 92800] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [06.11.2009 15:56 30192] S3 ksaud;Creative USB Audio Driver;c:\windows\System32\drivers\ksaud.sys [06.08.2007 15:36 422144] S4 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [22.06.2007 10:42 488768] S4 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [22.06.2007 10:42 652552] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{846048E9-94EB-4C3A-9123-E456D1111FBF}.job - c:\windows\system32\msfeedssync.exe [2009-10-13 03:41] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.hp.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: %SystemRoot%\system32\wsck32.dll Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no FF - ProfilePath - c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - AddRemove-HijackThis - c:\users\Jan-Robin\Desktop\lol\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-06 18:35 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x843AD1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x843ad1f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(740) c:\windows\System32\APSHook.dll - - - - - - - > 'lsass.exe'(660) c:\windows\System32\APSHook.dll c:\windows\SbHpNp.dll c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll . Tidspunkt ferdig: 2009-11-06 18:39 ComboFix-quarantined-files.txt 2009-11-06 17:39 ComboFix2.txt 2009-11-06 12:28 Pre-Run: 1 668 964 352 byte ledig Post-Run: 1 704 697 856 byte ledig - - End Of File - - B4ADE13C30C6BFAC87FBECAEFA37B5A8 ser at den samma fila e i mbr enda, kan det være noka som ikke skal fjernes, eller er rett fra før? Har innstalert en CANON skriver med medfølgende drivere og program pluss en kortleser fra norsk tipping. så noe vil du kanskje finne litt annerledes. EDIT: skrev feil mente en CANON skriver mens eg skreiv hp skriver.... Endret 7. november 2009 av morgan_kane Lenke til kommentar
morgan_kane Skrevet 8. november 2009 Forfatter Del Skrevet 8. november 2009 Må bare spørre siden du ikke har svart på loggen sida igår, e eg virusfri no? tenkte på å fjerne combofix hvis eg ikke har bruk for det mer. Lenke til kommentar
norbat Skrevet 8. november 2009 Del Skrevet 8. november 2009 Sannsynligvis så er pc'n ok. Driver og undersøker litt ang. det gmer gir melding om. Kommer tilbake til den saken. Du kan godt fjerne combofix. Skriv combofix /uninstall i kjør-feltet (start->kjør). Lenke til kommentar
norbat Skrevet 9. november 2009 Del Skrevet 9. november 2009 Last ned ny combofix, kopier det som står i fet tekst under og lim det inn i notisblokk, lagre fila på skrivebordet som cfscript.txt og dra det over combofix-iconet. Combofix vil starte. Post loggen. killall:: snapshot:: mbr:: Lenke til kommentar
morgan_kane Skrevet 14. november 2009 Forfatter Del Skrevet 14. november 2009 Hallais, beklager at jeg ikke har hatt tid til dette før nå, har hatt endel prøver og innleveringer som måtte blir gjort. Glemte å fjerne combofix så jeg brukte bare den samme. den oppdaterte seg og starta på nytt da eg trekte over fila, men eg regne med det ikke gjorde noe. Pcen måtte starte pånytt underveis og det kom opp at den lagde loggen når jeg logget inn igjen. regne med at det var combofix som startet PCen pånytt da jeg ikke var tilstede når den gjorde det. Loggen ComboFix 09-11-14.03 - Jan-Robin 14.11.2009 15:09.3.2 - FAT32x86 Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.47.1044.18.1919.1147 [GMT 1:00] Kjører fra: c:\users\Jan-Robin\Desktop\ComboFix.exe Command switches brukt :: c:\users\Jan-Robin\Desktop\cfscript.txt AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525} SP: Trend Micro OfficeScan Anti-spyware *disabled* (Updated) {6D124117-24A2-4555-BD42-A763D52CFEB2} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-14 til 2009-11-14 ))))))))))))))))))))))))))))))))) . 2009-11-14 14:19 . 2009-11-14 14:26 -------- d-----w- c:\users\Jan-Robin\AppData\Local\temp 2009-11-14 14:19 . 2009-11-14 14:19 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-11-14 14:19 . 2009-11-14 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-14 14:19 . 2009-11-14 14:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2009-11-14 14:19 . 2009-11-14 14:19 -------- d-----w- c:\users\19041JABR5\AppData\Local\temp 2009-11-13 21:58 . 2009-11-13 21:58 -------- d-----w- c:\programdata\CanonIJ 2009-11-13 21:58 . 2009-11-13 21:58 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Canon 2009-11-13 11:59 . 2009-11-13 11:59 -------- d-----w- c:\windows\system32\ca-ES 2009-11-13 11:59 . 2009-11-13 11:59 -------- d-----w- c:\windows\system32\eu-ES 2009-11-13 11:59 . 2009-11-13 11:59 -------- d-----w- c:\windows\system32\vi-VN 2009-11-13 11:16 . 2009-11-13 11:16 4096 d-----w- c:\windows\system32\EventProviders 2009-11-13 08:28 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-11-13 08:28 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll 2009-11-13 08:28 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe 2009-11-13 08:28 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll 2009-11-13 08:28 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe 2009-11-13 08:28 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2009-11-13 08:28 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll 2009-11-13 08:28 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys 2009-11-13 08:28 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll 2009-11-13 08:26 . 2009-04-11 06:28 502272 ----a-w- c:\windows\system32\usp10.dll 2009-11-13 08:25 . 2009-04-11 06:28 31232 ----a-w- c:\windows\system32\whealogr.dll 2009-11-13 08:24 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2009-11-13 08:24 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2009-11-13 08:24 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2009-11-13 08:24 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2009-11-13 08:24 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2009-11-13 08:24 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2009-11-13 08:24 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-11-13 08:24 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-11-13 08:23 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-11-13 08:23 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-11-13 08:22 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-11-12 07:38 . 2009-11-12 07:38 -------- d-sh--w- c:\windows\system32\%APPDATA% 2009-11-11 12:10 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-11 11:56 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 10:17 . 2009-11-13 10:36 4096 d-----w- c:\users\19041JABR5\.xmoto 2009-11-11 10:16 . 2009-11-13 23:40 -------- d-----w- c:\users\Jan-Robin\.xmoto 2009-11-11 10:16 . 2009-11-13 23:40 4096 d-----w- c:\program files\XMoto 2009-11-11 10:01 . 2009-11-11 10:01 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\gtk-2.0 2009-11-11 10:01 . 2009-11-11 10:01 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Inkscape 2009-11-11 09:57 . 2009-11-11 09:57 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Inkscape 2009-11-11 09:44 . 2009-11-11 09:57 20480 d-----w- c:\program files\Inkscape 2009-11-10 19:14 . 2009-10-16 14:50 2520888 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\npTVUAx.dll 2009-11-10 19:14 . 2008-03-04 17:52 286720 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\libcurl.dll 2009-11-10 19:14 . 2007-10-31 08:39 59904 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\zlib1.dll 2009-11-10 19:14 . 2007-05-17 12:58 143360 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\libexpatw.dll 2009-11-10 19:14 . 2006-10-18 16:32 499712 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\msvcp71.dll 2009-11-10 19:14 . 2006-10-18 16:32 348160 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\msvcr71.dll 2009-11-10 19:14 . 2006-10-16 17:44 196608 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\ssleay32.dll 2009-11-10 19:14 . 2006-10-16 17:44 1028096 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\libeay32.dll 2009-11-10 19:14 . 2009-11-10 19:14 -------- d-----w- c:\program files\Microsoft 2009-11-07 21:57 . 2009-11-07 22:17 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\ImgBurn 2009-11-07 21:43 . 2009-11-07 21:43 4096 d-----w- c:\program files\ImgBurn 2009-11-06 22:51 . 2009-11-06 22:51 -------- d-----w- c:\users\Jan-Robin\AppData\Local\TVU Networks 2009-11-06 22:51 . 2009-11-06 22:51 -------- d-----w- c:\programdata\TVU Networks 2009-11-06 17:02 . 2009-11-06 17:02 -------- d--h--w- c:\programdata\CanonIJSolutionMenu 2009-11-06 16:51 . 2009-11-06 16:51 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\CD-LabelPrint 2009-11-06 16:50 . 2009-11-06 16:51 -------- d-----w- c:\users\Jan-Robin\AppData\Local\Canon Easy-PhotoPrint EX 2009-11-06 16:50 . 2009-11-06 16:50 -------- d--h--w- c:\programdata\CanonIJEPPEX 2009-11-06 16:33 . 2009-11-06 16:33 -------- d--h--w- c:\programdata\CanonIJMyPrinter 2009-11-06 16:33 . 2009-11-06 17:05 4096 d-----w- c:\programdata\CanonIJPLM 2009-11-06 16:32 . 2009-04-28 14:41 303104 ----a-w- c:\windows\system32\CNC640L.dll 2009-11-06 16:32 . 2009-04-03 15:00 1310720 ----a-w- c:\windows\system32\CNC640C.dll 2009-11-06 16:32 . 2009-04-03 14:59 110592 ----a-w- c:\windows\system32\CNC640I.dll 2009-11-06 16:32 . 2009-04-03 14:57 106496 ----a-w- c:\windows\system32\CNC640U.dll 2009-11-06 16:32 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2009-11-06 16:26 . 2009-11-06 16:26 -------- d-----w- c:\program files\Common Files\CANON 2009-11-06 16:20 . 2009-11-06 16:20 -------- d--h--w- c:\programdata\CanonBJ 2009-11-06 16:17 . 2009-11-06 16:17 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2009-11-06 16:15 . 2009-05-26 04:00 272384 ----a-w- c:\windows\system32\CNMLMA2.DLL 2009-11-06 16:14 . 2009-03-18 00:09 178176 ----a-w- c:\windows\system32\CNMIUA2.DLL 2009-11-06 16:14 . 2009-11-06 16:14 -------- d--h--w- c:\program files\CanonBJ 2009-11-06 16:14 . 2009-11-06 16:14 4096 d-----w- c:\windows\system32\STRING 2009-11-06 16:14 . 2009-04-03 07:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL 2009-11-06 16:14 . 2009-04-03 07:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL 2009-11-06 16:13 . 2009-11-06 16:14 4096 d-----w- c:\windows\system32\CHM 2009-11-06 16:13 . 2009-11-06 16:33 4096 d-----w- c:\program files\Canon 2009-11-06 15:53 . 2009-11-06 15:53 -------- d-----w- c:\program files\Buypass 2009-11-06 14:57 . 2009-11-06 14:58 4096 d-----w- c:\program files\Picasa2 2009-11-06 14:56 . 2009-11-06 14:56 -------- d-----w- c:\program files\Western Digital 2009-11-06 11:54 . 2009-11-06 11:54 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Malwarebytes 2009-11-06 11:54 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-06 11:54 . 2009-11-06 11:54 -------- d-----w- c:\programdata\Malwarebytes 2009-11-06 11:54 . 2009-11-06 11:54 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-06 11:54 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-04 21:01 . 2009-11-04 21:01 4096 d-----w- c:\program files\Leo 2009-11-04 20:43 . 2009-11-06 09:23 -------- d-----w- C:\NYNO31 2009-10-28 13:50 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 13:50 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-25 14:20 . 2009-10-25 14:25 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Spotify 2009-10-25 14:20 . 2009-10-25 14:20 -------- d-----w- c:\users\19041JABR5\AppData\Local\Spotify 2009-10-24 18:28 . 2009-11-07 20:42 680 ----a-w- c:\users\Jan-Robin\AppData\Local\d3d9caps.dat 2009-10-20 06:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-20 06:38 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-20 06:38 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-20 06:38 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-20 06:37 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-20 06:37 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-20 06:37 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-20 06:37 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-20 06:37 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-17 10:40 . 2009-10-17 10:40 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-14 14:30 . 2006-11-21 05:21 88472 ----a-w- c:\windows\system32\perfc014.dat 2009-11-14 14:30 . 2006-11-21 05:21 484852 ----a-w- c:\windows\system32\perfh014.dat 2009-11-14 14:20 . 2007-07-12 09:22 1076 ----a-w- c:\windows\bthservsdp.dat 2009-11-14 13:50 . 2009-08-19 12:25 4096 d-----w- c:\users\Jan-Robin\AppData\Roaming\SoftGrid Client 2009-11-14 02:23 . 2009-08-19 17:10 4096 d-----w- c:\users\Jan-Robin\AppData\Roaming\vlc 2009-11-13 23:18 . 2009-08-19 13:12 98304 d-----w- c:\users\Jan-Robin\AppData\Roaming\uTorrent 2009-11-13 11:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-11-13 11:59 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender 2009-11-13 11:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-13 10:37 . 2009-08-27 13:17 4096 d-----w- c:\users\19041JABR5\AppData\Roaming\SoftGrid Client 2009-11-12 21:20 . 2009-08-31 07:24 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2009-11-12 07:46 . 2007-07-12 10:18 12288 d-----w- c:\programdata\Microsoft Help 2009-11-10 19:15 . 2009-08-19 12:49 4096 d-----w- c:\program files\Windows Live 2009-11-06 21:57 . 2009-08-19 17:01 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Spotify 2009-11-06 15:54 . 2007-07-12 10:33 8192 d--h--w- c:\program files\InstallShield Installation Information 2009-11-06 14:58 . 2007-07-12 11:10 4096 d-----w- c:\program files\Google 2009-11-02 19:42 . 2009-10-02 18:21 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 13:02 . 2009-08-28 20:23 12288 d-----w- c:\program files\Diablo II 2009-10-15 11:52 . 2009-10-14 08:46 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\DAEMON Tools Lite 2009-10-13 07:28 . 2009-08-19 12:25 -------- d-----w- c:\program files\Trend Micro 2009-10-09 09:38 . 2009-10-09 09:38 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Canneverbe_Limited 2009-10-08 12:59 . 2009-08-31 07:20 -------- d-----w- c:\program files\Common Files\TI Shared 2009-10-08 12:53 . 2009-10-08 12:53 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-01 21:09 . 2009-10-01 21:09 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Canneverbe_Limited 2009-10-01 21:09 . 2009-10-01 21:09 -------- d-----w- c:\programdata\Canneverbe Limited 2009-10-01 21:09 . 2009-10-01 21:09 12288 d-----w- c:\program files\CDBurnerXP 2009-10-01 20:29 . 2009-10-01 20:29 -------- d-----w- c:\programdata\LightScribe 2009-09-25 08:35 . 2009-09-25 08:35 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Hewlett-Packard 2009-09-14 09:29 . 2009-10-13 19:58 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-14 08:12 . 2009-08-27 13:19 99864 ----a-w- c:\users\19041JABR5\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-12 21:49 . 2009-08-19 12:29 99864 ----a-w- c:\users\Jan-Robin\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-12 17:25 . 2009-08-28 20:34 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-09-10 16:48 . 2009-10-13 19:59 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 09:48 . 2009-09-25 08:35 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe 2009-09-10 09:48 . 2009-09-25 08:35 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll 2009-09-10 09:48 . 2009-09-25 08:35 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL 2009-09-04 11:41 . 2009-10-13 19:58 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-09-02 14:04 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2009-09-02 14:04 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2009-08-31 07:24 . 2009-08-31 07:24 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll 2009-08-31 07:24 . 2009-08-31 07:24 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll 2009-08-29 00:27 . 2009-09-01 19:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-01 19:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 20:34 . 2009-08-28 20:26 36607 ----a-w- c:\windows\DIIUnin.dat 2009-08-28 20:26 . 2009-08-28 20:26 2829 ----a-w- c:\windows\DIIUnin.pif 2009-08-28 20:26 . 2009-08-28 20:26 94208 ----a-w- c:\windows\DIIUnin.exe 2009-08-28 20:14 . 2009-08-28 20:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-27 05:22 . 2009-10-13 19:59 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-13 19:59 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-13 19:59 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-13 19:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-22 13:45 . 2009-08-22 13:45 409600 ----a-w- c:\windows\system32\wrap_oal.dll 2009-08-22 13:45 . 2009-08-22 13:45 114688 ----a-w- c:\windows\system32\OpenAL32.dll 2009-08-22 13:39 . 2009-08-22 13:33 12846328 ----a-w- c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe 2009-08-22 13:33 . 2009-08-22 13:28 29616696 ----a-w- c:\programdata\Creative\Software Update\cache\Creative Sound Blaster USB Series Windows Vista Driver 1.01.0002__\USB_VTDRV_LB_1_01_0002.exe 2009-08-22 13:28 . 2009-08-22 13:23 37406376 ----a-w- c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe 2009-08-21 12:33 . 2009-08-21 12:33 6656 ----a-w- c:\windows\system32\kbd106n.dll 2009-08-19 17:31 . 2009-08-19 17:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-19 17:29 . 2009-08-19 17:29 61440 ----a-w- c:\windows\system32\winipsec.dll 2009-08-19 17:29 . 2009-08-19 17:29 272896 ----a-w- c:\windows\system32\polstore.dll 2009-08-19 16:59 . 2009-08-19 16:59 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-08-19 16:59 . 2009-08-19 16:59 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-08-19 16:59 . 2009-08-19 16:59 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-08-19 16:59 . 2009-08-19 16:59 34304 ----a-w- c:\windows\system32\atmlib.dll 2009-08-19 16:59 . 2009-08-19 16:59 23552 ----a-w- c:\windows\system32\lpk.dll 2009-08-19 16:59 . 2009-08-19 16:59 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-08-19 16:42 . 2009-08-19 16:42 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-19 16:23 . 2009-08-19 16:23 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-19 16:19 . 2009-08-19 16:19 136192 ----a-w- c:\windows\system32\aaclient.dll 2009-08-19 16:19 . 2009-08-19 16:19 53248 ----a-w- c:\windows\system32\tsgqec.dll 2009-08-19 16:19 . 2009-08-19 16:19 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-19 16:09 . 2009-08-19 16:09 2048 ----a-w- c:\windows\system32\msxml3r.dll 2009-08-19 15:45 . 2009-08-19 15:45 623616 ----a-w- c:\windows\system32\localspl.dll 2009-08-19 15:41 . 2009-08-19 15:41 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-19 15:41 . 2009-08-19 15:41 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-08-19 15:41 . 2009-08-19 15:41 65024 ----a-w- c:\windows\system32\avicap32.dll 2009-08-19 15:41 . 2009-08-19 15:41 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-08-19 15:41 . 2009-08-19 15:41 31232 ----a-w- c:\windows\system32\msvidc32.dll 2009-08-19 15:41 . 2009-08-19 15:41 12800 ----a-w- c:\windows\system32\msrle32.dll 2009-08-19 15:16 . 2009-08-19 15:16 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-08-19 15:16 . 2009-08-19 15:16 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-08-19 15:16 . 2009-08-19 15:16 9728 ----a-w- c:\windows\system32\lsass.exe 2009-08-19 15:16 . 2009-08-19 15:16 72704 ----a-w- c:\windows\system32\secur32.dll 2009-08-19 15:16 . 2009-08-19 15:16 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-08-19 15:16 . 2009-08-19 15:16 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2009-08-19 15:16 . 2009-08-19 15:16 270848 ----a-w- c:\windows\system32\schannel.dll 2009-08-19 15:06 . 2009-08-19 15:06 3466752 ----a-w- c:\windows\system32\NlsData0013.dll 2009-08-19 14:42 . 2009-08-19 14:42 37888 ----a-w- c:\windows\system32\printcom.dll 2009-08-19 14:40 . 2009-08-19 14:40 14848 ----a-w- c:\windows\system32\wshrm.dll 2009-08-19 14:39 . 2009-08-19 14:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-19 14:39 . 2009-08-19 14:39 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-19 14:39 . 2009-08-19 14:39 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-19 14:02 . 2009-08-19 14:02 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-08-19 13:44 . 2009-08-19 13:44 84480 ----a-w- c:\windows\system32\INETRES.dll 2009-08-19 13:41 . 2009-08-19 13:41 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-11-06 14:57 . 2009-11-06 14:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "VolPanel"="c:\program files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe" [2007-02-28 180224] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-06 30192] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-15 1097728] "WD Button Manager"="WDBtnMgr.exe" - c:\windows\System32\WDBtnMgr.exe [2009-08-19 364544] "Creative SB Monitoring Utility"="sbavmon.dll" - c:\windows\System32\SBAVMon.dll [2007-06-28 93696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-7-12 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoAutorun"= 1 (0x1) "DontSetAutoplayCheckbox"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\cwAgent.dll c:\windows\System32\APSHook.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-44494\Scripts\Logon] "Script"=\\nvgs-fs\scripts\elevscript.vbs [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):16,47,f5,f0,59,64,ca,01 R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [09.10.2006 12:31 44720] R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [29.03.2007 15:54 13696] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [18.04.2007 20:32 39080] R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [22.04.2007 15:25 5808] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [13.10.2009 08:26 143376] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [30.08.2009 00:48 21504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [30.08.2009 00:48 21504] R2 BC-Agent;cwBCClient;c:\windows\System32\cwClient.exe [26.09.2008 11:24 315392] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [22.04.2007 15:32 221184] R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [05.01.2007 02:00 18944] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12.07.2007 12:09 540448] R2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [03.05.2007 12:39 525680] R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [04.12.2006 15:13 292384] R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [13.10.2009 08:26 50704] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [22.06.2007 10:42 225808] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [22.06.2007 10:42 36368] R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [13.10.2009 08:26 235024] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.02.2007 13:52 179712] R3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftFSLH.sys [03.05.2007 12:40 559984] R3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys [03.05.2007 12:39 134000] R3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftVolLH.sys [03.05.2007 12:38 17776] R3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [03.05.2007 12:39 206192] S3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [16.10.2006 08:30 92800] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [06.11.2009 15:56 30192] S3 ksaud;Creative USB Audio Driver;c:\windows\System32\drivers\ksaud.sys [06.08.2007 15:36 422144] S4 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [22.06.2007 10:42 488768] S4 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [22.06.2007 10:42 652552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-11-14 c:\windows\Tasks\User_Feed_Synchronization-{846048E9-94EB-4C3A-9123-E456D1111FBF}.job - c:\windows\system32\msfeedssync.exe [2009-10-13 03:41] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.hp.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: %SystemRoot%\system32\wsck32.dll Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no FF - ProfilePath - c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(728) c:\windows\SbHpNp.dll - - - - - - - > 'Explorer.exe'(5652) c:\windows\System32\APSHook.dll c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\program files\Softricity\SoftGrid for Windows Desktops\sftshlx.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\agrsmsvc.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\windows\system32\ifxtcs.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\IfxPsdSv.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\Ati2evxx.exe c:\program files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe c:\program files\Hewlett-Packard\IAM\bin\asghost.exe c:\windows\System32\rundll32.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Tidspunkt ferdig: 2009-11-14 15:34 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-11-14 14:34 ComboFix2.txt 2009-11-06 17:39 ComboFix3.txt 2009-11-06 12:28 Pre-Run: 14 507 642 880 byte ledig Post-Run: 14 085 009 408 byte ledig - - End Of File - - D5EE07ABC0907BAE19D0CBFDDADE114F Lenke til kommentar
norbat Skrevet 14. november 2009 Del Skrevet 14. november 2009 Kan du kjøre combofix en gang til (bare dobbeltklikk på combofix-iconet). Post loggen. Lenke til kommentar
morgan_kane Skrevet 14. november 2009 Forfatter Del Skrevet 14. november 2009 ny logg ComboFix 09-11-14.03 - Jan-Robin 14.11.2009 18:15.4.2 - FAT32x86 Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.47.1044.18.1919.1163 [GMT 1:00] Kjører fra: c:\users\Jan-Robin\Desktop\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525} SP: Trend Micro OfficeScan Anti-spyware *disabled* (Updated) {6D124117-24A2-4555-BD42-A763D52CFEB2} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-14 til 2009-11-14 ))))))))))))))))))))))))))))))))) . 2009-11-14 17:30 . 2009-11-14 17:30 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-11-14 17:30 . 2009-11-14 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-14 17:30 . 2009-11-14 17:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2009-11-14 17:30 . 2009-11-14 17:30 -------- d-----w- c:\users\19041JABR5\AppData\Local\temp 2009-11-14 15:44 . 2009-11-14 15:51 4096 d-----w- c:\program files\ElastoManiaRegistered 2009-11-14 14:19 . 2009-11-14 17:30 4096 d-----w- c:\users\Jan-Robin\AppData\Local\temp 2009-11-13 21:58 . 2009-11-13 21:58 -------- d-----w- c:\programdata\CanonIJ 2009-11-13 21:58 . 2009-11-13 21:58 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Canon 2009-11-13 11:59 . 2009-11-13 11:59 -------- d-----w- c:\windows\system32\ca-ES 2009-11-13 11:59 . 2009-11-13 11:59 -------- d-----w- c:\windows\system32\eu-ES 2009-11-13 11:59 . 2009-11-13 11:59 -------- d-----w- c:\windows\system32\vi-VN 2009-11-13 11:16 . 2009-11-13 11:16 4096 d-----w- c:\windows\system32\EventProviders 2009-11-13 08:28 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-11-13 08:28 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll 2009-11-13 08:28 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe 2009-11-13 08:28 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll 2009-11-13 08:28 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe 2009-11-13 08:28 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2009-11-13 08:28 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll 2009-11-13 08:28 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys 2009-11-13 08:28 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll 2009-11-13 08:26 . 2009-04-11 06:28 502272 ----a-w- c:\windows\system32\usp10.dll 2009-11-13 08:25 . 2009-04-11 06:28 31232 ----a-w- c:\windows\system32\whealogr.dll 2009-11-13 08:24 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2009-11-13 08:24 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2009-11-13 08:24 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2009-11-13 08:24 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2009-11-13 08:24 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2009-11-13 08:24 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2009-11-13 08:24 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-11-13 08:24 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-11-13 08:23 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-11-13 08:23 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-11-13 08:22 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-11-12 07:38 . 2009-11-12 07:38 -------- d-sh--w- c:\windows\system32\%APPDATA% 2009-11-11 12:10 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-11 11:56 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 10:17 . 2009-11-13 10:36 4096 d-----w- c:\users\19041JABR5\.xmoto 2009-11-11 10:16 . 2009-11-13 23:40 4096 d-----w- c:\users\Jan-Robin\.xmoto 2009-11-11 10:16 . 2009-11-13 23:40 4096 d-----w- c:\program files\XMoto 2009-11-11 10:01 . 2009-11-11 10:01 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\gtk-2.0 2009-11-11 10:01 . 2009-11-11 10:01 4096 d-----w- c:\users\19041JABR5\AppData\Roaming\Inkscape 2009-11-11 09:57 . 2009-11-11 09:57 4096 d-----w- c:\users\Jan-Robin\AppData\Roaming\Inkscape 2009-11-11 09:44 . 2009-11-11 09:57 20480 d-----w- c:\program files\Inkscape 2009-11-10 19:14 . 2009-10-16 14:50 2520888 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\npTVUAx.dll 2009-11-10 19:14 . 2008-03-04 17:52 286720 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\libcurl.dll 2009-11-10 19:14 . 2007-10-31 08:39 59904 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\zlib1.dll 2009-11-10 19:14 . 2007-05-17 12:58 143360 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\libexpatw.dll 2009-11-10 19:14 . 2006-10-18 16:32 499712 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\msvcp71.dll 2009-11-10 19:14 . 2006-10-18 16:32 348160 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\msvcr71.dll 2009-11-10 19:14 . 2006-10-16 17:44 196608 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\ssleay32.dll 2009-11-10 19:14 . 2006-10-16 17:44 1028096 ----a-w- c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\libeay32.dll 2009-11-10 19:14 . 2009-11-10 19:14 -------- d-----w- c:\program files\Microsoft 2009-11-07 21:57 . 2009-11-07 22:17 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\ImgBurn 2009-11-07 21:43 . 2009-11-07 21:43 4096 d-----w- c:\program files\ImgBurn 2009-11-06 22:51 . 2009-11-06 22:51 -------- d-----w- c:\users\Jan-Robin\AppData\Local\TVU Networks 2009-11-06 22:51 . 2009-11-06 22:51 -------- d-----w- c:\programdata\TVU Networks 2009-11-06 17:02 . 2009-11-06 17:02 -------- d--h--w- c:\programdata\CanonIJSolutionMenu 2009-11-06 16:51 . 2009-11-06 16:51 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\CD-LabelPrint 2009-11-06 16:50 . 2009-11-06 16:51 -------- d-----w- c:\users\Jan-Robin\AppData\Local\Canon Easy-PhotoPrint EX 2009-11-06 16:50 . 2009-11-06 16:50 -------- d--h--w- c:\programdata\CanonIJEPPEX 2009-11-06 16:33 . 2009-11-06 16:33 -------- d--h--w- c:\programdata\CanonIJMyPrinter 2009-11-06 16:33 . 2009-11-06 17:05 4096 d-----w- c:\programdata\CanonIJPLM 2009-11-06 16:32 . 2009-04-28 14:41 303104 ----a-w- c:\windows\system32\CNC640L.dll 2009-11-06 16:32 . 2009-04-03 15:00 1310720 ----a-w- c:\windows\system32\CNC640C.dll 2009-11-06 16:32 . 2009-04-03 14:59 110592 ----a-w- c:\windows\system32\CNC640I.dll 2009-11-06 16:32 . 2009-04-03 14:57 106496 ----a-w- c:\windows\system32\CNC640U.dll 2009-11-06 16:32 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2009-11-06 16:26 . 2009-11-06 16:26 -------- d-----w- c:\program files\Common Files\CANON 2009-11-06 16:20 . 2009-11-06 16:20 -------- d--h--w- c:\programdata\CanonBJ 2009-11-06 16:17 . 2009-11-06 16:17 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2009-11-06 16:15 . 2009-05-26 04:00 272384 ----a-w- c:\windows\system32\CNMLMA2.DLL 2009-11-06 16:14 . 2009-03-18 00:09 178176 ----a-w- c:\windows\system32\CNMIUA2.DLL 2009-11-06 16:14 . 2009-11-06 16:14 -------- d--h--w- c:\program files\CanonBJ 2009-11-06 16:14 . 2009-11-06 16:14 4096 d-----w- c:\windows\system32\STRING 2009-11-06 16:14 . 2009-04-03 07:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL 2009-11-06 16:14 . 2009-04-03 07:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL 2009-11-06 16:13 . 2009-11-06 16:14 4096 d-----w- c:\windows\system32\CHM 2009-11-06 16:13 . 2009-11-06 16:33 4096 d-----w- c:\program files\Canon 2009-11-06 15:53 . 2009-11-06 15:53 -------- d-----w- c:\program files\Buypass 2009-11-06 14:57 . 2009-11-06 14:58 4096 d-----w- c:\program files\Picasa2 2009-11-06 14:56 . 2009-11-06 14:56 -------- d-----w- c:\program files\Western Digital 2009-11-06 11:54 . 2009-11-06 11:54 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Malwarebytes 2009-11-06 11:54 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-06 11:54 . 2009-11-06 11:54 -------- d-----w- c:\programdata\Malwarebytes 2009-11-06 11:54 . 2009-11-06 11:54 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-06 11:54 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-04 21:01 . 2009-11-04 21:01 4096 d-----w- c:\program files\Leo 2009-11-04 20:43 . 2009-11-06 09:23 8192 d-----w- C:\NYNO31 2009-10-28 13:50 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 13:50 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-25 14:20 . 2009-10-25 14:25 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Spotify 2009-10-25 14:20 . 2009-10-25 14:20 -------- d-----w- c:\users\19041JABR5\AppData\Local\Spotify 2009-10-24 18:28 . 2009-11-07 20:42 680 ----a-w- c:\users\Jan-Robin\AppData\Local\d3d9caps.dat 2009-10-20 06:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-20 06:38 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-20 06:38 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-20 06:38 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-20 06:37 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-20 06:37 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-20 06:37 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-20 06:37 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-20 06:37 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-17 10:40 . 2009-10-17 10:40 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-14 17:12 . 2009-08-19 13:12 98304 d-----w- c:\users\Jan-Robin\AppData\Roaming\uTorrent 2009-11-14 14:30 . 2006-11-21 05:21 88472 ----a-w- c:\windows\system32\perfc014.dat 2009-11-14 14:30 . 2006-11-21 05:21 484852 ----a-w- c:\windows\system32\perfh014.dat 2009-11-14 14:20 . 2007-07-12 09:22 1076 ----a-w- c:\windows\bthservsdp.dat 2009-11-14 13:50 . 2009-08-19 12:25 4096 d-----w- c:\users\Jan-Robin\AppData\Roaming\SoftGrid Client 2009-11-14 02:23 . 2009-08-19 17:10 4096 d-----w- c:\users\Jan-Robin\AppData\Roaming\vlc 2009-11-13 11:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-11-13 11:59 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery 2009-11-13 11:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender 2009-11-13 11:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-13 10:37 . 2009-08-27 13:17 4096 d-----w- c:\users\19041JABR5\AppData\Roaming\SoftGrid Client 2009-11-12 21:20 . 2009-08-31 07:24 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2009-11-12 07:46 . 2007-07-12 10:18 12288 d-----w- c:\programdata\Microsoft Help 2009-11-10 19:15 . 2009-08-19 12:49 4096 d-----w- c:\program files\Windows Live 2009-11-06 21:57 . 2009-08-19 17:01 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Spotify 2009-11-06 15:54 . 2007-07-12 10:33 8192 d--h--w- c:\program files\InstallShield Installation Information 2009-11-06 14:58 . 2007-07-12 11:10 4096 d-----w- c:\program files\Google 2009-11-02 19:42 . 2009-10-02 18:21 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 13:02 . 2009-08-28 20:23 12288 d-----w- c:\program files\Diablo II 2009-10-15 11:52 . 2009-10-14 08:46 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\DAEMON Tools Lite 2009-10-13 07:28 . 2009-08-19 12:25 -------- d-----w- c:\program files\Trend Micro 2009-10-09 09:38 . 2009-10-09 09:38 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Canneverbe_Limited 2009-10-08 12:59 . 2009-08-31 07:20 -------- d-----w- c:\program files\Common Files\TI Shared 2009-10-08 12:53 . 2009-10-08 12:53 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-01 21:09 . 2009-10-01 21:09 -------- d-----w- c:\users\Jan-Robin\AppData\Roaming\Canneverbe_Limited 2009-10-01 21:09 . 2009-10-01 21:09 -------- d-----w- c:\programdata\Canneverbe Limited 2009-10-01 21:09 . 2009-10-01 21:09 12288 d-----w- c:\program files\CDBurnerXP 2009-10-01 20:29 . 2009-10-01 20:29 -------- d-----w- c:\programdata\LightScribe 2009-09-25 08:35 . 2009-09-25 08:35 -------- d-----w- c:\users\19041JABR5\AppData\Roaming\Hewlett-Packard 2009-09-14 09:29 . 2009-10-13 19:58 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-14 08:12 . 2009-08-27 13:19 99864 ----a-w- c:\users\19041JABR5\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-12 21:49 . 2009-08-19 12:29 99864 ----a-w- c:\users\Jan-Robin\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-12 17:25 . 2009-08-28 20:34 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-09-10 16:48 . 2009-10-13 19:59 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 09:48 . 2009-09-25 08:35 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe 2009-09-10 09:48 . 2009-09-25 08:35 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll 2009-09-10 09:48 . 2009-09-25 08:35 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL 2009-09-04 11:41 . 2009-10-13 19:58 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-09-02 14:04 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2009-09-02 14:04 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2009-08-31 07:24 . 2009-08-31 07:24 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth2.dll 2009-08-31 07:24 . 2009-08-31 07:24 1024 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\grcauth1.dll 2009-08-29 00:27 . 2009-09-01 19:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-01 19:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 20:34 . 2009-08-28 20:26 36607 ----a-w- c:\windows\DIIUnin.dat 2009-08-28 20:26 . 2009-08-28 20:26 2829 ----a-w- c:\windows\DIIUnin.pif 2009-08-28 20:26 . 2009-08-28 20:26 94208 ----a-w- c:\windows\DIIUnin.exe 2009-08-28 20:14 . 2009-08-28 20:14 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-27 05:22 . 2009-10-13 19:59 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-13 19:59 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-13 19:59 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-13 19:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-22 13:45 . 2009-08-22 13:45 409600 ----a-w- c:\windows\system32\wrap_oal.dll 2009-08-22 13:45 . 2009-08-22 13:45 114688 ----a-w- c:\windows\system32\OpenAL32.dll 2009-08-22 13:39 . 2009-08-22 13:33 12846328 ----a-w- c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe 2009-08-22 13:33 . 2009-08-22 13:28 29616696 ----a-w- c:\programdata\Creative\Software Update\cache\Creative Sound Blaster USB Series Windows Vista Driver 1.01.0002__\USB_VTDRV_LB_1_01_0002.exe 2009-08-22 13:28 . 2009-08-22 13:23 37406376 ----a-w- c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe 2009-08-21 12:33 . 2009-08-21 12:33 6656 ----a-w- c:\windows\system32\kbd106n.dll 2009-08-19 17:31 . 2009-08-19 17:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-19 17:29 . 2009-08-19 17:29 61440 ----a-w- c:\windows\system32\winipsec.dll 2009-08-19 17:29 . 2009-08-19 17:29 272896 ----a-w- c:\windows\system32\polstore.dll 2009-08-19 16:59 . 2009-08-19 16:59 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-08-19 16:59 . 2009-08-19 16:59 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-08-19 16:59 . 2009-08-19 16:59 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-08-19 16:59 . 2009-08-19 16:59 34304 ----a-w- c:\windows\system32\atmlib.dll 2009-08-19 16:59 . 2009-08-19 16:59 23552 ----a-w- c:\windows\system32\lpk.dll 2009-08-19 16:59 . 2009-08-19 16:59 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-08-19 16:42 . 2009-08-19 16:42 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-19 16:23 . 2009-08-19 16:23 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-19 16:19 . 2009-08-19 16:19 136192 ----a-w- c:\windows\system32\aaclient.dll 2009-08-19 16:19 . 2009-08-19 16:19 53248 ----a-w- c:\windows\system32\tsgqec.dll 2009-08-19 16:19 . 2009-08-19 16:19 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-19 16:09 . 2009-08-19 16:09 2048 ----a-w- c:\windows\system32\msxml3r.dll 2009-08-19 15:45 . 2009-08-19 15:45 623616 ----a-w- c:\windows\system32\localspl.dll 2009-08-19 15:41 . 2009-08-19 15:41 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-19 15:41 . 2009-08-19 15:41 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-08-19 15:41 . 2009-08-19 15:41 65024 ----a-w- c:\windows\system32\avicap32.dll 2009-08-19 15:41 . 2009-08-19 15:41 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-08-19 15:41 . 2009-08-19 15:41 31232 ----a-w- c:\windows\system32\msvidc32.dll 2009-08-19 15:41 . 2009-08-19 15:41 12800 ----a-w- c:\windows\system32\msrle32.dll 2009-08-19 15:16 . 2009-08-19 15:16 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-08-19 15:16 . 2009-08-19 15:16 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-08-19 15:16 . 2009-08-19 15:16 9728 ----a-w- c:\windows\system32\lsass.exe 2009-08-19 15:16 . 2009-08-19 15:16 72704 ----a-w- c:\windows\system32\secur32.dll 2009-08-19 15:16 . 2009-08-19 15:16 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-08-19 15:16 . 2009-08-19 15:16 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2009-08-19 15:16 . 2009-08-19 15:16 270848 ----a-w- c:\windows\system32\schannel.dll 2009-08-19 15:06 . 2009-08-19 15:06 3466752 ----a-w- c:\windows\system32\NlsData0013.dll 2009-08-19 14:42 . 2009-08-19 14:42 37888 ----a-w- c:\windows\system32\printcom.dll 2009-08-19 14:40 . 2009-08-19 14:40 14848 ----a-w- c:\windows\system32\wshrm.dll 2009-08-19 14:39 . 2009-08-19 14:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-19 14:39 . 2009-08-19 14:39 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-19 14:39 . 2009-08-19 14:39 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-19 14:02 . 2009-08-19 14:02 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-08-19 13:44 . 2009-08-19 13:44 84480 ----a-w- c:\windows\system32\INETRES.dll 2009-08-19 13:41 . 2009-08-19 13:41 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-11-06 14:57 . 2009-11-06 14:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 149280] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "VolPanel"="c:\program files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe" [2007-02-28 180224] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-06 30192] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-15 1097728] "WD Button Manager"="WDBtnMgr.exe" - c:\windows\System32\WDBtnMgr.exe [2009-08-19 364544] "Creative SB Monitoring Utility"="sbavmon.dll" - c:\windows\System32\SBAVMon.dll [2007-06-28 93696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-7-12 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoAutorun"= 1 (0x1) "DontSetAutoplayCheckbox"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\cwAgent.dll c:\windows\System32\APSHook.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-44494\Scripts\Logon] "Script"=\\nvgs-fs\scripts\elevscript.vbs [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):16,47,f5,f0,59,64,ca,01 R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [09.10.2006 12:31 44720] R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [29.03.2007 15:54 13696] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [18.04.2007 20:32 39080] R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [22.04.2007 15:25 5808] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [13.10.2009 08:26 143376] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [30.08.2009 00:48 21504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [30.08.2009 00:48 21504] R2 BC-Agent;cwBCClient;c:\windows\System32\cwClient.exe [26.09.2008 11:24 315392] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [22.04.2007 15:32 221184] R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [05.01.2007 02:00 18944] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12.07.2007 12:09 540448] R2 sftlist;SoftGrid Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [03.05.2007 12:39 525680] R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [04.12.2006 15:13 292384] R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [13.10.2009 08:26 50704] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXpflt.sys [22.06.2007 10:42 225808] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreflt.sys [22.06.2007 10:42 36368] R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [13.10.2009 08:26 235024] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.02.2007 13:52 179712] R3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftFSLH.sys [03.05.2007 12:40 559984] R3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys [03.05.2007 12:39 134000] R3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\SftVolLH.sys [03.05.2007 12:38 17776] R3 sftvsa;SoftGrid Virtual Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [03.05.2007 12:39 206192] S3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [16.10.2006 08:30 92800] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [06.11.2009 15:56 30192] S3 ksaud;Creative USB Audio Driver;c:\windows\System32\drivers\ksaud.sys [06.08.2007 15:36 422144] S4 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [22.06.2007 10:42 488768] S4 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [22.06.2007 10:42 652552] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-11-14 c:\windows\Tasks\User_Feed_Synchronization-{846048E9-94EB-4C3A-9123-E456D1111FBF}.job - c:\windows\system32\msfeedssync.exe [2009-10-13 03:41] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.hp.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: %SystemRoot%\system32\wsck32.dll Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no FF - ProfilePath - c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: c:\users\Jan-Robin\AppData\Roaming\Mozilla\Firefox\Profiles\fdlxyeeq.default\extensions\[email protected]\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-14 18:30 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x843AB1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x843ab1f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(728) c:\windows\SbHpNp.dll - - - - - - - > 'Explorer.exe'(4248) c:\windows\System32\APSHook.dll c:\windows\system32\btmmhook.dll . Tidspunkt ferdig: 2009-11-14 18:35 ComboFix-quarantined-files.txt 2009-11-14 17:35 ComboFix2.txt 2009-11-14 14:34 ComboFix3.txt 2009-11-06 17:39 ComboFix4.txt 2009-11-06 12:28 Pre-Run: 8 156 393 472 byte ledig Post-Run: 8 123 838 464 byte ledig - - End Of File - - 17F3E217F9147BEFBEBA716E3746C350 Lenke til kommentar
norbat Skrevet 14. november 2009 Del Skrevet 14. november 2009 Ta en søk etter fila atapi.sys. List opp hvor fila ligger. Lenke til kommentar
morgan_kane Skrevet 14. november 2009 Forfatter Del Skrevet 14. november 2009 Finner ingenting. Fins det andre søkeprogram en windows man kan bruke for å finne den fila? Lenke til kommentar
norbat Skrevet 14. november 2009 Del Skrevet 14. november 2009 (endret) I mappealternativer fjerner du merket framfor "Skjul beskyttede operativsystemfiler". Søk på nytt. Edit: og sørg for å se "skjulte filer og mapper". Endret 14. november 2009 av norbat Lenke til kommentar
morgan_kane Skrevet 14. november 2009 Forfatter Del Skrevet 14. november 2009 Finner fortsatt ingenting.... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå