Jeg har fått Yoog Search, jeg får ikke fjernet den.

[Laserbeam]

Combofix logg:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-05-05.04 - andrenilsen 06.05.2009 15:05.1 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2046.1366 [GMT 2:00]

Kjører fra: c:\users\andrenilsen\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\install.exe

c:\windows\nohh06760.exe

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-06 til 2009-05-06 )))))))))))))))))))))))))))))))))

.

 

2009-05-04 10:46 . 2009-05-06 12:57 -------- d-----w c:\programdata\Spybot - Search & Destroy

2009-05-04 10:46 . 2009-05-04 10:52 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-04-28 07:51 . 2009-04-28 07:51 -------- d-----w c:\programdata\Office Genuine Advantage

2009-04-26 22:46 . 2009-04-29 07:53 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-04-26 22:46 . 2009-04-26 22:46 -------- d-----w c:\programdata\Avira

2009-04-25 17:53 . 2009-04-25 17:53 -------- d-----w c:\program files\MSXML 4.0

2009-04-25 17:53 . 2009-04-25 17:53 -------- d-----w c:\program files\Common Files\Microsoft Games

2009-04-25 13:18 . 2009-04-25 13:18 -------- d-sh--w c:\users\postgres\Lokale innstillinger

2009-04-25 13:18 . 2009-04-25 13:18 -------- d-sh--w c:\users\postgres\Start-meny

2009-04-25 13:18 . 2009-04-25 13:18 -------- d-sh--w c:\users\postgres\Programdata

2009-04-25 13:18 . 2009-04-25 13:18 -------- d-sh--w c:\users\postgres\Mine dokumenter

2009-04-25 13:18 . 2006-11-02 11:18 -------- d--h--w c:\users\postgres\AppData

2009-04-25 13:18 . 2008-09-09 22:49 -------- d-----w c:\users\postgres\Documents

2009-04-25 13:18 . 2009-05-03 10:54 -------- d-----w c:\users\postgres

2009-04-25 09:41 . 2009-04-25 09:49 -------- d-----w c:\users\andrenilsen\AppData\Local\ArmA

2009-04-21 22:27 . 2009-04-21 22:27 -------- d-----w c:\users\andrenilsen\{b563c46b-2fcb-4c96-8d36-72c02ace9517}

2009-04-20 11:04 . 2009-04-20 11:04 -------- d-----w c:\users\andrenilsen\AppData\Local\{DD4E68DA-DBCD-4C1F-B85E-FF8A7BEBE383}

2009-04-19 18:04 . 2009-04-19 18:04 -------- d-----w c:\program files\QS

2009-04-19 18:03 . 2009-04-19 18:03 -------- d-----w c:\program files\TeamViewer

2009-04-19 15:57 . 2009-04-19 15:57 -------- d-----w c:\users\andrenilsen\AppData\Local\LogMeIn

2009-04-19 15:57 . 2009-04-19 15:57 -------- d-----w c:\programdata\LogMeIn

2009-04-19 15:56 . 2008-10-16 18:35 28984 ----a-w c:\windows\system32\LMIport.dll

2009-04-19 15:56 . 2008-10-16 18:35 83288 ----a-w c:\windows\system32\LMIRfsClientNP.dll

2009-04-19 15:56 . 2008-07-24 16:46 47640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys

2009-04-19 15:56 . 2008-10-16 18:35 87352 ----a-w c:\windows\system32\LMIinit.dll

2009-04-17 06:59 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll

2009-04-16 12:42 . 2009-04-16 12:42 -------- d-----w c:\users\andrenilsen\AppData\Local\WindowsUpdate

2009-04-14 14:42 . 2009-04-14 14:42 -------- d-----w c:\users\andrenilsen\AppData\Roaming\dvdcss

2009-04-13 18:10 . 2009-04-13 18:32 -------- d-----w c:\users\andrenilsen\AppData\Roaming\Xfire

2009-04-13 18:10 . 2009-04-13 18:33 -------- d-----w c:\programdata\Xfire

2009-04-13 16:51 . 2009-04-13 16:51 -------- d-sh--w c:\windows\ftpcache

2009-04-13 02:42 . 2009-04-13 02:42 -------- d-----w C:\ProgrammerSpeedFan

2009-04-13 00:45 . 2009-04-13 02:42 -------- d-----w c:\users\andrenilsen\AppData\Roaming\Clickteam

2009-04-13 00:43 . 2009-04-13 00:43 -------- d-----w c:\windows\system32\Clickteam

2009-04-12 18:07 . 2009-04-12 18:07 56 ---ha-w c:\windows\system32\ezsidmv.dat

2009-04-12 18:07 . 2009-04-17 05:51 -------- d-----w c:\users\andrenilsen\AppData\Roaming\skypePM

2009-04-12 18:05 . 2009-04-17 05:51 -------- d-----w c:\users\andrenilsen\AppData\Roaming\Skype

2009-04-12 18:05 . 2009-04-12 18:05 -------- d-----w c:\program files\Common Files\Skype

2009-04-12 18:05 . 2009-04-12 18:05 -------- d-----r c:\program files\Skype

2009-04-11 16:50 . 2009-04-11 16:50 -------- d-----w c:\program files\BitBank

2009-04-11 10:39 . 2009-04-11 10:39 -------- d-----w C:\CrashReport

2009-04-10 23:25 . 2009-04-10 23:27 -------- d-----w c:\users\andrenilsen\AppData\Roaming\vlc

2009-04-10 12:15 . 2009-04-10 12:15 -------- d-----w C:\sw3dg

2009-04-09 18:03 . 2007-05-10 22:19 350208 ----a-w c:\windows\system32\d3drm.dll

2009-04-08 19:00 . 2009-04-08 19:00 -------- d-----w c:\program files\Borland

2009-04-08 19:00 . 2001-11-05 07:30 165376 ----a-w c:\windows\UNWISE.EXE

2009-04-08 18:00 . 2009-04-08 19:01 -------- d-----w C:\mapdata

2009-04-08 13:47 . 2009-04-08 13:47 -------- d-----w c:\program files\Microsoft XNA

2009-04-07 18:55 . 2009-04-07 18:55 -------- d-----w c:\programdata\Trymedia

2009-04-07 18:14 . 2009-04-07 18:14 -------- d-----w c:\program files\ReflexiveArcade

2009-04-07 18:12 . 2007-05-12 15:12 688416 ----a-w c:\windows\system32\wodHttp.dll

2009-04-07 18:12 . 2003-12-14 09:47 692224 ----a-w c:\windows\system32\ciaResSvr20.dll

2009-04-07 18:12 . 2003-02-23 17:45 40960 ----a-w c:\windows\system32\ciaSubClsSvr.dll

2009-04-07 18:12 . 2003-12-12 10:41 53248 ----a-w c:\windows\system32\ciaXPRegSvr20.dll

2009-04-07 11:29 . 2009-04-07 11:29 -------- d-----w c:\users\andrenilsen\efcnsimulatorfiles

2009-04-07 11:24 . 2009-04-07 11:29 -------- d-----w c:\users\andrenilsen\efcnfiles

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-06 13:00 . 2008-12-03 15:25 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-06 09:14 . 2008-09-10 08:12 836 ----a-w c:\windows\bthservsdp.dat

2009-05-06 08:48 . 2008-12-31 12:03 235057 ----a-w c:\programdata\nvModes.dat

2009-05-05 10:55 . 2006-11-21 05:16 589286 ----a-w c:\windows\system32\perfh014.dat

2009-05-05 10:55 . 2006-11-21 05:16 126308 ----a-w c:\windows\system32\perfc014.dat

2009-05-04 13:48 . 2007-06-22 09:22 -------- d-----w c:\program files\Google

2009-05-04 10:50 . 2009-01-16 00:06 -------- d-----w c:\program files\VOIPlay

2009-05-04 10:49 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infpub.dat

2009-05-04 10:49 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstor.dat

2009-05-04 10:49 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat

2009-05-03 10:05 . 2009-02-24 17:11 -------- d-----w c:\program files\FileZilla FTP Client

2009-04-28 10:33 . 2008-09-10 11:47 14638 ----a-w c:\users\andrenilsen\AppData\Roaming\wklnhst.dat

2009-04-26 11:43 . 2008-09-12 07:08 7592 ----a-w c:\users\andrenilsen\AppData\Local\d3d9caps.dat

2009-04-25 22:46 . 2008-09-09 23:06 96376 ----a-w c:\users\andrenilsen\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-25 17:53 . 2007-06-22 08:31 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-25 13:25 . 2006-11-02 12:37 -------- d-----w c:\program files\Microsoft Games

2009-04-25 09:38 . 2008-09-13 10:52 413696 ----a-w c:\windows\system32\wrap_oal.dll

2009-04-25 09:38 . 2008-09-13 10:52 110592 ----a-w c:\windows\system32\OpenAL32.dll

2009-04-18 01:25 . 2008-09-12 07:00 -------- d-----w c:\program files\Microsoft Silverlight

2009-04-18 01:02 . 2007-06-22 09:08 -------- d-----w c:\program files\Microsoft Works

2009-04-17 07:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-13 17:25 . 2009-02-01 00:26 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-04-13 17:25 . 2009-02-01 00:26 22328 ----a-w c:\users\andrenilsen\AppData\Roaming\PnkBstrK.sys

2009-04-13 17:25 . 2009-02-01 00:26 103736 ----a-w c:\windows\system32\PnkBstrB.exe

2009-04-13 17:25 . 2009-02-01 00:26 66872 ----a-w c:\windows\system32\PnkBstrA.exe

2009-04-10 01:28 . 2008-09-21 10:44 34 ----a-w c:\users\andrenilsen\jagex_runescape_preferences.dat

2009-04-07 09:31 . 2009-03-26 19:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-06 22:44 . 2008-10-04 13:47 -------- d-----w c:\program files\Common Files\Steam

2009-04-06 13:32 . 2009-03-26 19:05 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 13:32 . 2009-03-26 19:05 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-05 16:27 . 2009-04-05 16:26 -------- d--h--w c:\program files\Zero G Registry

2009-04-04 17:16 . 2009-04-04 17:16 -------- d-----w c:\program files\Logitech

2009-04-04 17:16 . 2008-11-22 20:19 -------- d-----w c:\program files\Common Files\Logitech

2009-03-29 10:50 . 2009-02-05 17:29 -------- d-----w c:\program files\Pando Networks

2009-03-28 18:29 . 2009-03-28 18:29 603904 ----a-w c:\windows\system32\TUProgSt.exe

2009-03-28 18:29 . 2009-03-28 18:29 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe

2009-03-28 13:10 . 2009-03-28 13:10 -------- d-----w c:\programdata\YSFLIGHT.COM

2009-03-27 10:40 . 2009-03-27 10:40 -------- d-----w c:\program files\DIFX

2009-03-26 21:40 . 2009-03-26 21:40 -------- d-----w c:\program files\OpenOffice.org 3

2009-03-26 19:17 . 2009-03-26 19:16 -------- d-----w c:\program files\QuickTime

2009-03-26 19:11 . 2008-10-03 16:21 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-26 19:11 . 2007-06-22 09:50 -------- d-----w c:\program files\Java

2009-03-24 11:28 . 2008-12-03 09:47 -------- d-----w c:\program files\MSECache

2009-03-20 22:59 . 2008-09-10 17:01 -------- d-----w c:\program files\Common Files\Adobe

2009-03-20 22:26 . 2009-03-20 22:26 41808 ----a-w c:\windows\system32\xfcodec.dll

2009-03-19 22:36 . 2009-03-19 22:36 -------- d-----w c:\program files\Common Files\GtFlashSwitch

2009-03-17 03:38 . 2009-04-17 06:59 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-17 06:59 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-15 17:58 . 2009-03-15 17:58 -------- d-----w c:\program files\K-Lite Codec Pack

2009-03-15 17:57 . 2008-10-20 09:47 -------- d-----w c:\program files\DivX

2009-03-15 17:52 . 2009-03-15 17:52 -------- d-----w c:\program files\VideoLAN

2009-03-09 08:04 . 2008-12-13 22:07 43520 ----a-w c:\windows\system32\CmdLineExt03.dll

2009-03-03 04:46 . 2009-04-17 07:00 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-17 07:00 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-17 06:59 827392 ----a-w c:\windows\system32\wininet.dll

2009-03-03 04:39 . 2009-04-17 07:00 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-17 07:00 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-17 07:00 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-17 06:59 78336 ----a-w c:\windows\system32\ieencode.dll

2009-03-03 04:37 . 2009-04-17 07:00 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-17 07:00 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-17 07:00 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-17 07:00 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-17 07:00 17408 ----a-w c:\windows\system32\iashost.exe

2009-03-03 02:28 . 2009-04-17 06:59 26624 ----a-w c:\windows\system32\ieUnatt.exe

2009-02-16 21:20 . 2009-02-01 00:25 2246144 ----a-w c:\windows\system32\pbsvc.exe

2009-02-13 08:49 . 2009-04-17 07:00 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 18:56 . 2009-03-15 17:58 67584 ----a-w c:\windows\system32\ff_vfw.dll

2009-02-09 03:10 . 2009-03-12 07:18 2033152 ----a-w c:\windows\system32\win32k.sys

2008-12-23 02:32 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2006-05-03 09:06 . 2008-10-20 21:54 163328 --sh--r c:\windows\System32\flvDX.dll

2007-02-21 10:47 . 2008-10-20 21:54 31232 --sh--r c:\windows\System32\msfDX.dll

2008-03-16 12:30 . 2008-10-20 21:54 216064 --sh--r c:\windows\System32\nbDX.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]

"avgnt"="c:\programmer\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mobilt Kontor.lnk]

backup=c:\windows\pss\Mobilt Kontor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PASPortal.lnk]

backup=c:\windows\pss\PASPortal.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^andrenilsen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]

backup=c:\windows\pss\Air Mouse.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^andrenilsen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]

backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^andrenilsen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

backup=c:\windows\pss\PowerReg Scheduler V3.exe.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskSuite

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mapdisk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"CollaborationHost"=c:\windows\system32\p2phost.exe -s

"ehTray.exe"=c:\windows\ehome\ehTray.exe

"RegistryMechanic"=c:\programmer\Registry Mechanic\rmtray.exe /H

"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8E91A1DF-932D-4E39-8789-A3C767595E68}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{D92D1A50-E7D9-4D85-AEAE-748E5D6553A8}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{712AB7A2-EEC2-46C6-AE72-0B0882FCD9AD}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{490F5E7A-7E3D-4709-9367-1795E46FC25E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{D4AE342A-4224-4304-B692-C2922738149C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{3C2AA57B-D3BE-4E35-B871-53581590E02E}"= UDP:c:\programmer\iTunes\iTunes.exe:iTunes

"{2419D92F-8C1F-4220-A16C-E8F026101DF1}"= TCP:c:\programmer\iTunes\iTunes.exe:iTunes

"TCP Query User{13FD6CAB-B520-4B02-AAD0-3D1FB70667E4}c:\\users\\andrenilsen\\documents\\c#\\computer biz\\build\\server.exe"= UDP:c:\users\andrenilsen\documents\c#\computer biz\build\server.exe:server.exe

"UDP Query User{57FFB5E3-CB82-4F4F-9F6B-C7A9A37A300C}c:\\users\\andrenilsen\\documents\\c#\\computer biz\\build\\server.exe"= TCP:c:\users\andrenilsen\documents\c#\computer biz\build\server.exe:server.exe

"TCP Query User{772CFD57-8B0D-430D-AE03-66B30A9B42EE}c:\\users\\andrenilsen\\documents\\c#\\computer biz\\server\\bin\\debug\\server.vshost.exe"= UDP:c:\users\andrenilsen\documents\c#\computer biz\server\bin\debug\server.vshost.exe:server.vshost.exe

"UDP Query User{8786ADDA-30B2-423C-8AB2-FED006D8EB24}c:\\users\\andrenilsen\\documents\\c#\\computer biz\\server\\bin\\debug\\server.vshost.exe"= TCP:c:\users\andrenilsen\documents\c#\computer biz\server\bin\debug\server.vshost.exe:server.vshost.exe

"TCP Query User{FB0E196E-7D4C-4034-B6A3-ACD461F8B144}c:\\python25\\pythonw.exe"= UDP:c:\python25\pythonw.exe:pythonw

"UDP Query User{1B45CC80-15E5-469F-813C-1A2D7323A23A}c:\\python25\\pythonw.exe"= TCP:c:\python25\pythonw.exe:pythonw

"{CFAE801B-C914-42F0-975F-4BB48167C91B}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator

"{35EFAF3B-3A29-49AD-AF29-2FDACA9B7841}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator

"{EE326FEF-5CCD-4BD3-B114-E96A499ED112}"= UDP:c:\spill\Minions of Mirth\bin\MinionsOfMirth.exe:MinionsOfMirth

"{CE29958F-E473-4E50-B632-CC05BF5FA505}"= TCP:c:\spill\Minions of Mirth\bin\MinionsOfMirth.exe:MinionsOfMirth

"TCP Query User{4416AE9F-A24A-4210-ADAA-6D864A3C3810}c:\\spill\\steam\\steamapps\\andrenilsen\\counter-strike source\\hl2.exe"= UDP:c:\spill\steam\steamapps\andrenilsen\counter-strike source\hl2.exe:hl2

"UDP Query User{34347368-ADA4-4826-B45B-F267AD7A7E67}c:\\spill\\steam\\steamapps\\andrenilsen\\counter-strike source\\hl2.exe"= TCP:c:\spill\steam\steamapps\andrenilsen\counter-strike source\hl2.exe:hl2

"TCP Query User{1F97B156-C445-4D4B-80DC-A27656CC754D}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"UDP Query User{6BC10CC5-F63A-4EA2-963C-5F14746ECB41}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"{3DBAC4AE-3CED-468C-BA46-AE2EB8DC2854}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{A1E998C1-2579-4B41-B12F-5555125D57E2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{D45BF025-5A61-409F-8EC9-24EE41122989}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{F8D32512-897E-47CB-A85E-50A0A126D6CB}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{82A2CA31-D950-4F49-973D-2BC86EE5239B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{2C90975E-7284-480B-A019-2AA7427FDB43}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{5CDF9EDD-BBBC-4FDB-BED4-A2D8245EBB5F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{36FD2BA0-962D-40DC-AA1B-3F5D1214FBFE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{5012B229-F128-42C4-9C75-80603F5A38A1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{0D61992C-326A-4F26-9D4E-7D13FB5380A9}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{70C30661-E009-40ED-B223-4ED8B2D4A3FC}"= c:\program files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe:XNA Framework Games for Windows - LIVE

"{C4445BBF-B59C-430C-A12F-B644E2C4DEEC}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{855E8927-8AF4-4CDE-9A44-D7FA8E7E00D0}"= UDP:c:\spill\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{34DFC278-2DB6-43EC-8393-2690F8AAD48D}"= TCP:c:\spill\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{46F15515-E527-4854-87F0-55CA7A323128}"= UDP:c:\spill\ArmA\arma.exe:ArmA

"{A8B4D955-2CBC-4D9A-9794-BD9B4A7C1E6A}"= TCP:c:\spill\ArmA\arma.exe:ArmA

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\System32\drivers\hssdrv.sys [03.02.2009 13:21 31192]

R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\System32\drivers\wtsmpadap.sys [29.04.2008 16:24 39720]

R3 WtSmpFlt;Sesam Adapter;c:\windows\System32\drivers\wtsmpflt.sys [29.04.2008 16:24 272424]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmer\Avira\AntiVir Desktop\sched.exe [27.04.2009 00:46 108289]

S2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [09.02.2007 15:48 176128]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmer\LogMeIn\x86\rainfo.sys [24.07.2008 18:46 12856]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [19.04.2009 17:56 47640]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.03.2009 21:05 179856]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06.11.2007 22:22 34064]

S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.07.2008 02:28 369688]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [28.03.2009 20:29 603904]

S3 chdrvr01;CH Control Manager Driver 1;c:\windows\System32\drivers\chdrvr01.sys [04.04.2009 19:26 216544]

S3 chdrvr02;CH Control Manager Driver 2;c:\windows\System32\drivers\chdrvr02.sys [04.04.2009 19:26 9568]

S3 chdrvr03;chdrvr03;c:\windows\System32\drivers\chdrvr03.sys [04.04.2009 19:26 13152]

S3 GTFFBUS;GT FF BUS;c:\windows\System32\drivers\gtffbus.sys [14.04.2007 05:05 17152]

S3 GTMM Device Service;GTMM Device Service;c:\program files\Telenor\Mobile Broadband\GtmmDeviceService.exe [02.07.2008 15:32 106496]

S3 GTMNDISIRPXP;___980628625500412031216292125237204114599;c:\windows\System32\drivers\Gtm51Irp.sys [14.04.2007 05:05 122496]

S3 GTPTSER;GT PT SER;c:\windows\System32\drivers\gtptser.sys [14.04.2007 05:05 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\System32\drivers\gtuqbus.sys [14.04.2007 05:06 37120]

S3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [26.03.2009 21:05 15504]

S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [23.01.2004 16:33 13952]

S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [23.01.2004 16:32 28800]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25.01.2008 11:12 25088]

S3 WMSvc;Webbehandlingstjeneste;c:\windows\System32\inetsrv\WMSvc.exe [12.09.2008 08:18 11264]

S4 gupdate1c99c5bad501462;Google Update Service (gupdate1c99c5bad501462);c:\program files\Google\Update\GoogleUpdate.exe [04.03.2009 01:56 133104]

S4 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [27.01.2009 21:15 93656]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.07.2008 02:28 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.07.2008 02:49 242712]

S4 SesamService;Sesam Control Service;c:\program files\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe [09.05.2008 17:01 1216296]

S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\shell\AutoRun\command - F:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - g:\.\start.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1373492e-7ebd-11dd-bede-806e6f6e6963}]

\shell\AutoRun\command - F:\AUTORUN.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0dff9b8-7fe2-11dd-a46b-001b24961397}]

\shell\AutoRun\command - e:\.\start.bat

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-05-06 c:\windows\Tasks\1-Click Maintenance.job

- c:\programmer\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

 

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 23:56]

 

2009-04-25 c:\windows\Tasks\Registry Winner Schedule.job

- c:\programmer\Registry Winner\RegistryWinner.exe [2009-04-17 09:58]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-RunOnce-<NO NAME> - (no file)

Notify-WBSrv - (no file)

 

 

.

------- Tilleggsskanning -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

FF - ProfilePath - c:\users\andrenilsen\AppData\Roaming\Mozilla\Firefox\Profiles\xhkm46km.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/

FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=

FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll

FF - component: c:\programmer\Mozilla Firefox\components\501647c3-d56e-c1ce-458d-bd76d732167b.dll

FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\VOIPlay\npvoiplay.dll

FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\programmer\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programmer\Mozilla Firefox\plugins\npcnc32.dll

FF - plugin: c:\programmer\Mozilla Firefox\plugins\npDXStudioPlugin.dll

FF - plugin: c:\users\andrenilsen\AppData\Roaming\Mozilla\Firefox\Profiles\xhkm46km.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\users\andrenilsen\AppData\Roaming\Mozilla\Firefox\Profiles\xhkm46km.default\extensions\[email protected]\plugins\npRACtrl.dll

FF - plugin: c:\windows\system32\Clickteam\Vitalize\v4\npcnc32.dll

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: google.toolbar.linkdoctor.enabled - false

FF - user.js: browser.search.defaultenginename - Yoog Search

FF - user.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=

FF - user.js: browser.search.selectedEngine - Yoog Search

FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=

FF - user.js: keyword.enabled - true

c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-06 15:10

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-680071005-499610910-1366418288-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9661E2E3-DE2A-0CC2-D1C2-FA981E1BED67}*]

"hakhenebmicinaij"=hex:69,61,63,70,6f,6b,69,67,68,63,70,61,69,63,6e,6b,61,70,

00,00

"iaiionjpoccbddamlh"=hex:69,61,63,70,6f,6b,69,67,68,63,70,61,69,63,6e,6b,61,70,

00,6b

 

[HKEY_USERS\S-1-5-21-680071005-499610910-1366418288-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:d5,a4,0f,0d,9b,e6,91,ac,af,f0,e6,98,da,4b,ed,bf,14,ef,8c,1a,9a,d7,c0,

9a,a6,bb,c3,5d,89,01,50,f2,b2,06,63,8e,20,14,d5,e2,b8,bd,4e,1b,d9,f6,8b,4a,\

"??"=hex:d2,9e,98,3f,79,6d,1c,1c,e5,58,05,9e,e5,08,2b,cf

 

[HKEY_USERS\S-1-5-21-680071005-499610910-1366418288-1000\Software\SecuROM\License information*]

"datasecu"=hex:23,97,52,74,b6,c3,e5,ce,b9,a9,a0,6c,4c,13,2e,d0,81,50,1d,f2,ab,

c7,58,dd,54,3f,71,e0,3b,3a,d5,17,1c,74,8f,17,34,33,68,85,61,7e,99,48,87,bb,\

"rkeysecu"=hex:a8,f9,19,6a,94,30,c0,d7,73,6a,d3,9c,62,1a,88,6f

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tidspunkt ferdig: 2009-05-06 15:13

ComboFix-quarantined-files.txt 2009-05-06 13:11

 

Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 49 259 831 296 byte ledig

 

378 --- E O F --- 2009-05-06 08:04

[snippsat]

Loggen ser bra ut,combofix slettet 2 filer.

 

Når det gjelder "yoog Search" ligger den i "user.js"

Den kan du slette eller fjerne den linjen med "yoog Search"

Edit:samme med "prefs.js"

http://kb.mozillazine.org/Resetting_preferences

If you find a user.js file, open it in a text editor such as Notepad and remove any unwanted entries, or simply remove the user.js file from the profile folder. This will allow you to reset the associated options or preference settings, either through the Options or Preferences dialogs, or in about:config.

 

Mulig CCleaner gjør dette og.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Sjekk om software er oppdatert Secunia

 

Surf trygt.

Endret 6. mai 2009 av SNIPPSAT

[Laserbeam]

Det funket desverre ikke. Jeg kjørte ccleaner, etter at jeg sletta filene. Kjørte deretter en registry cleaner. Men den bare kommer tilbake.

[snippsat]

http://sbritown.altervista.org/yoogkilling.html