Spywarefri Forum | Inficeret - Åbner hjemmesider

1 af 3

Inficeret - Åbner hjemmesider

[ Ignorer ] Razar
12.01.2012 19:35:04 Antal indlæg: 23	Jeg er blevet infiveret af et eller andet, men nogle gange når man prøver at åbne en hjemmeside, åbner den f.eks. denne side: OBS OBS OBS ÅBEN IKKE OBS OBS OBS hxxp://ww w.en.tvnoop.com/?source=ppccrash.TVNOOP&player=0006700000638481639 HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:30:57, on 12-01-2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16912) Boot mode: Normal Running processes: E:\Programmer\Steam\Steam.exe C:\Users\Emil Pedersen\AppData\Roaming\Spotify\spotify.exe E:\Programmer\LOLReplay\LOLRecorder.exe E:\Programmer\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing) O4 - HKLM\..\Run: [StartCCC] “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Programmer\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” O4 - HKLM\..\Run: [GrooveMonitor] “E:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] “C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin O4 - HKLM\..\Run: [AVG_TRAY] “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe” O4 - HKCU\..\Run: [Google Update] “C:\Users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe” /c O4 - HKCU\..\Run: [Steam] “E:\Programmer\Steam\steam.exe” -silent O4 - HKCU\..\Run: [Spotify] “C:\Users\Emil Pedersen\AppData\Roaming\Spotify\spotify.exe” /uri spotify:autostart O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’) O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’) O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’) O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’) O4 - Global Startup: LOLRecorder.lnk = E:\Programmer\LOLReplay\LOLRecorder.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: E&xport; to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: S&end; to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O20 - AppInit_DLLs: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Programmer\Hamachi\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) — End of file - 9119 bytes
[ Ignorer ] [ # 1 ] Razar
12.01.2012 19:43:24 Antal indlæg: 23	Og så også lige en HiJackThis Log, i Safe Mode: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:37:53, on 12-01-2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16912) Boot mode: Safe mode Running processes: C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing) O4 - HKLM\..\Run: [StartCCC] “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Programmer\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” O4 - HKLM\..\Run: [GrooveMonitor] “E:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] “C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin O4 - HKLM\..\Run: [AVG_TRAY] “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe” O4 - HKCU\..\Run: [Google Update] “C:\Users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe” /c O4 - HKCU\..\Run: [Steam] “E:\Programmer\Steam\steam.exe” -silent O4 - HKCU\..\Run: [Spotify] “C:\Users\Emil Pedersen\AppData\Roaming\Spotify\spotify.exe” /uri spotify:autostart O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’) O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’) O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’) O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’) O4 - Global Startup: LOLRecorder.lnk = E:\Programmer\LOLReplay\LOLRecorder.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: E&xport; to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: S&end; to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O20 - AppInit_DLLs: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Programmer\Hamachi\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) — End of file - 8355 bytes
[ Ignorer ] [ # 2 ] FBJ Emeritus
12.01.2012 22:03:30 Redaktør Supporter Emeritus Antal indlæg: 17644	Hej Razar Følg denne vejledning: http://www.spywarefri.dk/vejledning-til-rensning/ Når du har gjort det, så vend tilbage til denne tråd, og kopier de logs herind som nævnes i vejledningen. Signatur Gode råd om sikkerhed….
[ Ignorer ] [ # 3 ] Razar
13.01.2012 22:42:21 Antal indlæg: 23	Så, har gjort alt hvad guiden sagde jeg skulle: ATTACH: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 28-12-2011 22:07:54 System Uptime: 13-01-2012 21:27:18 (0 hours ago) . Motherboard: ASUSTeK Computer INC. \| \| P7H55-V Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz \| LGA1156 \| 3201/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 430,332 GiB free. D: is CDROM () E: is FIXED (NTFS) - 466 GiB total, 395,44 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Community Help Adobe Media Player Adobe Photoshop CS5 ASIO4ALL µTorrent Audacity 1.3.14 (Unicode) avast! Free Antivirus Battlefield 3™ Battlelog Web Plugins Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy CCC Help English Counter-Strike: Source ESN Sonar FL Studio 8 Free YouTube to MP3 Converter version 3.10.14.1206 Google Chrome Hardlock Device Drivers HiJackThis IL Download Manager iZotope Ozone 3 Java Auto Updater Java(TM) 6 Update 30 League of Legends LogMeIn Hamachi LOLReplay Magic ISO Maker v5.5 (build 0281) Malwarebytes Anti-Malware version 1.60.0.1800 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server System CLR Types Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Service Pack 1 Microsoft XNA Framework Redistributable 4.0 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 NETGEAR WG111v3 wireless USB 2.0 adapter Origin Pando Media Booster PDF Settings CS5 PoiZone POS2000 PowerISO PunkBuster Services Realtek High Definition Audio Driver reFX Nexus VSTi RTAS v2.2.0 reFX Vanguard VSTi v1.6.1 RgcAudio z3ta Plus DXi VSTi v1.41 Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.5 Sonic Charge µTonic VSTi v2.0 Spotify Steam Terraria The Binding Of Isaac Toxic Biohazard Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Visual Studio 2008 x64 Redistributables Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.1.11 Warcraft III Warcraft III: All Products WC3 Colorizer . ==== Event Viewer Messages From Past Week ======== . 13-01-2012 21:28:01, Error: Service Control Manager [7000] - The Hardlock service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 12-01-2012 18:37:28, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 12-01-2012 18:37:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error “1084” attempting to start the service WSearch with arguments “” in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12-01-2012 18:37:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error “1084” attempting to start the service WSearch with arguments “” in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12-01-2012 18:37:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error “1068” attempting to start the service netprofm with arguments “” in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 12-01-2012 18:37:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error “1068” attempting to start the service netman with arguments “” in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 12-01-2012 18:37:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error “1084” attempting to start the service EventSystem with arguments “” in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12-01-2012 18:37:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “” in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12-01-2012 18:37:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss RtlProt SCDEmu spldr sptd tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12-01-2012 18:37:14, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12-01-2012 18:36:40, Error: sptd [4] - Driver detected an internal error in its data structures for . 12-01-2012 17:57:30, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss RtlProt SCDEmu spldr sptd tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl 06-01-2012 13:55:23, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. . ==== End Of File =========================== DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by Emil Pedersen at 21:36:50 on 2012-01-13 Microsoft Windows 7 Professional 6.1.7600.0.1252.45.1033.18.3966.2229 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 Enabled/Updated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 Enabled/Updated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE E:\Programmer\Hamachi\hamachi-2.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe E:\Programmer\Steam\Steam.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Users\Emil Pedersen\AppData\Roaming\Spotify\spotify.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\SearchIndexer.exe E:\Programmer\LOLReplay\LOLRecorder.exe E:\Programmer\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\servicing\TrustedInstaller.exe C:\Users\Emil Pedersen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe E:\Programmer\Skype\Phone\Skype.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchqu.com/406 uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Google Update] “C:\Users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe” /c uRun: [Steam] “E:\Programmer\Steam\steam.exe” -silent uRun: [Spotify] “C:\Users\Emil Pedersen\AppData\Roaming\Spotify\spotify.exe” /uri spotify:autostart uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [StartCCC] “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun mRun: [PWRISOVM.EXE] E:\Programmer\PowerISO\PWRISOVM.EXE -startup mRun: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” mRun: [GrooveMonitor] “E:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe” mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] “C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin mRun: [avast] “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui mRun: [Malwarebytes’ Anti-Malware] “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - E:\Programmer\LOLReplay\LOLRecorder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport; to Microsoft Excel - E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 193.162.153.164 194.239.134.83 TCP: Interfaces\{4854F3C3-175D-40C5-A817-C9F4FE3FA97D} : DhcpNameServer = 193.162.153.164 194.239.134.83 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File BHO-X64: Searchqu Toolbar - No File BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [StartCCC] “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun mRun-x64: [PWRISOVM.EXE] E:\Programmer\PowerISO\PWRISOVM.EXE -startup mRun-x64: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” mRun-x64: [GrooveMonitor] “E:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe” mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] “C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin mRun-x64: [avast] “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui mRun-x64: [Malwarebytes’ Anti-Malware] “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys—> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys—> C:\Windows\system32\drivers\aswSP.sys [?] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys—> C:\Windows\system32\DRIVERS\rtlprot.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys—> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672] R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys—> C:\Windows\system32\drivers\aksdf.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe—> C:\Windows\system32\atiesrxx.exe [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys—> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys—> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-13 44768] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;E:\Programmer\Hamachi\hamachi-2.exe -s—> E:\Programmer\Hamachi\hamachi-2.exe -s [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe [2012-1-13 652872] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys—> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys—> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys—> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys—> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys—> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys—> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\system32\DRIVERS\wg111v3.sys—> C:\Windows\system32\DRIVERS\wg111v3.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe—> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-01-13 19:53:20 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\SUPERAntiSpyware.com 2012-01-13 19:52:57 ———— d——-w- C:\ProgramData\SUPERAntiSpyware.com 2012-01-13 19:52:57 ———— d——-w- C:\Program Files\SUPERAntiSpyware 2012-01-13 19:10:32 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\Malwarebytes 2012-01-13 19:07:41 38224 ——a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-01-13 19:07:40 23152 ——a-w- C:\Windows\System32\drivers\mbam.sys 2012-01-13 19:07:40 ———— d——-w- C:\ProgramData\Malwarebytes 2012-01-13 19:07:40 ———— d——-w- C:\Program Files (x86)\Malwarebytes’ Anti-Malware 2012-01-13 18:18:02 66904 ——a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-01-13 18:18:02 591192 ——a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-01-13 18:17:58 41184 ——a-w- C:\Windows\avastSS.scr 2012-01-13 18:17:54 ———— d——-w- C:\ProgramData\AVAST Software 2012-01-13 18:17:54 ———— d——-w- C:\Program Files\AVAST Software 2012-01-13 17:59:48 ———— d——-w- C:\Program Files\CCleaner 2012-01-12 17:27:39 388096 ——a-r- C:\Users\Emil Pedersen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-12 17:27:39 ———— d——-w- C:\Program Files (x86)\Trend Micro 2012-01-12 16:40:05 ———— d——-w- C:\ProgramData\PC Tools 2012-01-11 15:15:42 ———— d——-w- C:\ProgramData\boost_interprocess 2012-01-10 23:32:43 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\Ilivid Player 2012-01-10 23:32:33 ———— d——-w- C:\Program Files (x86)\iLivid 2012-01-10 23:32:15 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\PackageAware 2012-01-10 19:46:29 359624 ——a-w- C:\Windows\System32\drivers\vpcvmm.sys 2012-01-10 19:46:25 514560 ——a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-10 19:46:25 366592 ——a-w- C:\Windows\System32\qdvd.dll 2012-01-10 19:46:25 1572864 ——a-w- C:\Windows\System32\quartz.dll 2012-01-10 19:46:25 1328640 ——a-w- C:\Windows\SysWow64\quartz.dll 2012-01-10 19:46:15 1739160 ——a-w- C:\Windows\System32\ntdll.dll 2012-01-10 19:46:15 1292592 ——a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-10 19:46:11 77312 ——a-w- C:\Windows\System32\packager.dll 2012-01-10 19:46:11 67072 ——a-w- C:\Windows\SysWow64\packager.dll 2012-01-09 17:08:17 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\Microsoft Corporation 2012-01-09 16:53:54 89360 ——a-w- C:\Windows\SysWow64\VB5DB.dll 2012-01-09 16:53:54 72704 ——a-w- C:\Windows\SysWow64\ODBCTL32.dll 2012-01-09 16:53:54 604432 ——a-w- C:\Windows\SysWow64\COMCTL32.OCX 2012-01-09 16:53:54 430080 ——a-w- C:\Windows\SysWow64\MsRepl35.dll 2012-01-09 16:53:54 287504 ——a-w- C:\Windows\SysWow64\MSXBSE35.DLL 2012-01-09 16:53:54 252176 ——a-w- C:\Windows\SysWow64\MSRD2x35.dll 2012-01-09 16:53:54 1056768 ——a-w- C:\Windows\SysWow64\MSJet35.dll 2012-01-09 16:53:53 582144 ——a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO350.DLL 2012-01-09 16:53:53 27648 ——a-w- C:\Windows\SysWow64\BUR32.dll 2012-01-09 16:53:53 24848 ——a-w- C:\Windows\SysWow64\MSJtEr35.dll 2012-01-09 16:53:53 123664 ——a-w- C:\Windows\SysWow64\MSJInt35.dll 2012-01-09 16:50:48 28672 ——a-w- C:\Windows\SysWow64\hlduinst.exe 2012-01-09 16:50:48 164864 ——a-w- C:\Windows\SysWow64\UNWISE.EXE 2012-01-09 16:50:47 3063808 ——a-w- C:\Windows\SysWow64\hinstd.dll 2012-01-09 16:50:47 2164411 ——a-w- C:\Windows\SysWow64\haspds_windows.dll 2012-01-08 21:26:24 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\.minecraft 2012-01-08 21:26:00 33856 —-ha-w- C:\Windows\System32\hamachi.sys 2012-01-08 17:38:49 ———— d——-w- C:\Windows\System32\appmgmt 2012-01-07 17:42:56 ———— d——-w- C:\Program Files\Oracle 2012-01-07 17:42:38 750488 ——a-w- C:\Windows\System32\npdeployJava1.dll 2012-01-07 17:42:38 660368 ——a-w- C:\Windows\System32\deployJava1.dll 2012-01-07 16:49:32 ———— d——-w- C:\ProgramData\VS 2012-01-07 16:37:27 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\assembly 2012-01-06 21:06:33 530488 ——a-w- C:\Windows\System32\drivers\sptd.sys 2012-01-06 04:14:26 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2012-01-05 15:22:36 ———— d——-w- C:\Users\Emil Pedersen\.oces2 2012-01-04 22:24:04 ———— d——-w- C:\Program Files (x86)\Microsoft XNA 2012-01-04 15:36:21 ———— d——-w- C:\ProgramData\regid.1986-12.com.adobe 2012-01-04 15:12:30 159744 —sha-r- C:\Windows\SysWow64\ktmw32D.dll 2012-01-04 00:49:23 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\D.O.G 2012-01-02 16:00:32 ———— d——-w- C:\ProgramData\iZotope 2012-01-02 15:58:24 ———— d——-w- C:\Program Files (x86)\Common Files\Digidesign 2012-01-02 15:58:23 1332224 ——a-w- C:\Windows\SysWow64\SYNSOEMU.DLL 2012-01-02 15:52:45 ———— d——-w- C:\Program Files (x86)\Microsoft Visual Studio 8 2012-01-02 15:51:53 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\Microsoft Help 2012-01-02 15:45:25 225280 ——a-w- C:\Windows\SysWow64\rewire.dll 2012-01-02 15:45:14 1294336 ——a-w- C:\Windows\SysWow64\vorbis.acm 2012-01-02 15:45:11 ———— d——-w- C:\Program Files (x86)\Outsim 2012-01-02 15:45:11 ———— d——-w- C:\Program Files (x86)\Image-Line 2011-12-30 23:30:40 ———— d——-w- C:\Program Files (x86)\Microsoft SQL Server 2011-12-30 23:30:19 ———— d——-w- C:\Program Files\Microsoft Synchronization Services 2011-12-30 23:30:19 ———— d——-w- C:\Program Files\Microsoft SQL Server Compact Edition 2011-12-30 23:30:11 ———— d——-w- C:\Program Files (x86)\Microsoft Synchronization Services 2011-12-30 23:30:10 ———— d——-w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2011-12-30 23:29:57 205984 ——a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-12-30 23:29:03 ———— d——-w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2011-12-30 23:28:39 ———— d——-w- C:\Program Files\Microsoft Visual Studio 10.0 2011-12-30 23:28:39 ———— d——-w- C:\Program Files\Microsoft Help Viewer 2011-12-30 23:25:46 ———— d——-w- C:\Windows\PCHEALTH 2011-12-30 23:00:52 472808 ——a-w- C:\Windows\SysWow64\deployJava1.dll 2011-12-30 22:37:01 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\DVDVideoSoft 2011-12-30 22:36:53 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers 2011-12-30 22:36:41 ———— d——-w- C:\Program Files (x86)\Common Files\DVDVideoSoft 2011-12-30 21:07:53 ———— d——-w- C:\fsbext 2011-12-29 20:32:18 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\Adobe 2011-12-29 06:02:12 ———— d——-w- C:\Windows\Panther 2011-12-29 02:00:47 ———— d——-w- C:\Windows\SysWow64\Wat 2011-12-29 02:00:47 ———— d——-w- C:\Windows\System32\Wat 2011-12-29 01:22:43 280904 ——a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-12-29 01:22:39 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\PunkBuster 2011-12-29 01:22:21 ———— d——-w- C:\Program Files (x86)\Battlelog Web Plugins 2011-12-29 01:21:29 ———— d——-w- C:\ProgramData\EA Core 2011-12-29 00:55:01 2829 ——a-w- C:\Windows\War3Unin.pif 2011-12-29 00:55:01 139264 ——a-w- C:\Windows\War3Unin.exe 2011-12-29 00:49:57 125376 ——a-w- C:\Windows\System32\drivers\scdemu.sys 2011-12-29 00:46:06 ———— d——-w- C:\Users\Emil Pedersen\riotsGamesLogs 2011-12-29 00:45:36 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\LolClient 2011-12-29 00:05:28 467984 ——a-w- C:\Windows\SysWow64\d3dx10_39.dll 2011-12-29 00:05:28 1493528 ——a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2011-12-29 00:05:27 3851784 ——a-w- C:\Windows\SysWow64\D3DX9_39.dll 2011-12-28 23:47:02 ———— d—h—w- C:\Program Files (x86)\Common Files\EAInstaller 2011-12-28 23:46:24 280904 ——a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-12-28 23:46:24 189248 ——a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-12-28 23:46:22 75136 ——a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-12-28 23:33:27 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\ATI 2011-12-28 23:33:22 ———— d——-w- C:\Program Files (x86)\AMD APP 2011-12-28 23:33:18 ———— d——-w- C:\Program Files\Common Files\ATI Technologies 2011-12-28 23:33:18 ———— d——-w- C:\Program Files (x86)\Common Files\ATI Technologies 2011-12-28 23:31:57 ———— d——-w- C:\Program Files (x86)\ATI Technologies 2011-12-28 23:31:39 ———— d——-w- C:\Program Files\ATI Technologies 2011-12-28 23:31:36 ———— d——-w- C:\Program Files\ATI 2011-12-28 23:30:51 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\TeamViewer 2011-12-28 23:30:42 ———— d——-w- C:\ATI 2011-12-28 23:04:57 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\uTorrent 2011-12-28 23:03:11 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\Spotify 2011-12-28 23:02:48 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\Spotify 2011-12-28 22:58:34 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\LogMeIn Hamachi 2011-12-28 22:56:15 ———— d——-w- C:\Users\Emil Pedersen\AppData\Roaming\Origin 2011-12-28 22:56:14 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\Origin 2011-12-28 22:56:07 ———— d——-w- C:\ProgramData\Origin 2011-12-28 22:56:07 ———— d——-w- C:\ProgramData\Electronic Arts 2011-12-28 22:56:07 ———— d——-w- C:\Program Files (x86)\Origin Games 2011-12-28 22:48:33 ———— d——-w- C:\Program Files (x86)\Common Files\Steam 2011-12-28 22:44:43 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\PMB Files 2011-12-28 22:44:42 ———— d——-w- C:\ProgramData\PMB Files 2011-12-28 22:44:35 ———— d——-w- C:\Program Files (x86)\Pando Networks 2011-12-28 22:32:35 ———— d——-w- C:\Program Files (x86)\AVG 2011-12-28 22:20:03 0 ——a-w- C:\Windows\ativpsrm.bin 2011-12-28 22:10:59 367104 ——a-w- C:\Windows\System32\wcncsvc.dll 2011-12-28 22:10:59 276992 ——a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-12-28 21:56:44 ———— d—h—w- C:\ProgramData\Common Files 2011-12-28 21:45:07 311808 ——a-w- C:\Windows\System32\msv1_0.dll 2011-12-28 21:45:07 257024 ——a-w- C:\Windows\SysWow64\msv1_0.dll 2011-12-28 21:43:24 ———— d——-w- C:\ProgramData\MFAData 2011-12-28 21:39:24 99176 ——a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2011-12-28 21:39:24 49472 ——a-w- C:\Windows\SysWow64\netfxperf.dll 2011-12-28 21:39:24 48960 ——a-w- C:\Windows\System32\netfxperf.dll 2011-12-28 21:39:24 444752 ——a-w- C:\Windows\System32\mscoree.dll 2011-12-28 21:39:24 320352 ——a-w- C:\Windows\System32\PresentationHost.exe 2011-12-28 21:39:24 297808 ——a-w- C:\Windows\SysWow64\mscoree.dll 2011-12-28 21:39:24 295264 ——a-w- C:\Windows\SysWow64\PresentationHost.exe 2011-12-28 21:39:24 1942856 ——a-w- C:\Windows\System32\dfshim.dll 2011-12-28 21:39:24 1130824 ——a-w- C:\Windows\SysWow64\dfshim.dll 2011-12-28 21:39:24 109912 ——a-w- C:\Windows\System32\PresentationHostProxy.dll 2011-12-28 21:39:07 294912 ——a-w- C:\Windows\System32\browserchoice.exe 2011-12-28 21:31:17 243712 ——a-w- C:\Windows\System32\drivers\ks.sys 2011-12-28 21:31:01 1975296 ——a-w- C:\Windows\System32\CertEnroll.dll 2011-12-28 21:31:01 1320960 ——a-w- C:\Windows\SysWow64\CertEnroll.dll 2011-12-28 21:29:47 153160 ——a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-12-28 21:28:59 954752 ——a-w- C:\Windows\SysWow64\mfc40.dll 2011-12-28 21:26:32 414368 ——a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-28 21:25:13 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\Google 2011-12-28 21:24:49 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\Apps 2011-12-28 21:24:48 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\Deployment 2011-12-28 21:22:51 5507968 ——a-w- C:\Windows\System32\ntoskrnl.exe 2011-12-28 21:22:51 3957120 ——a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-12-28 21:22:50 3902336 ——a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-12-28 21:17:48 ———— d——-w- C:\OEMSettings 2011-12-28 21:13:25 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\Diagnostics 2011-12-28 21:11:32 ———— d——-w- C:\Program Files (x86)\NETGEAR 2011-12-28 21:11:14 ———— d-sh—w- C:\Windows\Installer 2011-12-28 21:11:14 ———— d——-w- C:\Windows\Downloaded Installations 2011-12-28 21:08:07 ———— d——-w- C:\Users\Emil Pedersen\AppData\Local\VirtualStore . ==================== Find3M ==================== . 2011-12-02 09:51:58 4913608 ——a-w- C:\Windows\System32\aksllmtp.exe 2011-11-24 08:58:44 78208 ——a-w- C:\Windows\System32\drivers\aksdf.sys 2011-11-24 08:58:44 139592 ——a-w- C:\Windows\System32\drivers\aksfridge.sys 2011-11-24 05:00:47 3141632 ——a-w- C:\Windows\System32\win32k.sys 2011-11-15 13:29:56 270720 ———w- C:\Windows\System32\MpSigStub.exe 2011-11-10 03:45:30 10567680 ——a-w- C:\Windows\System32\drivers\atikmdag.sys 2011-11-10 03:20:50 25218048 ——a-w- C:\Windows\System32\atio6axx.dll 2011-11-10 03:17:10 159744 ——a-w- C:\Windows\System32\atiapfxx.exe 2011-11-10 03:16:56 774656 ——a-w- C:\Windows\SysWow64\aticfx32.dll 2011-11-10 03:15:20 927232 ——a-w- C:\Windows\System32\aticfx64.dll 2011-11-10 03:12:24 466944 ——a-w- C:\Windows\System32\ATIDEMGX.dll 2011-11-10 03:12:10 516608 ——a-w- C:\Windows\System32\atieclxx.exe 2011-11-10 03:11:32 204288 ——a-w- C:\Windows\System32\atiesrxx.exe 2011-11-10 03:10:18 120320 ——a-w- C:\Windows\System32\atitmm64.dll 2011-11-10 03:09:58 423424 ——a-w- C:\Windows\System32\atipdl64.dll 2011-11-10 03:09:52 360448 ——a-w- C:\Windows\SysWow64\atipdlxx.dll 2011-11-10 03:09:40 278528 ——a-w- C:\Windows\SysWow64\Oemdspif.dll 2011-11-10 03:09:34 21504 ——a-w- C:\Windows\System32\atimuixx.dll 2011-11-10 03:09:30 59392 ——a-w- C:\Windows\System32\atiedu64.dll 2011-11-10 03:09:24 43520 ——a-w- C:\Windows\SysWow64\ati2edxx.dll 2011-11-10 03:06:20 6077952 ——a-w- C:\Windows\SysWow64\atidxx32.dll 2011-11-10 02:58:20 18996224 ——a-w- C:\Windows\SysWow64\atioglxx.dll 2011-11-10 02:51:18 7405056 ——a-w- C:\Windows\System32\atidxx64.dll 2011-11-10 02:40:52 1113088 ——a-w- C:\Windows\System32\atiumd6v.dll 2011-11-10 02:40:18 1828864 ——a-w- C:\Windows\SysWow64\atiumdmv.dll 2011-11-10 02:40:04 4061696 ——a-w- C:\Windows\System32\atiumd6a.dll 2011-11-10 02:34:54 51200 ——a-w- C:\Windows\System32\aticalrt64.dll 2011-11-10 02:34:52 46080 ——a-w- C:\Windows\SysWow64\aticalrt.dll 2011-11-10 02:34:44 44544 ——a-w- C:\Windows\System32\aticalcl64.dll 2011-11-10 02:34:42 44032 ——a-w- C:\Windows\SysWow64\aticalcl.dll 2011-11-10 02:34:28 13552640 ——a-w- C:\Windows\System32\aticaldd64.dll 2011-11-10 02:33:52 5852672 ——a-w- C:\Windows\SysWow64\atiumdag.dll 2011-11-10 02:29:58 11300864 ——a-w- C:\Windows\SysWow64\aticaldd.dll 2011-11-10 02:29:46 4200960 ——a-w- C:\Windows\SysWow64\atiumdva.dll 2011-11-10 02:24:26 7439360 ——a-w- C:\Windows\System32\atiumd64.dll 2011-11-10 02:18:44 58880 ——a-w- C:\Windows\System32\coinst.dll 2011-11-10 02:13:32 494592 ——a-w- C:\Windows\System32\atiadlxx.dll 2011-11-10 02:13:22 348160 ——a-w- C:\Windows\SysWow64\atiadlxy.dll 2011-11-10 02:13:08 17408 ——a-w- C:\Windows\System32\atig6pxx.dll 2011-11-10 02:13:04 14336 ——a-w- C:\Windows\SysWow64\atiglpxx.dll 2011-11-10 02:13:04 14336 ——a-w- C:\Windows\System32\atiglpxx.dll 2011-11-10 02:13:00 39936 ——a-w- C:\Windows\System32\atig6txx.dll 2011-11-10 02:12:52 32768 ——a-w- C:\Windows\SysWow64\atigktxx.dll 2011-11-10 02:12:44 325632 ——a-w- C:\Windows\System32\drivers\atikmpag.sys 2011-11-10 02:11:54 41984 ——a-w- C:\Windows\System32\atiuxp64.dll 2011-11-10 02:11:46 32256 ——a-w- C:\Windows\SysWow64\atiuxpag.dll 2011-11-10 02:11:40 39424 ——a-w- C:\Windows\System32\atiu9p64.dll 2011-11-10 02:11:32 54784 ——a-w- C:\Windows\System32\atimpc64.dll 2011-11-10 02:11:32 54784 ——a-w- C:\Windows\System32\amdpcom64.dll 2011-11-10 02:11:32 29184 ——a-w- C:\Windows\SysWow64\atiu9pag.dll 2011-11-10 02:11:26 53760 ——a-w- C:\Windows\SysWow64\atimpc32.dll 2011-11-10 02:11:26 53760 ——a-w- C:\Windows\SysWow64\amdpcom32.dll 2011-11-10 02:10:54 53248 ——a-w- C:\Windows\System32\drivers\ati2erec.dll 2011-11-09 21:39:50 69632 ——a-w- C:\Windows\System32\OpenVideo64.dll 2011-11-09 21:39:44 59904 ——a-w- C:\Windows\SysWow64\OpenVideo.dll 2011-11-09 21:39:36 61952 ——a-w- C:\Windows\System32\OVDecode64.dll 2011-11-09 21:39:32 54784 ——a-w- C:\Windows\SysWow64\OVDecode.dll 2011-11-09 21:39:22 17442304 ——a-w- C:\Windows\System32\amdocl64.dll 2011-11-09 21:38:40 14375936 ——a-w- C:\Windows\SysWow64\amdocl.dll 2011-11-09 21:37:50 51200 ——a-w- C:\Windows\System32\OpenCL.dll 2011-11-09 21:37:46 44032 ——a-w- C:\Windows\SysWow64\OpenCL.dll 2011-11-05 05:26:29 1197568 ——a-w- C:\Windows\System32\wininet.dll 2011-11-05 05:23:10 57856 ——a-w- C:\Windows\System32\licmgr10.dll 2011-11-05 05:17:42 2048 ——a-w- C:\Windows\System32\tzres.dll 2011-11-05 04:35:50 981504 ——a-w- C:\Windows\SysWow64\wininet.dll 2011-11-05 04:34:15 44544 ——a-w- C:\Windows\SysWow64\licmgr10.dll 2011-11-05 04:30:11 2048 ——a-w- C:\Windows\SysWow64\tzres.dll 2011-11-05 04:07:32 482816 ——a-w- C:\Windows\System32\html.iec 2011-11-05 03:28:41 386048 ——a-w- C:\Windows\SysWow64\html.iec 2011-11-05 03:25:44 1638912 ——a-w- C:\Windows\System32\mshtml.tlb 2011-11-05 02:55:38 1638912 ——a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-26 05:19:07 43520 ——a-w- C:\Windows\System32\csrsrv.dll 2011-10-21 19:16:12 1843200 ——a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll 2011-10-21 19:15:46 104448 ——a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll 2011-10-21 19:12:32 2763264 ——a-w- C:\Windows\System32\SlotMaximizerBe.dll 2011-10-21 19:07:42 125440 ——a-w- C:\Windows\System32\SlotMaximizerAg.dll 2011-10-17 17:40:50 93712 ——a-w- C:\Windows\System32\drivers\AtihdW76.sys . ============= FINISH: 21:38:26,87 =============== ESET ONLINE SCANNER: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=2eeb3ddb5f7f8441a8f17e6db9760f7b # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-01-13 07:03:05 # local_time=2012-01-13 08:03:05 (+0100, Romance Standard Time) # country=“Denmark” # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 93501 93501 0 0 # compatibility_mode=5893 16776574 100 94 4627 78929293 0 0 # compatibility_mode=8192 67108863 100 0 3688 3688 0 0 # scanned=218239 # found=2 # cleaned=2 # scan_time=2225 C:\Users\Emil Pedersen\Downloads\SoftonicDownloader_for_microsoft-virtual-pc.exe Win32/SoftonicDownloader application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Emil Pedersen\Downloads\Fruity_Loops_Studio_9_&_Crack\flstudio_9.0_final.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C MALWAREBYTES: Malwarebytes Anti-Malware (Trial) 1.60.0.1800 http://www.malwarebytes.org Database version: v2012.01.13.04 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Emil Pedersen :: EMILPEDERSEN-PC [administrator] Protection: Enabled 13-01-2012 20:11:56 Malwarebyes.txt Scan type: Full scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 383993 Time elapsed: 34 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\regfile\shell\open\command\| (Broken.OpenCommand) -> Bad: (“regedit.exe” “%1”) Good: (regedit.exe “%1”) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) SUPERANTIVIRUS SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/13/2012 at 09:20 PM Application Version : 5.0.1142 Core Rules Database Version : 8132 Trace Rules Database Version: 5944 Scan type : Complete Scan Total Scan Time : 00:25:56 Operating System Information Windows 7 Professional 64-bit (Build 6.01.7600) UAC On - Limited User Memory items scanned : 656 Memory threats detected : 0 Registry items scanned : 72605 Registry threats detected : 0 File items scanned : 52390 File threats detected : 55 Adware.Tracking Cookie C:\Users\Emil Pedersen\AppData\Roaming\Microsoft\Windows\Cookies\67TRIYP0.txt [ /atdmt.com ] C:\Users\Emil Pedersen\AppData\Roaming\Microsoft\Windows\Cookies\D455ZJ2F.txt [ /c.atdmt.com ] C:\USERS\EMIL PEDERSEN\Cookies\67TRIYP0.txt [ Cookie:emil ./ ] .atdmt.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .h.atdmt.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .h.atdmt.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .h.atdmt.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .h.atdmt.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .getclicky.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .static.getclicky.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] in.getclicky.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.adform.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adform.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] serialnod32.info [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] serialnod32.info [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.yieldmanager.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adxpose.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zanox.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ad.zanox.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .invitemedia.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .serving-sys.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .avgtechnologies.112.2o7.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .microsoftsto.112.2o7.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tribalfusion.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .server.cpmstar.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .server.cpmstar.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .server.cpmstar.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .server.cpmstar.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .collective-media.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .collective-media.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .collective-media.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .collective-media.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .collective-media.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .collective-media.net [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .atdmt.com [ C:\USERS\EMIL PEDERSEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
[ Ignorer ] [ # 4 ] FBJ Emeritus
14.01.2012 10:20:40 Redaktør Supporter Emeritus Antal indlæg: 17644	Nu skriver du ikke noget om, hvorvidt det har hjulpet, så jeg antager, at du stadig har problemer? Hvis problemet er løst, så skal du ikke følge nedenstående vejledning… Hent Combofix, og gem den på dit skrivebord: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Vigtigt-> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter computeren (muligvis) har genstartet, vil der blive åbnet en logfil: combofix.txt Indholdet af denne fil skal du kopiere herind i dit næste indlæg. Hvis logfilen ikke åbnes automatisk, så kan du finde den her -> C:/combofix txt. Signatur Gode råd om sikkerhed….
[ Ignorer ] [ # 5 ] Razar
14.01.2012 20:06:59 Antal indlæg: 23	ja, undskyld, min fejl, men fejlen er der stadig, det er når jeg søger på google, og trykker på mine søgeresultater, så dukker der nogle sider op som ikke er rigtige, såsom: NoobTv og BitAdviser Nu har jeg kørt med ComboFix, og her er loggen: ComboFix 12-01-13.05 - Emil Pedersen 14-01-2012 18:13:08.1.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.45.1033.18.3966.2265 [GMT 1:00] Kører fra: C:\Users\Emil Pedersen\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 Enabled/Updated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 Enabled/Updated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Dannede nyt systemgendannelsespunkt ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Emil Pedersen\AppData\Local\assembly\tmp C:\Windows\system32\java.exe ((((((((((((((((((((((((((((( Filer skabt fra 2011-12-14 til 2012-01-14 ))))))))))))))))))))))))))))))))))) 2012-01-14 17:17:27 . 2012-01-14 17:17:27 ———— d——-w- C:\Users\Default\AppData\Local\temp 2012-01-13 19:07:40 . 2012-01-13 19:07:40 ———— d——-w- C:\ProgramData\Malwarebytes 2012-01-13 18:18:04 . 2011-11-28 17:51:53 24408 ——a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2012-01-13 18:18:03 . 2011-11-28 17:53:58 304472 ——a-w- C:\Windows\system32\drivers\aswSP.sys 2012-01-13 18:18:03 . 2011-11-28 17:52:22 42328 ——a-w- C:\Windows\system32\drivers\aswRdr.sys 2012-01-13 18:18:02 . 2011-11-28 18:01:14 256960 ——a-w- C:\Windows\system32\aswBoot.exe 2012-01-13 18:18:02 . 2011-11-28 17:54:06 591192 ——a-w- C:\Windows\system32\drivers\aswSnx.sys 2012-01-13 18:18:02 . 2011-11-28 17:52:20 58712 ——a-w- C:\Windows\system32\drivers\aswTdi.sys 2012-01-13 18:18:02 . 2011-11-28 17:52:11 66904 ——a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2012-01-13 18:17:58 . 2011-11-28 18:01:25 41184 ——a-w- C:\Windows\avastSS.scr 2012-01-13 18:17:58 . 2011-11-28 18:01:23 199816 ——a-w- C:\Windows\SysWow64\aswBoot.exe 2012-01-13 18:17:54 . 2012-01-13 18:17:54 ———— d——-w- C:\ProgramData\AVAST Software 2012-01-13 18:17:54 . 2012-01-13 18:17:54 ———— d——-w- C:\Program Files\AVAST Software 2012-01-12 23:26:18 . 2012-01-12 23:26:18 ———— d——-w- C:\Users\Default\AppData\Local\Microsoft Help 2012-01-12 17:27:39 . 2012-01-12 17:27:39 ———— d——-w- C:\Program Files (x86)\Trend Micro 2012-01-12 16:40:05 . 2012-01-12 17:17:19 ———— d——-w- C:\ProgramData\PC Tools 2012-01-11 15:15:42 . 2012-01-11 15:15:42 ———— d——-w- C:\ProgramData\boost_interprocess 2012-01-10 23:32:33 . 2012-01-10 23:33:25 ———— d——-w- C:\Program Files (x86)\iLivid 2012-01-10 19:46:29 . 2009-12-01 17:55:31 359624 ——a-w- C:\Windows\system32\drivers\vpcvmm.sys 2012-01-10 19:46:25 . 2011-10-26 05:22:37 366592 ——a-w- C:\Windows\system32\qdvd.dll 2012-01-10 19:46:25 . 2011-10-26 05:22:37 1572864 ——a-w- C:\Windows\system32\quartz.dll 2012-01-10 19:46:25 . 2011-10-26 04:28:26 1328640 ——a-w- C:\Windows\SysWow64\quartz.dll 2012-01-10 19:46:25 . 2011-10-26 04:28:25 514560 ——a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-10 19:46:15 . 2011-11-17 07:14:10 1739160 ——a-w- C:\Windows\system32\ntdll.dll 2012-01-10 19:46:15 . 2011-11-17 05:41:38 1292592 ——a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-10 19:46:11 . 2011-11-19 15:07:41 77312 ——a-w- C:\Windows\system32\packager.dll 2012-01-10 19:46:11 . 2011-11-19 14:06:13 67072 ——a-w- C:\Windows\SysWow64\packager.dll 2012-01-09 16:59:50 . 2009-09-23 01:51:11 3584 ——a-w- C:\Windows\system32\drivers\en-US\vpchbus.sys.mui 2012-01-09 16:53:54 . 2012-01-09 16:53:54 287504 ——a-w- C:\Windows\SysWow64\MSXBSE35.DLL 2012-01-09 16:53:54 . 2012-01-09 16:53:54 1056768 ——a-w- C:\Windows\SysWow64\MSJet35.dll 2012-01-09 16:53:54 . 2000-06-21 08:27:08 252176 ——a-w- C:\Windows\SysWow64\MSRD2x35.dll 2012-01-09 16:53:54 . 1999-05-05 21:22:00 430080 ——a-w- C:\Windows\SysWow64\MsRepl35.dll 2012-01-09 16:53:54 . 1998-06-17 23:00:00 89360 ——a-w- C:\Windows\SysWow64\VB5DB.dll 2012-01-09 16:53:54 . 1998-05-30 23:00:00 72704 ——a-w- C:\Windows\SysWow64\ODBCTL32.dll 2012-01-09 16:53:54 . 1998-05-15 19:01:00 604432 ——a-w- C:\Windows\SysWow64\COMCTL32.OCX 2012-01-09 16:53:53 . 2000-07-10 09:22:28 27648 ——a-w- C:\Windows\SysWow64\BUR32.dll 2012-01-09 16:53:53 . 2000-06-21 08:27:10 123664 ——a-w- C:\Windows\SysWow64\MSJInt35.dll 2012-01-09 16:53:53 . 2000-06-21 08:27:06 24848 ——a-w- C:\Windows\SysWow64\MSJtEr35.dll 2012-01-09 16:53:53 . 1996-12-02 17:44:28 582144 ——a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO350.DLL 2012-01-09 16:50:48 . 2005-09-06 17:06:20 28672 ——a-w- C:\Windows\SysWow64\hlduinst.exe 2012-01-09 16:50:48 . 2001-09-28 18:00:28 164864 ——a-w- C:\Windows\SysWow64\UNWISE.EXE 2012-01-09 16:50:47 . 2005-10-12 18:49:22 3063808 ——a-w- C:\Windows\SysWow64\hinstd.dll 2012-01-09 16:50:47 . 2005-09-28 13:24:30 2164411 ——a-w- C:\Windows\SysWow64\haspds_windows.dll 2012-01-08 21:26:00 . 2009-03-18 16:35:42 33856 —-ha-w- C:\Windows\system32\hamachi.sys 2012-01-08 17:38:49 . 2012-01-08 17:38:49 ———— d——-w- C:\Windows\system32\appmgmt 2012-01-07 17:42:56 . 2012-01-07 17:43:00 ———— d——-w- C:\Program Files\Oracle 2012-01-07 17:42:38 . 2011-11-08 18:40:40 750488 ——a-w- C:\Windows\system32\npdeployJava1.dll 2012-01-07 17:42:38 . 2011-11-08 18:40:34 660368 ——a-w- C:\Windows\system32\deployJava1.dll 2012-01-07 17:42:23 . 2012-01-07 17:42:35 ———— d——-w- C:\Program Files\Java 2012-01-07 16:53:11 . 2012-01-07 16:53:11 ———— d——-w- C:\Windows\symbols 2012-01-07 16:49:32 . 2012-01-07 16:49:32 ———— d——-w- C:\ProgramData\VS 2012-01-06 21:06:33 . 2012-01-06 21:06:33 530488 ——a-w- C:\Windows\system32\drivers\sptd.sys 2012-01-04 22:24:04 . 2012-01-04 22:24:04 ———— d——-w- C:\Program Files (x86)\Microsoft XNA 2012-01-04 15:36:21 . 2012-01-04 16:20:49 ———— d——-w- C:\ProgramData\regid.1986-12.com.adobe 2012-01-04 15:16:10 . 2012-01-04 15:17:50 ———— d——-w- C:\Program Files\Common Files\Adobe 2012-01-04 15:12:30 . 2012-01-04 15:12:30 159744 —sha-r- C:\Windows\SysWow64\ktmw32D.dll 2012-01-02 16:00:32 . 2012-01-02 16:00:32 ———— d——-w- C:\ProgramData\iZotope 2012-01-02 15:58:24 . 2012-01-02 15:58:24 ———— d——-w- C:\Program Files (x86)\Common Files\Digidesign 2012-01-02 15:58:23 . 2009-10-24 20:15:56 1332224 ——a-w- C:\Windows\SysWow64\SYNSOEMU.DLL 2012-01-02 15:54:47 . 2012-01-14 04:02:26 ———— d——-w- C:\Program Files (x86)\Microsoft Works 2012-01-02 15:52:45 . 2012-01-02 15:52:45 ———— d——-w- C:\Program Files (x86)\Microsoft Visual Studio 8 2012-01-02 15:51:48 . 2012-01-14 04:04:09 ———— d——-w- C:\ProgramData\Microsoft Help 2012-01-02 15:45:25 . 2006-06-20 08:56:42 225280 ——a-w- C:\Windows\SysWow64\rewire.dll 2012-01-02 15:45:14 . 2002-07-07 22:14:24 1294336 ——a-w- C:\Windows\SysWow64\vorbis.acm 2012-01-02 15:45:11 . 2012-01-02 15:45:24 ———— d——-w- C:\Program Files (x86)\Image-Line 2012-01-02 15:45:11 . 2012-01-02 15:45:11 ———— d——-w- C:\Program Files (x86)\Outsim 2011-12-30 23:30:40 . 2011-12-30 23:30:41 ———— d——-w- C:\Program Files (x86)\Microsoft SQL Server 2011-12-30 23:30:36 . 2012-01-12 16:01:35 ———— d——-w- C:\Program Files (x86)\Microsoft Silverlight 2011-12-30 23:30:19 . 2011-12-30 23:30:19 ———— d——-w- C:\Program Files\Microsoft Synchronization Services 2011-12-30 23:30:19 . 2011-12-30 23:30:19 ———— d——-w- C:\Program Files\Microsoft SQL Server Compact Edition 2011-12-30 23:30:11 . 2011-12-30 23:30:11 ———— d——-w- C:\Program Files (x86)\Microsoft Synchronization Services 2011-12-30 23:30:10 . 2011-12-30 23:30:10 ———— d——-w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2011-12-30 23:29:57 . 2012-01-07 16:53:05 205984 ——a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-12-30 23:29:03 . 2011-12-30 23:31:14 ———— d——-w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2011-12-30 23:28:39 . 2011-12-30 23:28:39 ———— d——-w- C:\Program Files\Microsoft Visual Studio 10.0 2011-12-30 23:28:39 . 2011-12-30 23:28:39 ———— d——-w- C:\Program Files\Microsoft Help Viewer 2011-12-30 23:28:39 . 2011-12-30 23:28:39 ———— d——-w- C:\Program Files (x86)\Microsoft SDKs 2011-12-30 23:25:46 . 2011-12-30 23:25:46 ———— d——-w- C:\Windows\PCHEALTH 2011-12-30 23:01:05 . 2011-12-30 23:01:05 ———— d——-w- C:\Program Files (x86)\Common Files\Java 2011-12-30 23:00:52 . 2011-12-30 23:00:42 472808 ——a-w- C:\Windows\SysWow64\deployJava1.dll 2011-12-30 23:00:41 . 2011-12-30 23:00:41 ———— d——-w- C:\Program Files (x86)\Java 2011-12-30 22:36:41 . 2011-12-30 22:36:45 ———— d——-w- C:\Program Files (x86)\Common Files\DVDVideoSoft 2011-12-30 21:07:53 . 2011-12-30 22:05:00 ———— d——-w- C:\fsbext 2011-12-29 20:39:13 . 2011-12-29 20:39:13 ———— d——-w- C:\Program Files (x86)\Adobe Media Player 2011-12-29 20:37:44 . 2011-12-29 20:37:44 ———— d——-w- C:\Program Files (x86)\Common Files\Adobe AIR 2011-12-29 20:35:46 . 2012-01-04 15:16:51 ———— d——-w- C:\Program Files (x86)\Common Files\Adobe 2011-12-29 06:02:12 . 2012-01-13 18:01:54 ———— d——-w- C:\Windows\Panther 2011-12-29 03:08:15 . 2011-12-30 23:29:04 ———— d——-w- C:\Program Files (x86)\Microsoft.NET 2011-12-29 02:00:47 . 2011-12-29 02:00:48 ———— d——-w- C:\Windows\SysWow64\Wat 2011-12-29 02:00:47 . 2011-12-29 02:00:47 ———— d——-w- C:\Windows\system32\Wat 2011-12-29 01:22:43 . 2011-12-29 01:22:43 280904 ——a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-12-29 01:22:21 . 2011-12-29 01:22:23 ———— d——-w- C:\Program Files (x86)\Battlelog Web Plugins 2011-12-29 01:21:29 . 2011-12-29 01:21:29 ———— d——-w- C:\ProgramData\EA Core 2011-12-29 00:55:01 . 2011-12-29 00:57:16 2829 ——a-w- C:\Windows\War3Unin.pif 2011-12-29 00:55:01 . 2011-12-29 00:57:16 139264 ——a-w- C:\Windows\War3Unin.exe 2011-12-29 00:49:57 . 2011-11-15 03:50:14 125376 ——a-w- C:\Windows\system32\drivers\scdemu.sys 2011-12-29 00:05:28 . 2008-07-12 07:18:52 467984 ——a-w- C:\Windows\SysWow64\d3dx10_39.dll 2011-12-29 00:05:28 . 2008-07-12 07:18:52 1493528 ——a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2011-12-29 00:05:27 . 2008-07-12 07:18:52 3851784 ——a-w- C:\Windows\SysWow64\D3DX9_39.dll 2011-12-28 23:47:02 . 2011-12-28 23:47:02 ———— d—h—w- C:\Program Files (x86)\Common Files\EAInstaller 2011-12-28 23:46:24 . 2011-12-29 01:22:43 280904 ——a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-12-28 23:46:24 . 2011-12-29 00:22:19 189248 ——a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-12-28 23:46:22 . 2011-12-29 00:22:11 75136 ——a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-12-28 23:33:27 . 2011-12-28 23:33:27 ———— d——-w- C:\ProgramData\ATI 2011-12-28 23:33:22 . 2011-12-28 23:33:22 ———— d——-w- C:\Program Files (x86)\AMD APP 2011-12-28 23:33:18 . 2011-12-28 23:33:18 ———— d——-w- C:\Program Files\Common Files\ATI Technologies 2011-12-28 23:33:18 . 2011-12-28 23:33:18 ———— d——-w- C:\Program Files (x86)\Common Files\ATI Technologies 2011-12-28 23:31:57 . 2011-12-28 23:31:57 ———— d——-w- C:\Program Files (x86)\ATI Technologies 2011-12-28 23:31:39 . 2011-12-28 23:33:10 ———— d——-w- C:\Program Files\ATI Technologies 2011-12-28 23:31:36 . 2011-12-28 23:31:36 ———— d——-w- C:\Program Files\ATI 2011-12-28 23:30:42 . 2011-12-28 23:30:42 ———— d——-w- C:\ATI 2011-12-28 22:56:07 . 2011-12-29 01:21:31 ———— d——-w- C:\ProgramData\Electronic Arts 2011-12-28 22:56:07 . 2011-12-29 01:21:28 ———— d——-w- C:\ProgramData\Origin 2011-12-28 22:56:07 . 2011-12-28 23:20:22 ———— d——-w- C:\Program Files (x86)\Origin Games 2011-12-28 22:48:33 . 2012-01-04 12:58:42 ———— d——-w- C:\Program Files (x86)\Common Files\Steam 2011-12-28 22:44:42 . 2012-01-13 23:48:58 ———— d——-w- C:\ProgramData\PMB Files 2011-12-28 22:44:35 . 2011-12-28 22:44:42 ———— d——-w- C:\Program Files (x86)\Pando Networks 2011-12-28 22:42:49 . 2011-12-28 22:42:50 ———— d——-w- C:\ProgramData\Skype 2011-12-28 22:32:35 . 2011-12-28 22:32:35 ———— d——-w- C:\Program Files (x86)\AVG 2011-12-28 22:20:03 . 2011-12-28 22:20:03 0 ——a-w- C:\Windows\ativpsrm.bin 2011-12-28 22:10:59 . 2010-09-14 06:45:57 367104 ——a-w- C:\Windows\system32\wcncsvc.dll 2011-12-28 22:10:59 . 2010-09-14 06:07:14 276992 ——a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-12-28 21:56:44 . 2011-12-28 21:56:44 ———— d—h—w- C:\ProgramData\Common Files 2011-12-28 21:45:07 . 2009-09-10 06:28:22 311808 ——a-w- C:\Windows\system32\msv1_0.dll 2011-12-28 21:45:07 . 2009-09-10 05:52:05 257024 ——a-w- C:\Windows\SysWow64\msv1_0.dll (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-12-02 09:51:58 . 2011-12-02 09:51:58 4913608 ——a-w- C:\Windows\system32\aksllmtp.exe 2011-11-24 08:58:44 . 2011-11-24 08:58:44 78208 ——a-w- C:\Windows\system32\drivers\aksdf.sys 2011-11-24 08:58:44 . 2011-11-24 08:58:44 139592 ——a-w- C:\Windows\system32\drivers\aksfridge.sys 2011-11-10 03:45:30 . 2011-11-10 03:45:30 10567680 ——a-w- C:\Windows\system32\drivers\atikmdag.sys 2011-11-10 03:20:50 . 2011-11-10 03:20:50 25218048 ——a-w- C:\Windows\system32\atio6axx.dll 2011-11-10 03:17:10 . 2011-11-10 03:17:10 159744 ——a-w- C:\Windows\system32\atiapfxx.exe 2011-11-10 03:16:56 . 2011-04-20 01:09:06 774656 ——a-w- C:\Windows\SysWow64\aticfx32.dll 2011-11-10 03:15:20 . 2011-11-10 03:15:20 927232 ——a-w- C:\Windows\system32\aticfx64.dll 2011-11-10 03:12:24 . 2011-11-10 03:12:24 466944 ——a-w- C:\Windows\system32\ATIDEMGX.dll 2011-11-10 03:12:10 . 2011-11-10 03:12:10 516608 ——a-w- C:\Windows\system32\atieclxx.exe 2011-11-10 03:11:32 . 2011-11-10 03:11:32 204288 ——a-w- C:\Windows\system32\atiesrxx.exe 2011-11-10 03:10:18 . 2011-11-10 03:10:18 120320 ——a-w- C:\Windows\system32\atitmm64.dll 2011-11-10 03:09:58 . 2011-11-10 03:09:58 423424 ——a-w- C:\Windows\system32\atipdl64.dll 2011-11-10 03:09:52 . 2011-11-10 03:09:52 360448 ——a-w- C:\Windows\SysWow64\atipdlxx.dll 2011-11-10 03:09:40 . 2011-11-10 03:09:40 278528 ——a-w- C:\Windows\SysWow64\Oemdspif.dll 2011-11-10 03:09:34 . 2011-11-10 03:09:34 21504 ——a-w- C:\Windows\system32\atimuixx.dll 2011-11-10 03:09:30 . 2011-11-10 03:09:30 59392 ——a-w- C:\Windows\system32\atiedu64.dll 2011-11-10 03:09:24 . 2011-11-10 03:09:24 43520 ——a-w- C:\Windows\SysWow64\ati2edxx.dll 2011-11-10 03:06:20 . 2011-11-10 03:06:20 6077952 ——a-w- C:\Windows\SysWow64\atidxx32.dll 2011-11-10 02:58:20 . 2011-11-10 02:58:20 18996224 ——a-w- C:\Windows\SysWow64\atioglxx.dll 2011-11-10 02:51:18 . 2011-11-10 02:51:18 7405056 ——a-w- C:\Windows\system32\atidxx64.dll 2011-11-10 02:40:52 . 2011-11-10 02:40:52 1113088 ——a-w- C:\Windows\system32\atiumd6v.dll 2011-11-10 02:40:18 . 2011-11-10 02:40:18 1828864 ——a-w- C:\Windows\SysWow64\atiumdmv.dll 2011-11-10 02:40:04 . 2011-11-10 02:40:04 4061696 ——a-w- C:\Windows\system32\atiumd6a.dll 2011-11-10 02:34:54 . 2011-11-10 02:34:54 51200 ——a-w- C:\Windows\system32\aticalrt64.dll 2011-11-10 02:34:52 . 2011-11-10 02:34:52 46080 ——a-w- C:\Windows\SysWow64\aticalrt.dll 2011-11-10 02:34:44 . 2011-11-10 02:34:44 44544 ——a-w- C:\Windows\system32\aticalcl64.dll 2011-11-10 02:34:42 . 2011-11-10 02:34:42 44032 ——a-w- C:\Windows\SysWow64\aticalcl.dll 2011-11-10 02:34:28 . 2011-11-10 02:34:28 13552640 ——a-w- C:\Windows\system32\aticaldd64.dll 2011-11-10 02:33:52 . 2011-04-20 00:38:06 5852672 ——a-w- C:\Windows\SysWow64\atiumdag.dll 2011-11-10 02:29:58 . 2011-11-10 02:29:58 11300864 ——a-w- C:\Windows\SysWow64\aticaldd.dll 2011-11-10 02:29:46 . 2011-04-20 00:30:38 4200960 ——a-w- C:\Windows\SysWow64\atiumdva.dll 2011-11-10 02:24:26 . 2011-11-10 02:24:26 7439360 ——a-w- C:\Windows\system32\atiumd64.dll 2011-11-10 02:18:44 . 2011-04-20 00:27:00 58880 ——a-w- C:\Windows\system32\coinst.dll 2011-11-10 02:13:32 . 2011-11-10 02:13:32 494592 ——a-w- C:\Windows\system32\atiadlxx.dll 2011-11-10 02:13:22 . 2011-11-10 02:13:22 348160 ——a-w- C:\Windows\SysWow64\atiadlxy.dll 2011-11-10 02:13:08 . 2011-11-10 02:13:08 17408 ——a-w- C:\Windows\system32\atig6pxx.dll 2011-11-10 02:13:04 . 2011-11-10 02:13:04 14336 ——a-w- C:\Windows\SysWow64\atiglpxx.dll 2011-11-10 02:13:04 . 2011-11-10 02:13:04 14336 ——a-w- C:\Windows\system32\atiglpxx.dll 2011-11-10 02:13:00 . 2011-11-10 02:13:00 39936 ——a-w- C:\Windows\system32\atig6txx.dll 2011-11-10 02:12:52 . 2011-11-10 02:12:52 32768 ——a-w- C:\Windows\SysWow64\atigktxx.dll 2011-11-10 02:12:44 . 2011-11-10 02:12:44 325632 ——a-w- C:\Windows\system32\drivers\atikmpag.sys 2011-11-10 02:11:54 . 2011-04-20 00:21:46 41984 ——a-w- C:\Windows\system32\atiuxp64.dll 2011-11-10 02:11:46 . 2011-11-10 02:11:46 32256 ——a-w- C:\Windows\SysWow64\atiuxpag.dll 2011-11-10 02:11:40 . 2011-11-10 02:11:40 39424 ——a-w- C:\Windows\system32\atiu9p64.dll 2011-11-10 02:11:32 . 2011-11-10 02:11:32 54784 ——a-w- C:\Windows\system32\atimpc64.dll 2011-11-10 02:11:32 . 2011-11-10 02:11:32 54784 ——a-w- C:\Windows\system32\amdpcom64.dll 2011-11-10 02:11:32 . 2011-04-20 00:21:26 29184 ——a-w- C:\Windows\SysWow64\atiu9pag.dll 2011-11-10 02:11:26 . 2011-11-10 02:11:26 53760 ——a-w- C:\Windows\SysWow64\atimpc32.dll 2011-11-10 02:11:26 . 2011-11-10 02:11:26 53760 ——a-w- C:\Windows\SysWow64\amdpcom32.dll 2011-11-10 02:10:54 . 2011-11-10 02:10:54 53248 ——a-w- C:\Windows\system32\drivers\ati2erec.dll 2011-11-09 21:39:50 . 2011-11-09 21:39:50 69632 ——a-w- C:\Windows\system32\OpenVideo64.dll 2011-11-09 21:39:44 . 2011-11-09 21:39:44 59904 ——a-w- C:\Windows\SysWow64\OpenVideo.dll 2011-11-09 21:39:36 . 2011-11-09 21:39:36 61952 ——a-w- C:\Windows\system32\OVDecode64.dll 2011-11-09 21:39:32 . 2011-11-09 21:39:32 54784 ——a-w- C:\Windows\SysWow64\OVDecode.dll 2011-11-09 21:39:22 . 2011-11-09 21:39:22 17442304 ——a-w- C:\Windows\system32\amdocl64.dll 2011-11-09 21:38:40 . 2011-11-09 21:38:40 14375936 ——a-w- C:\Windows\SysWow64\amdocl.dll 2011-11-09 21:37:50 . 2011-11-09 21:37:50 51200 ——a-w- C:\Windows\system32\OpenCL.dll 2011-11-09 21:37:46 . 2011-11-09 21:37:46 44032 ——a-w- C:\Windows\SysWow64\OpenCL.dll 2011-10-21 19:16:12 . 2011-10-21 19:16:12 1843200 ——a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll 2011-10-21 19:15:46 . 2011-10-21 19:15:46 104448 ——a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll 2011-10-21 19:12:32 . 2011-10-21 19:12:32 2763264 ——a-w- C:\Windows\system32\SlotMaximizerBe.dll 2011-10-21 19:07:42 . 2011-10-21 19:07:42 125440 ——a-w- C:\Windows\system32\SlotMaximizerAg.dll 2011-10-17 17:40:50 . 2011-10-17 17:40:50 93712 ——a-w- C:\Windows\system32\drivers\AtihdW76.sys ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Steam”=“E:\Programmer\Steam\steam.exe” [2011-12-28 22:49:20 1242448] “Spotify”=“C:\Users\Emil Pedersen\AppData\Roaming\Spotify\spotify.exe” [2012-01-12 16:02:34 4001456] “Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2009-07-14 01:39:41 1475072] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2011-11-09 21:45:54 343168] “PWRISOVM.EXE”=“E:\Programmer\PowerISO\PWRISOVM.EXE” [2011-11-15 03:50:22 312376] “SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 12:06:06 254696] “GrooveMonitor”=“E:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 10:44:34 31072] “SwitchBoard”=“C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe” [2010-02-19 12:37:14 517096] “AdobeCS5ServiceManager”=“C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” [2010-02-22 03:57:06 406992] “avast”=“C:\Program Files\AVAST Software\Avast\avastUI.exe” [2011-11-28 18:01:24 3744552] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - E:\Programmer\LOLReplay\LOLRecorder.exe [2011-12-26 495104] NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 5 (0x5) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableUIADesktopToggle”= 0 (0x0) R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576] R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 12:37:14 517096] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 aksdf;aksdf;C:\Windows\system32\drivers\aksdf.sys [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;E:\Programmer\Hamachi\hamachi-2.exe [2011-08-15 15:18:12 2329480] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\system32\DRIVERS\wg111v3.sys [x] Indhold af mappen ‘Planlagte Opgaver’ 2012-01-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283553766-2635963574-4169432163-1000Core.job - C:\Users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 21:25:13 . 2011-12-28 21:25:12] 2012-01-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283553766-2635963574-4169432163-1000UA.job - C:\Users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 21:25:13 . 2011-12-28 21:25:12] 2012-01-14 C:\Windows\Tasks\gynmvlthv.job - C:\Windows\system32\rundll32.exe [2009-07-13 23:41:43 . 2009-07-14 01:14:31] ————- x86-64—————- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @=”{472083B0-C522-11CF-8763-00608CC02F24}” [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01:11 134384 ——a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AdobeAAMUpdater-1.0”=“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe” [2010-03-06 02:44:40 500208] “RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” [2010-04-06 16:59:40 10144288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “LoadAppInit_DLLs”=0x1 ———- Yderligere scanning———- uLocal Page = C:\Windows\system32\blank.htm uStart Page = hxxp://www.searchqu.com/406 mLocal Page = C:\Windows\SysWOW64\blank.htm IE: E&xport; to Microsoft Excel - E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm - - - - TOMME GENVEJE FJERNET - - - - Toolbar-10 - (no file) Toolbar-10 - (no file) AddRemove-Hardlock Device Drivers - C:\Windows\System32\UNWISE.EXE
[ Ignorer ] [ # 6 ] FBJ Emeritus
14.01.2012 23:01:53 Redaktør Supporter Emeritus Antal indlæg: 17644	Det ser ikke ud til, at du har fået kopieret hele ComboFix log’en herind. Vi kører ComboFix én gang mere med et lille script - husk at lægge hele log’en herind (den slutter med “End Of File” (og nogle tal)). Inden du gør som beskrevet nedenfor bliver du nødt til at deaktivere dine beskyttelsesprogrammer (AVG og Avast - hvad du end måtte bruge). 1. Åben Notesblok og kopier følgende (tekst med fed skrift) ind - og gem tekst-filen som CFScript.txt samme sted som du har ComboFix: ClearJavaCache:: DDS:: uStart Page = hxxp://www.searchqu.com/406 File:: C:\Windows\Tasks\gynmvlthv.job Træk CFScript filen over på ComboFix ikonet - det vil starte ComboFix igen (hvis computeren vil genstarte, så lad den gøre det). Se eventuelt her: http://www.fromsej.saknet.dk/billeder/cfscript.gif 2. Læg den nye ComboFix log herind. Signatur Gode råd om sikkerhed….
[ Ignorer ] [ # 7 ] Razar
16.01.2012 17:36:22 Antal indlæg: 23	Det skal lige siges, at jeg har fjernet AVG fra min computer, har ingen idé om hvornår den stadig siger det er aktiv. Og Avast var deaktiveret før ComboFix. Men her kom den nye log fra comboFix: ComboFix 12-01-16.02 - Emil Pedersen 16-01-2012 16:17:00.3.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.45.1033.18.3966.2572 [GMT 1:00] Kører fra: c:\users\Emil Pedersen\Downloads\ComboFix.exe Kommandoer benyttet :: c:\users\Emil Pedersen\Downloads\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 Enabled/Updated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 Enabled/Updated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Dannede nyt systemgendannelsespunkt . FILE :: “c:\windows\Tasks\gynmvlthv.job” . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Tasks\gynmvlthv.job . . ((((((((((((((((((((((((((((( Filer skabt fra 2011-12-16 til 2012-01-16 ))))))))))))))))))))))))))))))))))) . . 2012-01-16 15:28 . 2012-01-16 15:28 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-01-14 18:02 . 2011-02-19 06:37 1135104 ——a-w- c:\windows\system32\FntCache.dll 2012-01-13 19:07 . 2012-01-13 19:07 ———— d——-w- c:\programdata\Malwarebytes 2012-01-13 18:18 . 2011-11-28 17:51 24408 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-13 18:18 . 2011-11-28 17:53 304472 ——a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-13 18:18 . 2011-11-28 17:52 42328 ——a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-13 18:18 . 2011-11-28 18:01 256960 ——a-w- c:\windows\system32\aswBoot.exe 2012-01-13 18:18 . 2011-11-28 17:54 591192 ——a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-13 18:18 . 2011-11-28 17:52 58712 ——a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-13 18:18 . 2011-11-28 17:52 66904 ——a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-01-13 18:17 . 2011-11-28 18:01 41184 ——a-w- c:\windows\avastSS.scr 2012-01-13 18:17 . 2011-11-28 18:01 199816 ——a-w- c:\windows\SysWow64\aswBoot.exe 2012-01-13 18:17 . 2012-01-13 18:17 ———— d——-w- c:\programdata\AVAST Software 2012-01-13 18:17 . 2012-01-13 18:17 ———— d——-w- c:\program files\AVAST Software 2012-01-12 23:26 . 2012-01-12 23:26 ———— d——-w- c:\users\Default\AppData\Local\Microsoft Help 2012-01-12 17:27 . 2012-01-12 17:27 ———— d——-w- c:\program files (x86)\Trend Micro 2012-01-12 16:40 . 2012-01-12 17:17 ———— d——-w- c:\programdata\PC Tools 2012-01-11 15:15 . 2012-01-11 15:15 ———— d——-w- c:\programdata\boost_interprocess 2012-01-10 23:32 . 2012-01-10 23:33 ———— d——-w- c:\program files (x86)\iLivid 2012-01-10 19:46 . 2009-12-01 17:55 359624 ——a-w- c:\windows\system32\drivers\vpcvmm.sys 2012-01-10 19:46 . 2011-10-26 05:22 366592 ——a-w- c:\windows\system32\qdvd.dll 2012-01-10 19:46 . 2011-10-26 05:22 1572864 ——a-w- c:\windows\system32\quartz.dll 2012-01-10 19:46 . 2011-10-26 04:28 1328640 ——a-w- c:\windows\SysWow64\quartz.dll 2012-01-10 19:46 . 2011-10-26 04:28 514560 ——a-w- c:\windows\SysWow64\qdvd.dll 2012-01-10 19:46 . 2011-11-17 07:14 1739160 ——a-w- c:\windows\system32\ntdll.dll 2012-01-10 19:46 . 2011-11-17 05:41 1292592 ——a-w- c:\windows\SysWow64\ntdll.dll 2012-01-10 19:46 . 2011-11-19 15:07 77312 ——a-w- c:\windows\system32\packager.dll 2012-01-10 19:46 . 2011-11-19 14:06 67072 ——a-w- c:\windows\SysWow64\packager.dll 2012-01-09 16:59 . 2009-09-23 01:51 3584 ——a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui 2012-01-09 16:53 . 2012-01-09 16:53 287504 ——a-w- c:\windows\SysWow64\MSXBSE35.DLL 2012-01-09 16:53 . 2012-01-09 16:53 1056768 ——a-w- c:\windows\SysWow64\MSJet35.dll 2012-01-09 16:53 . 2000-06-21 08:27 252176 ——a-w- c:\windows\SysWow64\MSRD2x35.dll 2012-01-09 16:53 . 1999-05-05 21:22 430080 ——a-w- c:\windows\SysWow64\MsRepl35.dll 2012-01-09 16:53 . 1998-06-17 23:00 89360 ——a-w- c:\windows\SysWow64\VB5DB.dll 2012-01-09 16:53 . 1998-05-30 23:00 72704 ——a-w- c:\windows\SysWow64\ODBCTL32.dll 2012-01-09 16:53 . 1998-05-15 19:01 604432 ——a-w- c:\windows\SysWow64\COMCTL32.OCX 2012-01-09 16:53 . 2000-07-10 09:22 27648 ——a-w- c:\windows\SysWow64\BUR32.dll 2012-01-09 16:53 . 2000-06-21 08:27 123664 ——a-w- c:\windows\SysWow64\MSJInt35.dll 2012-01-09 16:53 . 2000-06-21 08:27 24848 ——a-w- c:\windows\SysWow64\MSJtEr35.dll 2012-01-09 16:53 . 1996-12-02 17:44 582144 ——a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\DAO350.DLL 2012-01-09 16:50 . 2005-09-06 17:06 28672 ——a-w- c:\windows\SysWow64\hlduinst.exe 2012-01-09 16:50 . 2001-09-28 18:00 164864 ——a-w- c:\windows\SysWow64\UNWISE.EXE 2012-01-09 16:50 . 2005-10-12 18:49 3063808 ——a-w- c:\windows\SysWow64\hinstd.dll 2012-01-09 16:50 . 2005-09-28 13:24 2164411 ——a-w- c:\windows\SysWow64\haspds_windows.dll 2012-01-08 21:26 . 2009-03-18 16:35 33856 —-ha-w- c:\windows\system32\hamachi.sys 2012-01-08 17:38 . 2012-01-08 17:38 ———— d——-w- c:\windows\system32\appmgmt 2012-01-07 17:42 . 2012-01-07 17:43 ———— d——-w- c:\program files\Oracle 2012-01-07 17:42 . 2011-11-08 18:40 750488 ——a-w- c:\windows\system32\npdeployJava1.dll 2012-01-07 17:42 . 2011-11-08 18:40 660368 ——a-w- c:\windows\system32\deployJava1.dll 2012-01-07 17:42 . 2012-01-07 17:42 ———— d——-w- c:\program files\Java 2012-01-07 16:53 . 2012-01-07 16:53 ———— d——-w- c:\windows\symbols 2012-01-07 16:49 . 2012-01-07 16:49 ———— d——-w- c:\programdata\VS 2012-01-06 21:06 . 2012-01-06 21:06 530488 ——a-w- c:\windows\system32\drivers\sptd.sys 2012-01-04 22:24 . 2012-01-04 22:24 ———— d——-w- c:\program files (x86)\Microsoft XNA 2012-01-04 15:36 . 2012-01-04 16:20 ———— d——-w- c:\programdata\regid.1986-12.com.adobe 2012-01-04 15:16 . 2012-01-04 15:17 ———— d——-w- c:\program files\Common Files\Adobe 2012-01-04 15:12 . 2012-01-04 15:12 159744 —sha-r- c:\windows\SysWow64\ktmw32D.dll 2012-01-02 16:00 . 2012-01-02 16:00 ———— d——-w- c:\programdata\iZotope 2012-01-02 15:58 . 2012-01-02 15:58 ———— d——-w- c:\program files (x86)\Common Files\Digidesign 2012-01-02 15:58 . 2009-10-24 20:15 1332224 ——a-w- c:\windows\SysWow64\SYNSOEMU.DLL 2012-01-02 15:54 . 2012-01-14 04:02 ———— d——-w- c:\program files (x86)\Microsoft Works 2012-01-02 15:52 . 2012-01-02 15:52 ———— d——-w- c:\program files (x86)\Microsoft Visual Studio 8 2012-01-02 15:51 . 2012-01-14 18:59 ———— d——-w- c:\programdata\Microsoft Help 2012-01-02 15:45 . 2006-06-20 08:56 225280 ——a-w- c:\windows\SysWow64\rewire.dll 2012-01-02 15:45 . 2002-07-07 22:14 1294336 ——a-w- c:\windows\SysWow64\vorbis.acm 2012-01-02 15:45 . 2012-01-02 15:45 ———— d——-w- c:\program files (x86)\Image-Line 2012-01-02 15:45 . 2012-01-02 15:45 ———— d——-w- c:\program files (x86)\Outsim 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files (x86)\Microsoft SQL Server 2011-12-30 23:30 . 2012-01-12 16:01 ———— d——-w- c:\program files (x86)\Microsoft Silverlight 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files\Microsoft Synchronization Services 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files\Microsoft SQL Server Compact Edition 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files (x86)\Microsoft Synchronization Services 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2011-12-30 23:29 . 2012-01-07 16:53 205984 ——a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-12-30 23:29 . 2011-12-30 23:31 ———— d——-w- c:\program files (x86)\Microsoft Visual Studio 10.0 2011-12-30 23:28 . 2011-12-30 23:28 ———— d——-w- c:\program files\Microsoft Visual Studio 10.0 2011-12-30 23:28 . 2011-12-30 23:28 ———— d——-w- c:\program files\Microsoft Help Viewer 2011-12-30 23:28 . 2011-12-30 23:28 ———— d——-w- c:\program files (x86)\Microsoft SDKs 2011-12-30 23:25 . 2011-12-30 23:25 ———— d——-w- c:\windows\PCHEALTH 2011-12-30 23:01 . 2011-12-30 23:01 ———— d——-w- c:\program files (x86)\Common Files\Java 2011-12-30 23:00 . 2011-12-30 23:00 472808 ——a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-30 23:00 . 2011-12-30 23:00 ———— d——-w- c:\program files (x86)\Java 2011-12-30 22:36 . 2011-12-30 22:36 ———— d——-w- c:\program files (x86)\Common Files\DVDVideoSoft 2011-12-30 21:07 . 2011-12-30 22:05 ———— d——-w- C:\fsbext 2011-12-29 20:39 . 2011-12-29 20:39 ———— d——-w- c:\program files (x86)\Adobe Media Player 2011-12-29 20:37 . 2011-12-29 20:37 ———— d——-w- c:\program files (x86)\Common Files\Adobe AIR 2011-12-29 20:35 . 2012-01-04 15:16 ———— d——-w- c:\program files (x86)\Common Files\Adobe 2011-12-29 06:02 . 2012-01-13 18:01 ———— d——-w- c:\windows\Panther 2011-12-29 03:08 . 2011-12-30 23:29 ———— d——-w- c:\program files (x86)\Microsoft.NET 2011-12-29 02:00 . 2011-12-29 02:00 ———— d——-w- c:\windows\SysWow64\Wat 2011-12-29 02:00 . 2011-12-29 02:00 ———— d——-w- c:\windows\system32\Wat 2011-12-29 01:22 . 2011-12-29 01:22 280904 ——a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-12-29 01:22 . 2011-12-29 01:22 ———— d——-w- c:\program files (x86)\Battlelog Web Plugins 2011-12-29 01:21 . 2011-12-29 01:21 ———— d——-w- c:\programdata\EA Core 2011-12-29 00:55 . 2011-12-29 00:57 2829 ——a-w- c:\windows\War3Unin.pif 2011-12-29 00:55 . 2011-12-29 00:57 139264 ——a-w- c:\windows\War3Unin.exe 2011-12-29 00:49 . 2011-11-15 03:50 125376 ——a-w- c:\windows\system32\drivers\scdemu.sys 2011-12-29 00:05 . 2008-07-12 07:18 467984 ——a-w- c:\windows\SysWow64\d3dx10_39.dll 2011-12-29 00:05 . 2008-07-12 07:18 1493528 ——a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2011-12-29 00:05 . 2008-07-12 07:18 3851784 ——a-w- c:\windows\SysWow64\D3DX9_39.dll 2011-12-28 23:47 . 2011-12-28 23:47 ———— d—h—w- c:\program files (x86)\Common Files\EAInstaller 2011-12-28 23:46 . 2011-12-29 01:22 280904 ——a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-12-28 23:46 . 2011-12-29 00:22 189248 ——a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-12-28 23:46 . 2011-12-29 00:22 75136 ——a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-12-28 23:33 . 2011-12-28 23:33 ———— d——-w- c:\programdata\ATI 2011-12-28 23:33 . 2011-12-28 23:33 ———— d——-w- c:\program files (x86)\AMD APP 2011-12-28 23:33 . 2011-12-28 23:33 ———— d——-w- c:\program files\Common Files\ATI Technologies 2011-12-28 23:33 . 2011-12-28 23:33 ———— d——-w- c:\program files (x86)\Common Files\ATI Technologies 2011-12-28 23:31 . 2011-12-28 23:31 ———— d——-w- c:\program files (x86)\ATI Technologies 2011-12-28 23:31 . 2011-12-28 23:33 ———— d——-w- c:\program files\ATI Technologies 2011-12-28 23:31 . 2011-12-28 23:31 ———— d——-w- c:\program files\ATI 2011-12-28 23:30 . 2011-12-28 23:30 ———— d——-w- C:\ATI 2011-12-28 22:56 . 2011-12-29 01:21 ———— d——-w- c:\programdata\Electronic Arts 2011-12-28 22:56 . 2011-12-29 01:21 ———— d——-w- c:\programdata\Origin 2011-12-28 22:56 . 2011-12-28 23:20 ———— d——-w- c:\program files (x86)\Origin Games 2011-12-28 22:48 . 2012-01-04 12:58 ———— d——-w- c:\program files (x86)\Common Files\Steam 2011-12-28 22:44 . 2012-01-15 20:42 ———— d——-w- c:\programdata\PMB Files 2011-12-28 22:44 . 2011-12-28 22:44 ———— d——-w- c:\program files (x86)\Pando Networks 2011-12-28 22:42 . 2011-12-28 22:42 ———— d——-w- c:\programdata\Skype 2011-12-28 22:32 . 2011-12-28 22:32 ———— d——-w- c:\program files (x86)\AVG 2011-12-28 22:20 . 2011-12-28 22:20 0 ——a-w- c:\windows\ativpsrm.bin 2011-12-28 22:10 . 2010-09-14 06:45 367104 ——a-w- c:\windows\system32\wcncsvc.dll 2011-12-28 22:10 . 2010-09-14 06:07 276992 ——a-w- c:\windows\SysWow64\wcncsvc.dll 2011-12-28 21:56 . 2011-12-28 21:56 ———— d—h—w- c:\programdata\Common Files 2011-12-28 21:45 . 2009-09-10 06:28 311808 ——a-w- c:\windows\system32\msv1_0.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-02 09:51 . 2011-12-02 09:51 4913608 ——a-w- c:\windows\system32\aksllmtp.exe 2011-11-24 08:58 . 2011-11-24 08:58 78208 ——a-w- c:\windows\system32\drivers\aksdf.sys 2011-11-24 08:58 . 2011-11-24 08:58 139592 ——a-w- c:\windows\system32\drivers\aksfridge.sys 2011-11-10 03:45 . 2011-11-10 03:45 10567680 ——a-w- c:\windows\system32\drivers\atikmdag.sys 2011-11-10 03:20 . 2011-11-10 03:20 25218048 ——a-w- c:\windows\system32\atio6axx.dll 2011-11-10 03:17 . 2011-11-10 03:17 159744 ——a-w- c:\windows\system32\atiapfxx.exe 2011-11-10 03:16 . 2011-04-20 01:09 774656 ——a-w- c:\windows\SysWow64\aticfx32.dll 2011-11-10 03:15 . 2011-11-10 03:15 927232 ——a-w- c:\windows\system32\aticfx64.dll 2011-11-10 03:12 . 2011-11-10 03:12 466944 ——a-w- c:\windows\system32\ATIDEMGX.dll 2011-11-10 03:12 . 2011-11-10 03:12 516608 ——a-w- c:\windows\system32\atieclxx.exe 2011-11-10 03:11 . 2011-11-10 03:11 204288 ——a-w- c:\windows\system32\atiesrxx.exe 2011-11-10 03:10 . 2011-11-10 03:10 120320 ——a-w- c:\windows\system32\atitmm64.dll 2011-11-10 03:09 . 2011-11-10 03:09 423424 ——a-w- c:\windows\system32\atipdl64.dll 2011-11-10 03:09 . 2011-11-10 03:09 360448 ——a-w- c:\windows\SysWow64\atipdlxx.dll 2011-11-10 03:09 . 2011-11-10 03:09 278528 ——a-w- c:\windows\SysWow64\Oemdspif.dll 2011-11-10 03:09 . 2011-11-10 03:09 21504 ——a-w- c:\windows\system32\atimuixx.dll 2011-11-10 03:09 . 2011-11-10 03:09 59392 ——a-w- c:\windows\system32\atiedu64.dll 2011-11-10 03:09 . 2011-11-10 03:09 43520 ——a-w- c:\windows\SysWow64\ati2edxx.dll 2011-11-10 03:06 . 2011-11-10 03:06 6077952 ——a-w- c:\windows\SysWow64\atidxx32.dll 2011-11-10 02:58 . 2011-11-10 02:58 18996224 ——a-w- c:\windows\SysWow64\atioglxx.dll 2011-11-10 02:51 . 2011-11-10 02:51 7405056 ——a-w- c:\windows\system32\atidxx64.dll 2011-11-10 02:40 . 2011-11-10 02:40 1113088 ——a-w- c:\windows\system32\atiumd6v.dll 2011-11-10 02:40 . 2011-11-10 02:40 1828864 ——a-w- c:\windows\SysWow64\atiumdmv.dll 2011-11-10 02:40 . 2011-11-10 02:40 4061696 ——a-w- c:\windows\system32\atiumd6a.dll 2011-11-10 02:34 . 2011-11-10 02:34 51200 ——a-w- c:\windows\system32\aticalrt64.dll 2011-11-10 02:34 . 2011-11-10 02:34 46080 ——a-w- c:\windows\SysWow64\aticalrt.dll 2011-11-10 02:34 . 2011-11-10 02:34 44544 ——a-w- c:\windows\system32\aticalcl64.dll 2011-11-10 02:34 . 2011-11-10 02:34 44032 ——a-w- c:\windows\SysWow64\aticalcl.dll 2011-11-10 02:34 . 2011-11-10 02:34 13552640 ——a-w- c:\windows\system32\aticaldd64.dll 2011-11-10 02:33 . 2011-04-20 00:38 5852672 ——a-w- c:\windows\SysWow64\atiumdag.dll 2011-11-10 02:29 . 2011-11-10 02:29 11300864 ——a-w- c:\windows\SysWow64\aticaldd.dll 2011-11-10 02:29 . 2011-04-20 00:30 4200960 ——a-w- c:\windows\SysWow64\atiumdva.dll 2011-11-10 02:24 . 2011-11-10 02:24 7439360 ——a-w- c:\windows\system32\atiumd64.dll 2011-11-10 02:18 . 2011-04-20 00:27 58880 ——a-w- c:\windows\system32\coinst.dll 2011-11-10 02:13 . 2011-11-10 02:13 494592 ——a-w- c:\windows\system32\atiadlxx.dll 2011-11-10 02:13 . 2011-11-10 02:13 348160 ——a-w- c:\windows\SysWow64\atiadlxy.dll 2011-11-10 02:13 . 2011-11-10 02:13 17408 ——a-w- c:\windows\system32\atig6pxx.dll 2011-11-10 02:13 . 2011-11-10 02:13 14336 ——a-w- c:\windows\SysWow64\atiglpxx.dll 2011-11-10 02:13 . 2011-11-10 02:13 14336 ——a-w- c:\windows\system32\atiglpxx.dll 2011-11-10 02:13 . 2011-11-10 02:13 39936 ——a-w- c:\windows\system32\atig6txx.dll 2011-11-10 02:12 . 2011-11-10 02:12 32768 ——a-w- c:\windows\SysWow64\atigktxx.dll 2011-11-10 02:12 . 2011-11-10 02:12 325632 ——a-w- c:\windows\system32\drivers\atikmpag.sys 2011-11-10 02:11 . 2011-04-20 00:21 41984 ——a-w- c:\windows\system32\atiuxp64.dll 2011-11-10 02:11 . 2011-11-10 02:11 32256 ——a-w- c:\windows\SysWow64\atiuxpag.dll 2011-11-10 02:11 . 2011-11-10 02:11 39424 ——a-w- c:\windows\system32\atiu9p64.dll 2011-11-10 02:11 . 2011-11-10 02:11 54784 ——a-w- c:\windows\system32\atimpc64.dll 2011-11-10 02:11 . 2011-11-10 02:11 54784 ——a-w- c:\windows\system32\amdpcom64.dll 2011-11-10 02:11 . 2011-04-20 00:21 29184 ——a-w- c:\windows\SysWow64\atiu9pag.dll 2011-11-10 02:11 . 2011-11-10 02:11 53760 ——a-w- c:\windows\SysWow64\atimpc32.dll 2011-11-10 02:11 . 2011-11-10 02:11 53760 ——a-w- c:\windows\SysWow64\amdpcom32.dll 2011-11-10 02:10 . 2011-11-10 02:10 53248 ——a-w- c:\windows\system32\drivers\ati2erec.dll 2011-11-09 21:39 . 2011-11-09 21:39 69632 ——a-w- c:\windows\system32\OpenVideo64.dll 2011-11-09 21:39 . 2011-11-09 21:39 59904 ——a-w- c:\windows\SysWow64\OpenVideo.dll 2011-11-09 21:39 . 2011-11-09 21:39 61952 ——a-w- c:\windows\system32\OVDecode64.dll 2011-11-09 21:39 . 2011-11-09 21:39 54784 ——a-w- c:\windows\SysWow64\OVDecode.dll 2011-11-09 21:39 . 2011-11-09 21:39 17442304 ——a-w- c:\windows\system32\amdocl64.dll 2011-11-09 21:38 . 2011-11-09 21:38 14375936 ——a-w- c:\windows\SysWow64\amdocl.dll 2011-11-09 21:37 . 2011-11-09 21:37 51200 ——a-w- c:\windows\system32\OpenCL.dll 2011-11-09 21:37 . 2011-11-09 21:37 44032 ——a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-21 19:16 . 2011-10-21 19:16 1843200 ——a-w- c:\windows\SysWow64\SlotMaximizerBe.dll 2011-10-21 19:15 . 2011-10-21 19:15 104448 ——a-w- c:\windows\SysWow64\SlotMaximizerAg.dll 2011-10-21 19:12 . 2011-10-21 19:12 2763264 ——a-w- c:\windows\system32\SlotMaximizerBe.dll 2011-10-21 19:07 . 2011-10-21 19:07 125440 ——a-w- c:\windows\system32\SlotMaximizerAg.dll . . ((((((((((((((((((((((((((((( SnapShot_2012-01-16_15.07.15 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-01-16 15:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-01-16 15:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-01-16 15:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-01-16 15:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-01-16 15:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-01-16 15:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-12-28 22:24 . 2012-01-16 15:08 30104 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-01-16 15:08 29284 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-12-28 21:14 . 2012-01-16 15:08 6958 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3283553766-2635963574-4169432163-1000_UserData.bin - 2012-01-16 15:06 . 2012-01-16 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-16 15:29 . 2012-01-16 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-16 15:29 . 2012-01-16 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-01-16 15:06 . 2012-01-16 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-01-16 15:02 652496 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-01-16 15:13 652496 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-01-16 15:02 121428 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-01-16 15:13 121428 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-01-16 15:05 475260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-01-16 15:28 475260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-12-28 23:11 . 2012-01-16 15:28 1652496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3283553766-2635963574-4169432163-1000-8192.dat - 2011-12-28 23:11 . 2012-01-16 15:05 1652496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3283553766-2635963574-4169432163-1000-8192.dat - 2009-07-14 02:34 . 2012-01-15 12:11 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-01-16 15:20 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Steam”=“e:\programmer\Steam\steam.exe” [2011-12-28 1242448] “Spotify”=“c:\users\Emil Pedersen\AppData\Roaming\Spotify\spotify.exe” [2012-01-12 4001456] “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-07-14 1475072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “StartCCC”=“c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2011-11-09 343168] “PWRISOVM.EXE”=“e:\programmer\PowerISO\PWRISOVM.EXE” [2011-11-15 312376] “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 254696] “GrooveMonitor”=“e:\programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072] “SwitchBoard”=“c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe” [2010-02-19 517096] “AdobeCS5ServiceManager”=“c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” [2010-02-22 406992] “avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2011-11-28 3744552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - e:\programmer\LOLReplay\LOLRecorder.exe [2011-12-26 495104] NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 5 (0x5) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableUIADesktopToggle”= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\programmer\Hamachi\hamachi-2.exe [2011-08-15 2329480] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x] . . Indhold af mappen ‘Planlagte Opgaver’ . 2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283553766-2635963574-4169432163-1000Core.job - c:\users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 21:25] . 2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283553766-2635963574-4169432163-1000UA.job - c:\users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 21:25] . . ————- x86-64—————- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @=”{472083B0-C522-11CF-8763-00608CC02F24}” [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ——a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AdobeAAMUpdater-1.0”=“c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe” [2010-03-06 500208] “RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe” [2010-04-06 10144288] . ———- Yderligere scanning———- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport; to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm . - - - - TOMME GENVEJE FJERNET - - - - . Toolbar-10 - (no file) . . . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @=“FlashBroker” “LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] “Enabled”=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Shockwave Flash Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @=“0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @=“ShockwaveFlash.ShockwaveFlash.10” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“ShockwaveFlash.ShockwaveFlash” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Macromedia Flash Factory Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @=“FlashFactory.FlashFactory.1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“FlashFactory.FlashFactory” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @=“IFlashBroker4” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @=”{00020424-0000-0000-C000-000000000046}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” “Version”=“1.0” . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ————————————Andre kørende processer———————————— . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\SysWOW64\rundll32.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Gennemført tid: 2012-01-16 16:34:09 - maskinen blev genstartet ComboFix-quarantined-files.txt 2012-01-16 15:34 ComboFix2.txt 2012-01-16 15:11 ComboFix3.txt 2012-01-14 18:03 . Pre-Kørsel: 459.848.953.856 bytes free Post-Kørsel: 459.792.117.760 bytes free . - - End Of File - - 0FDC2D35064DA2F37997BE3F72E27315
[ Ignorer ] [ # 8 ] Razar
16.01.2012 18:00:46 Antal indlæg: 23	Har søgt lidt selv, og har fundet frem til at min fil: “atapi.sys” er inficeret med Rootkit.
[ Ignorer ] [ # 9 ] FBJ Emeritus
16.01.2012 20:14:16 Redaktør Supporter Emeritus Antal indlæg: 17644	Det lyder jo ikke godt - hvordan fandt du ud af det? Der er ikke noget i din ComboFix log, der tyder på det… Signatur Gode råd om sikkerhed….
[ Ignorer ] [ # 10 ] Razar
17.01.2012 13:03:13 Antal indlæg: 23	Nej, men jeg googled: Google Redirect Virus.. Og så fandt jeg en masse forums. Andre har også prøvet med combofix, og det virkede hellere ikke for dem. Der er alle mulige programmer de vil have en til at hente, meen, tror lige jeg overlader det til jer (experterne).
[ Ignorer ] [ # 11 ] Peder TeamSpywarefri
17.01.2012 16:23:43 Redaktør Team Spywarefri Antal indlæg: 13016	Åbn Notesblok og kopier teksten med fed skrift ind, gem den som CFScript.txt samme sted som Combofix. Killall:: Snapshot:: DDS:: uStart Page = hxxp://www.searchqu.com/406 uURLSearchHooks: H - No File BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File IE: Free YouTube to MP3 Converter - C:\Users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File BHO-X64: Searchqu Toolbar - No File Folder:: C:\Users\Emil Pedersen\AppData\Local\Ilivid Player C:\Program Files (x86)\iLivid C:\Users\Emil Pedersen\AppData\Roaming\DVDVideoSoft C:\Users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers C:\Program Files (x86)\Common Files\DVDVideoSoft C:\Users\Emil Pedersen\AppData\Roaming\uTorrent Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. http://www.fromsej.saknet.dk/billeder/cfscript.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Kopier den fremkomne log herind. >> Hent og gem aswMBR på dit Skrivebord. http://public.avast.com/~gmerek/aswMBR.exe Start aswMBR og klik på “Scan” Vista og Windows 7 - højreklik på filen - Kør som Administrator. Når den er færdig med at scanne, klikker du på “SAVE LOG€” og sender loggen herind.
[ Ignorer ] [ # 12 ] Razar
17.01.2012 18:53:32 Antal indlæg: 23	COMBOFIX LOG: ComboFix 12-01-17.01 - Emil Pedersen 17-01-2012 17:39:09.4.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.45.1033.18.3966.2438 [GMT 1:00] Kører fra: c:\users\Emil Pedersen\Downloads\ComboFix.exe Kommandoer benyttet :: c:\users\Emil Pedersen\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 Enabled/Updated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 Enabled/Updated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Dannede nyt systemgendannelsespunkt . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\DVDVideoSoft c:\program files (x86)\Common Files\DVDVideoSoft\bin\BrowserHelpersInstaller.exe c:\program files (x86)\Common Files\DVDVideoSoft\bin\de-DE\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\de-DE\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\de-DE\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\DVDVideoSoft.Resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\DVSUpdate.exe c:\program files (x86)\Common Files\DVDVideoSoft\bin\es-ES\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\es-ES\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\es-ES\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\fr-FR\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\it-IT\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\it-IT\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\it-IT\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\ja-JP\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\nl-NL\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\pl-PL\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\pt-PT\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\ru-RU\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\SubscriptionOffer.exe c:\program files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\DVDVideoSoft.DialogForms.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\zh-CHS\SubscriptionOffer.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\bin\zh-Hant\DVDVideoSoft.Resources.resources.dll c:\program files (x86)\Common Files\DVDVideoSoft\chimes.wav c:\program files (x86)\Common Files\DVDVideoSoft\Dll\avcodec-53.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\avdevice-53.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\avfilter-2.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\avformat-53.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\avutil-51.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\CudaTranscoder.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\DVSiTunes.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\DvsServiceBridge.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\DVSVideoDownloader.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\ffmpeg.exe c:\program files (x86)\Common Files\DVDVideoSoft\Dll\lame.exe c:\program files (x86)\Common Files\DVDVideoSoft\Dll\MediaTagsEditor.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\Microsoft.WindowsAPICodePack.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\Microsoft.WindowsAPICodePack.Shell.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\postproc-51.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\RtmpDownload.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\swresample-0.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\swscale-2.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\VideoFileToIPOD.dll c:\program files (x86)\Common Files\DVDVideoSoft\Dll\xmllite.dll c:\program files (x86)\Common Files\DVDVideoSoft\DvsService.exe c:\program files (x86)\Common Files\DVDVideoSoft\FixComponents.exe c:\program files (x86)\Common Files\DVDVideoSoft\FixComponentsSilent.exe c:\program files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe c:\program files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe c:\program files (x86)\iLivid c:\program files (x86)\iLivid\ilivid.exe c:\program files (x86)\iLivid\imageformats\qgif4.dll c:\program files (x86)\iLivid\imageformats\qjpeg4.dll c:\program files (x86)\iLivid\libgcc_s_dw2-1.dll c:\program files (x86)\iLivid\mingwm10.dll c:\program files (x86)\iLivid\phonon4.dll c:\program files (x86)\iLivid\QtCore4.dll c:\program files (x86)\iLivid\QtGui4.dll c:\program files (x86)\iLivid\QtNetwork4.dll c:\program files (x86)\iLivid\QtScript4.dll c:\program files (x86)\iLivid\QtWebKit4.dll c:\users\Emil Pedersen\AppData\Local\Ilivid Player c:\users\Emil Pedersen\AppData\Local\Ilivid Player\script.qscript c:\users\Emil Pedersen\AppData\Roaming\DVDVideoSoft c:\users\Emil Pedersen\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\FreeYouTubeToMP3ConverterProfile.xml c:\users\Emil Pedersen\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\History.xml c:\users\Emil Pedersen\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\League of Legends Sounds - Announcer Voice(1).png c:\users\Emil Pedersen\AppData\Roaming\DVDVideoSoft\logs\FreeYouTubeToMP3Converter_v1.log c:\users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers c:\users\Emil Pedersen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm c:\users\Emil Pedersen\AppData\Roaming\uTorrent c:\users\Emil Pedersen\AppData\Roaming\uTorrent\apps\3609FC884502A1DF0AA5D9D160C827BB1BD51FC9.btapp c:\users\Emil Pedersen\AppData\Roaming\uTorrent\apps\player.btapp c:\users\Emil Pedersen\AppData\Roaming\uTorrent\apps\plus.btapp c:\users\Emil Pedersen\AppData\Roaming\uTorrent\apps\welcome.btapp c:\users\Emil Pedersen\AppData\Roaming\uTorrent\dht.dat c:\users\Emil Pedersen\AppData\Roaming\uTorrent\dht.dat.old c:\users\Emil Pedersen\AppData\Roaming\uTorrent\dht_feed.dat c:\users\Emil Pedersen\AppData\Roaming\uTorrent\dht_feed.dat.old c:\users\Emil Pedersen\AppData\Roaming\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1 c:\users\Emil Pedersen\AppData\Roaming\uTorrent\Fruity Loops Studio 8.0 XXL Producer Edition.torrent c:\users\Emil Pedersen\AppData\Roaming\uTorrent\Fruity_Loops_Studio_9_&_Crack.1.torrent c:\users\Emil Pedersen\AppData\Roaming\uTorrent\Fruity_Loops_Studio_9_&_Crack.torrent c:\users\Emil Pedersen\AppData\Roaming\uTorrent\MAXON Cinema 4D v10.506 Studio Bundle MultiLang + Xfrog 4.3.iso.torrent c:\users\Emil Pedersen\AppData\Roaming\uTorrent\resume.dat c:\users\Emil Pedersen\AppData\Roaming\uTorrent\resume.dat.old c:\users\Emil Pedersen\AppData\Roaming\uTorrent\rss.dat c:\users\Emil Pedersen\AppData\Roaming\uTorrent\rss.dat.old c:\users\Emil Pedersen\AppData\Roaming\uTorrent\settings.dat c:\users\Emil Pedersen\AppData\Roaming\uTorrent\settings.dat.old c:\users\Emil Pedersen\AppData\Roaming\uTorrent\utorrent.lng c:\users\Emil Pedersen\AppData\Roaming\uTorrent\Warcraft III - The Frozen Throne.torrent c:\windows\SysWow64\SETA2EA.tmp c:\windows\SysWow64\SETA51D.tmp c:\windows\SysWow64\SETB218.tmp c:\windows\SysWow64\SETB5AA.tmp . . ((((((((((((((((((((((((((((( Filer skabt fra 2011-12-17 til 2012-01-17 ))))))))))))))))))))))))))))))))))) . . 2012-01-17 16:43 . 2012-01-17 16:43 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-01-16 16:26 . 2012-01-16 16:26 ———— d——-w- c:\program files (x86)\Conduit 2012-01-16 16:26 . 2012-01-16 16:26 ———— d——-w- c:\programdata\NCH Software 2012-01-16 16:26 . 2012-01-16 16:44 ———— d——-w- c:\program files (x86)\NCH Software 2012-01-16 16:12 . 2012-01-16 16:12 25160 ——a-w- c:\windows\system32\drivers\hitmanpro35.sys 2012-01-16 16:12 . 2012-01-16 16:12 ———— d——-w- c:\program files\Hitman Pro 3.5 2012-01-16 16:12 . 2012-01-16 16:12 ———— d——-w- c:\programdata\Hitman Pro 2012-01-14 18:02 . 2011-02-19 06:37 1135104 ——a-w- c:\windows\system32\FntCache.dll 2012-01-13 19:07 . 2012-01-13 19:07 ———— d——-w- c:\programdata\Malwarebytes 2012-01-13 18:18 . 2011-11-28 17:51 24408 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-13 18:18 . 2011-11-28 17:53 304472 ——a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-13 18:18 . 2011-11-28 17:52 42328 ——a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-13 18:18 . 2011-11-28 18:01 256960 ——a-w- c:\windows\system32\aswBoot.exe 2012-01-13 18:18 . 2011-11-28 17:54 591192 ——a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-13 18:18 . 2011-11-28 17:52 58712 ——a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-13 18:18 . 2011-11-28 17:52 66904 ——a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-01-13 18:17 . 2011-11-28 18:01 41184 ——a-w- c:\windows\avastSS.scr 2012-01-13 18:17 . 2011-11-28 18:01 199816 ——a-w- c:\windows\SysWow64\aswBoot.exe 2012-01-13 18:17 . 2012-01-13 18:17 ———— d——-w- c:\programdata\AVAST Software 2012-01-13 18:17 . 2012-01-13 18:17 ———— d——-w- c:\program files\AVAST Software 2012-01-12 23:26 . 2012-01-12 23:26 ———— d——-w- c:\users\Default\AppData\Local\Microsoft Help 2012-01-12 17:27 . 2012-01-12 17:27 ———— d——-w- c:\program files (x86)\Trend Micro 2012-01-12 16:40 . 2012-01-12 17:17 ———— d——-w- c:\programdata\PC Tools 2012-01-11 15:15 . 2012-01-11 15:15 ———— d——-w- c:\programdata\boost_interprocess 2012-01-10 19:46 . 2009-12-01 17:55 359624 ——a-w- c:\windows\system32\drivers\vpcvmm.sys 2012-01-10 19:46 . 2011-10-26 05:22 366592 ——a-w- c:\windows\system32\qdvd.dll 2012-01-10 19:46 . 2011-10-26 05:22 1572864 ——a-w- c:\windows\system32\quartz.dll 2012-01-10 19:46 . 2011-10-26 04:28 1328640 ——a-w- c:\windows\SysWow64\quartz.dll 2012-01-10 19:46 . 2011-10-26 04:28 514560 ——a-w- c:\windows\SysWow64\qdvd.dll 2012-01-10 19:46 . 2011-11-17 07:14 1739160 ——a-w- c:\windows\system32\ntdll.dll 2012-01-10 19:46 . 2011-11-17 05:41 1292592 ——a-w- c:\windows\SysWow64\ntdll.dll 2012-01-10 19:46 . 2011-11-19 15:07 77312 ——a-w- c:\windows\system32\packager.dll 2012-01-10 19:46 . 2011-11-19 14:06 67072 ——a-w- c:\windows\SysWow64\packager.dll 2012-01-09 16:59 . 2009-09-23 01:51 3584 ——a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui 2012-01-09 16:53 . 2012-01-09 16:53 287504 ——a-w- c:\windows\SysWow64\MSXBSE35.DLL 2012-01-09 16:53 . 2012-01-09 16:53 1056768 ——a-w- c:\windows\SysWow64\MSJet35.dll 2012-01-09 16:53 . 2000-06-21 08:27 252176 ——a-w- c:\windows\SysWow64\MSRD2x35.dll 2012-01-09 16:53 . 1999-05-05 21:22 430080 ——a-w- c:\windows\SysWow64\MsRepl35.dll 2012-01-09 16:53 . 1998-06-17 23:00 89360 ——a-w- c:\windows\SysWow64\VB5DB.dll 2012-01-09 16:53 . 1998-05-30 23:00 72704 ——a-w- c:\windows\SysWow64\ODBCTL32.dll 2012-01-09 16:53 . 1998-05-15 19:01 604432 ——a-w- c:\windows\SysWow64\COMCTL32.OCX 2012-01-09 16:53 . 2000-07-10 09:22 27648 ——a-w- c:\windows\SysWow64\BUR32.dll 2012-01-09 16:53 . 2000-06-21 08:27 123664 ——a-w- c:\windows\SysWow64\MSJInt35.dll 2012-01-09 16:53 . 2000-06-21 08:27 24848 ——a-w- c:\windows\SysWow64\MSJtEr35.dll 2012-01-09 16:53 . 1996-12-02 17:44 582144 ——a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\DAO350.DLL 2012-01-09 16:50 . 2005-09-06 17:06 28672 ——a-w- c:\windows\SysWow64\hlduinst.exe 2012-01-09 16:50 . 2001-09-28 18:00 164864 ——a-w- c:\windows\SysWow64\UNWISE.EXE 2012-01-09 16:50 . 2005-10-12 18:49 3063808 ——a-w- c:\windows\SysWow64\hinstd.dll 2012-01-09 16:50 . 2005-09-28 13:24 2164411 ——a-w- c:\windows\SysWow64\haspds_windows.dll 2012-01-08 21:26 . 2009-03-18 16:35 33856 —-ha-w- c:\windows\system32\hamachi.sys 2012-01-08 17:38 . 2012-01-16 16:38 ———— d——-w- c:\windows\system32\appmgmt 2012-01-07 17:42 . 2012-01-07 17:43 ———— d——-w- c:\program files\Oracle 2012-01-07 17:42 . 2011-11-08 18:40 750488 ——a-w- c:\windows\system32\npdeployJava1.dll 2012-01-07 17:42 . 2011-11-08 18:40 660368 ——a-w- c:\windows\system32\deployJava1.dll 2012-01-07 17:42 . 2012-01-07 17:42 ———— d——-w- c:\program files\Java 2012-01-07 16:53 . 2012-01-07 16:53 ———— d——-w- c:\windows\symbols 2012-01-07 16:49 . 2012-01-07 16:49 ———— d——-w- c:\programdata\VS 2012-01-06 21:06 . 2012-01-06 21:06 530488 ——a-w- c:\windows\system32\drivers\sptd.sys 2012-01-04 22:24 . 2012-01-04 22:24 ———— d——-w- c:\program files (x86)\Microsoft XNA 2012-01-04 15:36 . 2012-01-04 16:20 ———— d——-w- c:\programdata\regid.1986-12.com.adobe 2012-01-04 15:16 . 2012-01-04 15:17 ———— d——-w- c:\program files\Common Files\Adobe 2012-01-04 15:12 . 2012-01-04 15:12 159744 —sha-r- c:\windows\SysWow64\ktmw32D.dll 2012-01-02 16:00 . 2012-01-02 16:00 ———— d——-w- c:\programdata\iZotope 2012-01-02 15:58 . 2012-01-02 15:58 ———— d——-w- c:\program files (x86)\Common Files\Digidesign 2012-01-02 15:58 . 2009-10-24 20:15 1332224 ——a-w- c:\windows\SysWow64\SYNSOEMU.DLL 2012-01-02 15:54 . 2012-01-14 04:02 ———— d——-w- c:\program files (x86)\Microsoft Works 2012-01-02 15:52 . 2012-01-02 15:52 ———— d——-w- c:\program files (x86)\Microsoft Visual Studio 8 2012-01-02 15:51 . 2012-01-14 18:59 ———— d——-w- c:\programdata\Microsoft Help 2012-01-02 15:45 . 2006-06-20 08:56 225280 ——a-w- c:\windows\SysWow64\rewire.dll 2012-01-02 15:45 . 2002-07-07 22:14 1294336 ——a-w- c:\windows\SysWow64\vorbis.acm 2012-01-02 15:45 . 2012-01-02 15:45 ———— d——-w- c:\program files (x86)\Image-Line 2012-01-02 15:45 . 2012-01-02 15:45 ———— d——-w- c:\program files (x86)\Outsim 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files (x86)\Microsoft SQL Server 2011-12-30 23:30 . 2012-01-12 16:01 ———— d——-w- c:\program files (x86)\Microsoft Silverlight 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files\Microsoft Synchronization Services 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files\Microsoft SQL Server Compact Edition 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files (x86)\Microsoft Synchronization Services 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2011-12-30 23:29 . 2012-01-07 16:53 205984 ——a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-12-30 23:29 . 2011-12-30 23:31 ———— d——-w- c:\program files (x86)\Microsoft Visual Studio 10.0 2011-12-30 23:28 . 2011-12-30 23:28 ———— d——-w- c:\program files\Microsoft Visual Studio 10.0 2011-12-30 23:28 . 2011-12-30 23:28 ———— d——-w- c:\program files\Microsoft Help Viewer 2011-12-30 23:28 . 2011-12-30 23:28 ———— d——-w- c:\program files (x86)\Microsoft SDKs 2011-12-30 23:25 . 2011-12-30 23:25 ———— d——-w- c:\windows\PCHEALTH 2011-12-30 23:01 . 2011-12-30 23:01 ———— d——-w- c:\program files (x86)\Common Files\Java 2011-12-30 23:00 . 2011-12-30 23:00 472808 ——a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-30 23:00 . 2011-12-30 23:00 ———— d——-w- c:\program files (x86)\Java 2011-12-30 21:07 . 2011-12-30 22:05 ———— d——-w- C:\fsbext 2011-12-29 20:39 . 2011-12-29 20:39 ———— d——-w- c:\program files (x86)\Adobe Media Player 2011-12-29 20:37 . 2011-12-29 20:37 ———— d——-w- c:\program files (x86)\Common Files\Adobe AIR 2011-12-29 20:35 . 2012-01-04 15:16 ———— d——-w- c:\program files (x86)\Common Files\Adobe 2011-12-29 06:02 . 2012-01-13 18:01 ———— d——-w- c:\windows\Panther 2011-12-29 03:08 . 2011-12-30 23:29 ———— d——-w- c:\program files (x86)\Microsoft.NET 2011-12-29 02:00 . 2011-12-29 02:00 ———— d——-w- c:\windows\SysWow64\Wat 2011-12-29 02:00 . 2011-12-29 02:00 ———— d——-w- c:\windows\system32\Wat 2011-12-29 01:22 . 2011-12-29 01:22 280904 ——a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-12-29 01:22 . 2011-12-29 01:22 ———— d——-w- c:\program files (x86)\Battlelog Web Plugins 2011-12-29 01:21 . 2011-12-29 01:21 ———— d——-w- c:\programdata\EA Core 2011-12-29 00:55 . 2011-12-29 00:57 2829 ——a-w- c:\windows\War3Unin.pif 2011-12-29 00:55 . 2011-12-29 00:57 139264 ——a-w- c:\windows\War3Unin.exe 2011-12-29 00:49 . 2011-11-15 03:50 125376 ——a-w- c:\windows\system32\drivers\scdemu.sys 2011-12-29 00:05 . 2008-07-12 07:18 467984 ——a-w- c:\windows\SysWow64\d3dx10_39.dll 2011-12-29 00:05 . 2008-07-12 07:18 1493528 ——a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2011-12-29 00:05 . 2008-07-12 07:18 3851784 ——a-w- c:\windows\SysWow64\D3DX9_39.dll 2011-12-28 23:47 . 2011-12-28 23:47 ———— d—h—w- c:\program files (x86)\Common Files\EAInstaller 2011-12-28 23:46 . 2011-12-29 00:22 189248 ——a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-12-28 23:31 . 2011-12-28 23:31 ———— d——-w- c:\program files (x86)\ATI Technologies 2011-12-28 23:30 . 2011-12-28 23:30 ———— d——-w- C:\ATI 2011-12-28 22:56 . 2011-12-29 01:21 ———— d——-w- c:\programdata\Electronic Arts 2011-12-28 22:56 . 2011-12-29 01:21 ———— d——-w- c:\programdata\Origin 2011-12-28 22:56 . 2011-12-28 23:20 ———— d——-w- c:\program files (x86)\Origin Games 2011-12-28 22:48 . 2012-01-04 12:58 ———— d——-w- c:\program files (x86)\Common Files\Steam 2011-12-28 22:44 . 2012-01-16 22:47 ———— d——-w- c:\programdata\PMB Files 2011-12-28 22:44 . 2011-12-28 22:44 ———— d——-w- c:\program files (x86)\Pando Networks 2011-12-28 22:42 . 2011-12-28 22:42 ———— d——-w- c:\programdata\Skype 2011-12-28 22:32 . 2011-12-28 22:32 ———— d——-w- c:\program files (x86)\AVG 2011-12-28 22:20 . 2011-12-28 22:20 0 ——a-w- c:\windows\ativpsrm.bin 2011-12-28 22:10 . 2010-09-14 06:45 367104 ——a-w- c:\windows\system32\wcncsvc.dll 2011-12-28 22:10 . 2010-09-14 06:07 276992 ——a-w- c:\windows\SysWow64\wcncsvc.dll 2011-12-28 21:56 . 2011-12-28 21:56 ———— d—h—w- c:\programdata\Common Files 2011-12-28 21:45 . 2009-09-10 06:28 311808 ——a-w- c:\windows\system32\msv1_0.dll 2011-12-28 21:45 . 2009-09-10 05:52 257024 ——a-w- c:\windows\SysWow64\msv1_0.dll 2011-12-28 21:43 . 2012-01-13 18:08 ———— d——-w- c:\programdata\MFAData 2011-12-28 21:39 . 2009-11-25 11:47 99176 ——a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2011-12-28 21:39 . 2009-11-25 11:47 49472 ——a-w- c:\windows\SysWow64\netfxperf.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-02 09:51 . 2011-12-02 09:51 4913608 ——a-w- c:\windows\system32\aksllmtp.exe 2011-11-24 08:58 . 2011-11-24 08:58 78208 ——a-w- c:\windows\system32\drivers\aksdf.sys 2011-11-24 08:58 . 2011-11-24 08:58 139592 ——a-w- c:\windows\system32\drivers\aksfridge.sys 2011-11-09 21:39 . 2011-11-09 21:39 69632 ——a-w- c:\windows\system32\OpenVideo64.dll 2011-11-09 21:39 . 2011-11-09 21:39 59904 ——a-w- c:\windows\SysWow64\OpenVideo.dll 2011-11-09 21:39 . 2011-11-09 21:39 61952 ——a-w- c:\windows\system32\OVDecode64.dll 2011-11-09 21:39 . 2011-11-09 21:39 54784 ——a-w- c:\windows\SysWow64\OVDecode.dll 2011-11-09 21:39 . 2011-11-09 21:39 17442304 ——a-w- c:\windows\system32\amdocl64.dll 2011-11-09 21:38 . 2011-11-09 21:38 14375936 ——a-w- c:\windows\SysWow64\amdocl.dll 2011-11-09 21:37 . 2011-11-09 21:37 51200 ——a-w- c:\windows\system32\OpenCL.dll 2011-11-09 21:37 . 2011-11-09 21:37 44032 ——a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-21 19:16 . 2011-10-21 19:16 1843200 ——a-w- c:\windows\SysWow64\SlotMaximizerBe.dll 2011-10-21 19:15 . 2011-10-21 19:15 104448 ——a-w- c:\windows\SysWow64\SlotMaximizerAg.dll 2011-10-21 19:12 . 2011-10-21 19:12 2763264 ——a-w- c:\windows\system32\SlotMaximizerBe.dll 2011-10-21 19:07 . 2011-10-21 19:07 125440 ——a-w- c:\windows\system32\SlotMaximizerAg.dll . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Steam”=“e:\programmer\Steam\steam.exe” [2011-12-28 1242448] “Spotify”=“c:\users\Emil Pedersen\AppData\Roaming\Spotify\spotify.exe” [2012-01-12 4001456] “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-07-14 1475072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “PWRISOVM.EXE”=“e:\programmer\PowerISO\PWRISOVM.EXE” [2011-11-15 312376] “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 254696] “GrooveMonitor”=“e:\programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072] “SwitchBoard”=“c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe” [2010-02-19 517096] “AdobeCS5ServiceManager”=“c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” [2010-02-22 406992] “avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2011-11-28 3744552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - e:\programmer\LOLReplay\LOLRecorder.exe [2011-12-26 495104] NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 5 (0x5) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableUIADesktopToggle”= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\programmer\Hamachi\hamachi-2.exe [2011-08-15 2329480] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x] . . Indhold af mappen ‘Planlagte Opgaver’ . 2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283553766-2635963574-4169432163-1000Core.job - c:\users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 21:25] . 2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283553766-2635963574-4169432163-1000UA.job - c:\users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 21:25] . . ————- x86-64—————- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @=”{472083B0-C522-11CF-8763-00608CC02F24}” [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ——a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AdobeAAMUpdater-1.0”=“c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe” [2010-03-06 500208] “RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe” [2010-04-06 10144288] . ———- Yderligere scanning———- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport; to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 . - - - - TOMME GENVEJE FJERNET - - - - . URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) Toolbar-10 - (no file) AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe . . . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @=“FlashBroker” “LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] “Enabled”=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Shockwave Flash Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @=“0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @=“ShockwaveFlash.ShockwaveFlash.10” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“ShockwaveFlash.ShockwaveFlash” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Macromedia Flash Factory Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @=“FlashFactory.FlashFactory.1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“FlashFactory.FlashFactory” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @=“IFlashBroker4” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @=”{00020424-0000-0000-C000-000000000046}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” “Version”=“1.0” . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ————————————Andre kørende processer———————————— . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Common Files\Steam\SteamService.exe . ************************************************************************ . Gennemført tid: 2012-01-17 17:49:11 - maskinen blev genstartet ComboFix-quarantined-files.txt 2012-01-17 16:49 ComboFix2.txt 2012-01-16 15:34 ComboFix3.txt 2012-01-16 15:11 ComboFix4.txt 2012-01-14 18:03 . Pre-Kørsel: 458.587.516.928 bytes free Post-Kørsel: 458.831.675.392 bytes free . - - End Of File - - 02C4D13FD23FD7DFE07024B38421502E aswMBR LOG: aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software Run date: 2012-01-17 17:51:27 ——————————————- 17:51:27.111 OS Version: Windows x64 6.1.7600 17:51:27.111 Number of processors: 4 586 0x2502 17:51:27.111 ComputerName: EMILPEDERSEN-PC UserName: Emil Pedersen 17:51:28.733 Initialize success 17:51:28.827 AVAST engine defs: 12011700 17:51:30.274 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 17:51:30.277 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 11 17:51:30.283 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3 17:51:30.287 Disk 1 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 11 17:51:30.303 Disk 0 MBR read successfully 17:51:30.308 Disk 0 MBR scan 17:51:30.313 Disk 0 Windows 7 default MBR code 17:51:30.319 Disk 0 Partition 1 00 42 SFS 0 MB offset 63 17:51:30.329 Disk 0 Partition 2 80 (A) 42 SFS NTFS 100 MB offset 2048 17:51:30.333 Disk 0 Partition 3 00 42 SFS NTFS 476838 MB offset 206848 17:51:30.363 Disk 0 Partition 4 00 42 SFS 0 MB offset 976771072 17:51:30.368 Service scanning 17:51:31.751 Service sptd C:\Windows\System32\Drivers\sptd.sys LOCKED** 32 17:51:32.312 Modules scanning 17:51:32.312 Disk 0 trace - called modules: 17:51:32.328 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80035212c0]<< 17:51:32.344 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800460e060] 17:51:32.344 3 CLASSPNP.SYS[fffff88000c4d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800436a680] 17:51:32.344 \Driver\atapi[0xfffffa80042fae70] -> IRP_MJ_CREATE -> 0xfffffa80035212c0 17:51:35.261 AVAST engine scan C:\Windows 17:51:35.261 AVAST engine scan C:\Windows\system32 17:51:35.276 AVAST engine scan C:\Windows\system32\drivers 17:51:35.276 AVAST engine scan C:\Users\Emil Pedersen 17:51:35.292 AVAST engine scan C:\ProgramData 17:51:35.292 Scan finished successfully 17:52:09.167 Disk 0 MBR has been saved successfully to “C:\Users\Emil Pedersen\Desktop\MBR.dat” 17:52:09.171 The log file has been saved successfully to “C:\Users\Emil Pedersen\Desktop\aswMBR.txt”
[ Ignorer ] [ # 13 ] Peder TeamSpywarefri
18.01.2012 12:11:41 Redaktør Team Spywarefri Antal indlæg: 13016	Åbn Notesblok og kopier teksten med fed skrift ind, gem den som CFScript.txt samme sted som Combofix. Killall:: Snapshot:: SecCenter:: AV: AVG Anti-Virus Free Edition 2012 Enabled/Updated {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 Enabled/Updated {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} File:: C:\Windows\System32\Drivers\sptd.sys c:\windows\\SystemRoot\System32\Drivers\sptd.sys Driver:: sptd Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. http://www.fromsej.saknet.dk/billeder/cfscript.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Kopier den fremkomne log herind. >> Download filen Tdsskiller.zip fra dette link, pak den ud i en mappe. http://support.kaspersky.com/downloads/utils/tdsskiller.zip Kør TDSSKiller.exe > Klik på Start Scan Hvis en infekted fil bliver fundet, vil ”Default action” være Cure, klik på Continue Hvis en mistænkelig fil opdages, vil ”Default action” være Skip, klik på Continue Hvis den skriver “Reboot the computer to complete the process”. Klik på Reboot Now. Hvis den ikke spørger om ”Reboot” (genstart) så klik på ”Report”, kopier den tekst herind i tråden. Hvis den genstarter kan du find logfilen her > C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt. Kopier den tekst herind I denne tråd. >> Kør en ny scan med Malwarebytes Anti-Malware, husk denne gang at den skal fjerne det den finder. Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen. Kopier indholdet herind i denne tråd. Vigtigt: Du skal, inden du klikker på ”Skan” knappen i Malwarebytes Anti-Malware gå op i fanen ”Opdater”, klik på ”Tjek for opdatering”, bliv ved til den skriver du har nyeste database, (DET SKAL UDFØRES).
[ Ignorer ] [ # 14 ] Razar
18.01.2012 22:12:37 Antal indlæg: 23	COMBOFIX: ComboFix 12-01-18.04 - Emil Pedersen 18-01-2012 18:11:45.5.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.45.1033.18.3966.2010 [GMT 1:00] Kører fra: c:\users\Emil Pedersen\Downloads\ComboFix.exe Kommandoer benyttet :: c:\users\Emil Pedersen\Desktop\CFScript.txt SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Dannede nyt systemgendannelsespunkt . FILE :: “c:\windows\\SystemRoot\System32\Drivers\sptd.sys” “c:\windows\System32\Drivers\sptd.sys” . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\System32\Drivers\sptd.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . . ———-\Legacy_SPTD ———-\Service_sptd . . ((((((((((((((((((((((((((((( Filer skabt fra 2011-12-18 til 2012-01-18 ))))))))))))))))))))))))))))))))))) . . 2012-01-18 17:24 . 2012-01-18 17:24 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-01-16 16:26 . 2012-01-16 16:26 ———— d——-w- c:\program files (x86)\Conduit 2012-01-16 16:26 . 2012-01-16 16:26 ———— d——-w- c:\programdata\NCH Software 2012-01-16 16:26 . 2012-01-16 16:44 ———— d——-w- c:\program files (x86)\NCH Software 2012-01-16 16:12 . 2012-01-16 16:12 25160 ——a-w- c:\windows\system32\drivers\hitmanpro35.sys 2012-01-16 16:12 . 2012-01-16 16:12 ———— d——-w- c:\program files\Hitman Pro 3.5 2012-01-16 16:12 . 2012-01-16 16:12 ———— d——-w- c:\programdata\Hitman Pro 2012-01-14 18:02 . 2011-02-19 06:37 1135104 ——a-w- c:\windows\system32\FntCache.dll 2012-01-14 18:02 . 2011-02-19 06:37 1540608 ——a-w- c:\windows\system32\DWrite.dll 2012-01-14 18:02 . 2011-02-19 05:32 1074176 ——a-w- c:\windows\SysWow64\DWrite.dll 2012-01-14 18:02 . 2011-02-19 06:36 902656 ——a-w- c:\windows\system32\d2d1.dll 2012-01-14 18:02 . 2011-02-19 05:32 739840 ——a-w- c:\windows\SysWow64\d2d1.dll 2012-01-13 19:07 . 2012-01-13 19:07 ———— d——-w- c:\programdata\Malwarebytes 2012-01-13 18:18 . 2011-11-28 17:51 24408 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-13 18:18 . 2011-11-28 17:53 304472 ——a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-13 18:18 . 2011-11-28 17:52 42328 ——a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-13 18:18 . 2011-11-28 18:01 256960 ——a-w- c:\windows\system32\aswBoot.exe 2012-01-13 18:18 . 2011-11-28 17:54 591192 ——a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-13 18:18 . 2011-11-28 17:52 58712 ——a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-13 18:18 . 2011-11-28 17:52 66904 ——a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-01-13 18:17 . 2011-11-28 18:01 41184 ——a-w- c:\windows\avastSS.scr 2012-01-13 18:17 . 2011-11-28 18:01 199816 ——a-w- c:\windows\SysWow64\aswBoot.exe 2012-01-13 18:17 . 2012-01-13 18:17 ———— d——-w- c:\programdata\AVAST Software 2012-01-13 18:17 . 2012-01-13 18:17 ———— d——-w- c:\program files\AVAST Software 2012-01-12 23:26 . 2012-01-12 23:26 ———— d——-w- c:\users\Default\AppData\Local\Microsoft Help 2012-01-12 17:27 . 2012-01-12 17:27 ———— d——-w- c:\program files (x86)\Trend Micro 2012-01-12 16:40 . 2012-01-12 17:17 ———— d——-w- c:\programdata\PC Tools 2012-01-11 15:15 . 2012-01-11 15:15 ———— d——-w- c:\programdata\boost_interprocess 2012-01-10 19:46 . 2009-12-01 17:55 359624 ——a-w- c:\windows\system32\drivers\vpcvmm.sys 2012-01-10 19:46 . 2011-10-26 05:22 366592 ——a-w- c:\windows\system32\qdvd.dll 2012-01-10 19:46 . 2011-10-26 05:22 1572864 ——a-w- c:\windows\system32\quartz.dll 2012-01-10 19:46 . 2011-10-26 04:28 1328640 ——a-w- c:\windows\SysWow64\quartz.dll 2012-01-10 19:46 . 2011-10-26 04:28 514560 ——a-w- c:\windows\SysWow64\qdvd.dll 2012-01-10 19:46 . 2011-11-17 07:14 1739160 ——a-w- c:\windows\system32\ntdll.dll 2012-01-10 19:46 . 2011-11-17 05:41 1292592 ——a-w- c:\windows\SysWow64\ntdll.dll 2012-01-10 19:46 . 2011-11-19 15:07 77312 ——a-w- c:\windows\system32\packager.dll 2012-01-10 19:46 . 2011-11-19 14:06 67072 ——a-w- c:\windows\SysWow64\packager.dll 2012-01-09 16:59 . 2009-09-23 01:51 3584 ——a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui 2012-01-09 16:53 . 2012-01-09 16:53 287504 ——a-w- c:\windows\SysWow64\MSXBSE35.DLL 2012-01-09 16:53 . 2012-01-09 16:53 1056768 ——a-w- c:\windows\SysWow64\MSJet35.dll 2012-01-09 16:53 . 2000-06-21 08:27 252176 ——a-w- c:\windows\SysWow64\MSRD2x35.dll 2012-01-09 16:53 . 1999-05-05 21:22 430080 ——a-w- c:\windows\SysWow64\MsRepl35.dll 2012-01-09 16:53 . 1998-06-17 23:00 89360 ——a-w- c:\windows\SysWow64\VB5DB.dll 2012-01-09 16:53 . 1998-05-30 23:00 72704 ——a-w- c:\windows\SysWow64\ODBCTL32.dll 2012-01-09 16:53 . 1998-05-15 19:01 604432 ——a-w- c:\windows\SysWow64\COMCTL32.OCX 2012-01-09 16:53 . 2000-07-10 09:22 27648 ——a-w- c:\windows\SysWow64\BUR32.dll 2012-01-09 16:53 . 2000-06-21 08:27 123664 ——a-w- c:\windows\SysWow64\MSJInt35.dll 2012-01-09 16:53 . 2000-06-21 08:27 24848 ——a-w- c:\windows\SysWow64\MSJtEr35.dll 2012-01-09 16:53 . 1996-12-02 17:44 582144 ——a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\DAO350.DLL 2012-01-09 16:50 . 2005-09-06 17:06 28672 ——a-w- c:\windows\SysWow64\hlduinst.exe 2012-01-09 16:50 . 2001-09-28 18:00 164864 ——a-w- c:\windows\SysWow64\UNWISE.EXE 2012-01-09 16:50 . 2005-10-12 18:49 3063808 ——a-w- c:\windows\SysWow64\hinstd.dll 2012-01-09 16:50 . 2005-09-28 13:24 2164411 ——a-w- c:\windows\SysWow64\haspds_windows.dll 2012-01-08 21:26 . 2009-03-18 16:35 33856 —-ha-w- c:\windows\system32\hamachi.sys 2012-01-08 17:38 . 2012-01-16 16:38 ———— d——-w- c:\windows\system32\appmgmt 2012-01-07 17:42 . 2012-01-07 17:43 ———— d——-w- c:\program files\Oracle 2012-01-07 17:42 . 2011-11-08 18:40 750488 ——a-w- c:\windows\system32\npdeployJava1.dll 2012-01-07 17:42 . 2011-11-08 18:40 660368 ——a-w- c:\windows\system32\deployJava1.dll 2012-01-07 17:42 . 2012-01-07 17:42 ———— d——-w- c:\program files\Java 2012-01-07 16:53 . 2012-01-07 16:53 ———— d——-w- c:\windows\symbols 2012-01-07 16:49 . 2012-01-07 16:49 ———— d——-w- c:\programdata\VS 2012-01-04 22:24 . 2012-01-04 22:24 ———— d——-w- c:\program files (x86)\Microsoft XNA 2012-01-04 15:36 . 2012-01-04 16:20 ———— d——-w- c:\programdata\regid.1986-12.com.adobe 2012-01-04 15:16 . 2012-01-04 15:17 ———— d——-w- c:\program files\Common Files\Adobe 2012-01-04 15:12 . 2012-01-04 15:12 159744 —sha-r- c:\windows\SysWow64\ktmw32D.dll 2012-01-02 16:00 . 2012-01-02 16:00 ———— d——-w- c:\programdata\iZotope 2012-01-02 15:58 . 2012-01-02 15:58 ———— d——-w- c:\program files (x86)\Common Files\Digidesign 2012-01-02 15:58 . 2009-10-24 20:15 1332224 ——a-w- c:\windows\SysWow64\SYNSOEMU.DLL 2012-01-02 15:54 . 2012-01-14 04:02 ———— d——-w- c:\program files (x86)\Microsoft Works 2012-01-02 15:52 . 2012-01-02 15:52 ———— d——-w- c:\program files (x86)\Microsoft Visual Studio 8 2012-01-02 15:51 . 2012-01-14 18:59 ———— d——-w- c:\programdata\Microsoft Help 2012-01-02 15:45 . 2006-06-20 08:56 225280 ——a-w- c:\windows\SysWow64\rewire.dll 2012-01-02 15:45 . 2002-07-07 22:14 1294336 ——a-w- c:\windows\SysWow64\vorbis.acm 2012-01-02 15:45 . 2012-01-02 15:45 ———— d——-w- c:\program files (x86)\Image-Line 2012-01-02 15:45 . 2012-01-02 15:45 ———— d——-w- c:\program files (x86)\Outsim 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files (x86)\Microsoft SQL Server 2011-12-30 23:30 . 2012-01-12 16:01 ———— d——-w- c:\program files (x86)\Microsoft Silverlight 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files\Microsoft Synchronization Services 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files\Microsoft SQL Server Compact Edition 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files (x86)\Microsoft Synchronization Services 2011-12-30 23:30 . 2011-12-30 23:30 ———— d——-w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2011-12-30 23:29 . 2012-01-07 16:53 205984 ——a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-12-30 23:29 . 2011-12-30 23:31 ———— d——-w- c:\program files (x86)\Microsoft Visual Studio 10.0 2011-12-30 23:28 . 2011-12-30 23:28 ———— d——-w- c:\program files\Microsoft Visual Studio 10.0 2011-12-30 23:28 . 2011-12-30 23:28 ———— d——-w- c:\program files\Microsoft Help Viewer 2011-12-30 23:28 . 2011-12-30 23:28 ———— d——-w- c:\program files (x86)\Microsoft SDKs 2011-12-30 23:25 . 2011-12-30 23:25 ———— d——-w- c:\windows\PCHEALTH 2011-12-30 23:01 . 2011-12-30 23:01 ———— d——-w- c:\program files (x86)\Common Files\Java 2011-12-30 23:00 . 2011-12-30 23:00 472808 ——a-w- c:\windows\SysWow64\deployJava1.dll 2011-12-30 23:00 . 2011-12-30 23:00 ———— d——-w- c:\program files (x86)\Java 2011-12-30 21:07 . 2011-12-30 22:05 ———— d——-w- C:\fsbext 2011-12-29 20:39 . 2011-12-29 20:39 ———— d——-w- c:\program files (x86)\Adobe Media Player 2011-12-29 20:37 . 2011-12-29 20:37 ———— d——-w- c:\program files (x86)\Common Files\Adobe AIR 2011-12-29 20:35 . 2012-01-04 15:16 ———— d——-w- c:\program files (x86)\Common Files\Adobe 2011-12-29 06:02 . 2012-01-13 18:01 ———— d——-w- c:\windows\Panther 2011-12-29 03:08 . 2011-12-30 23:29 ———— d——-w- c:\program files (x86)\Microsoft.NET 2011-12-29 02:00 . 2011-12-29 02:00 ———— d——-w- c:\windows\SysWow64\Wat 2011-12-29 02:00 . 2011-12-29 02:00 ———— d——-w- c:\windows\system32\Wat 2011-12-29 01:22 . 2011-12-29 01:22 280904 ——a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-12-29 01:22 . 2011-12-29 01:22 ———— d——-w- c:\program files (x86)\Battlelog Web Plugins 2011-12-29 01:21 . 2011-12-29 01:21 ———— d——-w- c:\programdata\EA Core 2011-12-29 00:55 . 2011-12-29 00:57 2829 ——a-w- c:\windows\War3Unin.pif 2011-12-29 00:55 . 2011-12-29 00:57 139264 ——a-w- c:\windows\War3Unin.exe 2011-12-29 00:49 . 2011-11-15 03:50 125376 ——a-w- c:\windows\system32\drivers\scdemu.sys 2011-12-29 00:05 . 2008-07-12 07:18 467984 ——a-w- c:\windows\SysWow64\d3dx10_39.dll 2011-12-29 00:05 . 2008-07-12 07:18 1493528 ——a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2011-12-29 00:05 . 2008-07-12 07:18 3851784 ——a-w- c:\windows\SysWow64\D3DX9_39.dll 2011-12-28 23:47 . 2011-12-28 23:47 ———— d—h—w- c:\program files (x86)\Common Files\EAInstaller 2011-12-28 23:46 . 2011-12-29 00:22 189248 ——a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-12-28 23:31 . 2011-12-28 23:31 ———— d——-w- c:\program files (x86)\ATI Technologies 2011-12-28 23:30 . 2011-12-28 23:30 ———— d——-w- C:\ATI 2011-12-28 22:56 . 2011-12-29 01:21 ———— d——-w- c:\programdata\Electronic Arts 2011-12-28 22:56 . 2011-12-29 01:21 ———— d——-w- c:\programdata\Origin 2011-12-28 22:56 . 2011-12-28 23:20 ———— d——-w- c:\program files (x86)\Origin Games 2011-12-28 22:48 . 2012-01-04 12:58 ———— d——-w- c:\program files (x86)\Common Files\Steam 2011-12-28 22:44 . 2012-01-18 15:10 ———— d——-w- c:\programdata\PMB Files 2011-12-28 22:44 . 2011-12-28 22:44 ———— d——-w- c:\program files (x86)\Pando Networks 2011-12-28 22:42 . 2011-12-28 22:42 ———— d——-w- c:\programdata\Skype 2011-12-28 22:32 . 2011-12-28 22:32 ———— d——-w- c:\program files (x86)\AVG 2011-12-28 22:20 . 2011-12-28 22:20 0 ——a-w- c:\windows\ativpsrm.bin 2011-12-28 22:10 . 2010-09-14 06:45 367104 ——a-w- c:\windows\system32\wcncsvc.dll 2011-12-28 22:10 . 2010-09-14 06:07 276992 ——a-w- c:\windows\SysWow64\wcncsvc.dll 2011-12-28 21:56 . 2011-12-28 21:56 ———— d—h—w- c:\programdata\Common Files 2011-12-28 21:45 . 2009-09-10 06:28 311808 ——a-w- c:\windows\system32\msv1_0.dll 2011-12-28 21:45 . 2009-09-10 05:52 257024 ——a-w- c:\windows\SysWow64\msv1_0.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-02 09:51 . 2011-12-02 09:51 4913608 ——a-w- c:\windows\system32\aksllmtp.exe 2011-11-24 08:58 . 2011-11-24 08:58 78208 ——a-w- c:\windows\system32\drivers\aksdf.sys 2011-11-24 08:58 . 2011-11-24 08:58 139592 ——a-w- c:\windows\system32\drivers\aksfridge.sys 2011-11-09 21:39 . 2011-11-09 21:39 69632 ——a-w- c:\windows\system32\OpenVideo64.dll 2011-11-09 21:39 . 2011-11-09 21:39 59904 ——a-w- c:\windows\SysWow64\OpenVideo.dll 2011-11-09 21:39 . 2011-11-09 21:39 61952 ——a-w- c:\windows\system32\OVDecode64.dll 2011-11-09 21:39 . 2011-11-09 21:39 54784 ——a-w- c:\windows\SysWow64\OVDecode.dll 2011-11-09 21:39 . 2011-11-09 21:39 17442304 ——a-w- c:\windows\system32\amdocl64.dll 2011-11-09 21:38 . 2011-11-09 21:38 14375936 ——a-w- c:\windows\SysWow64\amdocl.dll 2011-11-09 21:37 . 2011-11-09 21:37 51200 ——a-w- c:\windows\system32\OpenCL.dll 2011-11-09 21:37 . 2011-11-09 21:37 44032 ——a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-21 19:16 . 2011-10-21 19:16 1843200 ——a-w- c:\windows\SysWow64\SlotMaximizerBe.dll 2011-10-21 19:15 . 2011-10-21 19:15 104448 ——a-w- c:\windows\SysWow64\SlotMaximizerAg.dll 2011-10-21 19:12 . 2011-10-21 19:12 2763264 ——a-w- c:\windows\system32\SlotMaximizerBe.dll 2011-10-21 19:07 . 2011-10-21 19:07 125440 ——a-w- c:\windows\system32\SlotMaximizerAg.dll . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Steam”=“e:\programmer\Steam\steam.exe” [2011-12-28 1242448] “Spotify”=“c:\users\Emil Pedersen\AppData\Roaming\Spotify\spotify.exe” [2012-01-12 4001456] “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-07-14 1475072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “PWRISOVM.EXE”=“e:\programmer\PowerISO\PWRISOVM.EXE” [2011-11-15 312376] “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 254696] “GrooveMonitor”=“e:\programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072] “SwitchBoard”=“c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe” [2010-02-19 517096] “AdobeCS5ServiceManager”=“c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” [2010-02-22 406992] “avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2011-11-28 3744552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - e:\programmer\LOLReplay\LOLRecorder.exe [2011-12-26 495104] NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 5 (0x5) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableUIADesktopToggle”= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\programmer\Hamachi\hamachi-2.exe [2011-08-15 2329480] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x] . . Indhold af mappen ‘Planlagte Opgaver’ . 2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283553766-2635963574-4169432163-1000Core.job - c:\users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 21:25] . 2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283553766-2635963574-4169432163-1000UA.job - c:\users\Emil Pedersen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 21:25] . . ————- x86-64—————- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @=”{472083B0-C522-11CF-8763-00608CC02F24}” [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ——a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AdobeAAMUpdater-1.0”=“c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe” [2010-03-06 500208] “RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe” [2010-04-06 10144288] “combofix”=“c:\combofix\CF9405.3XE” [2009-07-14 344576] . ———- Yderligere scanning———- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport; to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 . - - - - TOMME GENVEJE FJERNET - - - - . Toolbar-10 - (no file) . . . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @=“FlashBroker” “LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] “Enabled”=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Shockwave Flash Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @=“0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @=“ShockwaveFlash.ShockwaveFlash.10” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“ShockwaveFlash.ShockwaveFlash” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Macromedia Flash Factory Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @=“FlashFactory.FlashFactory.1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“FlashFactory.FlashFactory” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @=“IFlashBroker4” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @=”{00020424-0000-0000-C000-000000000046}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” “Version”=“1.0” . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ————————————Andre kørende processer———————————— . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\SysWOW64\rundll32.exe . ************************************************************************** . Gennemført tid: 2012-01-18 18:30:09 - maskinen blev genstartet ComboFix-quarantined-files.txt 2012-01-18 17:30 ComboFix2.txt 2012-01-17 16:49 ComboFix3.txt 2012-01-16 15:34 ComboFix4.txt 2012-01-16 15:11 ComboFix5.txt 2012-01-18 17:10 . Pre-Kørsel: 458.691.563.520 bytes free Post-Kørsel: 458.549.764.096 bytes free . - - End Of File - - 58F97D32FEEAA0E5A72FB50DA1844145 TDSKILLER fandt ingenting. 18:31:33.0277 4944 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24 18:31:33.0437 4944 ============================================================ 18:31:33.0437 4944 Current date / time: 2012/01/18 18:31:33.0437 18:31:33.0437 4944 SystemInfo: 18:31:33.0437 4944 18:31:33.0437 4944 OS Version: 6.1.7600 ServicePack: 0.0 18:31:33.0437 4944 Product type: Workstation 18:31:33.0437 4944 ComputerName: EMILPEDERSEN-PC 18:31:33.0437 4944 UserName: Emil Pedersen 18:31:33.0437 4944 Windows directory: C:\Windows 18:31:33.0437 4944 System windows directory: C:\Windows 18:31:33.0437 4944 Running under WOW64 18:31:33.0437 4944 Processor architecture: Intel x64 18:31:33.0437 4944 Number of processors: 4 18:31:33.0437 4944 Page size: 0x1000 18:31:33.0437 4944 Boot type: Normal boot 18:31:33.0437 4944 ============================================================ 18:31:34.0359 4944 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000040 18:31:34.0385 4944 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000040 18:31:34.0415 4944 Initialize success 18:31:47.0594 5008 ============================================================ 18:31:47.0594 5008 Scan started 18:31:47.0594 5008 Mode: Manual; 18:31:47.0594 5008 ============================================================ 18:31:54.0692 5008 1394ohci - ok 18:31:54.0697 5008 ACPI - ok 18:31:54.0700 5008 AcpiPmi - ok 18:31:54.0705 5008 adp94xx - ok 18:31:54.0718 5008 adpahci - ok 18:31:54.0721 5008 adpu320 - ok 18:31:54.0732 5008 AFD - ok 18:31:54.0739 5008 agp440 - ok 18:31:54.0742 5008 aksdf - ok 18:31:54.0745 5008 akshasp - ok 18:31:54.0749 5008 aksusb - ok 18:31:54.0753 5008 aliide - ok 18:31:54.0761 5008 amdide - ok 18:31:54.0764 5008 AmdK8 - ok 18:31:54.0766 5008 amdkmdag - ok 18:31:54.0768 5008 amdkmdap - ok 18:31:54.0770 5008 AmdPPM - ok 18:31:54.0773 5008 amdsata - ok 18:31:54.0775 5008 amdsbs - ok 18:31:54.0777 5008 amdxata - ok 18:31:54.0780 5008 AppID - ok 18:31:54.0785 5008 arc - ok 18:31:54.0787 5008 arcsas - ok 18:31:54.0797 5008 aswFsBlk - ok 18:31:54.0805 5008 aswMonFlt - ok 18:31:54.0816 5008 aswRdr - ok 18:31:54.0820 5008 aswSnx - ok 18:31:54.0823 5008 aswSP - ok 18:31:54.0826 5008 aswTdi - ok 18:31:54.0828 5008 AsyncMac - ok 18:31:54.0831 5008 atapi - ok 18:31:54.0834 5008 AtiHDAudioService - ok 18:31:54.0844 5008 b06bdrv - ok 18:31:54.0847 5008 b57nd60a - ok 18:31:54.0851 5008 Beep - ok 18:31:54.0856 5008 blbdrive - ok 18:31:54.0859 5008 bowser - ok 18:31:54.0861 5008 BrFiltLo - ok 18:31:54.0864 5008 BrFiltUp - ok 18:31:54.0873 5008 BridgeMP - ok 18:31:54.0876 5008 Brserid - ok 18:31:54.0878 5008 BrSerWdm - ok 18:31:54.0880 5008 BrUsbMdm - ok 18:31:54.0883 5008 BrUsbSer - ok 18:31:54.0885 5008 BTHMODEM - ok 18:31:54.0891 5008 catchme - ok 18:31:54.0893 5008 cdfs - ok 18:31:54.0896 5008 cdrom - ok 18:31:54.0899 5008 circlass - ok 18:31:54.0902 5008 CLFS - ok 18:31:54.0912 5008 CmBatt - ok 18:31:54.0914 5008 cmdide - ok 18:31:54.0917 5008 CNG - ok 18:31:54.0919 5008 Compbatt - ok 18:31:54.0921 5008 CompositeBus - ok 18:31:54.0924 5008 crcdisk - ok 18:31:54.0929 5008 CSC - ok 18:31:54.0935 5008 DfsC - ok 18:31:54.0938 5008 discache - ok 18:31:54.0942 5008 Disk - ok 18:31:54.0952 5008 drmkaud - ok 18:31:54.0954 5008 DXGKrnl - ok 18:31:54.0958 5008 ebdrv - ok 18:31:54.0963 5008 elxstor - ok 18:31:54.0966 5008 ErrDev - ok 18:31:54.0971 5008 exfat - ok 18:31:54.0973 5008 fastfat - ok 18:31:54.0976 5008 fdc - ok 18:31:54.0981 5008 FileInfo - ok 18:31:54.0983 5008 Filetrace - ok 18:31:54.0985 5008 flpydisk - ok 18:31:54.0987 5008 FltMgr - ok 18:31:54.0991 5008 FsDepends - ok 18:31:54.0994 5008 Fs_Rec - ok 18:31:55.0002 5008 fvevol - ok 18:31:55.0004 5008 gagp30kx - ok 18:31:55.0008 5008 hamachi - ok 18:31:55.0015 5008 Hardlock - ok 18:31:55.0018 5008 hcw85cir - ok 18:31:55.0020 5008 HdAudAddService - ok 18:31:55.0022 5008 HDAudBus - ok 18:31:55.0025 5008 HECIx64 - ok 18:31:55.0027 5008 HidBatt - ok 18:31:55.0029 5008 HidBth - ok 18:31:55.0032 5008 HidIr - ok 18:31:55.0036 5008 HidUsb - ok 18:31:55.0041 5008 HpSAMD - ok 18:31:55.0044 5008 HTTP - ok 18:31:55.0046 5008 hwpolicy - ok 18:31:55.0048 5008 i8042prt - ok 18:31:55.0050 5008 iaStorV - ok 18:31:55.0054 5008 iirsp - ok 18:31:55.0060 5008 IntcAzAudAddService - ok 18:31:55.0063 5008 intelide - ok 18:31:55.0065 5008 intelppm - ok 18:31:55.0071 5008 IpFilterDriver - ok 18:31:55.0075 5008 IPMIDRV - ok 18:31:55.0077 5008 IPNAT - ok 18:31:55.0080 5008 IRENUM - ok 18:31:55.0083 5008 isapnp - ok 18:31:55.0085 5008 iScsiPrt - ok 18:31:55.0087 5008 kbdclass - ok 18:31:55.0090 5008 kbdhid - ok 18:31:55.0093 5008 KSecDD - ok 18:31:55.0095 5008 KSecPkg - ok 18:31:55.0100 5008 ksthunk - ok 18:31:55.0126 5008 lltdio - ok 18:31:55.0131 5008 LSI_FC - ok 18:31:55.0133 5008 LSI_SAS - ok 18:31:55.0137 5008 LSI_SAS2 - ok 18:31:55.0139 5008 LSI_SCSI - ok 18:31:55.0141 5008 luafv - ok 18:31:55.0144 5008 megasas - ok 18:31:55.0147 5008 MegaSR - ok 18:31:55.0151 5008 Modem - ok 18:31:55.0154 5008 monitor - ok 18:31:55.0158 5008 mouclass - ok 18:31:55.0160 5008 mouhid - ok 18:31:55.0164 5008 mountmgr - ok 18:31:55.0165 5008 mpio - ok 18:31:55.0168 5008 mpsdrv - ok 18:31:55.0171 5008 MRxDAV - ok 18:31:55.0174 5008 mrxsmb - ok 18:31:55.0176 5008 mrxsmb10 - ok 18:31:55.0178 5008 mrxsmb20 - ok 18:31:55.0181 5008 msahci - ok 18:31:55.0183 5008 msdsm - ok 18:31:55.0189 5008 Msfs - ok 18:31:55.0191 5008 mshidkmdf - ok 18:31:55.0193 5008 msisadrv - ok 18:31:55.0198 5008 MSKSSRV - ok 18:31:55.0201 5008 MSPCLOCK - ok 18:31:55.0203 5008 MSPQM - ok 18:31:55.0206 5008 MsRPC - ok 18:31:55.0209 5008 mssmbios - ok 18:31:55.0212 5008 MSTEE - ok 18:31:55.0215 5008 MTConfig - ok 18:31:55.0228 5008 MTsensor - ok 18:31:55.0230 5008 Mup - ok 18:31:55.0234 5008 NativeWifiP - ok 18:31:55.0237 5008 NDIS - ok 18:31:55.0239 5008 NdisCap - ok 18:31:55.0242 5008 NdisTapi - ok 18:31:55.0244 5008 Ndisuio - ok 18:31:55.0246 5008 NdisWan - ok 18:31:55.0248 5008 NDProxy - ok 18:31:55.0251 5008 NetBIOS - ok 18:31:55.0253 5008 NetBT - ok 18:31:55.0265 5008 nfrd960 - ok 18:31:55.0269 5008 Npfs - ok 18:31:55.0272 5008 nsiproxy - ok 18:31:55.0275 5008 Ntfs - ok 18:31:55.0277 5008 Null - ok 18:31:55.0280 5008 nvraid - ok 18:31:55.0282 5008 nvstor - ok 18:31:55.0285 5008 nv_agp - ok 18:31:55.0288 5008 ohci1394 - ok 18:31:55.0297 5008 Parport - ok 18:31:55.0299 5008 partmgr - ok 18:31:55.0302 5008 pci - ok 18:31:55.0305 5008 pciide - ok 18:31:55.0307 5008 pcmcia - ok 18:31:55.0309 5008 pcw - ok 18:31:55.0311 5008 PEAUTH - ok 18:31:55.0331 5008 PptpMiniport - ok 18:31:55.0333 5008 Processor - ok 18:31:55.0338 5008 Psched - ok 18:31:55.0340 5008 ql2300 - ok 18:31:55.0342 5008 ql40xx - ok 18:31:55.0345 5008 QWAVEdrv - ok 18:31:55.0348 5008 RasAcd - ok 18:31:55.0368 5008 RasAgileVpn - ok 18:31:55.0371 5008 Rasl2tp - ok 18:31:55.0375 5008 RasPppoe - ok 18:31:55.0377 5008 RasSstp - ok 18:31:55.0379 5008 rdbss - ok 18:31:55.0381 5008 rdpbus - ok 18:31:55.0384 5008 RDPCDD - ok 18:31:55.0387 5008 RDPDR - ok 18:31:55.0389 5008 RDPENCDD - ok 18:31:55.0393 5008 RDPREFMP - ok 18:31:55.0395 5008 RDPWD - ok 18:31:55.0398 5008 rdyboost - ok 18:31:55.0405 5008 rspndr - ok 18:31:55.0408 5008 RTL8167 - ok 18:31:55.0410 5008 RTL8187B - ok 18:31:55.0414 5008 RtlProt - ok 18:31:55.0416 5008 s3cap - ok 18:31:55.0419 5008 sbp2port - ok 18:31:55.0422 5008 SCDEmu - ok 18:31:55.0424 5008 scfilter - ok 18:31:55.0430 5008 secdrv - ok 18:31:55.0435 5008 Serenum - ok 18:31:55.0437 5008 Serial - ok 18:31:55.0439 5008 sermouse - ok 18:31:55.0446 5008 sffdisk - ok 18:31:55.0448 5008 sffp_mmc - ok 18:31:55.0450 5008 sffp_sd - ok 18:31:55.0453 5008 sfloppy - ok 18:31:55.0457 5008 SiSRaid2 - ok 18:31:55.0459 5008 SiSRaid4 - ok 18:31:55.0461 5008 Smb - ok 18:31:55.0468 5008 spldr - ok 18:31:55.0473 5008 srv - ok 18:31:55.0475 5008 srv2 - ok 18:31:55.0477 5008 srvnet - ok 18:31:55.0483 5008 stexstor - ok 18:31:55.0487 5008 storflt - ok 18:31:55.0487 5008 storvsc - ok 18:31:55.0487 5008 swenum - ok 18:31:55.0527 5008 Tcpip - ok 18:31:55.0527 5008 TCPIP6 - ok 18:31:55.0527 5008 tcpipreg - ok 18:31:55.0537 5008 TDPIPE - ok 18:31:55.0537 5008 TDTCP - ok 18:31:55.0547 5008 tdx - ok 18:31:55.0547 5008 TermDD - ok 18:31:55.0557 5008 tssecsrv - ok 18:31:55.0567 5008 tunnel - ok 18:31:55.0567 5008 uagp35 - ok 18:31:55.0567 5008 udfs - ok 18:31:55.0577 5008 uliagpkx - ok 18:31:55.0577 5008 umbus - ok 18:31:55.0587 5008 UmPass - ok 18:31:55.0587 5008 usbccgp - ok 18:31:55.0587 5008 usbcir - ok 18:31:55.0597 5008 usbehci - ok 18:31:55.0597 5008 usbhub - ok 18:31:55.0597 5008 usbohci - ok 18:31:55.0607 5008 usbprint - ok 18:31:55.0607 5008 USBSTOR - ok 18:31:55.0607 5008 usbuhci - ok 18:31:55.0607 5008 vdrvroot - ok 18:31:55.0617 5008 vga - ok 18:31:55.0617 5008 VgaSave - ok 18:31:55.0617 5008 vhdmp - ok 18:31:55.0627 5008 viaide - ok 18:31:55.0627 5008 vmbus - ok 18:31:55.0627 5008 VMBusHID - ok 18:31:55.0627 5008 volmgr - ok 18:31:55.0627 5008 volmgrx - ok 18:31:55.0637 5008 volsnap - ok 18:31:55.0637 5008 vpcbus - ok 18:31:55.0647 5008 vpcnfltr - ok 18:31:55.0647 5008 vpcusb - ok 18:31:55.0667 5008 vpcvmm - ok 18:31:55.0667 5008 vsmraid - ok 18:31:55.0667 5008 vwifibus - ok 18:31:55.0677 5008 vwififlt - ok 18:31:55.0677 5008 WacomPen - ok 18:31:55.0677 5008 WANARP - ok 18:31:55.0687 5008 Wanarpv6 - ok 18:31:55.0697 5008 Wd - ok 18:31:55.0697 5008 Wdf01000 - ok 18:31:55.0707 5008 WfpLwf - ok 18:31:55.0707 5008 WIMMount - ok 18:31:55.0727 5008 WinUsb - ok 18:31:55.0737 5008 WmiAcpi - ok 18:31:55.0737 5008 ws2ifsl - ok 18:31:55.0747 5008 WudfPf - ok 18:31:55.0757 5008 WUDFRd - ok 18:31:55.0777 5008 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 18:31:55.0827 5008 \Device\Harddisk0\DR0 - ok 18:31:55.0847 5008 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 18:31:55.0857 5008 \Device\Harddisk1\DR1 - ok 18:31:55.0877 5008 Boot (0x1200) (257fb7a58814bef95f83a93b32e044da) \Device\Harddisk1\DR1\Partition0 18:31:55.0887 5008 \Device\Harddisk1\DR1\Partition0 - ok 18:31:55.0887 5008 ============================================================ 18:31:55.0887 5008 Scan finished 18:31:55.0887 5008 ============================================================ 18:31:55.0897 5000 Detected object count: 0 18:31:55.0897 5000 Actual detected object count: 0 18:32:02.0973 4900 Deinitialize success Malwarebyts fandt hellere ingenting: Malwarebytes Anti-Malware (Trial) 1.60.0.1800 http://www.malwarebytes.org Database version: v2012.01.18.04 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Emil Pedersen :: EMILPEDERSEN-PC [administrator] Protection: Disabled 18-01-2012 18:36:06 mbam-log-2012-01-18 (18-36-06).txt Scan type: Full scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 403593 Time elapsed: 37 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
[ Ignorer ] [ # 15 ] Peder TeamSpywarefri
19.01.2012 10:28:25 Redaktør Team Spywarefri Antal indlæg: 13016	Det ser godt ud herfra. Hvordan opfører computeren sig nu ?

1 af 3

Næste