Søk i nettsamfunnet

Søkefiltre


 Søkefiltre

Innhold merket 'smart data recovery infeksjon'

Fant 1 resultat


Resultater

  1. Her er to av loggene som jeg trenger hjelp til å analysere:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:39:55, on 04.08.2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programfiler\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
    C:\Programfiler\Java\jre6\bin\jqs.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
    C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Programfiler\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
    C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
    C:\Programfiler\Fellesfiler\PC Tools\Outlook Express API\Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programfiler\OpenOffice.org 3\program\soffice.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Programfiler\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\HJT\test.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programfiler\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - (no file)
    O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPoX\USDM\USDM.EXE" "5000"
    O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [hpqSRMon] C:\Programfiler\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Nektra OEAPI] C:\Programfiler\Fellesfiler\PC Tools\Outlook Express API\Launcher.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Aktivere Labtec trådløs skrivebordsløsning.lnk = ?
    O4 - Global Startup: ATI CATALYST-systemstatusfelt.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Personal.lnk = C:\Programfiler\Personal\bin\Personal.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Pro Magic Plus.lnk = C:\WASAY\PROMAGIC\PlusStart.exe
    O4 - Global Startup: Windows Search.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: Vis eller skjul HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programfiler\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1339178396937
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.m...ash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
    O23 - Service: Google-oppdatering-tjenesten (gupdatem) (gupdatem) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
    O23 - Service: WasayPMsv - Unknown owner - C:\WASAY\PROMAGIC\wspmsv.exe

    --
    End of file - 8924 bytes


    ComboFix 12-08-04.02 - Solveig Stokkevåg 04.08.2012 14:11:14.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2046.1496 [GMT 2:00]
    Kjører fra: c:\documents and settings\Solveig Stokkevåg\Skrivebord\ComboFix.exe
    .
    ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
    .
    .
    ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-07-04 til 2012-08-04 )))))))))))))))))))))))))))))))))
    .
    .
    2012-08-04 12:06 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Windows Defender\Definition Updates\{040130A4-CD96-411D-AA5A-74E373B1C33B}\mpengine.dll
    2012-08-04 12:05 . 2012-08-04 12:05 -------- d-----w- c:\windows\LastGood
    2012-08-03 12:10 . 2012-08-03 12:10 -------- d-----w- c:\documents and settings\All Users\Programdata\F-Secure uninstallationtool
    2012-08-02 09:57 . 2012-08-02 09:57 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Lokale innstillinger\Programdata\VS Revo Group
    2012-08-02 09:57 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-08-01 20:21 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-01 20:00 . 2012-08-01 20:00 -------- d-----w- c:\programfiler\CCleaner
    2012-07-14 18:57 . 2012-07-14 18:57 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Programdata\ElevatedDiagnostics
    2012-07-14 18:03 . 2012-07-15 16:02 9226440 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-07-09 15:38 . 2012-07-09 15:38 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Programdata\TestApp
    2012-07-09 14:49 . 2012-07-15 14:30 -------- d-----w- c:\windows\system32\MpEngineStore
    2012-07-09 12:17 . 2012-08-02 18:08 -------- d-----r- c:\documents and settings\Solveig Stokkevåg\Siste
    2012-07-08 19:26 . 2012-08-01 20:16 -------- d-----w- c:\documents and settings\Administrator
    2012-07-08 14:54 . 2012-02-24 08:35 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-07-08 14:53 . 2012-07-14 17:57 -------- d-----w- c:\programfiler\Fellesfiler\PC Tools
    2012-07-08 14:53 . 2012-07-09 15:44 -------- d-----w- c:\documents and settings\All Users\Programdata\PC Tools
    2012-07-08 14:33 . 2012-07-08 18:42 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Programdata\GetRightToGo
    2012-07-08 14:12 . 2012-07-08 14:12 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Programdata\Malwarebytes
    2012-07-08 14:12 . 2012-07-08 14:12 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-09 15:58 . 2005-11-02 12:47 90112 ----a-w- c:\windows\DUMP29cf.tmp
    2012-06-29 08:44 . 2007-01-03 19:52 6891424 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-06-10 08:45 . 2012-03-31 07:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-10 08:45 . 2011-06-05 12:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-08 08:12 . 2012-06-08 08:12 23510720 ----a-w- C:\dotnetfx.exe
    2012-06-02 13:19 . 2006-04-14 19:47 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 13:19 . 2006-04-14 19:47 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 13:19 . 2006-04-14 19:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 13:19 . 2006-04-14 19:47 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 13:19 . 2006-04-14 19:47 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 13:19 . 2007-06-19 18:20 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 13:19 . 2006-04-14 19:47 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 13:19 . 2007-06-19 18:20 23064 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 13:19 . 2007-06-19 18:20 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 13:19 . 2007-06-19 18:20 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 13:19 . 2006-04-14 19:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 13:18 . 2012-06-09 07:05 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 13:18 . 2012-06-09 07:04 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 13:18 . 2009-08-06 17:23 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2004-08-04 12:00 600064 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-31 10:25 . 2009-10-02 19:55 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-16 15:09 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:55 . 2004-08-04 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-13 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-13 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:39 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-09 07:51 . 2009-07-22 19:58 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2009-08-20 11:34 . 2009-08-20 11:34 9811968 ----a-w- c:\programfiler\openofficeorg31.msi
    2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\programfiler\instmsiw.exe
    2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\programfiler\instmsia.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-04_10.14.37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-04 12:02 . 2012-08-04 12:02 16384 c:\windows\temp\Perflib_Perfdata_76c.dat
    .
    (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]
    "NBJ"="c:\programfiler\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-05 61440]
    "SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
    "EPoXUSDM"="c:\program files\EPoX\USDM\USDM.EXE" [2005-02-04 1295360]
    "D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
    "ANIWZCS2Service"="c:\programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
    "SSBkgdUpdate"="c:\programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
    "OpwareSE4"="c:\programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
    "hpqSRMon"="c:\programfiler\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Nektra OEAPI"="c:\programfiler\Fellesfiler\PC Tools\Outlook Express API\Launcher.exe" [2011-08-26 52224]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
    .
    c:\documents and settings\Solveig Stokkevåg\Start-meny\Programmer\Oppstart\
    OpenOffice.org 3.3.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
    Aktivere Labtec trådløs skrivebordsløsning.lnk - c:\programfiler\Labtec trådløs skrivebordsløsning\MagicKey.exe [2006-4-15 258048]
    ATI CATALYST-systemstatusfelt.lnk - c:\programfiler\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]
    HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    Personal.lnk - c:\programfiler\Personal\bin\Personal.exe [2011-10-3 1087896]
    Picture Package Menu.lnk - c:\programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-2-2 151552]
    Picture Package VCD Maker.lnk - c:\programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-2-2 106496]
    Pro Magic Plus.lnk - c:\wasay\PROMAGIC\PlusStart.exe [2006-4-15 28672]
    Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Programfiler\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
    .
    R0 DiskFilt;DiskFilt;c:\windows\system32\drivers\DISKFILT.SYS [15.04.2006 00:14 8224]
    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [15.04.2006 00:55 11776]
    R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]
    S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [30.01.2010 12:18 135664]
    S2 WasayPMsv;WasayPMsv;c:\wasay\PROMAGIC\wspmsv.exe [15.04.2006 00:14 32768]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31.03.2012 09:25 257224]
    S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\programfiler\Google\Update\GoogleUpdate.exe [30.01.2010 12:18 135664]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [02.08.2012 11:57 27064]
    S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys --> c:\windows\system32\DRIVERS\wtsmpadap.sys [?]
    S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys --> c:\windows\system32\DRIVERS\wtsmpflt.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
    .
    2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:45]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 10:18]
    .
    2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 10:18]
    .
    2012-08-04 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
    .
    .
    ------- Tilleggsskanning -------
    .
    uStart Page = hxxp://www.google.no/
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-04 14:22
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    skanner skjulte prosesser ...
    .
    skanner skjulte autostart-oppføringer ...
    .
    skanner skjulte filer ...
    .
    skanning vellykket
    skjulte filer: 0
    .
    **************************************************************************
    .
    --------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
    .
    - - - - - - - > 'winlogon.exe'(556)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(1664)
    c:\programfiler\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Tidspunkt ferdig: 2012-08-04 14:27:07
    ComboFix-quarantined-files.txt 2012-08-04 12:27
    ComboFix2.txt 2012-08-04 10:18
    .
    Pre-Run: 9 776 812 032 byte ledig
    Post-Run: 11 351 805 952 byte ledig
    .
    - - End Of File - - 2DE15B305CAE8452C4364C3C381A648C

    Finner plutselig ikke igjen Malwarebytes. Kommer med den loggen senere.
    Neste logg: