Gunfreak Skrevet 4. september 2010 Del Skrevet 4. september 2010 Det er et eller annen som kjører i bakgrunnen på pc'n min, og jeg merker det på en rar måte, ved visse mellomrom avvelges programet jeg holder på med, det er ikke noe nytt program som velges, bare det jeg holder på meg av velges, jeg kan feks. skrive på et forum, så hører jeg clicke lyder, akurrat som om jeg tykker på en link, så blir explorer avvelget, og jeg må trykke meg tilbake på skjermen før jeg kan skrive videre, dette var bare en liten iritasjon, men det viser seg at dette også gjelder når jeg spiller, jeg prøvde å spille i dag, men rett som det er legger spillet seg ned, og jeg må trykke meg tilbake før jeg kan spille videre, noe som er VELDIG iriterende, spesielt når det å trykke tilbake på spillet ofte fører til lang loade tid. gjør det mer eller mindre uspillbart. Lenke til kommentar
SirTerning Skrevet 5. september 2010 Del Skrevet 5. september 2010 Installer Avast Antivirus å kjør full scan av systemet så skal nokke dette være løst, viss det er Spyware da. Eller virus i det heletatt. Lenke til kommentar
PerB Skrevet 5. september 2010 Del Skrevet 5. september 2010 Følg rådene i sticky øverst i dette forumet og legg ut rapporter! Lenke til kommentar
Gunfreak Skrevet 5. september 2010 Forfatter Del Skrevet 5. september 2010 Vel nå har jeg kjørt begge de to som er i stickies, og problemer skjer enda Her er Comba fix raporten ComboFix 10-09-04.06 - Gunfreak 05.09.2010 16:12:07.1.4 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.47.1033.18.3071.1871 [GMT 2:00] Kjører fra: c:\users\Gunfreak\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_RelevantKnowledge ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-08-05 til 2010-09-05 ))))))))))))))))))))))))))))))))) . 2010-09-05 14:26 . 2010-09-05 14:34 -------- d-----w- c:\users\Gunfreak\AppData\Local\temp 2010-09-05 14:26 . 2010-09-05 14:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-05 11:24 . 2010-09-05 11:24 -------- d-----w- c:\users\Gunfreak\AppData\Roaming\Malwarebytes 2010-09-05 11:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-05 11:23 . 2010-09-05 11:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-05 11:23 . 2010-09-05 11:23 -------- d-----w- c:\programdata\Malwarebytes 2010-09-05 11:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-03 09:22 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-09-02 17:03 . 2010-09-02 17:03 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-09-02 16:57 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll 2010-08-18 12:49 . 2010-08-18 12:49 -------- d-----w- c:\program files\Black Isle 2010-08-16 13:21 . 2010-08-16 15:21 -------- d-----w- c:\programdata\Blizzard Entertainment 2010-08-15 14:48 . 2010-08-16 13:21 -------- d-----w- c:\program files\SC2-WingsOfLiberty-enGB-Installer 2010-08-15 14:48 . 2010-08-17 12:42 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-08-13 12:39 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-08-13 12:39 . 2010-06-11 15:31 274432 ----a-w- c:\windows\system32\schannel.dll 2010-08-13 12:39 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys 2010-08-13 12:39 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll 2010-08-13 12:39 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-13 12:39 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-13 12:38 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll 2010-08-13 12:38 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-13 12:38 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-13 12:38 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-12 19:28 . 2010-08-12 19:28 -------- d-----w- c:\users\Gunfreak\AppData\Local\2K Games 2010-08-12 19:17 . 2010-08-12 19:17 -------- d-----w- c:\program files\NVIDIA Corporation . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-05 13:56 . 2009-01-08 15:15 -------- d-----w- c:\users\Gunfreak\AppData\Roaming\DNA 2010-09-05 11:35 . 2008-11-20 17:56 -------- d-----w- c:\program files\Steam 2010-09-03 18:21 . 2008-11-20 17:56 -------- d-----w- c:\program files\Common Files\Steam 2010-09-03 09:12 . 2009-01-08 15:15 -------- d-----w- c:\program files\DNA 2010-09-02 16:51 . 2009-11-06 13:18 -------- d-----w- c:\program files\Microsoft 2010-08-26 19:52 . 2009-01-08 15:16 -------- d-----w- c:\users\Gunfreak\AppData\Roaming\BitTorrent 2010-08-18 12:49 . 2008-11-18 09:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-14 10:23 . 2008-07-29 11:12 -------- d-----w- c:\programdata\Microsoft Help 2010-08-14 10:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-12 19:17 . 2008-11-18 09:04 -------- d-----w- c:\program files\AGEIA Technologies 2010-08-12 19:17 . 2008-11-18 09:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-07-17 17:56 . 2008-11-25 13:35 1356 ----a-w- c:\users\Gunfreak\AppData\Local\d3d9caps.dat 2010-06-26 06:05 . 2010-09-02 16:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-09-02 16:58 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-09-02 16:58 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-09-02 16:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-11 15:43 . 2010-06-11 15:43 634344 ----a-w- c:\program files\radiobar_toolbar.exe 2010-06-11 14:08 . 2010-06-11 14:08 1379940 ----a-w- c:\program files\sfdrvup.zip 2010-06-11 13:31 . 2010-06-11 13:31 27915 ----a-w- c:\program files\sfdrvrem.zip 2010-06-11 11:33 . 2010-06-11 11:33 313355 ----a-w- c:\program files\HDN_Setup.exe 2010-06-06 16:34 . 2010-06-06 16:33 111810447 ----a-w- c:\program files\Europe_in_Conflict_Setup.exe 2010-05-31 20:59 . 2010-05-31 20:59 153154323 ----a-w- c:\program files\reddeadredemption_original_soundtrack.zip 2010-05-18 18:57 . 2010-05-18 18:57 12769316 ----a-w- c:\program files\Napoleon_Empire_Realism_(NER).rar 2009-11-07 17:25 . 2010-02-01 14:00 35210240 ----a-w- c:\program files\HW35LR.asf . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-29 16:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-14 1103216] "Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408] "RGSC"="c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe" [2009-02-05 306088] "BitTorrent DNA"="c:\users\Gunfreak\Program Files\DNA\btdna.exe" [2010-09-03 323392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664] "Google Update"="c:\users\Gunfreak\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224] "CTHelper"="CTHELPER.EXE" [2007-10-25 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 19968] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 51048] "isCfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [2007-08-24 607624] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\readreg" [X] "CtxfiReg"="Ctxfireg.exe" [2007-10-25 43520] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2008-09-17 07:05 222456 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-11-20 79360] R3 cusbohcn;cusbohcn;c:\users\Gunfreak\AppData\Local\Temp\cusbohcn.sys [x] R3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2008-05-19 120960] R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [2007-08-15 180272] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 DAHIDI;DAHIDI;c:\windows\system32\drivers\imon_ss.sys [2004-04-26 24714] R4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-10 150568] R4 sertouch;sertouch;c:\windows\system32\drivers\sertouch.sys [2008-05-19 107264] R4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2007-02-01 110128] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-08 717296] R4 UGURU;UGURU;c:\windows\system32\drivers\uguru.sys [2006-10-02 21048] R4 xtouch;xtouch;c:\windows\system32\drivers\xtouch.sys [2008-05-20 103936] S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-24 149864] S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [x] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 14:11] 2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 14:11] 2010-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2009637016-564745-2821195490-1003Core.job - c:\users\Gunfreak\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-14 17:21] 2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2009637016-564745-2821195490-1003UA.job - c:\users\Gunfreak\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-14 17:21] . . ------- Tilleggsskanning ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: facebook.com Trusted Zone: tenderfoot.com Trusted Zone: wildwestonline.com . - - - - TOMME PEKERE FJERNET - - - - AddRemove-Europe in Conflict - c:\program files\Steam\SteamApps\common\napoleon total war\data\uninst.exe AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe AddRemove-Resistance And Liberation - c:\program files\steam\SteamApps\SourceMods\uninst.exe AddRemove-Community Mod Pack 3.0 - 0:\program files\Paradox Interactive\Take Command - 2nd Manassas\CMP3.0_Uninstal.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-05 16:34 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85EE84D0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x80750322 \Driver\ACPI -> acpi.sys @ 0x80613d4c \Driver\atapi -> 0x85ee84d0 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-2009637016-564745-2821195490-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:aa,7e,8d,8e,cf,eb,f5,fd,fe,4a,9f,f9,54,1e,f6,40,71,15,a4,d4,1e,2b,08, 05,0d,52,a2,70,b1,69,45,5e,6a,01,14,ea,dc,a4,a7,c4,76,a7,93,2d,31,6b,dd,39,\ "??"=hex:17,d0,e2,ea,50,13,99,89,61,53,bc,b6,54,47,b7,7e [HKEY_USERS\S-1-5-21-2009637016-564745-2821195490-1003\Software\SecuROM\License information*] "datasecu"=hex:a8,53,e6,1d,5c,7d,ae,51,44,a0,e0,f8,0c,04,13,f9,09,89,ca,19,ce, af,ce,ee,74,6a,d5,32,1e,2b,53,2f,50,28,0f,1d,d4,ec,ce,f2,f9,d3,24,af,35,72,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(1596) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\Ati2evxx.exe c:\progra~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe c:\windows\system32\Ati2evxx.exe c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe c:\windows\system32\WerCon.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\RUNDLL32.EXE c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Tidspunkt ferdig: 2010-09-05 16:45:20 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-09-05 14:45 Pre-Run: 83 105 980 416 bytes free Post-Run: 88 192 704 512 bytes free - - End Of File - - CE1894A4BBF9F94181BEEEE5A907C288 Lenke til kommentar
Vizla Skrevet 5. september 2010 Del Skrevet 5. september 2010 (endret) AskBar er hvertfall et problem. HijackThis eller lignende (Regner med MBAM vil ta knekken på AskBar også.) vil kunne fjerne AskBar som vil ligge under BH0. Reagerte også på TortoiseOverlays, som jeg ser kan brukes ondsinnet. Med mindre du har bevisst lagt inn dette ville jeg også valgt å fjerne det. Endret 5. september 2010 av Vizla Lenke til kommentar
norbat Skrevet 6. september 2010 Del Skrevet 6. september 2010 Umiddelbart kan jeg ikke se malware i loggen din, så problemet kan kanskje være knyttet til noe annet. Du kunne ha forsøkt å kjøre en onlinescan for å sett om den finner noe av interesse. Prøv ex. BitDefender onlinescan Lenke til kommentar
Gunfreak Skrevet 6. september 2010 Forfatter Del Skrevet 6. september 2010 Jeg har prøvd flere ting, blant annet oppdatere java, som ba om oppdatering ca. samtidig med at problemet mitt dukket opp, men det ville ikke installere seg sikkerlig og lå i bakgrunnen, så jeg fikk endelig installert det, men det hjalp heller ikke Lenke til kommentar
norbat Skrevet 6. september 2010 Del Skrevet 6. september 2010 Hvis problemet oppsto nylig, kunne du ha forsøk et systemgjenoppretting til et tidspunkt før probl. oppsto. Lenke til kommentar
Gunfreak Skrevet 8. september 2010 Forfatter Del Skrevet 8. september 2010 Takk for hjelpen, men problemet er der enda. Jeg kjørte restore gikk tilbake til 1. september og alt var bra i 2 dager, men nå ser det ut som problemet er tilbake. Lenke til kommentar
norbat Skrevet 8. september 2010 Del Skrevet 8. september 2010 og dette skjer selv om du ikke har noen nettlesere åpen også? Lenke til kommentar
Gunfreak Skrevet 8. september 2010 Forfatter Del Skrevet 8. september 2010 Ja, kommer uten at noen nettlesere er oppe, det er litt tidlig å si, men jeg prøvee å slå av MSN og så langt(40 minutter har det ikke skjedd igjen) Lenke til kommentar
Gunfreak Skrevet 8. september 2010 Forfatter Del Skrevet 8. september 2010 Jepp, ser ut som det var MSN som sto bak det hele Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå