[Løst]Combofix og Malwarebytes Anit-Malware log, kan noen see over?

[Raytee]

Combofix:

 

ComboFix 09-04-04.01 - Rayte 2009-04-10 11:46:01.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2882 [GMT 2:00]

Kjører fra: c:\documents and settings\Rayte\Desktop\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-10 til 2009-04-10 )))))))))))))))))))))))))))))))))

.

 

2009-04-10 11:20 . 2009-04-10 11:20 <DIR> d-------- C:\fsaua.data

2009-04-10 10:28 . 2009-04-10 10:28 <DIR> d-------- c:\documents and settings\Rayte\Application Data\Uniblue

2009-04-10 10:27 . 2009-04-10 10:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0

2009-04-09 11:07 . 2009-04-09 11:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Xfire

2009-04-08 21:58 . 2009-04-08 21:58 <DIR> d-------- c:\documents and settings\Rayte\Application Data\dyyno-vlc

2009-04-08 21:53 . 2009-04-08 21:53 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire

2009-04-08 21:43 . 2009-04-09 12:12 <DIR> d-------- c:\program files\Xfire

2009-04-08 21:43 . 2009-04-09 21:21 <DIR> d-------- c:\documents and settings\Rayte\Application Data\Xfire

2009-04-08 21:41 . 2009-04-10 10:36 <DIR> d-------- c:\program files\Dyyno

2009-04-02 06:11 . 2009-04-02 06:11 <DIR> d-------- c:\program files\uTorrent

2009-04-02 06:11 . 2009-04-02 22:52 <DIR> d-------- c:\documents and settings\Rayte\Application Data\uTorrent

2009-03-27 03:28 . 2009-04-08 12:54 <DIR> d-------- c:\program files\World of Warcraft Public Test

2009-03-26 04:57 . 2009-03-26 04:57 <DIR> d-------- c:\windows\system32\LogFiles

2009-03-21 00:26 . 2009-03-21 00:26 41,808 --a------ c:\windows\system32\xfcodec.dll

2009-03-18 14:13 . 2009-03-18 14:13 754 --a------ c:\windows\WORDPAD.INI

2009-03-14 10:33 . 2009-03-14 10:33 <DIR> d-------- c:\program files\Java

2009-03-14 10:33 . 2009-03-14 10:33 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-12 09:39 . 2004-08-04 00:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-10 09:40 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-04-10 09:25 --------- d-----w c:\documents and settings\Rayte\Application Data\Skype

2009-04-10 08:37 --------- d-----w c:\documents and settings\Rayte\Application Data\Cedelia

2009-04-10 08:18 --------- d-----w c:\program files\Steam

2009-04-10 08:18 --------- d-----w c:\documents and settings\Rayte\Application Data\skypePM

2009-04-06 09:03 --------- d-----w c:\program files\Winamp Remote

2009-04-04 12:59 --------- d-----w c:\program files\World of Warcraft

2009-03-29 03:45 --------- d-----w c:\program files\PKR

2009-03-27 01:50 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2009-03-26 16:38 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-26 15:39 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-03-26 15:39 108,552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-03-26 15:39 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2009-03-20 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania

2009-03-18 18:54 --------- d-----w c:\documents and settings\Rayte\Application Data\Ventrilo

2009-03-14 08:33 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-03-04 18:40 --------- d-----w c:\program files\TmNationsForever

2009-02-28 18:28 --------- d-----w c:\program files\PowerISO

2009-02-27 20:52 --------- d-----w c:\documents and settings\All Users\Application Data\OrbNetworks

2009-02-26 13:14 --------- d-----w c:\program files\Windows Live

2009-02-26 13:14 --------- d-----w c:\program files\Microsoft

2009-02-25 03:54 --------- d-----w c:\program files\Full Tilt Poker

2009-02-21 16:49 --------- d-----w c:\program files\Winamp

2009-02-21 16:49 --------- d-----w c:\documents and settings\Rayte\Application Data\Winamp

2009-02-21 13:13 --------- d-----w c:\program files\Guitar Pro 5

2009-02-21 12:14 --------- d-----w c:\program files\DVDVideoSoft

2009-02-21 12:14 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2009-02-21 12:14 --------- d-----w c:\program files\AskSearch

2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-10 18:58 --------- d-----w c:\program files\Ventrilo

2009-02-10 18:58 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2009-01-13 02:25 16,608 ----a-w c:\windows\gdrv.sys

2009-01-11 15:56 315,392 ----a-w c:\windows\HideWin.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2009-02-07_ 2.50.23,35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB960715\spmsg.dll

+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB960715\spuninst.exe

+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB960715\update\spcustom.dll

+ 2008-11-15 17:18:04 755,576 ----a-w c:\windows\$hf_mig$\KB960715\update\update.exe

+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB960715\update\updspapi.dll

+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\shell32.dll

+ 2008-02-15 09:06:21 351,744 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\xpsp3res.dll

+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll

+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll

+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll

+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe

+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll

+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe

+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll

+ 2005-06-28 17:23:24 213,216 -c----w c:\windows\$NtUninstallKB923689$\spuninst\spuninst.exe

+ 2005-06-28 17:23:53 371,424 -c----w c:\windows\$NtUninstallKB923689$\spuninst\updspapi.dll

+ 2005-01-28 12:44:28 2,370,296 -c----w c:\windows\$NtUninstallKB923689$\wmvcore.dll

+ 2008-07-09 07:38:25 231,288 -c----w c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe

+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll

+ 2007-10-26 03:36:51 8,454,656 -c----w c:\windows\$NtUninstallKB967715$\shell32.dll

+ 2008-07-09 07:38:25 231,288 -c----w c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe

+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll

+ 2008-02-27 13:59:28 290,816 ----a-w c:\windows\Downloaded Program Files\auc_lib.dll

+ 2009-03-19 08:43:18 274,432 ----a-w c:\windows\Downloaded Program Files\DyynoX.dll

+ 2008-02-27 13:59:28 495,616 ----a-w c:\windows\Downloaded Program Files\daas_s.dll

+ 2008-02-27 14:00:12 262,144 ----a-w c:\windows\Downloaded Program Files\fscax.dll

+ 2008-02-27 13:59:16 588,392 ----a-w c:\windows\Downloaded Program Files\gatelauncher.exe

- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2009-02-07 15:26:59 27,648 ----a-r c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe

- 2009-01-14 17:25:23 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe

+ 2009-03-12 07:44:28 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe

- 2009-01-11 16:12:19 80,395 ----a-r c:\windows\Installer\{33FE4D58-2D62-4969-8B0F-7F7ACBB7BD23}\MsblIco.Exe

+ 2009-02-26 13:14:58 80,395 ----a-r c:\windows\Installer\{33FE4D58-2D62-4969-8B0F-7F7ACBB7BD23}\MsblIco.Exe

- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe

+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe

+ 2004-08-04 12:00:00 159,232 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll

+ 2004-08-04 12:00:00 52,224 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

+ 2004-08-04 12:00:00 201,728 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll

+ 2004-08-04 12:00:00 356,352 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll

+ 2004-08-04 12:00:00 245,760 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll

+ 2004-08-04 12:00:00 27,136 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll

+ 2004-08-04 12:00:00 23,552 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll

+ 2005-01-28 12:44:28 164,864 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll

+ 2005-01-28 12:44:28 25,088 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

+ 2005-01-28 12:44:28 173,568 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll

+ 2005-01-28 12:44:28 364,784 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll

+ 2005-01-28 12:44:28 315,904 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll

+ 2005-01-28 12:44:28 28,160 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll

+ 2005-01-28 12:44:28 33,792 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll

+ 2005-01-28 12:44:28 47,104 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe

+ 2005-01-28 12:44:28 15,872 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll

+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe

+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll

+ 2005-01-28 12:44:28 61,952 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll

+ 2005-01-28 12:44:28 114,176 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll

+ 2005-01-28 12:44:28 331,776 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll

+ 2005-01-28 12:44:28 66,560 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll

+ 2005-01-28 12:44:28 331,264 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll

+ 2005-01-28 12:44:28 10,752 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll

+ 2005-01-28 12:44:28 18,944 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys

+ 2004-08-04 12:00:00 408,064 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll

+ 2004-08-04 12:00:00 759,296 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll

+ 2004-08-04 12:00:00 484,864 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll

+ 2004-08-04 12:00:00 809,984 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll

+ 2005-01-28 12:44:28 396,528 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll

+ 2005-01-28 12:44:28 774,904 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll

+ 2005-01-28 12:44:28 413,944 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll

+ 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll

+ 2005-01-28 12:44:28 895,736 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll

+ 2004-08-04 12:00:00 286,208 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll

+ 2004-08-04 12:00:00 299,520 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll

+ 2004-08-04 12:00:00 87,040 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll

+ 2004-08-04 12:00:00 695,296 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll

+ 2004-08-04 12:00:00 259,072 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll

+ 2005-01-28 12:44:28 294,912 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll

+ 2005-01-28 12:44:28 258,296 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll

+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll

+ 2005-01-28 12:44:28 502,272 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll

+ 2005-01-28 12:44:28 142,336 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll

+ 2004-08-04 12:00:00 6,656 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll

+ 2008-06-10 00:31:06 103,936 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe

+ 2004-08-04 12:00:00 237,568 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll

+ 2004-08-04 12:00:00 670,720 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll

+ 2007-10-27 16:39:20 230,912 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll

+ 2004-08-04 12:00:00 151,552 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll

+ 2008-06-10 17:18:18 1,053,696 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll

+ 2004-08-04 12:00:00 1,119,744 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll

+ 2004-08-04 12:00:00 896,512 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll

+ 2008-11-07 17:32:20 2,109,440 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll

+ 2004-08-04 12:00:00 1,001,472 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll

+ 2005-01-28 12:44:28 6,656 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll

+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe

+ 2005-01-28 12:44:28 221,184 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll

+ 2005-01-28 12:44:28 716,288 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll

+ 2005-01-28 12:44:28 224,768 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll

+ 2005-01-28 12:44:28 335,872 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll

+ 2005-01-28 12:44:28 290,816 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll

+ 2005-01-28 12:44:28 150,016 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll

+ 2005-01-28 12:44:28 1,027,072 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll

+ 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll

+ 2005-01-28 12:44:28 940,544 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll

+ 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL

+ 2005-01-28 12:44:28 2,370,296 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll

+ 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll

- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe

- 2004-08-04 12:00:00 286,208 ----a-w c:\windows\system32\blackbox.dll

+ 2005-01-28 12:44:28 294,912 ----a-w c:\windows\system32\blackbox.dll

- 2004-08-04 12:00:00 159,232 ----a-w c:\windows\system32\cewmdm.dll

+ 2005-01-28 12:44:28 164,864 ----a-w c:\windows\system32\cewmdm.dll

+ 2005-02-05 18:45:26 2,222,800 ----a-w c:\windows\system32\d3dx9_24.dll

+ 2005-03-18 16:19:58 2,337,488 ----a-w c:\windows\system32\d3dx9_25.dll

+ 2005-05-26 14:34:52 2,297,552 ----a-w c:\windows\system32\d3dx9_26.dll

+ 2005-07-22 18:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll

+ 2005-12-05 17:09:18 2,323,664 ----a-w c:\windows\system32\d3dx9_28.dll

+ 2006-02-03 07:43:16 2,332,368 ----a-w c:\windows\system32\d3dx9_29.dll

+ 2006-03-31 11:40:58 2,388,176 ----a-w c:\windows\system32\d3dx9_30.dll

- 2004-08-04 12:00:00 286,208 -c--a-w c:\windows\system32\dllcache\blackbox.dll

+ 2005-01-28 12:44:28 294,912 -c--a-w c:\windows\system32\dllcache\blackbox.dll

- 2004-08-04 12:00:00 159,232 -c--a-w c:\windows\system32\dllcache\cewmdm.dll

+ 2005-01-28 12:44:28 164,864 -c--a-w c:\windows\system32\dllcache\cewmdm.dll

- 2004-08-04 12:00:00 299,520 -c--a-w c:\windows\system32\dllcache\drmclien.dll

+ 2005-01-28 12:44:28 258,296 -c--a-w c:\windows\system32\dllcache\drmclien.dll

- 2004-08-04 12:00:00 87,040 -c--a-w c:\windows\system32\dllcache\drmstor.dll

+ 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\drmstor.dll

- 2004-08-04 12:00:00 695,296 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll

+ 2005-01-28 12:44:28 502,272 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll

- 2004-08-04 12:00:00 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll

+ 2005-01-28 12:44:28 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll

- 2008-06-10 00:31:06 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe

+ 2008-06-10 04:52:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe

- 2004-08-04 12:00:00 259,072 -c--a-w c:\windows\system32\dllcache\msnetobj.dll

+ 2005-01-28 12:44:28 142,336 -c--a-w c:\windows\system32\dllcache\msnetobj.dll

- 2004-08-04 12:00:00 52,224 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll

+ 2005-01-28 12:44:28 25,088 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll

- 2004-08-04 12:00:00 201,728 -c--a-w c:\windows\system32\dllcache\mspmsp.dll

+ 2005-01-28 12:44:28 173,568 -c--a-w c:\windows\system32\dllcache\mspmsp.dll

- 2004-08-04 12:00:00 356,352 -c--a-w c:\windows\system32\dllcache\msscp.dll

+ 2005-01-28 12:44:28 364,784 -c--a-w c:\windows\system32\dllcache\msscp.dll

- 2004-08-04 12:00:00 245,760 -c--a-w c:\windows\system32\dllcache\mswmdm.dll

+ 2005-01-28 12:44:28 315,904 -c--a-w c:\windows\system32\dllcache\mswmdm.dll

- 2004-08-04 12:00:00 237,568 -c--a-w c:\windows\system32\dllcache\qasf.dll

+ 2005-01-28 12:44:28 221,184 -c--a-w c:\windows\system32\dllcache\qasf.dll

- 2007-10-26 03:36:51 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll

+ 2008-07-03 13:16:57 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll

- 2004-08-04 12:00:00 408,064 -c--a-w c:\windows\system32\dllcache\wmadmod.dll

+ 2005-01-28 12:44:28 396,528 -c--a-w c:\windows\system32\dllcache\wmadmod.dll

- 2004-08-04 12:00:00 670,720 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll

+ 2005-01-28 12:44:28 716,288 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll

- 2007-10-27 16:39:20 230,912 -c--a-w c:\windows\system32\dllcache\wmasf.dll

+ 2007-10-27 16:40:06 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll

- 2004-08-04 12:00:00 27,136 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll

+ 2005-01-28 12:44:28 28,160 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll

- 2004-08-04 12:00:00 23,552 -c--a-w c:\windows\system32\dllcache\wmdmps.dll

+ 2005-01-28 12:44:28 33,792 -c--a-w c:\windows\system32\dllcache\wmdmps.dll

- 2004-08-04 12:00:00 151,552 -c--a-w c:\windows\system32\dllcache\wmidx.dll

+ 2005-01-28 12:44:28 150,016 -c--a-w c:\windows\system32\dllcache\wmidx.dll

- 2008-06-10 17:18:18 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll

+ 2008-06-10 05:28:36 1,028,096 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll

- 2004-08-04 12:00:00 759,296 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll

+ 2005-01-28 12:44:28 774,904 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll

- 2004-08-04 12:00:00 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll

+ 2005-01-28 12:44:28 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll

- 2004-08-04 12:00:00 484,864 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll

+ 2005-01-28 12:44:28 413,944 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll

- 2004-08-04 12:00:00 896,512 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll

+ 2005-01-28 12:44:28 940,544 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll

- 2007-10-27 16:37:38 2,109,440 -c--a-w c:\windows\system32\dllcache\wmvcore.dll

+ 2008-06-10 06:07:24 2,376,760 -c--a-w c:\windows\system32\dllcache\WMVCore.dll

- 2004-08-04 12:00:00 809,984 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll

+ 2005-01-28 12:44:28 895,736 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll

- 2004-08-04 12:00:00 1,001,472 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll

+ 2005-01-28 12:44:28 1,003,008 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll

+ 2007-03-07 23:51:00 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys

+ 2007-03-07 23:51:00 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys

+ 2007-03-07 23:51:00 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys

+ 2008-07-07 07:40:49 56,108 ----a-w c:\windows\system32\drivers\scdemu.sys

+ 2004-08-03 22:08:48 26,496 ----a-w c:\windows\system32\drivers\USBSTOR.SYS

+ 2005-01-28 12:44:28 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys

- 2004-08-04 12:00:00 299,520 ----a-w c:\windows\system32\drmclien.dll

+ 2005-01-28 12:44:28 258,296 ----a-w c:\windows\system32\drmclien.dll

- 2004-08-04 12:00:00 87,040 ----a-w c:\windows\system32\drmstor.dll

+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\system32\drmstor.dll

- 2004-08-04 12:00:00 695,296 ----a-w c:\windows\system32\drmv2clt.dll

+ 2005-01-28 12:44:28 502,272 ----a-w c:\windows\system32\drmv2clt.dll

- 2009-01-13 13:28:54 93,480 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-02-22 07:08:14 94,272 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2009-01-25 08:13:12 144,792 ----a-w c:\windows\system32\java.exe

+ 2009-03-14 08:33:05 144,792 ----a-w c:\windows\system32\java.exe

- 2009-01-25 08:13:12 144,792 ----a-w c:\windows\system32\javaw.exe

+ 2009-03-14 08:33:05 144,792 ----a-w c:\windows\system32\javaw.exe

- 2009-01-25 08:13:12 148,888 ----a-w c:\windows\system32\javaws.exe

+ 2009-03-14 08:33:05 148,888 ----a-w c:\windows\system32\javaws.exe

- 2004-08-04 12:00:00 6,656 ----a-w c:\windows\system32\laprxy.dll

+ 2005-01-28 12:44:28 6,656 ----a-w c:\windows\system32\laprxy.dll

- 2008-06-10 00:31:06 103,936 ----a-w c:\windows\system32\logagent.exe

+ 2008-06-10 04:52:04 96,768 ----a-w c:\windows\system32\logagent.exe

- 2004-08-04 12:00:00 259,072 ----a-w c:\windows\system32\msnetobj.dll

+ 2005-01-28 12:44:28 142,336 ----a-w c:\windows\system32\msnetobj.dll

- 2004-08-04 12:00:00 52,224 ----a-w c:\windows\system32\mspmsnsv.dll

+ 2005-01-28 12:44:28 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll

- 2004-08-04 12:00:00 201,728 ----a-w c:\windows\system32\mspmsp.dll

+ 2005-01-28 12:44:28 173,568 ----a-w c:\windows\system32\MsPMSP.dll

- 2004-08-04 12:00:00 356,352 ----a-w c:\windows\system32\msscp.dll

+ 2005-01-28 12:44:28 364,784 ----a-w c:\windows\system32\MSSCP.dll

+ 2002-01-05 13:37:26 344,064 ----a-w c:\windows\system32\msvcr70.dll

- 2004-08-04 12:00:00 245,760 ----a-w c:\windows\system32\mswmdm.dll

+ 2005-01-28 12:44:28 315,904 ----a-w c:\windows\system32\MSWMDM.dll

- 2009-01-14 14:13:12 40,128 ----a-w c:\windows\system32\perfc009.dat

+ 2009-03-29 16:37:04 40,128 ----a-w c:\windows\system32\perfc009.dat

- 2009-01-14 14:13:12 311,740 ----a-w c:\windows\system32\perfh009.dat

+ 2009-03-29 16:37:04 311,740 ----a-w c:\windows\system32\perfh009.dat

+ 2007-03-07 23:51:00 547,576 ------w c:\windows\system32\px.dll

+ 2007-03-07 23:51:00 129,784 ------w c:\windows\system32\pxafs.dll

+ 2007-03-07 23:51:00 64,760 ------w c:\windows\system32\pxcpya64.exe

+ 2007-03-07 23:51:00 510,712 ------w c:\windows\system32\pxdrv.dll

+ 2007-03-07 23:51:00 72,440 ------w c:\windows\system32\pxhpinst.exe

+ 2007-03-07 23:51:00 64,760 ------w c:\windows\system32\pxinsa64.exe

+ 2007-03-07 23:51:00 187,128 ------w c:\windows\system32\pxmas.dll

+ 2007-03-07 23:51:00 1,628,920 ------w c:\windows\system32\pxsfs.dll

+ 2007-03-07 23:51:00 379,640 ------w c:\windows\system32\pxwave.dll

- 2004-08-04 12:00:00 237,568 ----a-w c:\windows\system32\qasf.dll

+ 2005-01-28 12:44:28 221,184 ----a-w c:\windows\system32\qasf.dll

- 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll

+ 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll

- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll

+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll

+ 2005-01-28 12:44:28 47,104 ----a-w c:\windows\system32\uwdf.exe

+ 2007-03-07 23:51:00 39,672 ------w c:\windows\system32\vxblock.dll

+ 2005-01-28 12:44:28 15,872 ----a-w c:\windows\system32\wdfapi.dll

+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wdfmgr.exe

- 2004-08-04 12:00:00 408,064 ----a-w c:\windows\system32\wmadmod.dll

+ 2005-01-28 12:44:28 396,528 ----a-w c:\windows\system32\wmadmod.dll

- 2004-08-04 12:00:00 670,720 ----a-w c:\windows\system32\wmadmoe.dll

+ 2005-01-28 12:44:28 716,288 ----a-w c:\windows\system32\wmadmoe.dll

- 2007-10-27 16:39:20 230,912 ----a-w c:\windows\system32\wmasf.dll

+ 2007-10-27 16:40:06 227,328 ----a-w c:\windows\system32\wmasf.dll

- 2004-08-04 12:00:00 27,136 ----a-w c:\windows\system32\wmdmlog.dll

+ 2005-01-28 12:44:28 28,160 ----a-w c:\windows\system32\WMDMLOG.dll

- 2004-08-04 12:00:00 23,552 ----a-w c:\windows\system32\wmdmps.dll

+ 2005-01-28 12:44:28 33,792 ----a-w c:\windows\system32\WMDMPS.dll

+ 2005-01-28 12:44:28 335,872 ----a-w c:\windows\system32\WMDRMdev.dll

+ 2005-01-28 12:44:28 290,816 ----a-w c:\windows\system32\WMDRMNet.dll

- 2004-08-04 12:00:00 151,552 ----a-w c:\windows\system32\wmidx.dll

+ 2005-01-28 12:44:28 150,016 ----a-w c:\windows\system32\wmidx.dll

- 2008-06-10 17:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll

+ 2008-06-10 05:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll

+ 2004-08-04 12:00:00 221,184 ----a-w c:\windows\system32\wmpns.dll

- 2004-08-04 12:00:00 759,296 ----a-w c:\windows\system32\wmsdmod.dll

+ 2005-01-28 12:44:28 774,904 ----a-w c:\windows\system32\wmsdmod.dll

- 2004-08-04 12:00:00 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll

+ 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll

- 2004-08-04 12:00:00 484,864 ----a-w c:\windows\system32\wmspdmod.dll

+ 2005-01-28 12:44:28 413,944 ----a-w c:\windows\system32\wmspdmod.dll

- 2004-08-04 12:00:00 896,512 ----a-w c:\windows\system32\wmspdmoe.dll

+ 2005-01-28 12:44:28 940,544 ----a-w c:\windows\system32\wmspdmoe.dll

+ 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\system32\wmvadvd.dll

+ 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL

- 2008-11-07 17:32:20 2,109,440 ------w c:\windows\system32\WMVCore.dll

+ 2008-06-10 06:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll

- 2004-08-04 12:00:00 809,984 ----a-w c:\windows\system32\wmvdmod.dll

+ 2005-01-28 12:44:28 895,736 ----a-w c:\windows\system32\wmvdmod.dll

- 2004-08-04 12:00:00 1,001,472 ----a-w c:\windows\system32\wmvdmoe2.dll

+ 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll

+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wpd_ci.dll

+ 2005-01-28 12:44:28 61,952 ----a-w c:\windows\system32\wpdconns.dll

+ 2005-01-28 12:44:28 114,176 ----a-w c:\windows\system32\wpdmtp.dll

+ 2005-01-28 12:44:28 331,776 ----a-w c:\windows\system32\wpdmtpdr.dll

+ 2005-01-28 12:44:28 66,560 ----a-w c:\windows\system32\wpdmtpus.dll

+ 2005-01-28 12:44:28 331,264 ----a-w c:\windows\system32\wpdsp.dll

+ 2005-01-28 12:44:28 10,752 ----a-w c:\windows\system32\wpdtrace.dll

+ 2005-09-28 13:46:30 1,184,984 ----a-w c:\windows\system32\wvc1dmod.dll

+ 2006-02-03 07:41:26 14,032 ----a-w c:\windows\system32\x3daudio1_0.dll

+ 2006-02-03 07:42:06 230,096 ----a-w c:\windows\system32\xactengine2_0.dll

+ 2006-03-31 11:39:48 229,584 ----a-w c:\windows\system32\xactengine2_1.dll

+ 2006-05-31 06:24:16 230,168 ----a-w c:\windows\system32\xactengine2_2.dll

+ 2006-03-31 11:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll

+ 2005-12-05 17:07:30 61,136 ----a-w c:\windows\system32\xinput9_1_0.dll

+ 2009-04-10 08:18:05 16,384 ------w c:\windows\Temp\Perflib_Perfdata_534.dat

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"Steam"="c:\program files\steam\steam.exe" [2009-02-07 1410296]

"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-28 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Mite"="c:\program files\GRT\WClient\SvcInit.exe" [2002-03-21 24576]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-26 1932568]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2008-02-28 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

 

c:\documents and settings\Rayte\Start Menu\Programs\Startup\

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-03-21 3025232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-26 17:39 10520 c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\GRT\\WCtrl\\WCtrl.exe"=

"c:\\Program Files\\GRT\\WClient\\WClient.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Steam\\steamapps\\spacedog650\\counter-strike\\hl.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\Repair.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Rayte\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-25 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-25 325640]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-25 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-25 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-25 298264]

R2 WCSvc;WCSvc;c:\program files\GRT\WClient\WCSvc.exe [2009-01-25 40960]

S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2009-01-11 47624]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2009-01-14 32000]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - APPMGMT

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - PROCEXP113

*Deregistered* - MBAMSwissArmy

*Deregistered* - PROCEXP113

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2582cfc2-dffe-11dd-a839-806d6172696f}]

\Shell\AutoRun\command - D:\Setup.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.sol.no/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s

DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-10 11:46:54

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-04-10 11:47:28

ComboFix-quarantined-files.txt 2009-04-10 09:47:26

ComboFix2.txt 2009-02-07 01:50:42

 

Pre-Run: 333 913 710 592 bytes free

Post-Run: 334,046,552,064 bytes free

 

459 --- E O F --- 2009-02-26 02:00:41

 

 

 

MAM:

 

 

Malwarebytes' Anti-Malware 1.34

Databaseversjon: 1902

Windows 5.1.2600 Service Pack 2

 

10.04.2009 11:35:40

mbam-log-2009-04-10 (11-35-40).txt

 

Skanntype: Rask Skann

Objekter skannet: 61224

Tid tilbakelagt: 2 minute(s), 56 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

Har en mistanke om at jeg har Keylogger på PCen som heter SVCINIT.EXE eller noe.

 

Takker =D

Endret 10. april 2009 av Raytee

[snippsat]

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

File::

c:\program files\GRT\WClient\SvcInit.exe

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mite"=-

[Raytee]

 

ComboFix 09-04-04.01 - Rayte 2009-04-10 16:33:01.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2930 [GMT 2:00]

Kjører fra: c:\documents and settings\Rayte\Desktop\ComboFix.exe

Command switches brukt :: c:\documents and settings\Rayte\Desktop\CFScript.txt.txt

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)

* Opprettet nytt gjenopprettingspunkt

 

FILE ::

c:\program files\GRT\WClient\SvcInit.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\GRT\WClient\SvcInit.exe

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-10 til 2009-04-10 )))))))))))))))))))))))))))))))))

.

 

2009-04-10 13:30 . 2009-04-10 13:30 <DIR> d-------- c:\documents and settings\Rayte\Application Data\Avira

2009-04-10 13:08 . 2009-04-10 13:08 <DIR> d-------- c:\program files\Avira

2009-04-10 12:48 . 2009-04-10 13:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-04-10 11:20 . 2009-04-10 11:20 <DIR> d-------- C:\fsaua.data

2009-04-10 10:28 . 2009-04-10 10:28 <DIR> d-------- c:\documents and settings\Rayte\Application Data\Uniblue

2009-04-09 11:07 . 2009-04-09 11:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Xfire

2009-04-08 21:58 . 2009-04-08 21:58 <DIR> d-------- c:\documents and settings\Rayte\Application Data\dyyno-vlc

2009-04-08 21:53 . 2009-04-08 21:53 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire

2009-04-08 21:43 . 2009-04-09 12:12 <DIR> d-------- c:\program files\Xfire

2009-04-08 21:43 . 2009-04-10 13:59 <DIR> d-------- c:\documents and settings\Rayte\Application Data\Xfire

2009-04-08 21:41 . 2009-04-10 10:36 <DIR> d-------- c:\program files\Dyyno

2009-04-02 06:11 . 2009-04-02 06:11 <DIR> d-------- c:\program files\uTorrent

2009-04-02 06:11 . 2009-04-02 22:52 <DIR> d-------- c:\documents and settings\Rayte\Application Data\uTorrent

2009-03-27 03:28 . 2009-04-08 12:54 <DIR> d-------- c:\program files\World of Warcraft Public Test

2009-03-26 04:57 . 2009-03-26 04:57 <DIR> d-------- c:\windows\system32\LogFiles

2009-03-21 00:26 . 2009-03-21 00:26 41,808 --a------ c:\windows\system32\xfcodec.dll

2009-03-18 14:13 . 2009-03-18 14:13 754 --a------ c:\windows\WORDPAD.INI

2009-03-14 10:33 . 2009-03-14 10:33 <DIR> d-------- c:\program files\Java

2009-03-14 10:33 . 2009-03-14 10:33 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-12 09:39 . 2004-08-04 00:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-10 14:34 --------- d-----w c:\documents and settings\Rayte\Application Data\Skype

2009-04-10 14:07 --------- d-----w c:\documents and settings\Rayte\Application Data\skypePM

2009-04-10 11:06 --------- d-----w c:\program files\Steam

2009-04-10 08:37 --------- d-----w c:\documents and settings\Rayte\Application Data\Cedelia

2009-04-06 09:03 --------- d-----w c:\program files\Winamp Remote

2009-04-04 12:59 --------- d-----w c:\program files\World of Warcraft

2009-03-29 03:45 --------- d-----w c:\program files\PKR

2009-03-27 01:50 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2009-03-26 16:38 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-20 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania

2009-03-18 18:54 --------- d-----w c:\documents and settings\Rayte\Application Data\Ventrilo

2009-03-14 08:33 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-03-04 18:40 --------- d-----w c:\program files\TmNationsForever

2009-02-28 18:28 --------- d-----w c:\program files\PowerISO

2009-02-27 20:52 --------- d-----w c:\documents and settings\All Users\Application Data\OrbNetworks

2009-02-26 13:14 --------- d-----w c:\program files\Windows Live

2009-02-26 13:14 --------- d-----w c:\program files\Microsoft

2009-02-25 03:54 --------- d-----w c:\program files\Full Tilt Poker

2009-02-21 16:49 --------- d-----w c:\program files\Winamp

2009-02-21 16:49 --------- d-----w c:\documents and settings\Rayte\Application Data\Winamp

2009-02-21 13:13 --------- d-----w c:\program files\Guitar Pro 5

2009-02-21 12:14 --------- d-----w c:\program files\DVDVideoSoft

2009-02-21 12:14 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2009-02-21 12:14 --------- d-----w c:\program files\AskSearch

2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-10 18:58 --------- d-----w c:\program files\Ventrilo

2009-02-10 18:58 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2009-01-13 02:25 16,608 ----a-w c:\windows\gdrv.sys

2009-01-11 15:56 315,392 ----a-w c:\windows\HideWin.exe

.

 

((((((((((((((((((((((((((((( SnapShot_2009-04-10_11.47.09,01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-12 09:29:14 94,465 ----a-w c:\windows\system32\avsda.dll

+ 2008-05-09 10:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 15:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-10-30 08:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-03-01 07:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys

+ 2009-04-10 11:07:07 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_938.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"Steam"="c:\program files\steam\steam.exe" [2009-02-07 1410296]

"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-28 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2008-02-28 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

 

c:\documents and settings\Rayte\Start Menu\Programs\Startup\

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-03-21 3025232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\GRT\\WCtrl\\WCtrl.exe"=

"c:\\Program Files\\GRT\\WClient\\WClient.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Steam\\steamapps\\spacedog650\\counter-strike\\hl.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\Repair.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Rayte\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-04-10 164097]

R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-04-10 258305]

R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-04-10 41217]

R2 WCSvc;WCSvc;c:\program files\GRT\WClient\WCSvc.exe [2009-01-25 40960]

S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2009-01-11 47624]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2009-01-14 32000]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - ANTIVIRMAILSERVICE

*NewlyCreated* - ANTIVIRSCHEDULER

*NewlyCreated* - ANTIVIRSERVICE

*NewlyCreated* - ANTIVIRWEBSERVICE

*NewlyCreated* - AVESERVICE

*NewlyCreated* - AVGIO

*NewlyCreated* - AVGNTFLT

*NewlyCreated* - AVIPBB

*NewlyCreated* - SSMDRV

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2582cfc2-dffe-11dd-a839-806d6172696f}]

\Shell\AutoRun\command - D:\Setup.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.sol.no/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s

LSP: avsda.dll

DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-10 16:34:12

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-04-10 16:34:46

ComboFix-quarantined-files.txt 2009-04-10 14:34:44

ComboFix2.txt 2009-04-10 09:47:29

ComboFix3.txt 2009-02-07 01:50:42

 

Pre-Run: 334 154 371 072 bytes free

Post-Run: 334,151,053,312 bytes free

 

183 --- E O F --- 2009-02-26 02:00:41

 

 

 

=D=D

[snippsat]

Ser bra ut.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Sjekk om software er oppdatert Secunia

 

Surf trygt.

[Raytee]

Hærlig! Takk skal du ha! =D=D