Gå til innhold

Mistanke om malware. Combofix-logg

ShadowViper

Av ShadowViper
i IKT-drift og sikkerhet

Anbefalte innlegg

ShadowViper

ShadowViper

Skrevet
Skrevet

ComboFix

 

Klikk for å se/fjerne innholdet nedenfor
<ComboFix 09-09-14.02 - Administrator 15.09.2009 18:41.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.47.1044.18.1788.924 [GMT 2:00]

Kjører fra: c:\users\Administrator\Desktop\plugin for Resident evil 4\Ny mappe\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Eier\AppData\Roaming\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe

c:\windows\system32\oem14.inf

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-08-15 til 2009-09-15 )))))))))))))))))))))))))))))))))

.

 

2009-09-15 16:36 . 2009-09-15 16:38 -------- d-----w- c:\program files\SpeedFan

2009-09-14 23:31 . 2009-09-14 23:31 -------- d-----w- c:\programdata\McAfee

2009-09-14 05:12 . 2009-09-14 05:12 -------- d-----w- c:\programdata\Trymedia

2009-09-13 09:30 . 2009-09-13 09:58 -------- d-----w- c:\users\Administrator\AppData\Roaming\FarmingSimulator2008

2009-09-13 09:30 . 2000-08-19 17:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll

2009-09-13 00:54 . 2009-09-13 00:54 -------- d-----w- c:\program files\LSI SoftModem

2009-09-13 00:15 . 2009-09-13 00:15 -------- d-----w- c:\programdata\Messenger Plus!

2009-09-13 00:10 . 2009-09-13 00:10 -------- d-----w- c:\program files\Messenger Plus! Live

2009-09-12 23:30 . 2009-09-12 23:30 -------- d-----w- c:\programdata\McAfee Security Scan

2009-09-12 23:30 . 2009-09-12 23:30 -------- d-----w- c:\program files\McAfee Security Scan

2009-09-12 23:07 . 2009-09-12 23:07 -------- d-----w- c:\program files\Capcom

2009-09-12 23:03 . 2009-09-12 23:03 -------- d-----w- c:\program files\gBurner

2009-09-12 14:58 . 2009-09-12 14:58 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2009-09-12 14:53 . 2009-09-12 14:53 -------- d-----w- c:\program files\Sierra

2009-09-11 20:50 . 2009-09-11 20:50 -------- d-----w- c:\program files\CCleaner

2009-09-11 10:36 . 2009-09-11 11:14 -------- d-----w- c:\users\Administrator\AppData\Roaming\Spotify

2009-09-11 10:36 . 2009-09-11 10:36 -------- d-----w- c:\users\Administrator\AppData\Local\Spotify

2009-09-11 10:36 . 2009-09-11 10:36 -------- d-----w- c:\program files\Spotify

2009-09-10 21:12 . 2009-09-10 21:12 -------- d-----w- c:\users\Administrator\AppData\Local\Hewlett-Packard

2009-09-10 18:43 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-09-10 18:43 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-09-10 18:42 . 2009-09-10 18:42 -------- d-----w- c:\program files\iPod

2009-09-10 18:42 . 2009-09-10 18:43 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-10 18:42 . 2009-09-10 18:43 -------- d-----w- c:\program files\iTunes

2009-09-10 18:40 . 2009-09-10 18:41 -------- d-----w- c:\program files\QuickTime

2009-09-08 08:56 . 2009-09-08 08:56 -------- d-----w- c:\users\Administrator\AppData\Local\MetaGeek,_LLC

2009-09-08 08:54 . 2009-09-08 08:54 -------- d-----w- c:\program files\MetaGeek

2009-09-06 07:31 . 2009-09-06 07:31 -------- d-----w- c:\program files\Namco

2009-09-06 07:26 . 2009-09-06 07:26 -------- d-----w- c:\program files\Alcohol Soft

2009-09-06 05:38 . 2009-09-12 23:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\vlc

2009-09-06 01:42 . 2009-09-06 01:42 -------- d-----w- c:\program files\VideoLAN

2009-09-05 14:36 . 2009-09-09 14:42 -------- d-----w- c:\users\Administrator\AppData\Roaming\Xfire

2009-09-05 14:36 . 2009-09-05 15:47 -------- d-----w- c:\programdata\Xfire

2009-09-05 14:36 . 2009-09-05 14:36 -------- d-----w- c:\program files\Xfire

2009-09-05 10:28 . 2009-09-14 05:34 -------- d-----w- c:\users\Administrator\AppData\Local\NFS Underground 2

2009-09-05 10:21 . 2009-09-05 10:21 -------- d-----w- c:\program files\EA GAMES

2009-09-05 10:09 . 2009-09-13 09:40 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe

2009-09-04 22:18 . 2009-09-15 16:07 -------- d-----w- C:\$AVG8.VAULT$

2009-09-04 21:43 . 2009-09-04 21:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-09-04 21:43 . 2009-09-04 21:43 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-09-04 21:42 . 2009-09-04 21:42 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-04 21:42 . 2009-09-04 21:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-09-04 21:42 . 2009-09-15 06:41 -------- d-----w- c:\windows\system32\drivers\Avg

2009-09-04 21:42 . 2009-09-04 21:42 -------- d-----w- c:\programdata\avg8

2009-09-04 21:42 . 2009-09-04 21:42 -------- d-----w- c:\program files\AVG

2009-09-04 21:34 . 2009-09-04 21:34 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG8

2009-09-04 20:55 . 2009-09-04 20:55 -------- d-----w- c:\program files\WebCamNXPro

2009-09-04 20:44 . 2009-09-04 21:36 -------- d-----w- c:\program files\Carambis

2009-09-04 20:26 . 2009-09-04 20:26 -------- d-----w- c:\windows\CtDrvInstall

2009-09-04 20:26 . 2009-09-04 20:58 -------- d-----w- C:\WebCamNXPro

2009-09-04 20:12 . 2009-09-04 20:12 -------- d-----w- c:\programdata\PC Drivers HeadQuarters

2009-09-04 19:38 . 2009-09-15 15:30 -------- d-----w- c:\users\Administrator\Tracing

2009-09-04 19:38 . 2009-09-10 18:52 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-04 19:37 . 2009-09-13 00:54 -------- d-----w- c:\program files\Microsoft

2009-09-04 19:37 . 2009-09-04 19:37 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-09-04 19:36 . 2009-09-04 19:37 -------- d-----w- c:\program files\Windows Live

2009-09-04 19:29 . 2009-09-04 19:29 -------- d-----w- c:\program files\Common Files\Windows Live

2009-09-04 13:36 . 2009-09-04 13:36 -------- d-----w- c:\program files\overdose

2009-09-04 12:05 . 2009-09-04 12:05 -------- d-----w- c:\program files\Universal Interactive

2009-09-03 21:42 . 2009-09-03 21:42 -------- d-----w- c:\users\Administrator\AppData\Roaming\Stardock

2009-09-03 21:42 . 2009-09-03 21:42 -------- dc-h--w- c:\programdata\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}

2009-09-03 21:42 . 2009-09-03 21:43 -------- d-----w- c:\programdata\Stardock

2009-09-03 19:36 . 2009-09-06 09:58 -------- d-----w- c:\program files\Counter-Strike 1.6

2009-09-02 11:25 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-09-02 11:25 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

2009-09-02 11:25 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

2009-09-02 11:25 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-02 11:25 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-09-02 11:25 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-09-02 11:25 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

2009-09-02 11:25 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

2009-09-02 11:25 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-09-02 11:25 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-02 06:29 . 2009-09-07 16:37 -------- d-----w- c:\program files\MPD

2009-09-02 04:39 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

2009-09-02 01:22 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-09-02 01:22 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-09-02 01:22 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-09-02 01:22 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-01 22:23 . 2009-09-01 22:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Windows Sidebar Styler

2009-09-01 22:21 . 2009-09-01 22:21 -------- d-----w- c:\program files\Stanimir Stoyanov

2009-09-01 21:47 . 2009-09-13 22:01 -------- d-----w- c:\users\Administrator\AppData\Local\Apple Computer

2009-09-01 21:47 . 2009-09-10 19:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer

2009-09-01 21:46 . 2009-09-10 18:43 -------- dc----w- c:\windows\system32\DRVSTORE

2009-09-01 21:46 . 2009-09-01 21:46 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-09-01 21:45 . 2009-09-01 21:45 -------- d-----w- c:\program files\Bonjour

2009-09-01 21:44 . 2009-09-10 18:40 -------- d-----w- c:\programdata\Apple Computer

2009-09-01 21:44 . 2009-09-01 21:44 -------- d-----w- c:\users\Administrator\AppData\Local\Apple

2009-09-01 21:44 . 2009-09-01 21:44 -------- d-----w- c:\program files\Apple Software Update

2009-09-01 21:43 . 2009-09-10 18:42 -------- d-----w- c:\program files\Common Files\Apple

2009-09-01 21:43 . 2009-09-01 21:43 -------- d-----w- c:\programdata\Apple

2009-09-01 20:29 . 2009-09-01 20:32 -------- d-----w- c:\program files\DAEMON Tools Pro

2009-09-01 20:29 . 2009-09-01 20:29 -------- d-----w- c:\programdata\DAEMON Tools Pro

2009-09-01 20:21 . 2009-09-01 20:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Pro

2009-09-01 20:21 . 2009-09-01 20:21 722416 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-09-01 19:54 . 2009-09-13 22:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\LimeWire

2009-09-01 19:53 . 2009-09-01 19:53 -------- d-----w- c:\windows\system32\Macromed

2009-09-01 19:53 . 2009-09-01 19:53 -------- d-----w- c:\program files\LimeWire

2009-09-01 19:52 . 2009-09-01 19:52 -------- d-----w- c:\program files\AskBarDis

2009-09-01 19:52 . 2009-09-01 19:52 -------- d-----w- c:\program files\uTorrent

2009-09-01 19:51 . 2009-09-15 15:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\uTorrent

2009-09-01 17:47 . 2009-09-07 15:57 -------- d-----w- c:\users\Administrator\AppData\Local\MigWiz

2009-09-01 15:40 . 2009-09-09 11:45 -------- d-----w- c:\users\Administrator\AppData\Local\Stardock

2009-09-01 15:40 . 2009-09-01 15:40 -------- d-----w- c:\program files\Common Files\Stardock

2009-09-01 15:40 . 2009-09-03 21:43 -------- d-----w- c:\program files\Stardock

2009-09-01 13:45 . 2009-09-04 09:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Roxio

2009-09-01 12:30 . 2009-09-01 22:34 -------- d-----w- c:\users\Administrator\.JxBrowser

2009-09-01 12:30 . 2009-09-01 12:30 -------- d-----w- c:\users\Administrator\ordnettPluss

2009-09-01 12:29 . 2009-09-01 12:29 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Games

2009-09-01 09:51 . 2009-09-01 09:51 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat

2009-09-01 09:51 . 2009-09-01 09:51 552 ----a-w- c:\users\Administrator\AppData\Local\d3d8caps.dat

2009-09-01 07:48 . 2009-09-01 07:48 -------- d-----w- c:\program files\SystemRequirementsLab

2009-09-01 07:48 . 2009-09-01 07:48 -------- d-----w- c:\users\Administrator\SystemRequirementsLab

2009-09-01 07:47 . 2009-09-01 07:47 -------- d-----w- c:\windows\Sun

2009-09-01 07:47 . 2009-09-01 07:47 -------- d-----w- c:\users\Administrator\AppData\Roaming\F-Secure

2009-09-01 07:44 . 2009-09-01 07:44 0 ----a-w- c:\windows\nsreg.dat

2009-09-01 07:44 . 2009-09-01 07:44 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-15 15:36 . 2009-07-08 22:55 95308 ----a-w- c:\windows\system32\perfc014.dat

2009-09-15 15:36 . 2009-07-08 22:55 492114 ----a-w- c:\windows\system32\perfh014.dat

2009-09-12 14:57 . 2009-07-08 13:26 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-10 18:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-10 18:52 . 2009-07-08 14:49 -------- d-----w- c:\programdata\Microsoft Help

2009-09-06 09:46 . 2009-07-08 13:50 -------- d-----w- c:\program files\Common Files\InstallShield

2009-09-01 22:21 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

2009-09-01 18:29 . 2009-07-08 19:41 -------- d-----w- c:\program files\F-Secure Internet Security

2009-09-01 13:45 . 2009-07-08 14:05 -------- d-----w- c:\programdata\Sonic

2009-09-01 12:39 . 2009-07-08 19:40 -------- d-----w- c:\programdata\f-secure

2009-09-01 12:30 . 2009-07-08 14:39 -------- d-----w- c:\programdata\OrdnettPluss

2009-08-14 17:07 . 2009-09-10 15:09 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 16:29 . 2009-09-10 15:09 104960 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-14 16:29 . 2009-09-10 15:09 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 14:16 . 2009-09-10 15:09 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 14:16 . 2009-09-10 15:09 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 14:16 . 2009-09-10 15:09 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 14:16 . 2009-09-10 15:09 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 14:16 . 2009-09-10 15:09 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 14:16 . 2009-09-10 15:09 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 14:16 . 2009-09-10 15:09 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-13 19:54 . 2009-08-13 19:54 41872 ----a-w- c:\windows\system32\xfcodec.dll

2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-28 07:43 . 2009-07-28 07:43 -------- d-----w- c:\users\Administrator\AppData\Roaming\ATI

2009-07-28 07:43 . 2009-07-28 07:43 119488 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT

2009-07-28 07:32 . 2009-07-28 07:32 -------- d-----w- c:\programdata\SonicFocus

2009-07-28 07:32 . 2009-07-08 13:26 -------- d-----w- c:\program files\Analog Devices

2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-21 21:52 . 2009-09-02 01:23 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-09-02 01:23 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-09-02 01:23 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-09-02 01:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-17 14:35 . 2009-09-02 01:23 71680 ----a-w- c:\windows\system32\atl.dll

2009-07-11 19:32 . 2009-09-10 15:09 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-07-11 19:32 . 2009-09-10 15:09 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-07-11 19:32 . 2009-09-10 15:09 513024 ----a-w- c:\windows\system32\wlansvc.dll

2009-07-11 19:29 . 2009-09-10 15:09 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-07-08 22:54 . 2009-07-08 22:55 35166 ----a-w- c:\windows\system32\perfd014.dat

2009-07-08 22:54 . 2009-07-08 22:55 294254 ----a-w- c:\windows\system32\perfi014.dat

2009-07-08 17:53 . 2009-07-08 13:07 119488 ----a-w- c:\users\Eier\AppData\Local\GDIPFONTCACHEV1.DAT

2009-07-08 15:20 . 2009-07-08 14:34 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-08 13:50 . 2009-07-08 13:50 92 ----a-w- c:\users\Eier\AppData\Local\fusioncache.dat

2009-07-08 13:36 . 2009-07-08 13:36 0 ----a-w- c:\windows\ativpsrm.bin

2009-07-08 13:31 . 2009-07-08 13:31 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll

2009-07-08 13:31 . 2009-07-08 13:31 3141632 ----a-w- c:\windows\system32\bcmihvui.dll

2009-07-08 13:31 . 2009-07-08 13:31 1207288 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2009-07-08 13:31 . 2009-07-08 13:31 3481600 ----a-w- c:\windows\system32\bcmihvsrv.dll

2009-07-08 13:10 . 2009-07-08 13:06 680 ----a-w- c:\users\Eier\AppData\Local\d3d9caps.dat

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-05 288560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

 

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-9-1 3450608]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-7-8 197904]

McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2008-04-21 09:48 69632 ----a-w- c:\windows\System32\DeviceNP.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8948864C-217F-47C3-ABCE-E1AC0B4F373B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{D86AF4EA-2A7E-4318-AA87-AF50C63D2CE4}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BB74FECD-4EE5-485D-9249-2CC2BD39989B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{178EC5CC-521E-415C-9CF5-9D47663B6C1D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{043E4F0D-2457-4E67-AD45-B5FE52ACB4C6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CDD2A7AA-30AC-483B-A083-6D2267F0F671}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{F8D2D289-61CC-4255-BB1D-35840B804499}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{AC87F78E-507F-4E6A-A08C-216AD72F12DB}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidepanel

"UDP Query User{CA39E0DD-25BE-45B9-9C9D-0150F655DCCA}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidepanel

"{24C85161-E2E8-4689-9834-124A467ED277}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{11D02AE7-96E4-4827-B55B-0601431C0A28}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{5CD1A352-099A-4349-A472-656B46FEDA43}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{D6AD6B87-3217-4F53-A0DF-BDF2D0A9A99E}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"{69BDACF1-14E2-466D-9264-D3959300B0A2}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{5EBE75D8-F1CA-427A-9453-9977906752C8}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"TCP Query User{FE92464C-D433-4E9A-B6DA-6ACF0EFFC5D5}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2

"UDP Query User{297EF524-4E50-44CD-98A9-3E73FF51ABBE}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2

"TCP Query User{895DBE76-6136-4390-BCB9-DC039ED2BC00}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire

"UDP Query User{59322870-0E5A-47D0-B119-E04F420033DF}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

"TCP Query User{9E284A8C-FA22-4A61-8911-FA6E1EA73EC7}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"UDP Query User{5B024797-D626-47EE-BB62-025F432CEDDC}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger

"{EA9362CD-9362-444E-AC1C-330DEB2EE751}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{88EDD536-7123-4AE1-B149-AFBD2454066C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{F73A5BA6-9592-4217-B326-E64FADC0D781}"= UDP:c:\program files\Spotify\spotify.exe:Spotify

"{383DDEAA-F0B2-4585-86C7-9D2AC2146787}"= TCP:c:\program files\Spotify\spotify.exe:Spotify

"{7444F1FD-1456-4148-AE3B-E09FD42ECC65}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{0E7AFB05-EFD7-43E9-B5D8-F2BCC79DAB21}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04.09.2009 23:42 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04.09.2009 23:43 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04.09.2009 23:42 297752]

R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [07.04.2008 18:13 24936]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [29.11.2007 16:56 181760]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [08.07.2009 15:33 193840]

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [01.09.2009 21:52 234888]

S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.03.2009 16:28 1533808]

S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [09.04.2008 15:05 32256]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [21.04.2008 13:27 349432]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08.04.2008 14:12 1112560]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - GIVEIO

*NewlyCreated* - SPEEDFAN

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://portal.hedmark.org

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c3ia37aq.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.itslearning.com/index.aspx?SessionExpired=0|http://teknofil.no/|https://www.diskusjon.no/

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

- - - - TOMME PEKERE FJERNET - - - -

 

Toolbar-Locked - (no file)

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel

AddRemove-Creative PD1131 - c:\windows\CtDrvIns.exe -uninstall -script Pd1131.uns -unsext NT -plugin P1131Pin.dll

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-15 18:50

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,9c,fd,c3,06,29,b9,4c,8b,4b,d6,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,9c,fd,c3,06,29,b9,4c,8b,4b,d6,\

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.avi"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M3U"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\vlc.exe"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\S-1-5-21-4063098081-1287715120-2564342769-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Tidspunkt ferdig: 2009-09-15 18:52

ComboFix-quarantined-files.txt 2009-09-15 16:52

 

Pre-Run: 91 300 286 464 byte ledig

Post-Run: 91 240 316 928 byte ledig

 

472 --- E O F --- 2009-09-13 00:57

>

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

ShadowViper: Post loggen i en egen tråd du oppretter ved å klikke på "Nytt Emne"-knappen.

 

Nevn også om det er noe som tilsier at du bør mistenke at det evt. kan være noe rusk på maskinen.

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...