CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

fedora Nybegynder

22. april 2009 - 22:32 Der er 14 kommentarer og
1 løsning

Gennemgang af Logs "Forhindring af datakørsel"

Hej Eksperter,

jeg kunne godt bruge lidt hjælp til at gennemgå nogle logs fra Combofix, HijackThis og Anti-Malware. Grunden til dette er at "Forhindring af datakørsel" flere gange har forhindret Internet Explorer 8 i at køre, så jeg har på fornemmelsen jeg har fået et eller andet snavs ind. Her kommer mine logfiler ihvertfald. Der er tale om Windows Vista Home Premium x86

Malwarebytes' Anti-Malware 1.36
Database version: 2026
Windows 6.0.6001 Service Pack 1

22-04-2009 22:06:08
mbam-log-2009-04-22 (22-06-01).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 152825
Tid tilbagelagt: 1 hour(s), 40 minute(s), 43 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Windows\San Andreas Mod Installer\uninstall.exe (Trojan.Agent) -> No action taken.

ComboFix 09-04-23.02 - Martin 22-04-2009 22:22.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.45.1030.18.3069.1915 [GMT 2:00]
Kører fra: c:\users\Martin\Desktop\Installs\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((( Filer skabt fra 2009-03-23 til 2009-04-23 )))))))))))))))))))))))))))))))))))
.

2009-04-22 18:24 . 2009-04-22 18:24 -------- d-----w c:\users\Martin\AppData\Roaming\Malwarebytes
2009-04-22 18:24 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 18:24 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 18:24 . 2009-04-22 18:24 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-22 18:24 . 2009-04-22 18:24 -------- d-----w c:\programdata\Malwarebytes
2009-04-20 15:41 . 2009-04-20 16:07 -------- d-----w c:\users\Martin\AppData\Roaming\vlc
2009-04-17 12:12 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-10 20:28 . 2009-04-10 20:28 271360 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-04-10 20:27 . 2009-04-10 20:27 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-04-05 15:43 . 2009-04-05 15:43 -------- d-----w C:\Ny mappe
2009-04-05 14:04 . 2009-04-05 14:04 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-05 14:04 . 2009-04-05 14:04 1409 ----a-w c:\windows\QTFont.for
2009-04-05 12:44 . 2009-04-05 12:45 -------- d-----w c:\windows\system32\Adobe
2009-03-30 18:48 . 2009-03-30 18:48 -------- d-----w c:\users\Martin\AppData\Roaming\Apple Computer
2009-03-27 06:33 . 2009-03-27 06:33 -------- d-----w c:\users\All Users\Apple Computer
2009-03-27 06:33 . 2009-03-27 06:33 -------- d-----w c:\programdata\Apple Computer
2009-03-27 06:32 . 2004-02-04 11:27 49536 ----a-w c:\windows\system32\drivers\tiehdusb.sys
2009-03-27 06:32 . 2003-11-14 15:53 11520 ----a-w c:\windows\system32\drivers\wdmstub.sys
2009-03-27 06:29 . 2007-01-10 13:23 17424 ----a-w c:\windows\system32\drivers\ezusb.sys
2009-03-27 06:29 . 2006-10-18 02:29 102400 ----a-w c:\windows\system32\wdapi811.dll
2009-03-27 06:29 . 2006-10-16 00:19 194362 ----a-w c:\windows\system32\drivers\windrvr6.sys
2009-03-27 06:29 . 2005-04-18 14:03 118784 ----a-w c:\windows\system32\LabProCo.dll
2009-03-25 18:30 . 2009-03-25 19:02 69 ----a-w c:\windows\NeroDigital.ini
2009-03-25 17:04 . 2009-03-25 17:04 -------- d-----w c:\users\Martin\AppData\Roaming\Pegasys Inc
2009-03-25 15:52 . 2009-03-25 15:52 -------- d-----w c:\users\Martin\AppData\Roaming\Media Player Classic
2009-03-23 21:22 . 2009-03-25 15:48 -------- d-----w c:\users\Martin\AppData\Roaming\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 20:08 . 2008-06-27 21:12 103280 ----a-w c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-22 19:57 . 2008-06-28 18:40 31966 ----a-w c:\users\All Users\nvModes.dat
2009-04-22 19:57 . 2008-06-28 18:40 31966 ----a-w c:\programdata\nvModes.dat
2009-04-22 18:24 . 2009-04-22 18:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 18:19 . 2009-04-22 18:19 -------- d-----w c:\program files\CCleaner
2009-04-22 18:13 . 2008-08-31 18:59 -------- d-----w c:\program files\Common Files\Nero
2009-04-22 18:13 . 2008-08-31 18:59 -------- d-----w c:\programdata\Nero
2009-04-21 19:30 . 2008-06-28 12:55 -------- d-----w c:\program files\Steam
2009-04-21 05:52 . 2007-04-14 10:34 96408 ----a-w c:\windows\System32\perfc006.dat
2009-04-21 05:52 . 2007-04-14 10:34 502328 ----a-w c:\windows\System32\perfh006.dat
2009-04-20 15:41 . 2009-04-20 15:41 -------- d-----w c:\program files\VideoLAN
2009-04-18 21:33 . 2008-06-28 12:55 -------- d-----w c:\program files\Common Files\Steam
2009-04-16 14:45 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 20:06 . 2007-04-12 01:11 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 16:02 . 2008-06-28 13:27 -------- d-----w c:\users\Martin\AppData\Roaming\uTorrent
2009-04-15 13:24 . 2009-03-21 20:43 -------- d-----w c:\program files\McAfee
2009-04-10 20:27 . 2009-04-10 20:21 -------- d-----w c:\program files\Anno 1701
2009-04-10 20:21 . 2007-04-12 01:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 14:06 . 2009-04-05 14:06 -------- d-----w c:\program files\Activision Value
2009-04-04 16:09 . 2008-12-17 18:25 -------- d-----w c:\program files\Avi2Dvd
2009-04-04 16:08 . 2008-06-28 12:45 -------- d-----w c:\program files\Common Files\Adobe
2009-03-27 06:35 . 2008-07-05 14:46 -------- d-----w c:\program files\QuickTime
2009-03-27 06:33 . 2009-03-27 06:33 -------- d-----w c:\program files\Apple Software Update
2009-03-27 06:33 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infpub.dat
2009-03-27 06:33 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-27 06:33 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstor.dat
2009-03-27 06:32 . 2009-03-27 06:32 -------- d-----w c:\program files\Common Files\TI Shared
2009-03-27 06:29 . 2009-03-27 06:29 -------- d-----w c:\program files\Common Files\Vernier Software
2009-03-27 06:28 . 2009-03-27 06:28 -------- d-----w c:\program files\Vernier Software
2009-03-25 19:46 . 2009-03-23 16:33 -------- d-----w c:\program files\dvdSanta
2009-03-25 17:04 . 2008-08-10 11:59 -------- d-----w c:\program files\DivX
2009-03-25 16:59 . 2009-03-25 16:55 57 ----a-w C:\Avi2Dvd_Log.txt
2009-03-25 16:53 . 2008-07-06 11:02 -------- d-----w c:\program files\AviSynth 2.5
2009-03-25 15:48 . 2009-03-25 15:48 -------- d-----w c:\program files\XviD
2009-03-25 15:33 . 2009-03-25 15:33 -------- d-----w c:\program files\DirectVobSub
2009-03-25 15:10 . 2008-07-02 17:54 -------- d-----w c:\program files\Java
2009-03-25 09:06 . 2009-03-21 20:44 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:06 . 2009-03-21 20:44 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:06 . 2009-03-21 20:44 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:06 . 2009-01-16 19:04 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:05 . 2009-03-21 20:42 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-23 21:22 . 2009-03-23 21:22 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-23 21:22 . 2009-03-23 21:22 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-21 20:50 . 2008-09-30 16:00 -------- d-----w c:\programdata\Norton
2009-03-21 20:46 . 2008-06-28 14:18 -------- d-----w c:\programdata\McAfee
2009-03-21 20:44 . 2009-03-21 20:43 -------- d-----w c:\program files\Common Files\McAfee
2009-03-21 20:43 . 2009-03-21 20:43 -------- d-----w c:\program files\McAfee.com
2009-03-21 19:32 . 2008-12-17 20:42 -------- d-----w c:\program files\Microsoft
2009-03-17 03:38 . 2009-04-15 13:27 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 13:27 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 13:27 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-15 19:50 . 2009-03-07 18:40 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 19:50 . 2009-03-07 18:39 189784 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-15 15:25 . 2008-06-28 12:04 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-15 12:24 . 2009-03-07 18:39 75064 ----a-w c:\windows\System32\PnkBstrA.exe
2009-03-14 21:33 . 2009-03-05 18:05 22328 ----a-w c:\users\Martin\AppData\Roaming\PnkBstrK.sys
2009-03-14 21:33 . 2009-03-05 18:05 2246144 ----a-w c:\windows\System32\pbsvc.exe
2009-03-14 21:33 . 2009-03-14 21:33 -------- d-----w c:\programdata\id Software
2009-03-09 04:19 . 2008-11-23 14:47 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 . 2009-03-20 12:22 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-03-20 12:22 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-03-20 12:22 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-03-20 12:22 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-03-20 12:22 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-20 12:22 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-20 12:22 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-20 12:22 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-20 12:22 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-20 12:22 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-03-20 12:22 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-03-20 12:22 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-03-20 12:22 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-03-20 12:22 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-03-20 12:22 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-03-20 12:22 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-03-20 12:22 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-03-20 12:22 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-07 18:39 . 2009-03-07 18:39 794408 ----a-w c:\windows\System32\pbsvc[1].exe
2009-03-03 04:46 . 2009-04-15 13:27 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 13:27 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 13:27 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 13:27 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 13:27 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 13:27 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 13:27 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-15 13:27 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 13:27 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 13:27 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-01 15:36 . 2008-06-28 18:43 -------- d-----w c:\programdata\NVIDIA
2009-03-01 15:07 . 2008-12-20 18:40 -------- d--h--w c:\program files\Temp
2009-02-13 08:49 . 2009-04-15 13:27 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-15 13:27 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-12 19:24 . 2009-03-01 15:05 282112 ----a-w c:\windows\System32\RTPCEE32.dll
2009-02-12 15:52 . 2009-03-01 15:05 159232 ----a-w c:\windows\System32\FMAPO.dll
2009-02-09 03:10 . 2009-03-11 14:34 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-27 01:35 . 2008-06-28 13:18 129784 ------w c:\windows\System32\pxafs.dll
2009-01-27 01:34 . 2009-01-27 01:34 90112 ----a-w c:\windows\System32\dpl100.dll
2009-01-27 01:34 . 2009-01-27 01:34 823296 ----a-w c:\windows\System32\divx_xx0c.dll
2009-01-27 01:34 . 2009-01-27 01:34 823296 ----a-w c:\windows\System32\divx_xx07.dll
2009-01-27 01:2009-01-27 01:34 34:38 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:2009-01-27 01:34 34:38 . c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-22_20.16.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-27 21:09 . 2009-04-22 20:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-27 21:09 . 2009-04-22 20:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-27 21:09 . 2009-04-22 20:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-27 21:09 . 2009-04-22 20:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-27 21:09 . 2009-04-22 20:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-27 21:09 . 2009-04-22 20:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:47 . 2009-04-22 20:16 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-22 20:08 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-22 20:08 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-22 20:16 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"QLButton"="c:\program files\Quick Launch Button\QLButton.exe" [2005-01-06 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-18 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-18 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D91B3D38-095F-4FE4-AF71-32C0D4FDBFDC}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{9993730C-7AC1-49A7-8168-C1D92866DD9F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{CF72EB4A-5BA6-4B3B-94AA-AABAFA36B5E8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{86EF5AE1-05C5-454C-BF3C-3EAB7E163CA9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1BBF972D-F923-40DE-A52A-B179CC023E06}c:\\program files\\steam\\steamapps\\feodra\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\feodra\counter-strike source\hl2.exe:hl2
"UDP Query User{FC45DBBC-ECFD-4137-87D6-69AFAD6B0A32}c:\\program files\\steam\\steamapps\\feodra\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\feodra\counter-strike source\hl2.exe:hl2
"TCP Query User{882251D4-E1D7-4215-84FC-1530CD96E7B6}c:\\program files\\tsw\\phpcoder 2008\\tsw phpcoder.exe"= UDP:c:\program files\tsw\phpcoder 2008\tsw phpcoder.exe:TSW PhpCoder 2008
"UDP Query User{B15312E6-6C2E-4162-88D6-92E08DE01669}c:\\program files\\tsw\\phpcoder 2008\\tsw phpcoder.exe"= TCP:c:\program files\tsw\phpcoder 2008\tsw phpcoder.exe:TSW PhpCoder 2008
"{9A5494C3-43BE-4239-9240-83E3B8A592D7}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{774C4777-2C76-4AA2-996F-E3FBD932AE6B}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{5E1D8DFD-6FA8-415B-B090-E28C6DF6F22F}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{964C574F-ADAE-4174-9EC3-2143757D341A}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{E18F7B26-947E-4B7D-892F-90D1CC15F91E}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{F87E5630-3AC4-47BF-B5F8-BF9CD590D86A}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{BDBCF38E-996E-4E70-BA93-F4AEC99DE22B}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{EB4F3C49-E8E4-4220-A2C0-4F6C8A32F4DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{68B5BCD3-4C53-4F6C-9A60-60051929024B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{9EC73A19-8680-4C14-9F44-FF0099C0FAFB}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{C0CBCBB7-A5E2-4442-9D26-4A8E1407B06A}c:\\users\\martin\\desktop\\terran_demo_esrb_xvid.avi-downloader.exe"= UDP:c:\users\martin\desktop\terran_demo_esrb_xvid.avi-downloader.exe:terran_demo_esrb_xvid.avi-downloader.exe
"UDP Query User{8DF39909-5967-4AC4-BE1E-53920B057CA0}c:\\users\\martin\\desktop\\terran_demo_esrb_xvid.avi-downloader.exe"= TCP:c:\users\martin\desktop\terran_demo_esrb_xvid.avi-downloader.exe:terran_demo_esrb_xvid.avi-downloader.exe
"TCP Query User{2FB8F1AD-2903-4AC0-A463-6E7726496C85}c:\\users\\martin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\p2sc7x2l\\wrath_of_the_lich_king_en.avi-downloader[1].exe"= UDP:c:\users\martin\appdata\local\microsoft\windows\temporary internet files\content.ie5\p2sc7x2l\wrath_of_the_lich_king_en.avi-downloader[1].exe:wrath_of_the_lich_king_en.avi-downloader[1].exe
"UDP Query User{B45727F8-C573-466D-A80D-558865E7BABF}c:\\users\\martin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\p2sc7x2l\\wrath_of_the_lich_king_en.avi-downloader[1].exe"= TCP:c:\users\martin\appdata\local\microsoft\windows\temporary internet files\content.ie5\p2sc7x2l\wrath_of_the_lich_king_en.avi-downloader[1].exe:wrath_of_the_lich_king_en.avi-downloader[1].exe
"TCP Query User{6CCAB00A-7336-47E6-BBD6-F87D2AC84315}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{9ABA8411-AA3F-4E37-AFB0-A4E33F96B9EF}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{821E8E38-01CD-4B8D-9558-06AC653CF4BB}c:\\users\\martin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\p2sc7x2l\\wow-engb-installer-downloader[1].exe"= UDP:c:\users\martin\appdata\local\microsoft\windows\temporary internet files\content.ie5\p2sc7x2l\wow-engb-installer-downloader[1].exe:wow-engb-installer-downloader[1].exe
"UDP Query User{C0DFD095-590E-4EF8-B054-6F0C6D425C31}c:\\users\\martin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\p2sc7x2l\\wow-engb-installer-downloader[1].exe"= TCP:c:\users\martin\appdata\local\microsoft\windows\temporary internet files\content.ie5\p2sc7x2l\wow-engb-installer-downloader[1].exe:wow-engb-installer-downloader[1].exe
"TCP Query User{CBE4266D-508E-4536-ABD4-DD27892C5094}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{E9F782A0-64AE-4033-B0CA-6A5BFF569176}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{A1C6F4C4-355C-440E-A153-4BCE772DBFE3}c:\\program files\\steam\\steamapps\\martin_k2001@hotmail.com\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\martin_k2001@hotmail.com\half-life\hl.exe:Half-Life Launcher
"UDP Query User{DD3ED5A2-2186-4827-805A-856C4D46AAE5}c:\\program files\\steam\\steamapps\\martin_k2001@hotmail.com\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\martin_k2001@hotmail.com\half-life\hl.exe:Half-Life Launcher
"{E71F3723-34D0-4A66-9F2A-0518C6691C48}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FAF04ECA-4A4A-4FC5-A847-23C7C16B6D21}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{482F0FAD-7822-4B93-AE07-BFC7B6337C65}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{B4EFAA31-361F-46E8-9204-DAD032AD51EA}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{BBA76E77-4A5E-4C8C-8077-58B83FA60A48}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"UDP Query User{96FBBF48-BDBC-4250-B71F-9C4FE6B79081}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"TCP Query User{BFD24FCB-B849-4801-BC37-AE9438D4412A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{D1F06E71-EF19-4487-B10B-7F9CFF75D68E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{6D281D1A-F0EB-48D2-B925-BAEB4C793FD1}c:\\program files\\steam\\steamapps\\feodra\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\feodra\counter-strike source\hl2.exe:hl2
"UDP Query User{E4396718-EA7C-47BD-801D-FFC64B8EDF90}c:\\program files\\steam\\steamapps\\feodra\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\feodra\counter-strike source\hl2.exe:hl2
"TCP Query User{B7C479FC-B163-47D5-A412-9BBBEC161F4B}c:\\program files\\steam\\steamapps\\martin_k2001@hotmail.com\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\martin_k2001@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{CC7C29E3-3E41-4E95-9A97-3F07D6330845}c:\\program files\\steam\\steamapps\\martin_k2001@hotmail.com\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\martin_k2001@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{EA97EC6C-63A7-4B37-805B-C51619066346}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{55C65078-B795-433F-8BEC-8AF69830E190}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{45217BCE-17AE-487E-9F9B-4AFD27EDD977}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{948F65CA-D3DD-4DA7-AD89-99BC062F15D8}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"{0C5D9C2B-7A24-4991-AE17-C805094DFA75}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7ED16EDA-0498-40D8-985D-79188B4D2DE7}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{571E8052-8DDC-417A-B5C6-4A98D192E56C}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Windows Stifinder
"UDP Query User{C400F51D-A9AE-443F-A32F-76AC63BC8F00}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Windows Stifinder
"TCP Query User{D58F10DA-AA4F-403E-95A0-C66A9FF5A6F6}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{0BCADBA4-8545-4345-A551-9BC7561C335C}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"TCP Query User{BB6B5F50-D6D9-468D-897F-8EBB38FC2C90}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{325A622E-1FAE-42DD-A1EA-B173BB9355F3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{442A5B64-7D67-460E-A5D4-20176B78ED46}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{33648F03-8533-4F79-B500-4C0FD5545C47}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{3F4668D6-74B7-4778-BEAE-921F8D6A0338}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"UDP Query User{7799E6EA-DC8D-4AC2-B059-0ABE7FB7D195}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"TCP Query User{91D65DA0-6418-4EF7-9E8A-E966923590AA}c:\\program files\\tsw\\webcoder 2009\\tsw webcoder.exe"= UDP:c:\program files\tsw\webcoder 2009\tsw webcoder.exe:TSW WebCoder 2009
"UDP Query User{CEA9E8A3-4DDA-4634-88A8-6B7ECEC0ACA9}c:\\program files\\tsw\\webcoder 2009\\tsw webcoder.exe"= TCP:c:\program files\tsw\webcoder 2009\tsw webcoder.exe:TSW WebCoder 2009
"TCP Query User{6E4454F2-3AA6-41B2-B509-17187F25D7FE}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{9C5CDC6A-792B-4ABF-9D50-81226CB9693F}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{A1ACBBB3-18CE-4720-A51E-5068626E4C17}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{AB3D52B7-2E1D-41FB-93F7-9E18442F8FDD}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{8C14C0F5-C749-48C0-B262-FC1AE9B67CEB}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1478CA16-B4A8-492A-B7E4-A0FF0F032C13}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7B3E7EDA-3538-4183-96D9-8ACA929FB3B1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{4D01E2B7-5C13-4F73-9F99-143908613F29}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F37D9CCE-15F2-4AF8-A464-B92FD21E6FE0}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 BtHidBus;Bluetooth HID Bus Service; [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2006-11-09 37296]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [2007-03-27 5632]
R3 IvtBtBUs;IVT Bluetooth Bus Service; [x]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
R3 TridVid;Trident Analog plus Digital Video;c:\windows\system32\DRIVERS\TridVid.sys [2007-03-01 159104]
R4 3056HID;3056HID - HID Driver;c:\windows\system32\drivers\3056hid.sys [2006-08-02 17408]
R4 3252HID;3252HID - HID Driver;c:\windows\system32\drivers\3252hid.sys [2006-08-02 17408]
R4 716xHID;716xHID - PCIe HID Driver;c:\windows\system32\drivers\716xhid.sys [2006-11-17 16384]
R4 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 6.8.30.0;c:\windows\system32\drivers\bda_loader_225.sys [2006-09-22 18944]
R4 CX88IR;DTV_DVB 1027 IR Decoder;c:\windows\system32\drivers\88xbdair.sys [2007-01-18 17408]
R4 MtsHID;DTV-DVB Mantis BDA HID Driver;c:\windows\system32\drivers\mtshid.sys [2006-06-19 17408]
R4 THIR;DTV-DVB 3054 IR Decoder;c:\windows\system32\drivers\3054ir.sys [2005-12-06 17408]
R4 tridhid;tridhid - USB 2.0 HID Driver;c:\windows\system32\drivers\tridhid6010.sys [2006-11-01 12672]
R4 UDST7021HID;UDST7021HID - HID Driver;c:\windows\system32\drivers\udst7021hid.sys [2006-06-29 17408]
R4 UDTT2HID;UDTT2HID - USB 2.0 HID Driver;c:\windows\system32\drivers\udtt2hid.sys [2006-06-22 16128]
R4 UDTT7049HID;UDTT7049HID - HID Driver;c:\windows\system32\drivers\udtt7049hid.sys [2006-06-29 17408]
R4 UDXTTM6000HID;UDXTTM6000HID - HID Driver;c:\windows\system32\drivers\udxttm6000hid.sys [2006-06-29 17408]
R4 UDXTTM6010HID;UDXTTM6010HID - HID Driver;c:\windows\system32\drivers\udxttm6010hid.sys [2007-02-23 17408]
R4 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [2007-03-27 21504]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys [2004-11-30 161792]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8dc4d8-0317-11de-8016-000df0509f3a}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fd690ee-44d5-11dd-8ddc-806e6f6e6963}]
\shell\AutoRun\command - D:\SETUP.EXE
\shell\configure\command - D:\SETUP.EXE
\shell\install\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beeb19bd-4ebb-11dd-ad4b-000df0509f3a}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-21 09:53]

2009-03-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-21 09:53]
.
.
------- Yderligere scanning -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: adien.dk\www
Trusted Zone: quakelive.com\www
TCP: {66235207-84BC-476B-8592-EE7F8D3307C6} = 208.67.220.222,208.67.220.220
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\id1q9val.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 22:25
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Gennemført tid: 2009-04-22 22:26
ComboFix-quarantined-files.txt 2009-04-22 20:26
ComboFix2.txt 2009-04-22 20:17

Pre-Kørsel: 159.423.746.048 byte ledig
Post-Kørsel: 159.390.388.224 byte ledig

340 --- E O F --- 2009-04-18 11:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:39, on 22-04-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Quick Launch Button\QLButton.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QLButton] C:\Program Files\Quick Launch Button\QLButton.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.adien.dk
O15 - Trusted Zone: http://www.quakelive.com
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{66235207-84BC-476B-8592-EE7F8D3307C6}: NameServer = 208.67.220.222,208.67.220.220
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5507 bytes

Synes godt om

arkil Nybegynder

23. april 2009 - 11:41 #1

Hej.

Dine logs er rene, har det ændret noget efter du har kørt de programmer.
Hvis det ikke har hjulpet kan du prøve at afinstaller dine fildelingsprogrammer.

c:\users\Martin\AppData\Roaming\uTorrent

Synes godt om

arkil Nybegynder

23. april 2009 - 11:57 #2

How > Du skal køre Malwarebytes igen, husk så at den skal fjerne det den finder, det har du glemt.

Synes godt om

f-arn Guru

23. april 2009 - 12:18 #3

Du har vel husket at opdatere denne her:

O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

Efter hvad der står på Microsofts hjemmeside er den ikke kompatibel med IE8.

@arkil Er du sikker på denne her?: sdpiosys

Synes godt om

arkil Nybegynder

23. april 2009 - 13:04 #4

Der skal ikke være tvivl om den fil, så gør dette.
Du skal måske ændre dette for at se filen.

http://www.it-artikler.dk/2008/06/12/vis-skjulte-filer-og-mapper-i-windows-vista/

Find og upload denne fil hos Jotti eller Virustotal:
c:\windows\system32\drivers\sdpiosys.sys
http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Kopier resultatet herind i dit næste svar.

Synes godt om

arkil Nybegynder

23. april 2009 - 15:09 #5

Du kan også lige svare på dette i næste indlæg.

Du kører med noget OpenDNS, er du klar over det??

O17 - HKLM\System\CCS\Services\Tcpip\..\{66235207-84BC-476B-8592-EE7F8D3307C6}: NameServer = 208.67.220.222,208.67.220.220

Synes godt om

fedora Nybegynder

23. april 2009 - 17:15 #6

Ja, det er bevidst.

Synes godt om

arkil Nybegynder

23. april 2009 - 17:45 #7

OK, kontroller lige den fil her [23. april 2009 kl. 13:04:51.]
Lad os høre resultatet.
Husk også dette [d. 23. april 2009 kl. 11:57:29]

Synes godt om

fedora Nybegynder

23. april 2009 - 21:52 #8

Ok, jeg kommer lige med resultatet af de 2 posts i morgen, da jeg ikke får tid i aften da jeg først er kommet fra træning og skal lave noget skoleværk, så jeg håber i har tålmodighed med mig :)

Synes godt om

fedora Nybegynder

24. april 2009 - 17:35 #9

Så har jeg lavet en analyse på filen du spurgte om og det ser squ ikke helt regelmenteret ud desværre. Du får lige et link til resultatet:
http://www.virustotal.com/analisis/b1a5126199e7b72bf5f5687a30f43690

Synes godt om

fedora Nybegynder

24. april 2009 - 17:42 #10

Og angående det i Malwarebytes, så bad jeg slette den inden i programmet og filen eksisterer da heller ikke mere, men nu kører jeg den igen for et sikkerheds skyld.

Synes godt om

arkil Nybegynder

24. april 2009 - 18:10 #11

Det var godt vi fik den kontrolleret, tak f-arm.

Åbn et Notesblokvindue, kopiér indholdet med fed skrift ind i dokumentet, og gem indholdet samme sted, som Combofix ligger med navnet CFScript.txt Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

Killall::
Snapshot::
File::
c:\windows\system32\drivers\sdpiosys.sys
Rootkit::
c:\windows\system32\drivers\sdpiosys.sys
Driver::
sdpiosys

Tag så fat i den nye fil med musen, og før den hen over ikonet for Combofix, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den logfil herind.

Synes godt om

fedora Nybegynder

24. april 2009 - 18:29 #12

Den sidste log:

ComboFix 09-04-23.02 - Martin 24-04-2009 18:16.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.45.1030.18.3069.1768 [GMT 2:00]
Kører fra: c:\users\Martin\Desktop\Installs\ComboFix.exe
Kommandoer benyttet :: c:\users\Martin\Desktop\Installs\CFScript.txt
* Dannede nyt systemgendannelsespunkt

FILE ::
c:\windows\system32\drivers\sdpiosys.sys
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sdpiosys.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SDPIOSYS
-------\Service_sdpiosys

((((((((((((((((((((((((((((( Filer skabt fra 2009-03-24 til 2009-04-24 )))))))))))))))))))))))))))))))))))
.

2009-04-22 18:24 . 2009-04-22 18:24 -------- d-----w c:\users\Martin\AppData\Roaming\Malwarebytes
2009-04-22 18:24 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 18:24 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 18:24 . 2009-04-22 18:24 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-22 18:24 . 2009-04-22 18:24 -------- d-----w c:\programdata\Malwarebytes
2009-04-20 15:41 . 2009-04-20 16:07 -------- d-----w c:\users\Martin\AppData\Roaming\vlc
2009-04-17 12:12 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-10 20:28 . 2009-04-10 20:28 271360 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-04-10 20:27 . 2009-04-10 20:27 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-04-05 15:43 . 2009-04-05 15:43 -------- d-----w C:\Ny mappe
2009-04-05 14:04 . 2009-04-05 14:04 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-05 14:04 . 2009-04-05 14:04 1409 ----a-w c:\windows\QTFont.for
2009-04-05 12:44 . 2009-04-05 12:45 -------- d-----w c:\windows\system32\Adobe
2009-03-30 18:48 . 2009-03-30 18:48 -------- d-----w c:\users\Martin\AppData\Roaming\Apple Computer
2009-03-27 06:33 . 2009-03-27 06:33 -------- d-----w c:\users\All Users\Apple Computer
2009-03-27 06:33 . 2009-03-27 06:33 -------- d-----w c:\programdata\Apple Computer
2009-03-27 06:32 . 2004-02-04 11:27 49536 ----a-w c:\windows\system32\drivers\tiehdusb.sys
2009-03-27 06:32 . 2003-11-14 15:53 11520 ----a-w c:\windows\system32\drivers\wdmstub.sys
2009-03-27 06:29 . 2007-01-10 13:23 17424 ----a-w c:\windows\system32\drivers\ezusb.sys
2009-03-27 06:29 . 2006-10-18 02:29 102400 ----a-w c:\windows\system32\wdapi811.dll
2009-03-27 06:29 . 2006-10-16 00:19 194362 ----a-w c:\windows\system32\drivers\windrvr6.sys
2009-03-27 06:29 . 2005-04-18 14:03 118784 ----a-w c:\windows\system32\LabProCo.dll
2009-03-25 18:30 . 2009-03-25 19:02 69 ----a-w c:\windows\NeroDigital.ini
2009-03-25 17:04 . 2009-03-25 17:04 -------- d-----w c:\users\Martin\AppData\Roaming\Pegasys Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 16:21 . 2008-06-28 18:40 31966 ----a-w c:\users\All Users\nvModes.dat
2009-04-24 16:21 . 2008-06-28 18:40 31966 ----a-w c:\programdata\nvModes.dat
2009-04-22 20:28 . 2009-04-22 20:28 -------- d-----w c:\program files\Trend Micro
2009-04-22 20:08 . 2008-06-27 21:12 103280 ----a-w c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-22 18:24 . 2009-04-22 18:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 18:19 . 2009-04-22 18:19 -------- d-----w c:\program files\CCleaner
2009-04-22 18:13 . 2008-08-31 18:59 -------- d-----w c:\program files\Common Files\Nero
2009-04-22 18:13 . 2008-08-31 18:59 -------- d-----w c:\programdata\Nero
2009-04-21 19:30 . 2008-06-28 12:55 -------- d-----w c:\program files\Steam
2009-04-21 05:52 . 2007-04-14 10:34 96408 ----a-w c:\windows\System32\perfc006.dat
2009-04-21 05:52 . 2007-04-14 10:34 502328 ----a-w c:\windows\System32\perfh006.dat
2009-04-20 15:41 . 2009-04-20 15:41 -------- d-----w c:\program files\VideoLAN
2009-04-18 21:33 . 2008-06-28 12:55 -------- d-----w c:\program files\Common Files\Steam
2009-04-16 14:45 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 20:06 . 2007-04-12 01:11 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 16:02 . 2008-06-28 13:27 -------- d-----w c:\users\Martin\AppData\Roaming\uTorrent
2009-04-15 13:24 . 2009-03-21 20:43 -------- d-----w c:\program files\McAfee
2009-04-10 20:27 . 2009-04-10 20:21 -------- d-----w c:\program files\Anno 1701
2009-04-10 20:21 . 2007-04-12 01:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 14:06 . 2009-04-05 14:06 -------- d-----w c:\program files\Activision Value
2009-04-04 16:09 . 2008-12-17 18:25 -------- d-----w c:\program files\Avi2Dvd
2009-04-04 16:08 . 2008-06-28 12:45 -------- d-----w c:\program files\Common Files\Adobe
2009-03-27 06:35 . 2008-07-05 14:46 -------- d-----w c:\program files\QuickTime
2009-03-27 06:33 . 2009-03-27 06:33 -------- d-----w c:\program files\Apple Software Update
2009-03-27 06:33 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infpub.dat
2009-03-27 06:33 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-27 06:33 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstor.dat
2009-03-27 06:32 . 2009-03-27 06:32 -------- d-----w c:\program files\Common Files\TI Shared
2009-03-27 06:29 . 2009-03-27 06:29 -------- d-----w c:\program files\Common Files\Vernier Software
2009-03-27 06:28 . 2009-03-27 06:28 -------- d-----w c:\program files\Vernier Software
2009-03-25 19:46 . 2009-03-23 16:33 -------- d-----w c:\program files\dvdSanta
2009-03-25 17:04 . 2008-08-10 11:59 -------- d-----w c:\program files\DivX
2009-03-25 16:59 . 2009-03-25 16:55 57 ----a-w C:\Avi2Dvd_Log.txt
2009-03-25 16:53 . 2008-07-06 11:02 -------- d-----w c:\program files\AviSynth 2.5
2009-03-25 15:52 . 2009-03-25 15:52 -------- d-----w c:\users\Martin\AppData\Roaming\Media Player Classic
2009-03-25 15:48 . 2009-03-23 21:22 -------- d-----w c:\users\Martin\AppData\Roaming\DivX
2009-03-25 15:48 . 2009-03-25 15:48 -------- d-----w c:\program files\XviD
2009-03-25 15:33 . 2009-03-25 15:33 -------- d-----w c:\program files\DirectVobSub
2009-03-25 15:10 . 2008-07-02 17:54 -------- d-----w c:\program files\Java
2009-03-25 09:06 . 2009-03-21 20:44 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:06 . 2009-03-21 20:44 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:06 . 2009-03-21 20:44 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:06 . 2009-01-16 19:04 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:05 . 2009-03-21 20:42 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-23 21:22 . 2009-03-23 21:22 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-23 21:22 . 2009-03-23 21:22 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-21 20:50 . 2008-09-30 16:00 -------- d-----w c:\programdata\Norton
2009-03-21 20:46 . 2008-06-28 14:18 -------- d-----w c:\programdata\McAfee
2009-03-21 20:44 . 2009-03-21 20:43 -------- d-----w c:\program files\Common Files\McAfee
2009-03-21 20:43 . 2009-03-21 20:43 -------- d-----w c:\program files\McAfee.com
2009-03-21 19:32 . 2008-12-17 20:42 -------- d-----w c:\program files\Microsoft
2009-03-17 03:38 . 2009-04-15 13:27 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 13:27 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 13:27 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-15 19:50 . 2009-03-07 18:40 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 19:50 . 2009-03-07 18:39 189784 ----a-w c:\windows\System32\PnkBstrB.exe
2009-03-15 15:25 . 2008-06-28 12:04 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-15 12:24 . 2009-03-07 18:39 75064 ----a-w c:\windows\System32\PnkBstrA.exe
2009-03-14 21:33 . 2009-03-05 18:05 22328 ----a-w c:\users\Martin\AppData\Roaming\PnkBstrK.sys
2009-03-14 21:33 . 2009-03-05 18:05 2246144 ----a-w c:\windows\System32\pbsvc.exe
2009-03-14 21:33 . 2009-03-14 21:33 -------- d-----w c:\programdata\id Software
2009-03-09 04:19 . 2008-11-23 14:47 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 . 2009-03-20 12:22 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-03-20 12:22 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-03-20 12:22 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-03-20 12:22 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-03-20 12:22 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-20 12:22 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-20 12:22 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-20 12:22 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-20 12:22 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-20 12:22 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-03-20 12:22 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-03-20 12:22 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-03-20 12:22 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-03-20 12:22 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-03-20 12:22 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-03-20 12:22 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-03-20 12:22 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-03-20 12:22 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-07 18:39 . 2009-03-07 18:39 794408 ----a-w c:\windows\System32\pbsvc[1].exe
2009-03-03 04:46 . 2009-04-15 13:27 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 13:27 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 13:27 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 13:27 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 13:27 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 13:27 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 13:27 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-15 13:27 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 13:27 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 13:27 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-01 15:36 . 2008-06-28 18:43 -------- d-----w c:\programdata\NVIDIA
2009-03-01 15:07 . 2008-12-20 18:40 -------- d--h--w c:\program files\Temp
2009-02-13 08:49 . 2009-04-15 13:27 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-15 13:27 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-12 19:24 . 2009-03-01 15:05 282112 ----a-w c:\windows\System32\RTPCEE32.dll
2009-02-12 15:52 . 2009-03-01 15:05 159232 ----a-w c:\windows\System32\FMAPO.dll
2009-02-09 03:10 . 2009-03-11 14:34 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-27 01:35 . 2008-06-28 13:18 129784 ------w c:\windows\System32\pxafs.dll
2009-01-27 01:2009-01-27 01:34 34:38 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:2009-01-27 01:34 34:38 . c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"QLButton"="c:\program files\Quick Launch Button\QLButton.exe" [2005-01-06 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-18 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-18 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D91B3D38-095F-4FE4-AF71-32C0D4FDBFDC}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{9993730C-7AC1-49A7-8168-C1D92866DD9F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{CF72EB4A-5BA6-4B3B-94AA-AABAFA36B5E8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{86EF5AE1-05C5-454C-BF3C-3EAB7E163CA9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1BBF972D-F923-40DE-A52A-B179CC023E06}c:\\program files\\steam\\steamapps\\feodra\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\feodra\counter-strike source\hl2.exe:hl2
"UDP Query User{FC45DBBC-ECFD-4137-87D6-69AFAD6B0A32}c:\\program files\\steam\\steamapps\\feodra\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\feodra\counter-strike source\hl2.exe:hl2
"TCP Query User{882251D4-E1D7-4215-84FC-1530CD96E7B6}c:\\program files\\tsw\\phpcoder 2008\\tsw phpcoder.exe"= UDP:c:\program files\tsw\phpcoder 2008\tsw phpcoder.exe:TSW PhpCoder 2008
"UDP Query User{B15312E6-6C2E-4162-88D6-92E08DE01669}c:\\program files\\tsw\\phpcoder 2008\\tsw phpcoder.exe"= TCP:c:\program files\tsw\phpcoder 2008\tsw phpcoder.exe:TSW PhpCoder 2008
"{9A5494C3-43BE-4239-9240-83E3B8A592D7}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{774C4777-2C76-4AA2-996F-E3FBD932AE6B}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{5E1D8DFD-6FA8-415B-B090-E28C6DF6F22F}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{964C574F-ADAE-4174-9EC3-2143757D341A}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{E18F7B26-947E-4B7D-892F-90D1CC15F91E}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{F87E5630-3AC4-47BF-B5F8-BF9CD590D86A}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{BDBCF38E-996E-4E70-BA93-F4AEC99DE22B}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{EB4F3C49-E8E4-4220-A2C0-4F6C8A32F4DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{68B5BCD3-4C53-4F6C-9A60-60051929024B}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{9EC73A19-8680-4C14-9F44-FF0099C0FAFB}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{C0CBCBB7-A5E2-4442-9D26-4A8E1407B06A}c:\\users\\martin\\desktop\\terran_demo_esrb_xvid.avi-downloader.exe"= UDP:c:\users\martin\desktop\terran_demo_esrb_xvid.avi-downloader.exe:terran_demo_esrb_xvid.avi-downloader.exe
"UDP Query User{8DF39909-5967-4AC4-BE1E-53920B057CA0}c:\\users\\martin\\desktop\\terran_demo_esrb_xvid.avi-downloader.exe"= TCP:c:\users\martin\desktop\terran_demo_esrb_xvid.avi-downloader.exe:terran_demo_esrb_xvid.avi-downloader.exe
"TCP Query User{2FB8F1AD-2903-4AC0-A463-6E7726496C85}c:\\users\\martin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\p2sc7x2l\\wrath_of_the_lich_king_en.avi-downloader[1].exe"= UDP:c:\users\martin\appdata\local\microsoft\windows\temporary internet files\content.ie5\p2sc7x2l\wrath_of_the_lich_king_en.avi-downloader[1].exe:wrath_of_the_lich_king_en.avi-downloader[1].exe
"UDP Query User{B45727F8-C573-466D-A80D-558865E7BABF}c:\\users\\martin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\p2sc7x2l\\wrath_of_the_lich_king_en.avi-downloader[1].exe"= TCP:c:\users\martin\appdata\local\microsoft\windows\temporary internet files\content.ie5\p2sc7x2l\wrath_of_the_lich_king_en.avi-downloader[1].exe:wrath_of_the_lich_king_en.avi-downloader[1].exe
"TCP Query User{6CCAB00A-7336-47E6-BBD6-F87D2AC84315}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{9ABA8411-AA3F-4E37-AFB0-A4E33F96B9EF}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{821E8E38-01CD-4B8D-9558-06AC653CF4BB}c:\\users\\martin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\p2sc7x2l\\wow-engb-installer-downloader[1].exe"= UDP:c:\users\martin\appdata\local\microsoft\windows\temporary internet files\content.ie5\p2sc7x2l\wow-engb-installer-downloader[1].exe:wow-engb-installer-downloader[1].exe
"UDP Query User{C0DFD095-590E-4EF8-B054-6F0C6D425C31}c:\\users\\martin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\p2sc7x2l\\wow-engb-installer-downloader[1].exe"= TCP:c:\users\martin\appdata\local\microsoft\windows\temporary internet files\content.ie5\p2sc7x2l\wow-engb-installer-downloader[1].exe:wow-engb-installer-downloader[1].exe
"TCP Query User{CBE4266D-508E-4536-ABD4-DD27892C5094}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{E9F782A0-64AE-4033-B0CA-6A5BFF569176}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{A1C6F4C4-355C-440E-A153-4BCE772DBFE3}c:\\program files\\steam\\steamapps\\martin_k2001@hotmail.com\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\martin_k2001@hotmail.com\half-life\hl.exe:Half-Life Launcher
"UDP Query User{DD3ED5A2-2186-4827-805A-856C4D46AAE5}c:\\program files\\steam\\steamapps\\martin_k2001@hotmail.com\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\martin_k2001@hotmail.com\half-life\hl.exe:Half-Life Launcher
"{E71F3723-34D0-4A66-9F2A-0518C6691C48}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FAF04ECA-4A4A-4FC5-A847-23C7C16B6D21}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{482F0FAD-7822-4B93-AE07-BFC7B6337C65}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{B4EFAA31-361F-46E8-9204-DAD032AD51EA}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{BBA76E77-4A5E-4C8C-8077-58B83FA60A48}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"UDP Query User{96FBBF48-BDBC-4250-B71F-9C4FE6B79081}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"TCP Query User{BFD24FCB-B849-4801-BC37-AE9438D4412A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{D1F06E71-EF19-4487-B10B-7F9CFF75D68E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{6D281D1A-F0EB-48D2-B925-BAEB4C793FD1}c:\\program files\\steam\\steamapps\\feodra\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\feodra\counter-strike source\hl2.exe:hl2
"UDP Query User{E4396718-EA7C-47BD-801D-FFC64B8EDF90}c:\\program files\\steam\\steamapps\\feodra\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\feodra\counter-strike source\hl2.exe:hl2
"TCP Query User{B7C479FC-B163-47D5-A412-9BBBEC161F4B}c:\\program files\\steam\\steamapps\\martin_k2001@hotmail.com\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\martin_k2001@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{CC7C29E3-3E41-4E95-9A97-3F07D6330845}c:\\program files\\steam\\steamapps\\martin_k2001@hotmail.com\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\martin_k2001@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{EA97EC6C-63A7-4B37-805B-C51619066346}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{55C65078-B795-433F-8BEC-8AF69830E190}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{45217BCE-17AE-487E-9F9B-4AFD27EDD977}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{948F65CA-D3DD-4DA7-AD89-99BC062F15D8}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"{0C5D9C2B-7A24-4991-AE17-C805094DFA75}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7ED16EDA-0498-40D8-985D-79188B4D2DE7}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{571E8052-8DDC-417A-B5C6-4A98D192E56C}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Windows Stifinder
"UDP Query User{C400F51D-A9AE-443F-A32F-76AC63BC8F00}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Windows Stifinder
"TCP Query User{D58F10DA-AA4F-403E-95A0-C66A9FF5A6F6}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{0BCADBA4-8545-4345-A551-9BC7561C335C}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"TCP Query User{BB6B5F50-D6D9-468D-897F-8EBB38FC2C90}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{325A622E-1FAE-42DD-A1EA-B173BB9355F3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{442A5B64-7D67-460E-A5D4-20176B78ED46}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{33648F03-8533-4F79-B500-4C0FD5545C47}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{3F4668D6-74B7-4778-BEAE-921F8D6A0338}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"UDP Query User{7799E6EA-DC8D-4AC2-B059-0ABE7FB7D195}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"TCP Query User{91D65DA0-6418-4EF7-9E8A-E966923590AA}c:\\program files\\tsw\\webcoder 2009\\tsw webcoder.exe"= UDP:c:\program files\tsw\webcoder 2009\tsw webcoder.exe:TSW WebCoder 2009
"UDP Query User{CEA9E8A3-4DDA-4634-88A8-6B7ECEC0ACA9}c:\\program files\\tsw\\webcoder 2009\\tsw webcoder.exe"= TCP:c:\program files\tsw\webcoder 2009\tsw webcoder.exe:TSW WebCoder 2009
"TCP Query User{6E4454F2-3AA6-41B2-B509-17187F25D7FE}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{9C5CDC6A-792B-4ABF-9D50-81226CB9693F}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{A1ACBBB3-18CE-4720-A51E-5068626E4C17}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{AB3D52B7-2E1D-41FB-93F7-9E18442F8FDD}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{8C14C0F5-C749-48C0-B262-FC1AE9B67CEB}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1478CA16-B4A8-492A-B7E4-A0FF0F032C13}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7B3E7EDA-3538-4183-96D9-8ACA929FB3B1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{4D01E2B7-5C13-4F73-9F99-143908613F29}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F37D9CCE-15F2-4AF8-A464-B92FD21E6FE0}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 BtHidBus;Bluetooth HID Bus Service; [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2006-11-09 37296]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [2007-03-27 5632]
R3 IvtBtBUs;IVT Bluetooth Bus Service; [x]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
R3 TridVid;Trident Analog plus Digital Video;c:\windows\system32\DRIVERS\TridVid.sys [2007-03-01 159104]
R4 3056HID;3056HID - HID Driver;c:\windows\system32\drivers\3056hid.sys [2006-08-02 17408]
R4 3252HID;3252HID - HID Driver;c:\windows\system32\drivers\3252hid.sys [2006-08-02 17408]
R4 716xHID;716xHID - PCIe HID Driver;c:\windows\system32\drivers\716xhid.sys [2006-11-17 16384]
R4 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 6.8.30.0;c:\windows\system32\drivers\bda_loader_225.sys [2006-09-22 18944]
R4 CX88IR;DTV_DVB 1027 IR Decoder;c:\windows\system32\drivers\88xbdair.sys [2007-01-18 17408]
R4 MtsHID;DTV-DVB Mantis BDA HID Driver;c:\windows\system32\drivers\mtshid.sys [2006-06-19 17408]
R4 THIR;DTV-DVB 3054 IR Decoder;c:\windows\system32\drivers\3054ir.sys [2005-12-06 17408]
R4 tridhid;tridhid - USB 2.0 HID Driver;c:\windows\system32\drivers\tridhid6010.sys [2006-11-01 12672]
R4 UDST7021HID;UDST7021HID - HID Driver;c:\windows\system32\drivers\udst7021hid.sys [2006-06-29 17408]
R4 UDTT2HID;UDTT2HID - USB 2.0 HID Driver;c:\windows\system32\drivers\udtt2hid.sys [2006-06-22 16128]
R4 UDTT7049HID;UDTT7049HID - HID Driver;c:\windows\system32\drivers\udtt7049hid.sys [2006-06-29 17408]
R4 UDXTTM6000HID;UDXTTM6000HID - HID Driver;c:\windows\system32\drivers\udxttm6000hid.sys [2006-06-29 17408]
R4 UDXTTM6010HID;UDXTTM6010HID - HID Driver;c:\windows\system32\drivers\udxttm6010hid.sys [2007-02-23 17408]
R4 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [2007-03-27 21504]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

--- Andre Services/Drivers i Hukommelsen ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8dc4d8-0317-11de-8016-000df0509f3a}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fd690ee-44d5-11dd-8ddc-806e6f6e6963}]
\shell\AutoRun\command - D:\SETUP.EXE
\shell\configure\command - D:\SETUP.EXE
\shell\install\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beeb19bd-4ebb-11dd-ad4b-000df0509f3a}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-21 09:53]

2009-03-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-21 09:53]
.
.
------- Yderligere scanning -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: adien.dk\www
Trusted Zone: quakelive.com\www
TCP: {66235207-84BC-476B-8592-EE7F8D3307C6} = 208.67.220.222,208.67.220.220
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\id1q9val.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 18:21
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

[0] 0x73657265

scanner skjulte autostarter ...

scanner skjulte filer ...

c:\users\Martin\AppData\Local\Temp\Cab3A22.tmp
c:\users\Martin\AppData\Local\Temp\Tar3A23.tmp
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\martin@c.live[3].txt 68 bytes
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Cookies\martin@c.msn[3].txt 67 bytes

scanning gennemført med succes
skjulte filer: 4

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\conime.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
.
**************************************************************************
.
Gennemført tid: 2009-04-24 18:26 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-04-24 16:26
ComboFix2.txt 2009-04-22 20:26
ComboFix3.txt 2009-04-22 20:17

Pre-Kørsel: 162.734.800.896 byte ledig
Post-Kørsel: 162.799.329.280 byte ledig

363 --- E O F --- 2009-04-18 11:02

Synes godt om

arkil Nybegynder

24. april 2009 - 18:57 #13

Det ser godt ud nu, har det hjulpet på problemet.
Hvis ikke kunne du jo overveje at gå tilbage til IE 7,0.
Jeg ved der er flere der har problemer med 8,0 og er gået tilbage. Du kan læse om "Forhindring af datakørsel" her.

http://windowshelp.microsoft.com/Windows/da-DK/help/186de3d0-01af-4d4c-981d-674637d2f4bf1030.mspx

Synes godt om

fedora Nybegynder

24. april 2009 - 19:02 #14

Umiddelbart virker der som om det har hjulpet. Nu kommer det ihvertfald ikke mere ved den første kørsel af IE. Så jeg siger mange tak. Læg et svar så du kan få dine point.

Synes godt om

arkil Nybegynder

24. april 2009 - 19:09 #15

Du er velkommen en anden gang.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
pop up black friday Af Malm i Virus	3	I går 20:49	I dag 01:12
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS