cuhuy Skrevet 3. desember 2008 Skrevet 3. desember 2008 hei... Jeg merka at min pc begynte å gå tregere for 2-3 dager siden, da jeg kikka på prosesser på oppgavebehandlin, så la jeg merke til at prosessen rundll.exe bruker 50% av prosessen min. Åssen for jeg fjernet dette?
snippsat Skrevet 3. desember 2008 Skrevet 3. desember 2008 Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt
cuhuy Skrevet 3. desember 2008 Forfatter Skrevet 3. desember 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:11:01, on 03.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Windows\TBPanel.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Steam\Steam.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Common Files\System\rundll.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Winamp\winamp.exe C:\Windows\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\rundll32.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C5E0E6F2-1AA2-4840-B24A-FCB03F1D6F9C} - C:\Windows\system32\fcCTlmND.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [GAINWARD] C:\Windows\TBPanel.exe /A O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\rundll.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXNfCUM.dll,#1 O4 - HKLM\..\Run: [4896561a] rundll32.exe "C:\Windows\system32\ksvfflsp.dll",b O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FAH@C:+Program Files+EA Games+Need for Speed Undercover+FAH.exe - Stanford University - C:\Program Files\EA Games\Need for Speed Undercover\FAH.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Mesppanger - Unknown owner - c:\Recyclers\svchost.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
snippsat Skrevet 3. desember 2008 Skrevet 3. desember 2008 Du har mye malware,dette er problemet. Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt
cuhuy Skrevet 3. desember 2008 Forfatter Skrevet 3. desember 2008 (endret) Malwarebytes' Anti-Malware 1.30 Database versjon: 1306 Windows 6.0.6001 Service Pack 1 03.12.2008 20:40:32 mbam-log-2008-12-03 (20-40-28).txt Skanntype: Rask Skann Objekter skannet: 50196 Tid tilbakelagt: 13 minute(s), 51 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 11 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\Windows\System32\byXNfCUM.dll (Trojan.Vundo) -> No action taken. Registernøkler infisert: HKEY_CLASSES_ROOT\pk.ie (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\pk.ie.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1e1b2878-88ff-11d3-8d96-d7acac95951a} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1e1b2879-88ff-11d3-8d96-d7acac95951a} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{1e1b286c-88ff-11d3-8d96-d7acac95951a} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e1b2879-88ff-11d3-8d96-d7acac95951a} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Backdoor.Bot) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\System32\byXNfCUM.dll (Trojan.Vundo) -> No action taken. C:\Program Files\Common Files\System\rundll.exe (Backdoor.Bot) -> No action taken. C:\Windows\System32\mlJAtSmK.dll (Trojan.Vundo) -> No action taken. __________________________________________________________________________________________ ComboFix 08-12-02.02 - Huy Tran 2008-12-03 20:43:52.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.995 [GMT 1:00] Kjører fra: c:\users\Huy Tran\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Recyclers c:\windows\system32\DNmlTCcf.ini c:\windows\System32\DNmlTCcf.ini2 c:\windows\system32\mlJAtSmK.dll c:\windows\system32\pslffvsk.ini c:\windows\Tasks\ztdbgqne.job . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-03 til 2008-12-03 ))))))))))))))))))))))))))))))))) . 2008-12-03 19:52 . 2008-12-03 19:52 <DIR> d-------- c:\users\Huy Tran\AppData\Roaming\Malwarebytes 2008-12-03 19:52 . 2008-12-03 19:52 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-12-03 19:52 . 2008-12-03 19:52 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-03 19:52 . 2008-12-03 20:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-03 19:52 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-03 19:52 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-03 19:09 . 2008-12-03 19:09 <DIR> d-------- c:\program files\Trend Micro 2008-12-03 18:24 . 2008-12-03 20:47 39,424 --a------ c:\windows\System32\byXNfCUM.dll 2008-12-03 18:22 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg 2008-12-03 18:20 . 2008-12-03 18:20 <DIR> d-------- c:\program files\ESET 2008-12-03 00:31 . 2008-12-03 00:31 <DIR> d-------- c:\users\huy\appdata 2008-12-03 00:31 . 2008-12-03 00:31 <DIR> d-------- c:\users\huy 2008-12-03 00:23 . 2008-12-03 00:23 <DIR> d--h-c--- c:\users\All Users\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2008-12-03 00:23 . 2008-12-03 00:23 <DIR> d--h-c--- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2008-12-03 00:02 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2008-12-03 00:02 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe 2008-12-03 00:02 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2008-12-03 00:02 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2008-12-03 00:02 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2008-12-03 00:02 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2008-12-03 00:02 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2008-12-03 00:02 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll 2008-12-02 23:56 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll 2008-12-02 23:56 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll 2008-12-02 23:56 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2008-12-02 23:55 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll 2008-12-02 23:55 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll 2008-12-02 23:42 . 2008-12-02 23:42 <DIR> dr-h----- C:\AHCache 2008-12-02 23:07 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss 2008-12-02 23:06 . 2008-12-02 23:06 <DIR> d--h----- c:\program files\Temp 2008-12-02 23:06 . 2008-12-02 23:06 <DIR> d-------- c:\program files\Realtek 2008-12-02 22:59 . 2008-12-02 22:59 <DIR> d-------- C:\Drivers 2008-12-02 22:59 . 2008-03-26 11:15 53,248 --a------ c:\windows\System32\CSVer.dll 2008-12-02 22:58 . 2008-12-02 22:58 <DIR> d-------- C:\Intel 2008-12-02 22:49 . 2008-12-02 22:52 <DIR> d-------- c:\users\All Users\DriverScanner 2008-12-02 22:49 . 2008-12-02 22:52 <DIR> d-------- c:\programdata\DriverScanner 2008-12-02 22:48 . 2008-12-02 22:49 <DIR> d--h-c--- c:\users\All Users\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2008-12-02 22:48 . 2008-12-02 22:49 <DIR> d--h-c--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2008-12-02 20:59 . 2008-12-02 22:49 <DIR> d-------- c:\users\Huy Tran\AppData\Roaming\Uniblue 2008-12-02 20:59 . 2008-12-02 20:59 <DIR> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-02 20:59 . 2008-12-02 20:59 <DIR> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-02 20:59 . 2008-12-03 00:23 <DIR> d-------- c:\program files\Uniblue 2008-12-01 06:45 . 2008-12-01 06:45 410,976 --a------ c:\windows\System32\deploytk.dll 2008-11-29 11:37 . 2008-11-29 11:37 <DIR> d-------- c:\program files\EA Games 2008-11-28 17:41 . 2008-11-28 17:41 <DIR> d-------- c:\program files\KAZAA 2008-11-28 17:41 . 2008-11-28 17:41 <DIR> d-------- C:\My Downloads 2008-11-28 17:37 . 2008-11-30 01:39 <DIR> d-------- c:\users\All Users\avg8 2008-11-28 17:37 . 2008-11-30 01:39 <DIR> d-------- c:\programdata\avg8 2008-11-28 17:37 . 2008-11-28 17:37 <DIR> d-------- c:\program files\AVG 2008-11-26 08:48 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-26 08:48 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 08:48 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 08:48 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 08:48 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-20 23:05 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll 2008-11-20 23:04 . 2008-11-20 23:37 <DIR> d-------- c:\program files\Microsoft Works 2008-11-20 22:59 . 2008-11-20 22:59 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2008-11-20 22:54 . 2008-11-20 22:54 <DIR> dr-h----- C:\MSOCache 2008-11-20 16:54 . 2008-11-20 17:01 <DIR> d-------- c:\users\All Users\Sports Interactive 2008-11-20 16:54 . 2008-11-20 17:01 <DIR> d-------- c:\programdata\Sports Interactive 2008-11-20 16:45 . 2008-11-20 16:45 <DIR> d-------- c:\program files\Sports Interactive 2008-11-20 16:26 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-20 16:26 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-20 16:26 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-20 16:26 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-20 16:26 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-20 16:26 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-20 16:26 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-20 16:26 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-20 16:26 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-20 07:03 . 2008-11-20 07:03 <DIR> d-------- c:\users\Huy Tran\AppData\Roaming\U3 2008-11-19 15:41 . 2008-11-19 15:41 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-11-15 01:07 . 2008-11-15 01:07 <DIR> d-------- c:\program files\HVS Games 2008-11-15 01:07 . 1996-02-02 20:58 284,160 --a------ c:\windows\uninst.exe 2008-11-13 16:20 . 2008-11-13 16:20 203,540 --a------ c:\windows\System32\nvapps.xml 2008-11-12 10:04 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 10:04 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 09:59 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-05 19:14 . 2008-11-05 19:14 <DIR> d-------- c:\windows\System32\xlive . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-03 19:50 --------- d-----w c:\program files\Steam 2008-12-03 17:21 --------- d-----w c:\users\Huy Tran\AppData\Roaming\Azureus 2008-12-03 15:43 --------- d-----w c:\program files\Warcraft III 2008-12-02 23:10 --------- d---a-w c:\programdata\TEMP 2008-12-02 22:12 --------- d-----w c:\program files\Common Files\Steam 2008-12-02 22:06 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-12-02 22:06 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-01 05:45 --------- d-----w c:\program files\Java 2008-11-30 16:03 --------- d-----w c:\users\Huy Tran\AppData\Roaming\SopCast 2008-11-30 00:36 --------- d-----w c:\programdata\Avg7 2008-11-30 00:19 --------- d-----w c:\programdata\NVIDIA 2008-11-29 11:02 --------- d-----w c:\program files\DAEMON Tools Pro 2008-11-28 12:44 --------- d-----w c:\program files\Bonjour 2008-11-27 20:58 --------- d-----w c:\users\Huy Tran\AppData\Roaming\LimeWire 2008-11-21 14:38 --------- d-----w c:\program files\Azureus 2008-11-20 22:38 --------- d-----w c:\programdata\Microsoft Help 2008-11-20 22:37 --------- d-----w c:\program files\MSBuild 2008-11-20 16:09 --------- d-----w c:\users\Huy Tran\AppData\Roaming\Sports Interactive 2008-11-16 23:37 --------- d-----w c:\users\Huy Tran\AppData\Roaming\InstallShield 2008-11-12 13:54 7,611,360 ----a-w c:\windows\system32\drivers\nvlddmkm.sys 2008-11-12 13:54 4,160 ----a-w c:\windows\system32\drivers\nvBridge.kmd 2008-10-31 16:35 --------- d-----w c:\program files\Common Files\Apple 2008-10-31 16:34 --------- d-----w c:\program files\Apple Software Update 2008-10-24 11:25 --------- d-----w c:\program files\DivX 2008-10-20 21:00 --------- d--h--w c:\users\Huy Tran\AppData\Roaming\ijjigame 2008-10-17 16:08 --------- d-----w c:\program files\Windows Mail 2008-10-05 05:03 --------- d-----w c:\program files\EA Sports 2008-10-04 20:20 --------- d-----w c:\program files\WC3Banlist 2008-09-27 13:48 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2008-09-20 17:42 22,328 ----a-w c:\users\Huy Tran\AppData\Roaming\PnkBstrK.sys 2008-09-18 14:57 53,744 ----a-w c:\users\Huy Tran\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-04-24 17:22 174 --sha-w c:\program files\desktop.ini 2007-09-06 15:45 219,952 ----a-w c:\users\Huy Tran\utorrent.exe 2007-04-05 21:13 30,601 ----a-w c:\users\Huy Tran\x.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "GAINWARD"="c:\windows\TBPanel.exe" [2006-11-24 2162688] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-02 6335008] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] c:\users\Huy Tran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-22 4369408] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CoreCenter.lnk] backup=c:\windows\pss\CoreCenter.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalStart.lnk] backup=c:\windows\pss\PalStart.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk] backup=c:\windows\pss\PalTalk.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Huy Tran^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] --a------ 2007-09-06 14:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-11-12 14:54 13675040 c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-11-12 14:54 92704 c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2008-11-12 14:54 637472 c:\windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress] --------- 2006-09-21 10:51 2445312 c:\program files\CyberLink\Power2Go\Power2GoExpress.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-08 05:21 1410296 c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon] --a------ 2006-10-12 20:27 304640 c:\program files\UltraMon\UltraMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 19:49 36352 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1523364551-1267626003-2750011340-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F0A515E9-C761-4AA0-B564-19DEA4B1FE1D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{DDA72AB7-B871-4582-B306-1973CAC2CBC7}c:\\program files\\steam\\steamapps\\sloth90\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\sloth90\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{851635E1-BFB4-41B3-A9E6-899A2ECCA6A2}c:\\program files\\steam\\steamapps\\sloth90\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\sloth90\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{B849C7BC-0EA6-4C54-9725-87967F5CED4C}c:\\users\\huy tran\\desktop\\utorrent.exe"= UDP:c:\users\huy tran\desktop\utorrent.exe:utorrent.exe "UDP Query User{5B09DC39-04B4-4121-84C8-00D54F4AB26A}c:\\users\\huy tran\\desktop\\utorrent.exe"= TCP:c:\users\huy tran\desktop\utorrent.exe:utorrent.exe "TCP Query User{34C18141-56F9-42C1-8405-765B3B2CA1AE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{B8F6372C-6C2B-4B9A-8289-6B2686D266FD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{35182B22-3EE8-4BBC-93EE-51062374EEA3}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{209E73C3-7C5C-4F70-9769-81658AC91695}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "{E4C03A00-CF6B-4476-B095-FDBBF75B200C}"= UDP:c:\program files\Gpotato\Flyff\Flyff.exe:Flyff "{9C42F439-66A6-4E13-ACA6-43E94FD5EC95}"= TCP:c:\program files\Gpotato\Flyff\Flyff.exe:Flyff "TCP Query User{CA0CDA53-7C86-4B8F-A0B7-9B1DB29E40E6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{78539287-9521-4C4E-A9FC-6FCCCE1B2706}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{CB1D341D-4409-4017-90BE-37E8FDE217AE}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{91F5C8B3-4A3B-4278-A168-99B27995FDA7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{0C6D3354-AAEE-41E0-A649-86820AD8A7B9}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc "UDP Query User{8A5D5BAB-19FB-4419-A42D-19A344327B9F}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc "TCP Query User{4F223FA5-3638-4AFD-BED4-8D288EE62BC9}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{C9198E29-20B6-4B4C-93F0-B4E8F7185EBB}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{188FD82A-DD26-4711-854F-2C18DF4E1B4C}c:\\users\\huy tran\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\huy tran\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe "UDP Query User{876D0EC4-4CFB-4F4A-ADD2-72EA6F358EBD}c:\\users\\huy tran\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\huy tran\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe "{E338C757-3769-4830-8C2D-EB7A12810187}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe "{5B17FB46-DE56-45D2-9D37-6DA65959F2BE}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe "{0F9D598E-A7D8-4525-9942-556A86D82869}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe "{894B6E70-2A2E-450F-A58C-57C6466713CF}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe "{60B46193-66D2-4652-868A-EB38F72ACD0C}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe "{3E0237D6-F77F-400A-998E-3356DEF33E43}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe "{5DA26550-4251-4F79-B43C-360A7FE8D9BB}"= UDP:c:\program files\Gpotato\Flyff\Updater.exe:Updater "{C4EE4482-054C-45FD-AE95-BA54A6490FFA}"= TCP:c:\program files\Gpotato\Flyff\Updater.exe:Updater "{2AB93507-D834-4DAC-8754-6ED4B75E5360}"= UDP:c:\program files\Gpotato\Flyff\Neuz.exe:Neuz "{822C0B07-1D96-4F60-A8A7-E0C58453539F}"= TCP:c:\program files\Gpotato\Flyff\Neuz.exe:Neuz "TCP Query User{FDA100AA-D79D-46B6-89EA-EEEF7D9B1829}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe:Paltalk 9.0 "UDP Query User{22D4D76C-A024-4223-B75F-BE593F3FB6F6}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe:Paltalk 9.0 "TCP Query User{97393A76-271C-4FBB-BC32-5C82D97C9472}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java Platform SE binary "UDP Query User{6C660DAE-AC16-4504-BF84-4E00AA019BB2}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java Platform SE binary "TCP Query User{A3BFF159-72F7-489E-BE38-001846174499}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe:Paltalk 9.1 "UDP Query User{0E2A4D09-EB65-4E8A-B3D1-696B755CE466}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe:Paltalk 9.1 "{81FD6086-90D9-42DF-B1A1-4CCF1197D5B4}"= UDP:c:\users\Huy Tran\Desktop\utorrent.exe:µTorrent "{954532B3-F3E8-43EA-AC4E-ACEF67F3112E}"= TCP:c:\users\Huy Tran\Desktop\utorrent.exe:µTorrent "TCP Query User{DCAECBE1-DC91-436D-8126-07A0D36927CE}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{8F95BF3D-6CFA-4956-8F3A-9B7B80E909C7}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{926686E9-66BE-411F-B134-CB26E84767AC}c:\\program files\\steam\\steamapps\\sloth90\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\sloth90\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{57D7EDEE-2B08-4AC6-B1CF-0942BF2869D6}c:\\program files\\steam\\steamapps\\sloth90\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\sloth90\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{52B9CDD0-91D4-4842-A698-00B61AC7C452}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{5AB90846-2578-4D77-9219-30498FFA8E8E}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{61F8CA59-465E-43E7-BF69-AF58DC265B96}c:\\program files\\steam\\steam.exe"= UDP:c:\program files\steam\steam.exe:Steam "UDP Query User{4A900C49-7263-4497-AF7F-490BF082D569}c:\\program files\\steam\\steam.exe"= TCP:c:\program files\steam\steam.exe:Steam "TCP Query User{FA3526BA-172B-4884-918C-A61DBABC8C89}c:\\program files\\the all-seeing eye\\eye.exe"= UDP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye "UDP Query User{243EE28F-1E2C-4F60-A28C-BEF46D912B1C}c:\\program files\\the all-seeing eye\\eye.exe"= TCP:c:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye "TCP Query User{D13BEFAD-1EA7-4F97-AD3C-0F6D00752037}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{489216D9-7B3A-4E3B-8292-17E5F9735B09}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{4475909B-390C-4133-8B3A-6E6A58BAC02A}"= UDP:c:\windows\Temp\~os69B4.tmp\ossproxy.exe:ossproxy.exe "TCP Query User{A81BADCA-E06D-4F6B-A8D0-D82E68A2D65D}c:\\program files\\bitzip\\bitzip.exe"= UDP:c:\program files\bitzip\bitzip.exe:bitzip "UDP Query User{9D694F22-F4D6-409D-A0D3-BB6A8579FF51}c:\\program files\\bitzip\\bitzip.exe"= TCP:c:\program files\bitzip\bitzip.exe:bitzip "TCP Query User{DAFE928D-0DB0-4D07-B08B-628D204E32EA}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{952A064D-F95A-4F6E-93F4-D85D51A780A3}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "{E1AA5F9E-0BDB-42E7-BB7F-446273861490}"= UDP:c:\windows\Temp\~osBB18.tmp\ossproxy.exe:ossproxy.exe "{59424890-4466-4B89-A570-149D8D179FC7}"= UDP:c:\windows\System32\prmrsr.exe:prmrsr.exe "{BF8957B0-A63E-46F1-B594-F4CAEE989E9C}"= TCP:c:\windows\System32\prmrsr.exe:prmrsr.exe "{7C31978D-3EE5-4FD4-9151-4DC4197A8AF3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{AC3017D0-498F-4C19-BD00-7D672DFB77E4}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{0D70B66C-AB86-4D47-9004-1D4C2F96909D}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{FFAC0519-2624-4156-AF50-6AFD721BDE6A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{DB9E04DD-2987-4DEC-91CD-64EBFE22FA56}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{5DBCF8B5-22E5-4605-8A49-3EA7CC5DDC33}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{A6BBC6CE-221E-476A-8545-C18685BEBEC9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{762468DB-7FEF-46CD-978C-E48447D52A6D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{19DDC218-821B-493B-BCFB-117942030941}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{D49881D7-6864-40D1-AE6C-D55EBAE34CAF}"= UDP:21793:BitComet 21793 TCP "{FA306D91-5EB5-4B5C-8120-4177E118A558}"= TCP:21793:BitComet 21793 UDP "{0AB9A6E5-2DA2-4DDD-9A4F-388C209BEB26}"= c:\program files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone) "{40535DA7-2DF6-48A6-B523-C3266E67C8BA}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{4BA885A9-C843-41F7-8D5F-78C1C8FFF4A6}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{E69501A5-5002-4DA1-ABE5-235797FBB1AD}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{EF945149-3710-4413-8627-921D88743D11}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{590CB51C-059E-4336-90C9-3DD3F39ACE87}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{1C947960-303D-4BFE-B598-26AAE7E30030}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{C1E9481E-8B37-4D43-9D9F-8805BCA86C0F}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{E8F07402-7F60-486C-9E4C-07FBD1C090AD}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{38BAF3A9-F9E4-4457-9054-9BAE8E190176}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{02605A27-7F0E-432C-9214-C71FBDA83BE2}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{E2ECC7DE-A9D6-4DB0-824F-4F37EACCAD13}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{6B9EC352-3EA8-4F16-B981-BE16666A6302}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{4882814E-231F-4E12-AAB4-2D730B13820C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A2F97B7D-D8D7-4553-AC94-A4AF36FFC3AD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{A5714F51-0157-436C-BC5D-203D6DD34327}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{6C6988FC-7B68-4E9E-8741-CC842AA64A51}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "{7D740E93-A1EC-478B-B8C1-6281923C6811}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "{407F4999-F2C1-42AF-A7C4-5E6BC9467B8B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{38140675-F2BD-4EBF-9ED7-D6CCF6344C26}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{5F7B46AE-4002-449A-8789-D944ADC35FF8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{EB98B12C-EBC2-4DAE-8867-8595C923A205}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{70D06EF0-AFBB-49A8-A1D1-43122FB977F2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\System\\rundll.exe"= c:\program files\Common Files\System\rundll.exe:*:Enabled:Windows Update R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800] R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-02-20 472320] R2 FAH@C:+Program Files+EA Games+Need for Speed Undercover+FAH.exe;FAH@C:+Program Files+EA Games+Need for Speed Undercover+FAH.exe;c:\program files\EA Games\Need for Speed Undercover\FAH.exe -svcstart [] R3 OM2800;TRUST 380 USB2 SPACEC@M;c:\windows\system32\Drivers\ovtcam2.sys [2007-03-10 250343] S2 Mesppanger;Mesppanger;c:\recyclers\svchost.exe [] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb51674-b63d-11dd-9508-001617ee7ef5}] \shell\AutoRun\command - I:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-03 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:59] . - - - - TOMME PEKERE FJERNET - - - - BHO-{C5E0E6F2-1AA2-4840-B24A-FCB03F1D6F9C} - c:\windows\system32\fcCTlmND.dll MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe . ------- Tilleggsskanning ------- . FireFox -: Profile - c:\users\Huy Tran\AppData\Roaming\Mozilla\Firefox\Profiles\8vt23a5w.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.united.no/ FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-03 20:50:33 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\EA Games\Need for Speed Undercover\FAH.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\EA Games\Need for Speed Undercover\FahCore_82.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe c:\windows\System32\wbem\WMIADAP.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Tidspunkt ferdig: 2008-12-03 20:56:26 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2008-12-03 19:56:09 Pre-Run: 131 800 326 144 byte ledig Post-Run: 131,930,304,512 byte ledig 400 --- E O F --- 2008-12-02 14:34:28 Endret 3. desember 2008 av cuhuy
snippsat Skrevet 3. desember 2008 Skrevet 3. desember 2008 Ser greit ut. Kan du kjøre MBAM,nå merker du så den sletter det den finner. Da skal det ikke stå No action taken Etter det kjører du combofix igjen og poster loggen.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå