Gå til innhold
Trenger du hjelp med PCen? Still spørsmål her! ×

Finner ikke rundll32.exe

nilsso

Av nilsso
i Maskinen fungerer ikke

Anbefalte innlegg

nilsso

nilsso

Skrevet
  • Forfatter
Skrevet

Greit, skal unngå å bumpe mer. Vil helst slippe å formatere. Takk for hjelpen sålangt, får vel vente i spenning mens du undersøker ;)

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Opprett et nytt cfscript.txt fil med følgene innhold som du drar over til combofix-iconet.

 

Filelook::

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\timedate.cpl

 

Post loggen

nilsso

nilsso

Skrevet
  • Forfatter
Skrevet

Logg:

 

ComboFix 09-02-12.03 - sysop 2009-02-14  9:47:50.8 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1044.18.2046.1458 [GMT 1:00]
Kjører fra: c:\documents and settings\sysop\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\sysop\Skrivebord\cfscript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
* Opprettet nytt gjenopprettingspunkt
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\rundll32.exe

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2009-01-14 til 2009-02-14  )))))))))))))))))))))))))))))))))
.

2009-02-09 23:06 . 2009-02-09 23:06	250	--a------	c:\windows\gmer.ini
2009-02-09 17:02 . 2009-02-09 17:02	<DIR>	d--------	c:\documents and settings\aleksander nilsen\Programdata\Logitech
2009-02-09 17:01 . 2007-10-30 15:01	<DIR>	dr-------	c:\documents and settings\aleksander nilsen\Start-meny
2009-02-09 17:01 . 2007-10-30 15:01	<DIR>	d--h-----	c:\documents and settings\aleksander nilsen\Skrivere
2009-02-09 17:01 . 2007-10-30 15:01	<DIR>	d--------	c:\documents and settings\aleksander nilsen\Skrivebord
2009-02-09 17:01 . 2009-02-09 17:02	<DIR>	dr-h-----	c:\documents and settings\aleksander nilsen\Siste
2009-02-09 17:01 . 2009-02-09 17:11	<DIR>	dr-h-----	c:\documents and settings\aleksander nilsen\Programdata
2009-02-09 17:01 . 2009-02-09 17:11	<DIR>	dr-------	c:\documents and settings\aleksander nilsen\Mine dokumenter
2009-02-09 17:01 . 2007-10-30 14:18	<DIR>	d--h-----	c:\documents and settings\aleksander nilsen\Maler
2009-02-09 17:01 . 2009-02-14 09:50	<DIR>	d--h-----	c:\documents and settings\aleksander nilsen\Lokale innstillinger
2009-02-09 17:01 . 2009-02-09 17:02	<DIR>	dr-------	c:\documents and settings\aleksander nilsen\Favoritter
2009-02-09 17:01 . 2007-10-30 15:01	<DIR>	d--h-----	c:\documents and settings\aleksander nilsen\AndrMask
2009-02-09 17:01 . 2009-02-09 17:19	<DIR>	d--------	c:\documents and settings\aleksander nilsen
2009-02-09 00:53 . 2009-02-09 00:53	<DIR>	d--------	c:\documents and settings\sysop\Programdata\Apple Computer
2009-02-08 14:11 . 2008-12-26 07:20	290,816	--a------	c:\windows\system32\nvwrsth.dll
2009-02-08 14:11 . 2008-12-26 07:20	253,952	--a------	c:\windows\system32\nvrsth.dll
2009-02-08 14:11 . 2008-12-26 07:20	211,067	--a------	c:\windows\system32\nvapps.nvb
2009-02-08 14:10 . 2008-12-26 07:20	1,650,688	--a------	c:\windows\system32\nvcuda.dll
2009-02-08 12:48 . 2009-02-08 12:48	12,126	--a------	c:\windows\system32\rundll32-1.rar
2009-02-07 20:50 . 2009-02-07 20:51	12,120	--a------	c:\windows\system32\rundll32.rar
2009-02-07 19:35 . 2007-10-30 14:22	0	--a------	C:\AUTOEXEC.CAM
2009-02-07 14:50 . 2009-02-07 19:35	<DIR>	d--------	c:\documents and settings\sysop\.housecall6.6
2009-02-03 15:24 . 2009-02-03 15:24	<DIR>	d--------	c:\programfiler\CAPCOM
2009-01-26 18:21 . 2009-01-26 18:29	98	--a------	c:\windows\h3maped.INI
2009-01-24 14:02 . 2009-01-24 14:23	<DIR>	d--------	c:\programfiler\Fellesfiler\3DO Shared
2009-01-24 02:34 . 2009-01-24 14:23	<DIR>	d--------	c:\programfiler\3DO
2009-01-24 02:03 . 1998-10-29 16:45	306,688	--a------	c:\windows\IsUninst.exe
2009-01-14 22:46 . 2009-01-14 22:46	<DIR>	d--------	c:\programfiler\Fellesfiler\Everstrike Software
2009-01-14 22:46 . 2009-01-14 22:46	<DIR>	d--------	c:\programfiler\Everstrike Software
2009-01-14 22:43 . 2009-01-14 22:46	<DIR>	d--------	c:\programfiler\Password Protect

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 22:56	---------	d-----w	c:\programfiler\Starcraft
2009-02-08 02:34	96,384	----a-w	c:\windows\system32\drivers\sptd8333.sys
2009-02-04 19:06	---------	d-----w	c:\documents and settings\sysop\Programdata\dvdcss
2009-02-03 14:49	107,888	----a-w	c:\windows\system32\CmdLineExt.dll
2009-02-01 20:10	---------	d-----w	c:\documents and settings\sysop\Programdata\uTorrent
2009-01-24 00:43	---------	d--h--w	c:\programfiler\InstallShield Installation Information
2009-01-24 00:43	---------	d-----w	c:\programfiler\Ubisoft
2009-01-24 00:43	---------	d-----w	c:\programfiler\Fellesfiler\InstallShield
2009-01-13 16:53	---------	d-----w	c:\documents and settings\sysop\Programdata\vlc
2009-01-02 00:15	---------	d-----w	c:\documents and settings\sysop\Programdata\DivX
2008-12-28 20:55	---------	d-----w	c:\programfiler\Left 4 Dead
2008-12-27 14:20	---------	d-----w	c:\programfiler\Diablo II
2008-12-23 20:58	453,152	----a-w	c:\windows\system32\NVUNINST.EXE
2008-11-19 13:03	183,112	----a-w	c:\windows\system32\PnkBstrB.exe
2008-10-25 12:11	22,328	-c--a-w	c:\documents and settings\sysop\Programdata\PnkBstrK.sys
2008-07-18 08:55	1,598,010,535	----a-w	c:\programfiler\Diablo II1.12.rar
2006-12-29 01:07	38,912	----a-w	c:\programfiler\D2Loader-1.11b.exe
2004-06-15 06:00	13,824	----a-w	c:\documents and settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rundll32.exe -- Invalid filepath or file no longer exist 

c:\windows\system32\timedate.cpl -- Invalid filepath or file no longer exist 


(((((((((((((((((((((((((((((   SnapShot_2009-02-08_14.48.42,68   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 22:06:30	884,736	----a-w	c:\windows\gmer.dll
+ 2008-04-17 20:13:02	811,008	----a-r	c:\windows\gmer.exe
- 2009-01-15 00:18:28	593,920	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-02-11 11:01:33	593,920	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-01-15 00:18:28	12,288	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-11 11:01:33	12,288	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-01-15 00:18:28	86,016	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-02-11 11:01:33	86,016	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-15 00:18:28	135,168	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-02-11 11:01:32	135,168	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-15 00:18:28	11,264	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-02-11 11:01:33	11,264	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-15 00:18:28	27,136	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-02-11 11:01:33	27,136	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-15 00:18:28	4,096	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-02-11 11:01:33	4,096	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-15 00:18:28	794,624	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-02-11 11:01:33	794,624	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-15 00:18:28	249,856	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-02-11 11:01:32	249,856	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-15 00:18:28	61,440	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-02-11 11:01:32	61,440	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-01-15 00:18:28	23,040	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-02-11 11:01:34	23,040	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-15 00:18:28	286,720	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-02-11 11:01:32	286,720	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-15 00:18:28	409,600	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-02-11 11:01:32	409,600	----a-r	c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-02-08 12:06:26	10,134	----a-r	c:\windows\Installer\{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}\ARPPRODUCTICON.exe
+ 2009-02-09 16:02:40	10,134	----a-r	c:\windows\Installer\{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}\ARPPRODUCTICON.exe
+ 2009-02-09 22:06:30	85,969	----a-w	c:\windows\system32\drivers\gmer.sys
- 2009-01-10 01:35:28	20,853,704	----a-w	c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12	21,244,864	----a-w	c:\windows\system32\MRT.exe
- 2009-02-08 12:46:09	72,486	----a-w	c:\windows\system32\perfc009.dat
+ 2009-02-09 16:05:20	72,486	----a-w	c:\windows\system32\perfc009.dat
- 2009-02-08 12:46:09	81,116	----a-w	c:\windows\system32\perfc014.dat
+ 2009-02-09 16:05:20	81,116	----a-w	c:\windows\system32\perfc014.dat
- 2009-02-08 12:46:09	444,862	----a-w	c:\windows\system32\perfh009.dat
+ 2009-02-09 16:05:20	444,862	----a-w	c:\windows\system32\perfh009.dat
- 2009-02-08 12:46:09	447,934	----a-w	c:\windows\system32\perfh014.dat
+ 2009-02-09 16:05:20	447,934	----a-w	c:\windows\system32\perfh014.dat
- 2007-11-30 12:39:50	17,784	------w	c:\windows\system32\spmsg.dll
+ 2008-07-09 07:44:41	17,784	------w	c:\windows\system32\spmsg.dll
- 2009-02-08 13:14:19	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2009-02-14 08:39:23	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_2c8.dat
.
-- Snapshot resatt til dagens dato --
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Steam"="c:\steam\steam.exe" [2008-10-08 1410296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-03-29 190000]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"DAEMON Tools"="c:\programfiler\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2008-05-17 950664]
"ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"NeroFilterCheck"="c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13729792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-04-13 947760]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\sysop\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-09-11 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-08-04 13:44 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.imc"= imc32.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^sysop^Start-meny^Programmer^Oppstart^BJ Status Monitor Canon PIXMA iP3000.lnk]
backup=c:\windows\pss\BJ Status Monitor Canon PIXMA iP3000.lnkStartup
path=c:\documents and settings\sysop\Start-meny\Programmer\Oppstart\BJ Status Monitor Canon PIXMA iP3000.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\programfiler\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 15:00 1249280 c:\programfiler\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-08-11 07:31 1124352 c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-07 08:34 167936 c:\programfiler\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-12 11:45 1576176 c:\programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\programfiler\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wow Video&Audio]
--a------ 2007-04-13 00:59 947760 c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programfiler\\Starcraft\\StarCraft.exe"=
"c:\\Programfiler\\mIRC\\mirc.exe"=
"c:\\Programfiler\\LimeWire\\LimeWire.exe"=
"c:\\Programfiler\\utorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programfiler\\VentSrv\\ventrilo_srv.exe"=
"c:\\Programfiler\\Diablo II\\D2Loader-1.11b.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Steam\\steamapps\\d2l_zod\\dedicated server\\hlds.exe"=
"c:\\Steam\\steamapps\\tomcat409\\counter-strike\\hl.exe"=
"c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\sysop\\Skrivebord\\RM\\RatioMaster.exe"=
"c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"c:\\Programfiler\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Awesom-O 3.6\\Redvex\\AO.exe"=
"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programfiler\\TeamViewer3\\TeamViewer.exe"=
"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\MSN Messenger\\livecall.exe"=
"c:\\Programfiler\\Left 4 Dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4000:TCP"= 4000:TCP:d2
"4000:UDP"= 4000:UDP:d2

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-03-14 9856]
R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2007-12-12 44480]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-09-15 2915944]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-17 15424]
R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
R2 LF30FS;LF30FS;c:\programfiler\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488]
S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S3 w3304an5;WN3X0X Wireless Adapter;\??\c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS --> c:\progra~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS [?]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Tilleggsskanning -------
.
uStart Page = about:blank
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/
FF - component: c:\documents and settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\extensions\[email protected]\components\BkMrkExt.dll
FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 09:51:03
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ... 

skanner skjulte filer ...  


c:\windows\system32\rundll32.exe 33280 bytes executable
c:\windows\system32\timedate.cpl 93696 bytes executable

skanning vellykket
skjulte filer: 2

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:52,15,63,f5,85,7f,e0,8a,7d,61,0c,46,f5,02,a4,98,37,e3,7a,0f,6f,16,18,
  30,2b,9d,5f,d8,6b,09,33,09,71,4b,4f,2c,3e,cc,5f,c4,23,0f,d1,66,8e,e0,56,41,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-436374069-1214440339-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:fc,fe,5b,55,a4,a0,24,28,bd,d9,5f,a5,16,27,84,c1,a2,cd,a1,f0,e3,
  8c,7c,bc,f4,95,92,1e,a7,64,90,fc,d3,05,79,f2,6a,50,45,f6,cc,03,5c,01,de,ff,\
"rkeysecu"=hex:38,2d,20,88,7d,46,60,62,5d,99,cd,2a,13,88,0f,7a
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll
c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll
.
Tidspunkt ferdig: 2009-02-14  9:52:34
ComboFix-quarantined-files.txt  2009-02-14 08:52:32
ComboFix2.txt  2009-02-08 18:49:29
ComboFix3.txt  2009-02-08 13:49:40
ComboFix4.txt  2009-02-08 00:08:17
ComboFix5.txt  2009-02-14 08:47:01

Pre-Run: 32 137 711 616 byte ledig
Post-Run: 32,156,340,224 byte ledig

307	--- E O F ---	2009-02-11 11:07:56

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...