MenuM Skrevet 16. mars 2010 Del Skrevet 16. mars 2010 Tror jeg har fått virus på laptopen min. Jeg klarer ihvertfall ikke å bruke browsere lenger. Avg finner ikke noe virus, men jeg tror det er noe sånt det er. Har fått fikset pc'en min før her med hjelp fra dere til forklare hvilke program jeg må laste ned å kjøre, og poste en logg her. Husker ikke gjennomgangen av dette nå, så dere må ta det fra starten Håper ihvertfall på hjelp! Lenke til kommentar
MenuM Skrevet 16. mars 2010 Forfatter Del Skrevet 16. mars 2010 (endret) Takker. Logg kommer så fort som mulig. EDIT: Malware programet klarte ikke å oppdatere seg. Sikkert viruset sin feil. Kjører en skann uten å oppdatere. Endret 16. mars 2010 av MenuM Lenke til kommentar
norbat Skrevet 16. mars 2010 Del Skrevet 16. mars 2010 Evt. så kan du hente og installere oppdateringen manuelt: http://mbam.malwarebytes.org/database/mbam-rules.exe Lenke til kommentar
MenuM Skrevet 16. mars 2010 Forfatter Del Skrevet 16. mars 2010 (endret) Kjørte en runde uten oppdateringer. Logg: Malwarebytes' Anti-Malware 1.44 Databaseversjon: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 16.03.2010 22:36:37 mbam-log-2010-03-16 (22-36-37).txt Skanntype: Rask Skann Objekter skannet: 106483 Tid tilbakelagt: 5 minute(s), 14 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 5 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Olav Magne\Lokale innstillinger\Temp\zpskon_1268762942.exe (Worm.Koobface) -> Quarantined and deleted successfully. EDIT: Kan det være denne loggen dere trenger? Den kom opp etter at datamaskinen startet på nytt. Malwarebytes' Anti-Malware 1.44 Databaseversjon: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 16.03.2010 22:40:42 mbam-log-2010-03-16 (22-40-42).txt Skanntype: Rask Skann Objekter skannet: 1 Tid tilbakelagt: 4 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Endret 16. mars 2010 av MenuM Lenke til kommentar
raWrz Skrevet 16. mars 2010 Del Skrevet 16. mars 2010 Det er den første vi trenger. Prøv og oppdater MBAM og se om den finner noe mer Lenke til kommentar
MenuM Skrevet 16. mars 2010 Forfatter Del Skrevet 16. mars 2010 (endret) Det gjør jeg imorgen, poster combofix loggen når den blir ferdig nå, åsså er det rett til sengs! EDIT: Ser på denne tråden igjen imorgen, her kommer Combofix logg: ComboFix 10-03-16.02 - Olav Magne 16.03.2010 22:50:32.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.3062.2570 [GMT 1:00] Kjører fra: c:\documents and settings\Olav Magne\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\AegisP.inf c:\windows\bill104.exe c:\windows\lgo c:\windows\ligh c:\windows\system32\drivers\imapioko.sys c:\windows\system32\erokosvc.dll . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_APTO6KO -------\Legacy_CPQOKO6 -------\Service_apto6ko -------\Service_cpqoko6 ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-16 til 2010-03-16 ))))))))))))))))))))))))))))))))) . 2010-03-16 21:27 . 2010-03-16 21:27 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Malwarebytes 2010-03-16 21:27 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-16 21:27 . 2010-03-16 21:27 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-03-16 21:27 . 2010-03-16 21:27 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-03-16 21:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-16 17:39 . 2010-03-16 17:39 0 ----a-w- c:\documents and settings\Olav Magne\Lokale innstillinger\Programdata\rdr_1268761153.exe 2010-03-11 19:43 . 2010-03-11 19:43 -------- d-----w- C:\Video 2010-03-11 19:09 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-09 19:51 . 2010-03-09 19:51 -------- d-----w- c:\programfiler\MakeMKV 2010-03-06 15:47 . 2010-03-06 15:56 -------- d-----w- c:\documents and settings\Olav Magne\Lokale innstillinger\Programdata\Screamer Radio 2010-03-05 16:58 . 2010-03-05 16:58 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\no.nrk.p3nettradio.95D8431DEB77DCAE37AA727BFE972AF895AD1E34.1 2010-03-05 16:58 . 2010-03-05 16:58 -------- d-----w- c:\programfiler\P3nettradio 2010-03-05 16:58 . 2010-03-05 16:58 -------- d-----w- c:\programfiler\Fellesfiler\Adobe AIR 2010-03-05 00:11 . 2010-03-05 00:11 41872 ----a-w- c:\windows\system32\xfcodec.dll 2010-02-27 20:10 . 2010-03-06 15:56 -------- d-----w- c:\programfiler\DVDVideoSoft 2010-02-27 20:10 . 2010-03-06 15:56 -------- d-----w- c:\programfiler\Fellesfiler\DVDVideoSoft 2010-02-26 09:38 . 2010-03-16 18:25 -------- d--h--r- c:\documents and settings\Olav Magne\Siste 2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\programfiler\Microsoft Silverlight 2010-02-20 15:18 . 2010-02-25 15:49 -------- d-----w- C:\Program Files . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-16 21:45 . 2009-11-14 11:52 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\U3 2010-03-16 21:18 . 2009-06-22 20:30 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Xfire 2010-03-16 16:13 . 2009-06-23 18:12 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\uTorrent 2010-03-16 15:31 . 2009-06-23 18:04 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Spotify 2010-03-15 15:59 . 2009-08-14 17:55 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2010-03-15 15:59 . 2010-02-07 17:14 -------- d-----w- c:\programfiler\PokerStars 2010-03-12 14:31 . 2009-06-22 20:30 -------- d-----w- c:\programfiler\Xfire 2010-03-12 14:27 . 2009-10-17 20:35 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\vlc 2010-03-11 19:33 . 2009-09-17 10:53 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help 2010-03-10 19:16 . 2009-07-04 21:36 -------- d-----w- c:\programfiler\Steam 2010-03-07 21:10 . 2009-06-23 18:14 -------- d-----w- c:\programfiler\uTorrent 2010-03-07 19:30 . 2009-07-11 20:40 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-03-07 19:30 . 2009-07-11 20:40 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-03-05 16:58 . 2010-03-05 16:58 38784 ----a-w- c:\documents and settings\Olav Magne\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-03-05 16:58 . 2010-03-05 16:58 38784 ----a-w- c:\documents and settings\Default User\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-19 10:26 . 2009-07-09 11:42 -------- d-----w- c:\programfiler\Hewlett-Packard 2010-02-18 14:52 . 2009-07-04 17:16 -------- d-----w- c:\programfiler\Razor 2010-02-14 14:51 . 2010-01-29 20:55 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Skype 2010-02-14 13:27 . 2010-01-29 21:07 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\skypePM 2010-02-11 14:42 . 2001-10-09 12:00 76990 ----a-w- c:\windows\system32\perfc014.dat 2010-02-11 14:42 . 2001-10-09 12:00 438852 ----a-w- c:\windows\system32\perfh014.dat 2010-02-08 15:20 . 2009-07-06 16:13 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\dvdcss 2010-02-08 14:58 . 2010-02-08 14:58 -------- d-----w- c:\programfiler\Ask.com 2010-02-01 15:11 . 2009-06-22 20:00 -------- d-----w- c:\programfiler\Realtek 2010-01-31 20:59 . 2010-01-31 20:59 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Blitware 2010-01-31 20:59 . 2010-01-31 20:59 -------- d-----w- c:\programfiler\Driver Robot 2010-01-30 00:32 . 2009-06-24 17:14 -------- d-----w- c:\programfiler\AviSynth 2.5 2010-01-30 00:32 . 2009-06-24 17:14 -------- d-----w- c:\programfiler\pspvc 2010-01-29 21:07 . 2010-01-29 21:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-01-29 20:55 . 2010-01-29 20:55 -------- d-----w- c:\programfiler\Fellesfiler\Skype 2010-01-29 20:55 . 2010-01-29 20:55 -------- d-----r- c:\programfiler\Skype 2010-01-29 20:55 . 2010-01-29 20:55 -------- d-----w- c:\documents and settings\All Users\Programdata\Skype 2010-01-27 14:36 . 2009-08-04 19:03 -------- d-----w- c:\programfiler\Fellesfiler\Adobe 2010-01-27 10:37 . 2009-07-20 19:30 -------- d-----w- c:\programfiler\Winamp 2010-01-21 12:26 . 2010-01-21 12:16 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Autodesk 2010-01-21 12:24 . 2009-06-22 20:21 104200 ----a-w- c:\documents and settings\Olav Magne\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2010-01-21 12:22 . 2010-01-21 12:14 -------- d-----w- c:\programfiler\Fellesfiler\Autodesk Shared 2010-01-21 12:22 . 2010-01-21 12:16 -------- d-----w- c:\programfiler\AutoCAD 2007 2010-01-21 12:21 . 2010-01-21 12:21 -------- d-----w- c:\programfiler\AnswerWorks 4.0 2010-01-21 12:16 . 2010-01-21 12:16 -------- d-----w- c:\documents and settings\All Users\Programdata\Autodesk 2010-01-21 12:14 . 2010-01-21 12:14 -------- d-----w- c:\programfiler\Autodesk 2010-01-21 11:11 . 2010-01-19 17:15 -------- d-----w- c:\documents and settings\All Users\Programdata\Norton 2010-01-20 07:30 . 2010-01-20 07:23 -------- d-----w- c:\documents and settings\All Users\Programdata\OrdnettPluss 2010-01-20 07:27 . 2010-01-20 07:27 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Kunnskapsforlaget 2010-01-20 07:23 . 2010-01-20 07:23 -------- d-----w- c:\programfiler\Kunnskapsforlaget 2010-01-19 17:46 . 2010-02-01 15:11 358944 ----a-w- c:\windows\vncutil.exe 2010-01-19 17:46 . 2009-06-22 20:00 84512 ----a-w- c:\windows\SOUNDMAN.EXE 2010-01-19 17:46 . 2009-06-22 20:00 1833504 ----a-w- c:\windows\SkyTel.exe 2010-01-19 17:46 . 2009-06-22 20:00 1489440 ----a-w- c:\windows\RtlUpd.exe 2010-01-19 17:46 . 2009-06-22 20:00 9721888 ----a-w- c:\windows\RTLCPL.EXE 2010-01-19 17:46 . 2010-02-01 15:11 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2010-01-19 17:46 . 2010-02-01 15:11 129568 ----a-w- c:\windows\RtkAudioService.exe 2010-01-19 17:46 . 2009-06-22 20:00 18790432 ----a-w- c:\windows\RTHDCPL.EXE 2010-01-19 17:46 . 2009-06-22 20:00 2177568 ----a-w- c:\windows\MicCal.exe 2010-01-19 17:46 . 2009-06-22 20:00 2815520 ----a-w- c:\windows\ALCWZRD.EXE 2010-01-19 17:46 . 2010-01-31 21:05 64032 ----a-w- c:\windows\ALCMTR.EXE 2010-01-19 17:36 . 2009-06-22 20:00 5818400 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2010-01-19 17:15 . 2010-01-19 17:15 -------- d-----w- c:\documents and settings\All Users\Programdata\Symantec 2010-01-19 17:15 . 2010-01-19 17:15 -------- d-----w- c:\documents and settings\All Users\Programdata\NortonInstaller 2010-01-19 16:46 . 2010-01-19 16:45 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\ManyCam 2010-01-17 14:25 . 2010-01-17 14:25 -------- d-----w- c:\programfiler\Combined Community Codec Pack 2010-01-13 12:17 . 2009-06-22 20:00 1247776 ----a-w- c:\windows\RtlExUpd.dll 2010-01-10 20:45 . 2009-06-23 19:43 114688 ----a-w- c:\documents and settings\Olav Magne\Programdata\Soldat\Battleye\BEClient.dll 2009-12-31 16:50 . 2008-04-13 10:15 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:10 . 2008-05-07 16:50 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-17 07:42 . 2009-06-22 19:37 344064 ----a-w- c:\windows\system32\mspaint.exe . ------- Sigcheck ------- [-] 2008-05-07 . 3F8D90D6F8109035CF796073BA850617 . 1573376 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-09-02 13:56 1175944 ----a-w- c:\programfiler\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 951856] "IntelZeroConfig"="c:\programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 819200] "IntelWireless"="c:\programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 970752] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-11-10 417792] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\Olav Magne\Start-meny\Programmer\Oppstart\ SuperF4.lnk - c:\programfiler\SuperF4\SuperF4.exe [2009-1-13 13312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-18 07:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^Olav Magne^Start-meny^Programmer^Oppstart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Olav Magne\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-02-21 23:46 1217872 ----a-w- c:\programfiler\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-01-13 22:44 37888 ----a-w- c:\programfiler\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= "c:\\Programfiler\\Xfire\\Xfire.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Soldat\\Soldat.exe"= "c:\\Programfiler\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Steam\\steamapps\\olavmagne\\team fortress 2\\hl2.exe"= "c:\\Programfiler\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Programfiler\\BitTornado\\btdownloadgui.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programfiler\\Steam\\steamapps\\aldomonrad\\counter-strike\\hl.exe"= "c:\\LiberKey\\Apps\\Emule\\App\\Emule\\emule.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Olav Magne\\Mine dokumenter\\Spel\\CS\\hl.exe"= "c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programfiler\\pspvc\\PSPVC (Server).exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:OKOToGate R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [22.06.2009 21:05 9856] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.07.2009 12:35 721904] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22.06.2009 21:21 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22.06.2009 21:21 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22.06.2009 21:21 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22.06.2009 21:21 297752] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.02.2010 16:11 1691480] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?] S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [26.01.2007 19:05 61600] S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [26.01.2007 19:06 9392] S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [26.01.2007 19:06 97152] S3 sea3mgmt;Sony Ericsson Device 0A3 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea3mgmt.sys [26.01.2007 19:07 88656] S3 sea3nd5;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (NDIS);c:\windows\system32\drivers\sea3nd5.sys [26.01.2007 19:05 18736] S3 sea3obex;Sony Ericsson Device 0A3 USB WMC OBEX Interface;c:\windows\system32\drivers\sea3obex.sys [26.01.2007 19:08 86464] S3 sea3unic;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (WDM);c:\windows\system32\drivers\sea3unic.sys [26.01.2007 19:04 90832] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] tapisrvs REG_MULTI_SZ cpqoko6 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-01-31 c:\windows\Tasks\Driver Robot.job - c:\programfiler\Driver Robot\1.2.0.5\DriverRobot.exe [2010-01-31 07:53] 2010-03-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programfiler\Ask.com\UpdateTask.exe [2009-09-02 13:56] 2010-03-16 c:\windows\Tasks\updater.exe.job - c:\programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe [2009-08-11 12:30] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-SMBTray - c:\program files\Compal\Smart Battery\SMBTray.exe HKLM-Run-KTPWare - c:\programfiler\Elantech\ktp.exe MSConfigStartUp-uTorrent - c:\documents and settings\Olav Magne\Skrivebord\utorrent.exe AddRemove-DAEMON Tools Toolbar - c:\programfiler\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-16 23:00 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spmi.sys >>UNKNOWN [0x8A1AB938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28 \Driver\ACPI -> ACPI.sys @ 0xf7495cb8 \Driver\atapi -> atapi.sys @ 0xf7978b40 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1 NDIS: Intel® Wireless WiFi Link 4965AGN -> SendCompleteHandler -> NDIS.sys @ 0xba65fbb0 PacketIndicateHandler -> NDIS.sys @ 0xba64ea0d SendHandler -> NDIS.sys @ 0xba662b40 user & kernel MBR OK ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(2984) c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Intel\Wireless\Bin\EvtEng.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\programfiler\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\programfiler\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Tidspunkt ferdig: 2010-03-16 23:05:51 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-03-16 22:05 Pre-Run: 15 733 104 640 byte ledig Post-Run: 15 776 665 600 byte ledig - - End Of File - - 741753DB4704B7D91785B6B60179DA2F Endret 16. mars 2010 av MenuM Lenke til kommentar
Tanner Skrevet 17. mars 2010 Del Skrevet 17. mars 2010 Kjørte en ny runde med oppdatert malwarebytes nå. Logg: Malwarebytes' Anti-Malware 1.44 Databaseversjon: 3875 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17.03.2010 10:13:40 mbam-log-2010-03-17 (10-13-40).txt Skanntype: Rask Skann Objekter skannet: 116870 Tid tilbakelagt: 5 minute(s), 26 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
norbat Skrevet 17. mars 2010 Del Skrevet 17. mars 2010 Hent OTL.exe, legg det på skrivebordet. Start OTL Lim inn følgende i 'Custom scans/fixes' : netsvcs %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT Klikk 'RUN SCAN' og post loggen Lenke til kommentar
Tanner Skrevet 18. mars 2010 Del Skrevet 18. mars 2010 Fikk 2 logger. OTL.Txt: OTL logfile created on: 18.03.2010 16:16:05 - Run 1 OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Olav Magne\Skrivebord Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 111,79 Gb Total Space | 14,66 Gb Free Space | 13,11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OLAV-F6E9030C6F Current User Name: Olav Magne Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.03.18 16:15:37 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Olav Magne\Skrivebord\OTL.exe PRC - [2010.03.05 17:58:34 | 000,095,232 | ---- | M] () -- C:\Programfiler\P3nettradio\P3nettradio.exe PRC - [2010.03.05 01:11:18 | 003,233,168 | ---- | M] (Xfire Inc.) -- C:\Programfiler\Xfire\Xfire.exe PRC - [2009.12.12 13:13:03 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgtray.exe PRC - [2009.11.20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Programfiler\Opera\opera.exe PRC - [2009.08.28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.08.18 08:30:10 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgcsrvx.exe PRC - [2009.08.18 08:30:10 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgrsx.exe PRC - [2009.08.18 08:30:07 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgnsx.exe PRC - [2009.08.18 08:30:04 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgemc.exe PRC - [2009.08.18 08:29:56 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgwdsvc.exe PRC - [2009.07.13 22:18:12 | 000,071,096 | ---- | M] () -- C:\Programfiler\CDBurnerXP\NMSAccessU.exe PRC - [2009.02.06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Contacts\wlcomm.exe PRC - [2009.01.13 01:06:00 | 000,013,312 | ---- | M] (Stefan Sundin) -- C:\Programfiler\SuperF4\SuperF4.exe PRC - [2008.04.14 08:22:50 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.05.03 16:51:06 | 000,951,856 | ---- | M] () -- C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe PRC - [2007.04.23 17:55:30 | 000,190,000 | ---- | M] (Compal Electronics, Inc.) -- C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe PRC - [2007.04.16 10:33:18 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe PRC - [2007.04.16 10:24:32 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Programfiler\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007.04.16 10:22:16 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Programfiler\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007.04.16 10:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007.04.16 10:17:58 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2007.04.16 10:14:24 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007.01.17 07:34:18 | 000,634,880 | R--- | M] (Motorola Inc.) -- C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2004.08.09 06:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe ========== Modules (SafeList) ========== MOD - [2010.03.18 16:15:37 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Olav Magne\Skrivebord\OTL.exe MOD - [2010.03.05 01:11:26 | 000,942,480 | ---- | M] (Xfire Inc.) -- C:\Programfiler\Xfire\xfire_toucan_41783.dll MOD - [2009.02.19 15:49:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll MOD - [2008.04.14 08:22:34 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.01.21 13:22:25 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.08.28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.08.18 08:30:04 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programfiler\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009.08.18 08:29:56 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programfiler\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009.07.13 22:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programfiler\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.04.16 10:33:18 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2007.04.16 10:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2007.04.16 10:14:24 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2006.10.26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010.01.19 18:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.08.18 08:30:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009.08.18 08:30:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009.07.25 12:35:40 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.06.22 21:21:40 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009.01.21 11:42:56 | 006,278,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008.04.13 08:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.04.30 05:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel® DRV - [2007.03.29 14:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007.03.14 09:16:40 | 000,009,856 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC) DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.26 19:08:02 | 000,086,464 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea3obex.sys -- (sea3obex) DRV - [2007.01.26 19:07:12 | 000,088,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea3mgmt.sys -- (sea3mgmt) Sony Ericsson Device 0A3 USB WMC Device Management Drivers (WDM) DRV - [2007.01.26 19:06:24 | 000,097,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea3mdm.sys -- (sea3mdm) DRV - [2007.01.26 19:06:20 | 000,009,392 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea3mdfl.sys -- (sea3mdfl) DRV - [2007.01.26 19:05:32 | 000,061,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea3bus.sys -- (sea3bus) Sony Ericsson Device 0A3 driver (WDM) DRV - [2007.01.26 19:05:00 | 000,018,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea3nd5.sys -- (sea3nd5) Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (NDIS) DRV - [2007.01.26 19:04:54 | 000,090,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea3unic.sys -- (sea3unic) Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (WDM) DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.17 07:38:52 | 000,983,936 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2006.11.18 09:55:26 | 000,027,776 | R--- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ktp.sys -- (Ktp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [2009.07.20 21:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olav Magne\Programdata\Mozilla\Extensions [2009.07.20 21:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Olav Magne\Programdata\Mozilla\Extensions\[email protected] O1 HOSTS File: ([2010.03.16 22:59:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Påloggingshjelp for Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programfiler\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programfiler\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programfiler\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe ARM] C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG8_TRAY] C:\Programfiler\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [iSUSPM Startup] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [sMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [WLSS] C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe (Compal Electronics, Inc.) O4 - HKLM..\Run: [Wow Video&Audio] C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe () O4 - Startup: C:\Documents and Settings\Olav Magne\Start-meny\Programmer\Oppstart\SuperF4.lnk = C:\Programfiler\SuperF4\SuperF4.exe (Stefan Sundin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Fellesfiler\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.22 20:42:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.06.22 20:41:28 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (55453907601588224) ========== Files/Folders - Created Within 30 Days ========== [2010.03.18 16:15:32 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Olav Magne\Skrivebord\OTL.exe [2010.03.16 22:49:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.03.16 22:49:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.03.16 22:49:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.03.16 22:49:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.03.16 22:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.03.16 22:46:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.03.16 22:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olav Magne\Programdata\Malwarebytes [2010.03.16 22:27:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.16 22:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Malwarebytes [2010.03.16 22:27:41 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.03.16 22:27:41 | 000,000,000 | ---D | C] -- C:\Programfiler\Malwarebytes' Anti-Malware [2010.03.16 22:27:13 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Olav Magne\Skrivebord\mbam-setup.exe [2010.03.11 20:43:22 | 000,000,000 | ---D | C] -- C:\Video [2010.03.11 20:09:25 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.03.09 20:51:31 | 000,000,000 | ---D | C] -- C:\Programfiler\MakeMKV [2010.03.06 16:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\Screamer Radio [2010.03.06 13:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olav Magne\Skrivebord\Cd uodated [2010.03.05 17:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olav Magne\Programdata\no.nrk.p3nettradio.95D8431DEB77DCAE37AA727BFE972AF895AD1E34.1 [2010.03.05 17:58:35 | 000,000,000 | ---D | C] -- C:\Programfiler\P3nettradio [2010.03.05 17:58:12 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Adobe AIR [2010.02.27 21:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Olav Magne\Mine dokumenter\DVDVideoSoft [2010.02.27 21:10:42 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\DVDVideoSoft [2010.02.27 21:10:42 | 000,000,000 | ---D | C] -- C:\Programfiler\DVDVideoSoft [2010.02.26 10:38:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Olav Magne\Siste [2010.02.24 10:42:07 | 000,000,000 | ---D | C] -- C:\Programfiler\Microsoft Silverlight [2010.02.20 16:18:08 | 000,000,000 | ---D | C] -- C:\Program Files [2010.02.19 11:26:10 | 000,266,240 | ---- | C] (HP) -- C:\WINDOWS\System32\hpdj3500 [2009.10.21 12:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Google [2009.10.21 12:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Google [2009.06.22 21:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Programdata\Xfire [2009.06.22 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Programdata\Intel [2009.06.22 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Programdata\Intel [2009.06.22 20:41:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Programdata\Microsoft [2009.06.22 20:41:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft [2009.06.22 20:41:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Programdata\Microsoft [2009.06.22 20:41:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.03.18 16:15:37 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Olav Magne\Skrivebord\OTL.exe [2010.03.18 16:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.03.18 15:26:23 | 000,004,688 | -H-- | M] () -- C:\Documents and Settings\Olav Magne\Mine dokumenter\WVAProp.xml [2010.03.18 12:11:14 | 057,309,762 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.03.18 12:09:43 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\updater.exe.job [2010.03.18 12:09:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.03.18 12:09:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.03.18 12:09:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.03.17 22:01:30 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Olav Magne\NTUSER.DAT [2010.03.17 22:01:24 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Olav Magne\ntuser.ini [2010.03.16 23:00:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.03.16 22:59:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.03.16 22:45:10 | 003,893,109 | R--- | M] () -- C:\Documents and Settings\Olav Magne\Skrivebord\ComboFix.exe [2010.03.16 22:27:46 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk [2010.03.16 22:26:18 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Olav Magne\Skrivebord\mbam-setup.exe [2010.03.16 18:39:15 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\010112010146111103.xxe [2010.03.16 18:39:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\rdr_1268761153.exe [2010.03.10 20:55:11 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.09 20:51:34 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Olav Magne\Skrivebord\MakeMKV.lnk [2010.03.08 17:34:25 | 003,776,340 | -H-- | M] () -- C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\IconCache.db [2010.03.07 20:30:18 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.03.07 20:30:04 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.03.05 01:11:22 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll [2010.02.22 00:51:28 | 000,300,468 | ---- | M] () -- C:\Documents and Settings\Olav Magne\Skrivebord\1266796106180.jpg [2010.02.19 11:26:19 | 000,028,808 | ---- | M] () -- C:\WINDOWS\hpdj3500.his [2010.02.19 11:26:19 | 000,004,588 | ---- | M] () -- C:\WINDOWS\hpdj3500.ini [2010.02.19 11:24:53 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini [2010.02.19 11:24:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.02.18 18:29:48 | 000,008,590 | ---- | M] () -- C:\Documents and Settings\Olav Magne\Mine dokumenter\Fortjeneste av salg..xlsx [2010.02.18 09:46:09 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Aware35.mch [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.03.16 22:49:15 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.03.16 22:49:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.03.16 22:49:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.03.16 22:49:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.03.16 22:49:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.03.16 22:45:29 | 003,893,109 | R--- | C] () -- C:\Documents and Settings\Olav Magne\Skrivebord\ComboFix.exe [2010.03.16 22:27:46 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk [2010.03.16 18:39:15 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\010112010146111103.xxe [2010.03.16 18:39:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\rdr_1268761153.exe [2010.03.09 20:51:34 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\Olav Magne\Skrivebord\MakeMKV.lnk [2010.03.05 01:11:22 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010.02.22 00:51:32 | 000,300,468 | ---- | C] () -- C:\Documents and Settings\Olav Magne\Skrivebord\1266796106180.jpg [2010.02.19 11:25:27 | 000,221,318 | ---- | C] () -- C:\WINDOWS\hpdj3500.hi1 [2010.02.19 11:25:27 | 000,010,512 | ---- | C] () -- C:\WINDOWS\hpdj3500.bu1 [2010.02.18 18:29:47 | 000,008,590 | ---- | C] () -- C:\Documents and Settings\Olav Magne\Mine dokumenter\Fortjeneste av salg..xlsx [2010.01.20 08:24:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\GetWord.ini [2009.10.04 21:08:34 | 000,000,292 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.10.01 09:31:40 | 000,000,034 | ---- | C] () -- C:\WINDOWS\A35W.INI [2009.09.29 17:48:42 | 000,163,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\FontCache3.0.0.0.dat [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009.07.25 12:35:38 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.07.11 21:40:27 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.07.11 18:15:35 | 000,000,286 | ---- | C] () -- C:\WINDOWS\game.ini [2009.07.09 12:41:44 | 000,004,588 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini [2009.07.04 20:24:30 | 000,000,261 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009.06.24 18:14:21 | 000,000,021 | ---- | C] () -- C:\WINDOWS\pspvc_path.ini [2009.06.23 17:35:18 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Olav Magne\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.22 21:07:18 | 000,910,464 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2009.06.22 21:07:18 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll [2009.06.22 21:05:19 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL [2009.06.22 21:05:19 | 000,009,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\EMSC.sys ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 08:36:46 | 020,093,382 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 08:36:46 | 020,093,382 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 08:22:02 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=1DEE1BCE9C5D28C8B27ABC9479924662 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 08:22:02 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=1DEE1BCE9C5D28C8B27ABC9479924662 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 08:22:02 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=1DEE1BCE9C5D28C8B27ABC9479924662 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 08:22:16 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=80737F0F8AC70F5D3EB15FF4A517E760 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 08:22:16 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=80737F0F8AC70F5D3EB15FF4A517E760 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 08:22:16 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=80737F0F8AC70F5D3EB15FF4A517E760 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 08:22:20 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=81AEB70FCAB84F24BAC4FE2059A28306 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 08:22:20 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=81AEB70FCAB84F24BAC4FE2059A28306 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 08:22:20 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=81AEB70FCAB84F24BAC4FE2059A28306 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > ========== Files - Unicode (All) ========== [2010.02.10 21:01:56 | 001,328,215 | ---- | M] ()(C:\Documents and Settings\Olav Magne\Skrivebord\PKM-356-09-A5-Bokm?l web 01.10 - LR.pdf) -- C:\Documents and Settings\Olav Magne\Skrivebord\PKM-356-09-A5-Bokm�l web 01.10 - LR.pdf [2010.02.10 21:01:55 | 001,328,215 | ---- | C] ()(C:\Documents and Settings\Olav Magne\Skrivebord\PKM-356-09-A5-Bokm?l web 01.10 - LR.pdf) -- C:\Documents and Settings\Olav Magne\Skrivebord\PKM-356-09-A5-Bokm�l web 01.10 - LR.pdf ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:05EE1EEF < End of report > Extras.Txt: OTL Extras logfile created on: 18.03.2010 16:16:05 - Run 1 OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Olav Magne\Skrivebord Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler Drive C: | 111,79 Gb Total Space | 14,66 Gb Free Space | 13,11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OLAV-F6E9030C6F Current User Name: Olav Magne Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Programfiler\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Programfiler\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programfiler\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programfiler\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programfiler\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programfiler\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programfiler\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "8085:TCP" = 8085:TCP:*:Enabled:OKOToGate ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programfiler\AVG\AVG8\avgemc.exe" = C:\Programfiler\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Programfiler\AVG\AVG8\avgupd.exe" = C:\Programfiler\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Programfiler\AVG\AVG8\avgnsx.exe" = C:\Programfiler\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Programfiler\Xfire\Xfire.exe" = C:\Programfiler\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Programfiler\Spotify\spotify.exe" = C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB) "C:\Programfiler\uTorrent\uTorrent.exe" = C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Soldat\Soldat.exe" = C:\Soldat\Soldat.exe:*:Enabled:http://soldat.pl -- (Michal Marcinkowski) "C:\Programfiler\EA Games\Ultima Online Mondain's Legacy\client.exe" = C:\Programfiler\EA Games\Ultima Online Mondain's Legacy\client.exe:*:Enabled:client -- (Electronic Arts) "C:\Programfiler\Ventrilo\Ventrilo.exe" = C:\Programfiler\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.) "C:\Programfiler\Steam\steamapps\olavmagne\team fortress 2\hl2.exe" = C:\Programfiler\Steam\steamapps\olavmagne\team fortress 2\hl2.exe:*:Enabled:hl2 -- () "C:\Programfiler\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Programfiler\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- () "C:\Programfiler\BitTornado\btdownloadgui.exe" = C:\Programfiler\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- () "C:\Programfiler\VideoLAN\VLC\vlc.exe" = C:\Programfiler\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () "C:\Programfiler\Steam\steamapps\aldomonrad\counter-strike\hl.exe" = C:\Programfiler\Steam\steamapps\aldomonrad\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "C:\LiberKey\Apps\Emule\App\Emule\emule.exe" = C:\LiberKey\Apps\Emule\App\Emule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "C:\Programfiler\Opera\opera.exe" = C:\Programfiler\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Documents and Settings\Olav Magne\Mine dokumenter\Spel\CS\hl.exe" = C:\Documents and Settings\Olav Magne\Mine dokumenter\Spel\CS\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "C:\Programfiler\pspvc\PSPVC (Server).exe" = C:\Programfiler\pspvc\PSPVC (Server).exe:*:Enabled:PSPVC (Server) -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0DFC4415-8E8F-4ADB-8A0B-2F314A8FD14D}" = Windows Live Messenger "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Opplastingsverktøy for Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 17 "{3294BA9C-F0FB-6704-DCDF-95966DE39D3E}" = P3nettradio "{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4A0DDA-2AAE-4467-A803-BF2520CD3D06}" = Påloggingsassistent for Windows Live "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{42F46A4E-1662-473F-A210-C5BB3BD385CC}" = Windows Workflow Foundation NO Language Pack "{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery "{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{647D0FAC-321B-4F77-9594-C2589FDEB84F}" = Multicad 2010.1 "{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A3B0503-7DF4-4BE7-BC75-F6B02AC78C06}" = Windows Live Essentials "{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90120000-0010-0414-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Norwegian (Bokmål)) 12 "{90120000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2007 "{90120000-0015-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 "{90120000-0016-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 "{90120000-0018-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007 "{90120000-0019-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007 "{90120000-001A-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 "{90120000-001B-0414-0000-0000000FF1CE}_PROHYBRIDR_{A651C900-ADDD-4CE1-8C66-25473194F530}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007 "{90120000-001F-0414-0000-0000000FF1CE}_PROHYBRIDR_{D3413506-02DD-4918-AB8B-A9939A14C2E8}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007 "{90120000-001F-0814-0000-0000000FF1CE}_PROHYBRIDR_{1B70EF07-15AB-483B-B7DE-C60584A3F518}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2007 "{90120000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 "{90120000-006E-0414-0000-0000000FF1CE}_PROHYBRIDR_{1F005547-336E-439D-846F-CE37BD507012}" = Microsoft Office 2007 Service Pack 2 (SP2) "{902CEC41-C247-4C17-AC90-770D8A471FF8}" = Opera 10.00 "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AC2DD076-C5AB-49E6-9947-9447A7B57837}" = Microsoft .NET Framework 3.0 Norwegian (Bokmal) Language Pack "{AC76BA86-7AD7-1044-7B44-A93000000001}" = Adobe Reader 9.3 - Norsk "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B0534960-A7E2-4FFD-8E27-51B4B188633F}" = Windows Presentation Foundation Language Pack (NOR) "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF7C2683-9FBE-4223-84E7-43FED4912CD5}" = Microsoft .NET Framework 2.0 Language Pack - NOR "{CFF267C4-CF35-4A7D-8EA4-67E8CFF8541B}" = Ordnett Pluss "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2 "{D0AB7E3E-C95D-41B4-AE49-4F45C8FE3C65}" = Windows Communication Foundation Language Pack - NOR "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{DA2A851C-6E2B-4677-9DA5-5ED9A3B227E2}" = Quake Live Internet Explorer Plugin "{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Autodesk DWF Viewer" = Autodesk DWF Viewer "AVG8Uninstall" = AVG Free 8.5 "AviSynth" = AviSynth 2.5 "BitTornado" = BitTornado 0.3.18 "CCleaner" = CCleaner "Combined Community Codec Pack BETA_is1" = Combined Community Codec Pack BETA 2009-09-19 "Desperados 1.0" = Desperados 1.0 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Elantech" = KTP Ware PS/2-x86 5.0.3.13 "Fraps" = Fraps (remove only) "HDMI" = Intel® Graphics Media Accelerator Driver "Icy Tower v1.4_is1" = Icy Tower v1.4 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch "InstallShield_{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery "InstallShield_{647D0FAC-321B-4F77-9594-C2589FDEB84F}" = Multicad 2010.1 "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2 "InstallShield_{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility "Kiso Application" = Kiso Application "MakeMKV" = MakeMKV v1.5.0_beta "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0 Language Pack - NOR" = Microsoft .NET Framework 2.0 Language Pack - NOR "Microsoft .NET Framework 3.0 Norwegian (Bokmal) Language Pack" = Språkpakke for norsk (bokmål) for Microsoft .NET Framework 3.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "no.nrk.p3nettradio.95D8431DEB77DCAE37AA727BFE972AF895AD1E34.1" = P3nettradio "PokerStars" = PokerStars "PROHYBRIDR" = 2007 Microsoft Office system "ProInst" = Intel® PROSet/Wireless-programvare "PSPVC" = PSPVC :: PSP Video Converter v3.75 "PunkBusterSvc" = PunkBuster Services "SMSERIAL" = Motorola SM56 Data Fax Modem "Soldat_is1" = Soldat 1.5.0 "Spotify" = Spotify "StarCraft" = StarCraft "Steam App 440" = Team Fortress 2 "SuperF4" = SuperF4 "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.2 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Arkiverer "Xfire" = Xfire (remove only) "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "sc10-NRK_MAIN" = Ski Challenge 2010 (NRK) "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.12.2009 18:36:05 | Computer Name = OLAV-F6E9030C6F | Source = Google Update | ID = 20 Description = Error - 02.12.2009 04:36:05 | Computer Name = OLAV-F6E9030C6F | Source = Google Update | ID = 20 Description = Error - 02.12.2009 05:36:05 | Computer Name = OLAV-F6E9030C6F | Source = Google Update | ID = 20 Description = Error - 02.12.2009 06:36:05 | Computer Name = OLAV-F6E9030C6F | Source = Google Update | ID = 20 Description = Error - 02.12.2009 08:36:05 | Computer Name = OLAV-F6E9030C6F | Source = Google Update | ID = 20 Description = Error - 02.12.2009 10:47:53 | Computer Name = OLAV-F6E9030C6F | Source = Application Error | ID = 1000 Description = Feilende program winamp.exe, versjon 5.5.6.2512, feilende modul ntdll.dll, versjon 5.1.2600.5755, feiladresse 0x0001b21a. Error - 03.12.2009 07:14:09 | Computer Name = OLAV-F6E9030C6F | Source = Application Error | ID = 1000 Description = Feilende program speed.exe, versjon 0.0.0.0, feilende modul speed.exe, versjon 0.0.0.0, feiladresse 0x0000d623. Error - 03.12.2009 07:14:31 | Computer Name = OLAV-F6E9030C6F | Source = Application Error | ID = 1000 Description = Feilende program speed.exe, versjon 0.0.0.0, feilende modul speed.exe, versjon 0.0.0.0, feiladresse 0x0000d623. Error - 03.12.2009 07:14:41 | Computer Name = OLAV-F6E9030C6F | Source = Application Error | ID = 1000 Description = Feilende program speed.exe, versjon 0.0.0.0, feilende modul speed.exe, versjon 0.0.0.0, feiladresse 0x0000d623. Error - 06.12.2009 16:37:56 | Computer Name = OLAV-F6E9030C6F | Source = WindowsLiveMessenger | ID = 15728647 Description = [ System Events ] Error - 15.03.2010 12:00:21 | Computer Name = OLAV-F6E9030C6F | Source = Dhcp | ID = 1002 Description = IP-adresseleasingavtalen 192.168.0.2 for nettverkskortet med nettverksadressen 0013E8647FB7 ble avslått av DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-melding). Error - 15.03.2010 14:33:54 | Computer Name = OLAV-F6E9030C6F | Source = ACPIEC | ID = 327681 Description = \Device\ACPIEC: Maskinvaren for innebygd kontroller (EC) svarte ikke innen perioden for tidsavbrudd. Dette kan bety at det er en feil i EC-maskinvaren eller fastvaren, eller muligens en dårlig utviklet BIOS som åpnet EC på en usikker måte. EC-driveren prøver den mislykkede transaksjonen på nytt om mulig. Error - 16.03.2010 17:38:40 | Computer Name = OLAV-F6E9030C6F | Source = sr | ID = 1 Description = Systemgjenopprettingsfilteret fikk den uventede feilen 0xC0000001 under behandling av filen på volum HarddiskVolume1. Det har sluttet å overvåke volumet. Error - 16.03.2010 17:46:56 | Computer Name = OLAV-F6E9030C6F | Source = Service Control Manager | ID = 7034 Description = Tjenesten AVG Free8 E-mail Scanner stoppet uventet. Dette har skjedd 1 gang(er). Error - 16.03.2010 17:47:08 | Computer Name = OLAV-F6E9030C6F | Source = Service Control Manager | ID = 7034 Description = Tjenesten AVG Free8 E-mail Scanner stoppet uventet. Dette har skjedd 2 gang(er). Error - 16.03.2010 17:57:47 | Computer Name = OLAV-F6E9030C6F | Source = PlugPlayManager | ID = 11 Description = Enheten Root\LEGACY_APTO6KO\0000 forsvant fra systemet uten først å bli klargjort for fjerning. Error - 17.03.2010 04:07:40 | Computer Name = OLAV-F6E9030C6F | Source = ACPIEC | ID = 327681 Description = \Device\ACPIEC: Maskinvaren for innebygd kontroller (EC) svarte ikke innen perioden for tidsavbrudd. Dette kan bety at det er en feil i EC-maskinvaren eller fastvaren, eller muligens en dårlig utviklet BIOS som åpnet EC på en usikker måte. EC-driveren prøver den mislykkede transaksjonen på nytt om mulig. Error - 17.03.2010 05:39:13 | Computer Name = OLAV-F6E9030C6F | Source = ACPIEC | ID = 327681 Description = \Device\ACPIEC: Maskinvaren for innebygd kontroller (EC) svarte ikke innen perioden for tidsavbrudd. Dette kan bety at det er en feil i EC-maskinvaren eller fastvaren, eller muligens en dårlig utviklet BIOS som åpnet EC på en usikker måte. EC-driveren prøver den mislykkede transaksjonen på nytt om mulig. Error - 17.03.2010 10:37:28 | Computer Name = OLAV-F6E9030C6F | Source = Dhcp | ID = 1002 Description = IP-adresseleasingavtalen 192.168.93.77 for nettverkskortet med nettverksadressen 0013E8647FB7 ble avslått av DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-melding). Error - 17.03.2010 15:33:41 | Computer Name = OLAV-F6E9030C6F | Source = Dhcp | ID = 1002 Description = IP-adresseleasingavtalen 192.168.0.3 for nettverkskortet med nettverksadressen 0013E8647FB7 ble avslått av DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-melding). < End of report > Lenke til kommentar
norbat Skrevet 21. mars 2010 Del Skrevet 21. mars 2010 Hei og beklager treg respons... Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. killall:: MIA:: c:\windows\system32\sfcfiles.dll FCOPY:: C:\WINDOWS\ERDNT\cache\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys Lenke til kommentar
Tanner Skrevet 21. mars 2010 Del Skrevet 21. mars 2010 ComboFix 10-03-16.02 - Olav Magne 21.03.2010 19:31:26.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.3062.2590 [GMT 1:00] Kjører fra: c:\documents and settings\Olav Magne\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Olav Magne\Skrivebord\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\ERDNT\cache\atapi.sys --> c:\windows\system32\drivers\ atapi.sys . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-21 til 2010-03-21 ))))))))))))))))))))))))))))))))) . 2010-03-21 18:31 . 2008-04-13 09:40 96512 ----a-w- c:\windows\system32\drivers\ atapi.sys 2010-03-20 10:30 . 2010-03-20 10:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-19 15:02 . 2010-03-20 10:48 -------- d-----w- C:\$AVG 2010-03-19 15:02 . 2010-03-19 15:02 -------- d-----w- c:\documents and settings\All Users\Programdata\avg9 2010-03-16 21:27 . 2010-03-16 21:27 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Malwarebytes 2010-03-16 21:27 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-16 21:27 . 2010-03-16 21:27 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-03-16 21:27 . 2010-03-16 21:27 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-03-16 21:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-16 17:39 . 2010-03-16 17:39 0 ----a-w- c:\documents and settings\Olav Magne\Lokale innstillinger\Programdata\rdr_1268761153.exe 2010-03-11 19:43 . 2010-03-11 19:43 -------- d-----w- C:\Video 2010-03-11 19:09 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-09 19:51 . 2010-03-09 19:51 -------- d-----w- c:\programfiler\MakeMKV 2010-03-06 15:47 . 2010-03-06 15:56 -------- d-----w- c:\documents and settings\Olav Magne\Lokale innstillinger\Programdata\Screamer Radio 2010-03-05 16:58 . 2010-03-05 16:58 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\no.nrk.p3nettradio.95D8431DEB77DCAE37AA727BFE972AF895AD1E34.1 2010-03-05 16:58 . 2010-03-05 16:58 -------- d-----w- c:\programfiler\P3nettradio 2010-03-05 16:58 . 2010-03-05 16:58 -------- d-----w- c:\programfiler\Fellesfiler\Adobe AIR 2010-03-05 00:11 . 2010-03-05 00:11 41872 ----a-w- c:\windows\system32\xfcodec.dll 2010-02-27 20:10 . 2010-03-06 15:56 -------- d-----w- c:\programfiler\DVDVideoSoft 2010-02-27 20:10 . 2010-03-06 15:56 -------- d-----w- c:\programfiler\Fellesfiler\DVDVideoSoft 2010-02-26 09:38 . 2010-03-21 18:24 -------- d--h--r- c:\documents and settings\Olav Magne\Siste 2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\programfiler\Microsoft Silverlight 2010-02-20 15:18 . 2010-02-25 15:49 -------- d-----w- C:\Program Files . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-21 14:31 . 2009-06-23 18:04 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Spotify 2010-03-21 00:03 . 2009-06-22 20:30 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Xfire 2010-03-20 19:04 . 2009-10-17 20:35 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\vlc 2010-03-20 10:31 . 2010-03-20 10:31 360584 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgtdix.sys 2010-03-20 10:31 . 2010-03-20 10:31 333192 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgldx86.sys 2010-03-20 10:31 . 2010-03-20 10:31 28424 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgmfx86.sys 2010-03-20 10:30 . 2009-06-22 20:21 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-20 10:30 . 2009-06-22 20:21 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-20 10:30 . 2009-06-22 20:21 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-19 23:30 . 2009-07-04 21:36 -------- d-----w- c:\programfiler\Steam 2010-03-19 23:09 . 2009-06-23 18:12 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\uTorrent 2010-03-19 15:02 . 2010-03-20 10:29 800536 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avginet.dll 2010-03-19 15:02 . 2010-03-20 10:29 613656 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgiproxy.exe 2010-03-19 15:02 . 2010-03-20 10:29 1658136 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgupd.dll 2010-03-19 15:02 . 2010-03-20 10:29 1007896 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgupd.exe 2010-03-19 15:02 . 2009-06-22 20:21 -------- d-----w- c:\programfiler\AVG 2010-03-17 19:35 . 2009-06-22 20:30 -------- d-----w- c:\programfiler\Xfire 2010-03-16 21:45 . 2009-11-14 11:52 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\U3 2010-03-15 15:59 . 2009-08-14 17:55 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2010-03-15 15:59 . 2010-02-07 17:14 -------- d-----w- c:\programfiler\PokerStars 2010-03-11 19:33 . 2009-09-17 10:53 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help 2010-03-07 21:10 . 2009-06-23 18:14 -------- d-----w- c:\programfiler\uTorrent 2010-03-07 19:30 . 2009-07-11 20:40 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-03-07 19:30 . 2009-07-11 20:40 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-03-05 16:58 . 2010-03-05 16:58 38784 ----a-w- c:\documents and settings\Olav Magne\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-03-05 16:58 . 2010-03-05 16:58 38784 ----a-w- c:\documents and settings\Default User\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-19 10:26 . 2009-07-09 11:42 -------- d-----w- c:\programfiler\Hewlett-Packard 2010-02-18 14:52 . 2009-07-04 17:16 -------- d-----w- c:\programfiler\Razor 2010-02-14 14:51 . 2010-01-29 20:55 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Skype 2010-02-14 13:27 . 2010-01-29 21:07 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\skypePM 2010-02-11 14:42 . 2001-10-09 12:00 76990 ----a-w- c:\windows\system32\perfc014.dat 2010-02-11 14:42 . 2001-10-09 12:00 438852 ----a-w- c:\windows\system32\perfh014.dat 2010-02-08 15:20 . 2009-07-06 16:13 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\dvdcss 2010-02-08 14:58 . 2010-02-08 14:58 -------- d-----w- c:\programfiler\Ask.com 2010-02-01 15:11 . 2009-06-22 20:00 -------- d-----w- c:\programfiler\Realtek 2010-01-31 20:59 . 2010-01-31 20:59 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Blitware 2010-01-31 20:59 . 2010-01-31 20:59 -------- d-----w- c:\programfiler\Driver Robot 2010-01-30 00:32 . 2009-06-24 17:14 -------- d-----w- c:\programfiler\AviSynth 2.5 2010-01-30 00:32 . 2009-06-24 17:14 -------- d-----w- c:\programfiler\pspvc 2010-01-29 21:07 . 2010-01-29 21:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-01-29 20:55 . 2010-01-29 20:55 -------- d-----w- c:\programfiler\Fellesfiler\Skype 2010-01-29 20:55 . 2010-01-29 20:55 -------- d-----r- c:\programfiler\Skype 2010-01-29 20:55 . 2010-01-29 20:55 -------- d-----w- c:\documents and settings\All Users\Programdata\Skype 2010-01-27 14:36 . 2009-08-04 19:03 -------- d-----w- c:\programfiler\Fellesfiler\Adobe 2010-01-27 10:37 . 2009-07-20 19:30 -------- d-----w- c:\programfiler\Winamp 2010-01-21 12:26 . 2010-01-21 12:16 -------- d-----w- c:\documents and settings\Olav Magne\Programdata\Autodesk 2010-01-21 12:24 . 2009-06-22 20:21 104200 ----a-w- c:\documents and settings\Olav Magne\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2010-01-21 12:22 . 2010-01-21 12:14 -------- d-----w- c:\programfiler\Fellesfiler\Autodesk Shared 2010-01-21 12:22 . 2010-01-21 12:16 -------- d-----w- c:\programfiler\AutoCAD 2007 2010-01-21 12:21 . 2010-01-21 12:21 -------- d-----w- c:\programfiler\AnswerWorks 4.0 2010-01-21 12:16 . 2010-01-21 12:16 -------- d-----w- c:\documents and settings\All Users\Programdata\Autodesk 2010-01-21 12:14 . 2010-01-21 12:14 -------- d-----w- c:\programfiler\Autodesk 2010-01-21 11:11 . 2010-01-19 17:15 -------- d-----w- c:\documents and settings\All Users\Programdata\Norton 2010-01-19 17:46 . 2010-02-01 15:11 358944 ----a-w- c:\windows\vncutil.exe 2010-01-19 17:46 . 2009-06-22 20:00 84512 ----a-w- c:\windows\SOUNDMAN.EXE 2010-01-19 17:46 . 2009-06-22 20:00 1833504 ----a-w- c:\windows\SkyTel.exe 2010-01-19 17:46 . 2009-06-22 20:00 1489440 ----a-w- c:\windows\RtlUpd.exe 2010-01-19 17:46 . 2009-06-22 20:00 9721888 ----a-w- c:\windows\RTLCPL.EXE 2010-01-19 17:46 . 2010-02-01 15:11 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2010-01-19 17:46 . 2010-02-01 15:11 129568 ----a-w- c:\windows\RtkAudioService.exe 2010-01-19 17:46 . 2009-06-22 20:00 18790432 ----a-w- c:\windows\RTHDCPL.EXE 2010-01-19 17:46 . 2009-06-22 20:00 2177568 ----a-w- c:\windows\MicCal.exe 2010-01-19 17:46 . 2009-06-22 20:00 2815520 ----a-w- c:\windows\ALCWZRD.EXE 2010-01-19 17:46 . 2010-01-31 21:05 64032 ----a-w- c:\windows\ALCMTR.EXE 2010-01-19 17:36 . 2009-06-22 20:00 5818400 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2010-01-13 12:17 . 2009-06-22 20:00 1247776 ----a-w- c:\windows\RtlExUpd.dll 2010-01-10 20:45 . 2009-06-23 19:43 114688 ----a-w- c:\documents and settings\Olav Magne\Programdata\Soldat\Battleye\BEClient.dll 2009-12-31 16:50 . 2008-04-13 10:15 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:10 . 2008-05-07 16:50 916480 ------w- c:\windows\system32\wininet.dll . ------- Sigcheck ------- [-] 2008-05-07 . 3F8D90D6F8109035CF796073BA850617 . 1573376 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-03-16_22.00.05 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 19:54 . 2009-07-11 19:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll + 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll + 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll + 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll + 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll + 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll + 2009-07-11 19:32 . 2009-07-11 19:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll + 2009-07-11 19:32 . 2009-07-11 19:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll + 2009-07-11 19:32 . 2009-07-11 19:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll + 2009-07-11 19:32 . 2009-07-11 19:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll + 2009-07-12 00:07 . 2009-07-12 00:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll + 2009-07-12 00:19 . 2009-07-12 00:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll + 2010-03-21 18:39 . 2010-03-21 18:39 16384 c:\windows\temp\Perflib_Perfdata_550.dat + 2010-03-21 18:31 . 2008-04-13 09:40 96512 c:\windows\system32\drivers\ atapi.sys + 2010-03-19 15:01 . 2010-03-19 15:01 424448 c:\windows\Installer\14dd73a.msi + 2009-07-11 19:46 . 2009-07-11 19:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll + 2009-07-11 19:46 . 2009-07-11 19:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-09-02 13:56 1175944 ----a-w- c:\programfiler\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 951856] "IntelZeroConfig"="c:\programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 819200] "IntelWireless"="c:\programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 970752] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-11-10 417792] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\Olav Magne\Start-meny\Programmer\Oppstart\ SuperF4.lnk - c:\programfiler\SuperF4\SuperF4.exe [2009-1-13 13312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-20 10:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^Olav Magne^Start-meny^Programmer^Oppstart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Olav Magne\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-02-21 23:46 1217872 ----a-w- c:\programfiler\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-01-13 22:44 37888 ----a-w- c:\programfiler\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Xfire\\Xfire.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Soldat\\Soldat.exe"= "c:\\Programfiler\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Steam\\steamapps\\olavmagne\\team fortress 2\\hl2.exe"= "c:\\Programfiler\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Programfiler\\BitTornado\\btdownloadgui.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programfiler\\Steam\\steamapps\\aldomonrad\\counter-strike\\hl.exe"= "c:\\LiberKey\\Apps\\Emule\\App\\Emule\\emule.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Olav Magne\\Mine dokumenter\\Spel\\CS\\hl.exe"= "c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programfiler\\pspvc\\PSPVC (Server).exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= "c:\\Programfiler\\AVG\\AVG9\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG9\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:OKOToGate R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [22.06.2009 21:05 9856] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.07.2009 12:35 721904] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22.06.2009 21:21 216200] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22.06.2009 21:21 242696] R2 avg9wd;AVG Free WatchDog;c:\programfiler\AVG\AVG9\avgwdsvc.exe [20.03.2010 11:30 308064] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.02.2010 16:11 1691480] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?] S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [26.01.2007 19:05 61600] S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [26.01.2007 19:06 9392] S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [26.01.2007 19:06 97152] S3 sea3mgmt;Sony Ericsson Device 0A3 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea3mgmt.sys [26.01.2007 19:07 88656] S3 sea3nd5;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (NDIS);c:\windows\system32\drivers\sea3nd5.sys [26.01.2007 19:05 18736] S3 sea3obex;Sony Ericsson Device 0A3 USB WMC OBEX Interface;c:\windows\system32\drivers\sea3obex.sys [26.01.2007 19:08 86464] S3 sea3unic;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (WDM);c:\windows\system32\drivers\sea3unic.sys [26.01.2007 19:04 90832] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-01-31 c:\windows\Tasks\Driver Robot.job - c:\programfiler\Driver Robot\1.2.0.5\DriverRobot.exe [2010-01-31 07:53] 2010-03-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programfiler\Ask.com\UpdateTask.exe [2009-09-02 13:56] 2010-03-21 c:\windows\Tasks\updater.exe.job - c:\programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe [2009-08-11 12:30] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-21 19:39 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys speo.sys >>UNKNOWN [0x8A1AB938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28 \Driver\ACPI -> ACPI.sys @ 0xf7495cb8 \Driver\atapi -> atapi.sys @ 0xf7978b40 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1 NDIS: Intel® Wireless WiFi Link 4965AGN -> SendCompleteHandler -> NDIS.sys @ 0xba65fbb0 PacketIndicateHandler -> NDIS.sys @ 0xba64ea0d SendHandler -> NDIS.sys @ 0xba662b40 user & kernel MBR OK ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(4028) c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe c:\programfiler\AVG\AVG9\avgchsvx.exe c:\programfiler\AVG\AVG9\avgrsx.exe c:\programfiler\AVG\AVG9\avgcsrvx.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Intel\Wireless\Bin\EvtEng.exe c:\programfiler\AVG\AVG9\avgnsx.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\programfiler\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Tidspunkt ferdig: 2010-03-21 19:46:08 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-03-21 18:46 ComboFix2.txt 2010-03-16 22:05 Pre-Run: 14 032 347 136 byte ledig Post-Run: 14 263 705 600 byte ledig - - End Of File - - D5B68DE2F47C1E1BD4B794FB2E7A8E83 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå