Mistanke om virus

[Sewero]

Har fått endel BSOD for tiden, derav fra en guide fikk jeg mistanke om virus.

HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:19:29, on 17.03.2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

E:\Spill\Steam\Steam.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\V0230Mon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Genez\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Genez\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [winlogon] C:\system32\winlogon.exe

O4 - HKCU\..\Run: [HKCU] C:\Users\Genez\AppData\Roaming\WinDir\Svchost.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Genez\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [steam] "E:\Spill\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe

O4 - Global Startup: UltraMon.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12311 bytes

 

ComboFix

 

ComboFix 12-03-17.01 - Genez 17.03.2012 20:23:24.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.8098.6331 [GMT 1:00]

Kjører fra: c:\users\Genez\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-02-17 til 2012-03-17 )))))))))))))))))))))))))))))))))

.

.

2012-03-17 19:25 . 2012-03-17 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-17 17:00 . 2012-03-17 17:00 -------- d-----w- c:\programdata\ATI

2012-03-17 16:54 . 2012-03-17 16:54 -------- d-----w- c:\programdata\AMD

2012-03-17 16:54 . 2012-03-17 16:54 -------- d-----w- c:\program files (x86)\AMD AVT

2012-03-17 16:54 . 2012-03-17 16:54 -------- d-----w- c:\program files (x86)\AMD APP

2012-03-17 14:25 . 2012-03-17 14:58 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2012-03-17 14:25 . 2012-03-17 14:25 -------- d-----w- c:\program files (x86)\Electronic Arts

2012-03-17 09:41 . 2012-03-17 09:41 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-03-17 09:41 . 2012-03-17 09:41 -------- d-----w- c:\program files (x86)\Java

2012-03-17 04:52 . 2012-03-17 04:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7171E642-D591-49ED-ACCB-D4A97E0D3CDE}\offreg.dll

2012-03-16 16:19 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7171E642-D591-49ED-ACCB-D4A97E0D3CDE}\mpengine.dll

2012-03-16 16:18 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-16 16:18 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-16 16:18 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-16 16:18 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-16 16:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-16 16:18 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-16 16:18 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-16 16:18 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-16 16:18 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-16 16:18 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-03 15:32 . 2012-03-03 15:32 -------- d-----w- c:\users\Genez\AppData\Local\PAYDAY

2012-03-03 15:31 . 2012-03-03 15:31 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-03-03 15:31 . 2012-03-03 15:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-02-17 19:48 . 2012-02-17 19:48 -------- d-----w- c:\program files\CPUID

2012-02-17 19:48 . 2011-09-21 09:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-17 09:41 . 2011-09-21 15:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-16 16:16 . 2011-09-22 22:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-20 20:12 . 2011-09-27 06:52 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-02-20 20:12 . 2011-09-27 06:49 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-02-20 20:12 . 2011-09-27 06:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll

2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18 . 2010-09-29 01:55 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-02-15 03:17 . 2011-10-26 02:04 957952 ----a-w- c:\windows\system32\aticfx64.dll

2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-02-15 03:07 . 2010-09-29 01:46 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-02-15 02:52 . 2011-10-26 01:46 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-02-15 02:40 . 2011-11-10 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-02-15 02:34 . 2010-09-29 01:28 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll

2012-02-15 02:29 . 2010-09-29 01:22 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-02-15 02:25 . 2011-11-10 02:24 7551488 ----a-w- c:\windows\system32\atiumd64.dll

2012-02-15 02:16 . 2011-09-21 06:43 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-15 02:14 . 2011-11-10 02:13 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12 . 2010-09-29 01:14 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-02-15 02:12 . 2010-09-29 01:14 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-02-15 02:12 . 2011-11-10 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-02-15 02:12 . 2010-09-29 01:13 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-02-14 21:05 . 2012-02-14 21:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-02-14 21:05 . 2012-02-14 21:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-02-14 21:05 . 2012-02-14 21:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll

2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-02-14 21:03 . 2012-02-14 21:03 54272 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-02-11 09:09 . 2012-02-11 09:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-11 09:09 . 2012-02-11 09:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-11 09:09 . 2012-02-11 09:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-02-11 09:09 . 2012-02-11 09:09 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-02-11 09:09 . 2012-02-11 09:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-02-11 09:09 . 2012-02-11 09:09 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-02-11 09:09 . 2012-02-11 09:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-02-11 09:09 . 2012-02-11 09:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-02-11 09:09 . 2012-02-11 09:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-02-11 09:09 . 2012-02-11 09:09 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-02-11 09:09 . 2012-02-11 09:09 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-02-11 09:09 . 2012-02-11 09:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-02-11 09:09 . 2012-02-11 09:09 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-11 09:09 . 2012-02-11 09:09 448512 ----a-w- c:\windows\system32\html.iec

2012-02-11 09:09 . 2012-02-11 09:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-02-11 09:09 . 2012-02-11 09:09 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-02-11 09:09 . 2012-02-11 09:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-02-11 09:09 . 2012-02-11 09:09 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-11 09:09 . 2012-02-11 09:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-02-11 09:09 . 2012-02-11 09:09 222208 ----a-w- c:\windows\system32\msls31.dll

2012-02-11 09:09 . 2012-02-11 09:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-11 09:09 . 2012-02-11 09:09 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-02-11 09:09 . 2012-02-11 09:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-02-11 09:09 . 2012-02-11 09:09 160256 ----a-w- c:\windows\system32\wextract.exe

2012-02-11 09:09 . 2012-02-11 09:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-02-11 09:09 . 2012-02-11 09:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-02-11 09:09 . 2012-02-11 09:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-02-11 09:09 . 2012-02-11 09:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-11 09:09 . 2012-02-11 09:09 12288 ----a-w- c:\windows\system32\mshta.exe

2012-02-11 09:09 . 2012-02-11 09:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-02-11 09:09 . 2012-02-11 09:09 114176 ----a-w- c:\windows\system32\admparse.dll

2012-02-11 09:09 . 2012-02-11 09:09 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-11 09:09 . 2012-02-11 09:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-02-11 09:09 . 2012-02-11 09:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-02-05 19:39 . 2012-02-05 19:39 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-01-31 05:02 . 2012-01-31 05:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2012-01-04 10:44 . 2012-02-15 18:13 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 18:13 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-01-03 16:15 . 2011-09-27 06:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-12-30 06:26 . 2012-02-15 18:13 515584 ----a-w- c:\windows\system32\timedate.cpl

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-09-21 319280]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"Facebook Update"="c:\users\Genez\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-29 137536]

"Steam"="e:\spill\Steam\Steam.exe" [2012-01-29 1242448]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]

.

c:\users\Genez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2012-2-6 29310]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;e:\installerings programmer\Lavalys.EVEREST.Corporate.Edition.v5.50.2225.BETA.Multilingual.WinAll.Incl.Keygen-CRD\Ny mappe\setup\kerneld.amd64 [2010-07-30 26752]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 IntcDAud;Intel® Skjermlyd;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 V0230Vfx;V0230Vfx;c:\windows\system32\DRIVERS\V0230Vfx.sys [x]

S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\DRIVERS\V0230VID.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-677074441-3503940703-3930050580-1000Core.job

- c:\users\Genez\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-29 22:53]

.

2012-03-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-677074441-3503940703-3930050580-1000UA.job

- c:\users\Genez\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-29 22:53]

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677074441-3503940703-3930050580-1000Core.job

- c:\users\Genez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 14:57]

.

2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677074441-3503940703-3930050580-1000UA.job

- c:\users\Genez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 14:57]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

.

- - - - TOMME PEKERE FJERNET - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]

"ImagePath"="\??\e:\installerings programmer\Lavalys.EVEREST.Corporate.Edition.v5.50.2225.BETA.Multilingual.WinAll.Incl.Keygen-CRD\Ny mappe\setup\kerneld.amd64"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2012-03-17 20:26:14

ComboFix-quarantined-files.txt 2012-03-17 19:26

.

Pre-Run: 28 654 747 648 byte ledig

Post-Run: 28 235 493 376 byte ledig

.

- - End Of File - - 47CA2CCA60023053F6986C3F7D82A1AD

 

[sveibuen]

Kjør full scan med et antivirus. Hjelper ikke dette så kan du jo gjør det enkleste, men som oftes gir mest arbeid. Formatere hele pcen. Husk backup av det du vil ta vare på da

[raWrz]

Hei!

 

Først, har du dump fila fra BSODen?

 

Du finner den her:

C:\Windows\Minidump\*DATO-KLOKKESLETT*.dmp

 

Kan du laste den opp her så jeg har mulighet for å se hvilken fil som skaper crashen?

 

@ sveibuen, når brukere kommer hit regner de med et svar litt lengre enn "Kjør antivirus - Formater"

 

~ Submit

[Sewero]

Får bare opp at jeg ikke har tilgang til filene :S

[Konto brukes ikke]

Start opp i sikker modus og prøv?

[Dr.Geek]

Folkens. Ser dere overhodet på loggene?! :nei2:

 

Her finnes det malware, ja:

 

O4 - HKCU\..\Run: [winlogon] C:\system32\winlogon.exe - HKCU\..\Run: [HKCU] C:\Users\Genez\AppData\Roaming\WinDir\Svchost.exe

sjekk filene hos VT: https://www.virustotal.com/ post loggen her.

 

Etterpå scan med Malwarebytes Anti Malware Free. Full scan. Post loggen. http://www.malwarebytes.org/

 

Og til Info: Windows Defender er INGEN antivirus program! Installer deg et antivirus program. Ikke rart at du har malware på pcen.

Anbefaling for begynnere:

http://www.cloudanti...ivirus-download

Endret 23. mars 2012 av TheGenius