Logger til analyse - Rootkit?

3 innlegg i emnet

Skrevet

Har en regnøkkel som er umulig å bli kvitt... Kommer opp som rootkit i Comodo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version

Stammer nok fra noe Adobe CS5-programmer.

Prøvd å fjerne utenfor Windows, RegAssassin, RootKitRevealer starter ikke...

Får se om dere finner noe.

HJT:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:42:49, on 21.06.2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

M:\Programmer\MSI Afterburner\MSIAfterburnerSetup210\MSIAfterburnerSetup210\MSIAfterburner.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Saitek\DirectOutput\DirectOutputManager.exe

C:\Program Files (x86)\Saitek\Software\ProfilerU.exe

D:\AntiVirus\Zone Alarm Firewall\ZoneAlarm\zlclient.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

M:\Programmer\Acronis Disk Monitor\DriveMonitor\DriveMonitor\adm_tray.exe

M:\Programmer\MSI Afterburner\MSIAfterburnerSetup210\MSIAfterburnerSetup210\Bundle\OSDServer\RTSS.exe

C:\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - M:\Programmer\Orbit Downloader\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - M:\PROGRA~1\MSOFFI~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - M:\Programmer\Orbit Downloader\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [DirectOutput] C:\Program Files (x86)\Saitek\DirectOutput\DirectOutputManager.exe

O4 - HKLM\..\Run: [Profiler] C:\Program Files (x86)\Saitek\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files (x86)\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\AntiVirus\Zone Alarm Firewall\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [adm_tray.exe] M:\Programmer\Acronis Disk Monitor\DriveMonitor\DriveMonitor\adm_tray.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\AntiVirus\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\AntiVirus\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\AntiVirus\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Download by Orbit - res://M:\Programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://M:\Programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://M:\Programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://M:\Programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://M:\PROGRA~1\MSOFFI~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd til OneNote - res://M:\PROGRA~1\MSOFFI~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\Programmer\MS Office 2010\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\Programmer\MS Office 2010\Office14\ONBttnIE.dll

O9 - Extra button: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - M:\Programmer\MS Office 2010\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - M:\Programmer\MS Office 2010\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: m:\programmer\vmware\workstation\program\vsocklib.dll

O10 - Unknown file in Winsock LSP: m:\programmer\vmware\workstation\program\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted IP range: http://192.168.1.1

O15 - ESC Trusted IP range: http://192.168.1.1

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

O16 - DPF: {58607669-90BF-465D-86ED-077746100F4C} (BrowserPlugin Class) - http://cache.finn.no/auximg/bp/58607669-90bf-465d-86ed-077746100f4c.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1294052940991

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{41F0D486-46D9-4E4B-A54F-D2A203EAE0F6}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{73747D7A-C134-4240-824E-A8A144BA1C7B}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\AntiVirus\Comodo Anti Virus\Program\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - D:\AntiVirus\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - M:\Programmer\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - M:\Programmer\TightVNC\tvnserver.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UsbClientService - Unknown owner - M:\Programmer\Synology Assistant\Assistant\UsbClientService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11828 bytes

Combofix:

ComboFix 11-06-21.02 - Kakeshoma 21.06.2011 17:36:07.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.47.1033.18.6141.4479 [GMT 2:00]

Kjører fra: c:\users\Kakeshoma\Desktop\ComboFix.exe

AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Opprettet nytt gjenopprettingspunkt

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2011-05-21 til 2011-06-21 )))))))))))))))))))))))))))))))))

.

.

2011-06-21 15:38 . 2011-06-21 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-21 15:33 . 2011-06-21 15:35 -------- d-----w- C:\32788R22FWJFW

2011-06-21 15:25 . 2011-06-21 15:25 -------- d-----w- c:\users\Kakeshoma\AppData\Roaming\Malwarebytes

2011-06-21 15:24 . 2011-06-21 15:24 -------- d-----w- c:\programdata\Malwarebytes

2011-06-21 15:24 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-21 15:24 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-21 14:57 . 2011-06-21 14:57 181064 ----a-w- c:\windows\PSEXESVC.EXE

2011-06-21 10:52 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADFF03FF-D160-4814-813C-2499CBFD5B61}\mpengine.dll

2011-06-20 19:16 . 2011-06-20 19:16 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-06-20 19:16 . 2011-06-20 19:16 -------- d-----w- c:\users\Kakeshoma\AppData\Roaming\B1B7D053-F2D8-4E03-9EDA-D1D61F7B4056

2011-06-20 19:16 . 2011-06-20 19:16 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-06-20 19:16 . 2011-06-20 19:16 970336 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-06-18 21:22 . 2011-06-18 21:22 -------- d-----w- c:\programdata\Comodo Downloader

2011-06-14 20:01 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-14 20:01 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-14 20:01 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-14 20:01 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-06-14 20:01 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-14 20:01 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-14 20:01 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys

2011-06-14 20:01 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-14 20:01 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-14 20:01 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-14 20:01 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-14 20:01 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-14 20:01 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll

2011-06-01 23:08 . 2011-06-01 23:08 -------- d-----w- c:\program files (x86)\Spirent Communications

2011-06-01 23:08 . 2011-06-01 23:08 -------- d-----w- c:\program files (x86)\HTC

2011-06-01 21:26 . 2011-06-01 21:26 -------- d-----w- c:\programdata\ProcessLasso

2011-06-01 21:25 . 2011-06-21 14:18 -------- d-----w- c:\users\Kakeshoma\AppData\Roaming\ProcessLasso

2011-06-01 19:32 . 2011-06-01 19:32 -------- d-----w- c:\program files (x86)\Electronic Arts

2011-06-01 17:37 . 2011-06-21 14:30 -------- d-----w- c:\programdata\NVIDIA

2011-06-01 17:37 . 2011-05-25 06:09 1016936 ----a-w- c:\windows\system32\nvvsvc.exe

2011-06-01 17:37 . 2011-05-25 06:09 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-06-01 17:37 . 2011-05-25 06:09 3040872 ----a-w- c:\windows\system32\nvsvc64.dll

2011-06-01 17:37 . 2011-05-25 06:09 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-06-01 17:37 . 2011-05-25 06:09 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-06-01 17:37 . 2011-05-25 06:09 6300776 ----a-w- c:\windows\system32\nvcpl.dll

2011-06-01 17:37 . 2011-06-01 17:37 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-05-31 14:10 . 2011-05-31 14:10 -------- d-----w- c:\programdata\PDVD

2011-05-31 14:09 . 2011-05-31 14:09 -------- d-----w- c:\users\Kakeshoma\AppData\Local\MediaServer

2011-05-31 14:08 . 2011-05-31 14:10 -------- d-----w- c:\programdata\install_clap

2011-05-30 17:22 . 2011-05-30 17:22 -------- d-----w- c:\users\Kakeshoma\AppData\Roaming\Digiarty

2011-05-26 21:24 . 2009-12-21 15:39 51712 ----a-w- c:\windows\system32\drivers\RtTeam60.sys

2011-05-26 21:24 . 2009-07-20 02:27 27136 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys

2011-05-26 21:24 . 2007-12-03 02:20 24064 ----a-w- c:\windows\system32\drivers\RtVlan60.sys

2011-05-25 19:02 . 2011-05-16 16:35 231600 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-05-25 19:02 . 2011-05-16 16:35 56752 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-05-25 15:48 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-24 15:53 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmpE004.tmp

2011-05-24 13:34 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp9FFC.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-20 19:16 . 2010-07-12 19:22 277088 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-05-24 17:14 . 2010-07-12 18:38 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 15:53 . 2010-07-12 20:11 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2011-05-24 15:53 . 2010-07-12 20:11 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-05-20 08:04 . 2011-05-20 08:04 276584 ----a-w- c:\windows\system32\drivers\nvstusb.sys

2011-05-16 16:35 . 2011-05-16 16:35 176560 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-05-16 16:35 . 2011-05-16 16:35 156912 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-05-16 16:35 . 2011-05-16 16:35 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2011-05-10 21:09 . 2011-01-06 15:37 92688 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-05-09 16:23 . 2010-07-20 15:27 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-05-09 16:23 . 2010-07-13 14:43 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-05-04 22:03 . 2010-12-28 23:42 360976 ----a-w- c:\windows\system32\guard64.dll

2011-05-04 22:03 . 2010-12-28 23:42 284744 ----a-w- c:\windows\SysWow64\guard32.dll

2011-05-04 22:03 . 2011-01-06 15:37 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-04 22:03 . 2011-01-06 15:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-04 22:03 . 2011-01-06 15:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-04-15 23:40 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmpDF77.tmp

2011-04-15 23:40 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp9CD0.tmp

2011-04-15 15:10 . 2011-04-15 15:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-04-15 15:10 . 2011-04-15 15:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-04-15 15:10 . 2011-04-15 15:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-04-15 15:10 . 2011-04-15 15:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-04-15 15:10 . 2011-04-15 15:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-04-15 15:10 . 2011-04-15 15:10 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-04-15 15:10 . 2011-04-15 15:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-04-15 15:10 . 2011-04-15 15:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-04-15 15:10 . 2011-04-15 15:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-04-15 15:10 . 2011-04-15 15:10 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-04-15 15:10 . 2011-04-15 15:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-04-15 15:10 . 2011-04-15 15:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-04-15 15:10 . 2011-04-15 15:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-15 15:10 . 2011-04-15 15:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-15 15:10 . 2011-04-15 15:10 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-04-15 15:10 . 2011-04-15 15:10 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-04-15 15:10 . 2011-04-15 15:10 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-04-15 15:10 . 2011-04-15 15:10 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-04-15 15:10 . 2011-04-15 15:10 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-15 15:10 . 2011-04-15 15:10 448512 ----a-w- c:\windows\system32\html.iec

2011-04-15 15:10 . 2011-04-15 15:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-04-15 15:10 . 2011-04-15 15:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-04-15 15:10 . 2011-04-15 15:10 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-15 15:10 . 2011-04-15 15:10 222208 ----a-w- c:\windows\system32\msls31.dll

2011-04-15 15:10 . 2011-04-15 15:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-15 15:10 . 2011-04-15 15:10 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-04-15 15:10 . 2011-04-15 15:10 160256 ----a-w- c:\windows\system32\wextract.exe

2011-04-15 15:10 . 2011-04-15 15:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-04-15 15:10 . 2011-04-15 15:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-04-15 15:10 . 2011-04-15 15:10 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-15 15:10 . 2011-04-15 15:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-04-15 15:10 . 2011-04-15 15:10 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-04-15 15:10 . 2011-04-15 15:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-15 15:10 . 2011-04-15 15:10 12288 ----a-w- c:\windows\system32\mshta.exe

2011-04-15 15:10 . 2011-04-15 15:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-04-15 15:10 . 2011-04-15 15:10 114176 ----a-w- c:\windows\system32\admparse.dll

2011-04-15 15:10 . 2011-04-15 15:10 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-15 15:10 . 2011-04-15 15:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll

2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll

2011-04-09 07:02 . 2011-05-11 09:16 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-11 09:19 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-11 09:16 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 09:16 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-11 09:19 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-03-31 21:48 . 2011-03-31 21:48 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll

2011-03-31 21:48 . 2011-03-31 21:48 84992 ----a-w- c:\windows\system32\frapsv64.dll

2011-03-25 03:29 . 2011-05-11 09:16 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 03:29 . 2011-05-11 09:16 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 03:29 . 2011-05-11 09:16 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 03:29 . 2011-05-11 09:16 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 03:29 . 2011-05-11 09:16 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 03:28 . 2011-05-11 09:16 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="d:\antivirus\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DirectOutput"="c:\program files (x86)\Saitek\DirectOutput\DirectOutputManager.exe" [2006-09-28 151552]

"Profiler"="c:\program files (x86)\Saitek\Software\ProfilerU.exe" [2006-09-05 184320]

"SaiMfd"="c:\program files (x86)\Saitek\Software\SaiMfd.exe" [2006-09-28 180736]

"ZoneAlarm Client"="d:\antivirus\Zone Alarm Firewall\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"adm_tray.exe"="m:\programmer\Acronis Disk Monitor\DriveMonitor\DriveMonitor\adm_tray.exe" [2010-06-04 530784]

"Malwarebytes' Anti-Malware"="d:\antivirus\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="d:\antivirus\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;d:\antivirus\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

R3 7ByteIo;7ByteIo;m:\programmer\HOT CPU Tester\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]

R3 cmudaxp;ASUS Xonar D2X Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]

R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TeamViewer5;TeamViewer 5;m:\programmer\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tvnserver;TightVNC Server;m:\programmer\TightVNC\tvnserver.exe [2010-07-08 815704]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]

R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]

R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]

R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]

R4 VoddlerNet;VoddlerNet;m:\programmer\Voddler\service\voddler.exe [2010-05-11 873168]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/24 19:30];m:\programmer\Converters Players\PowerDVD 10 Ultra 3D\PowerDVD10\NavFilter\000.fcl [2010-04-02 07:11 146928]

S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/31 16:10];m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Common\NavFilter\000.fcl [2011-05-20 13:31 148976]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-20 3246040]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 ntk_PowerDVD;ntk_PowerDVD;m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]

S2 UsbClientService;UsbClientService;m:\programmer\Synology Assistant\Assistant\UsbClientService.exe [2011-02-18 245760]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [x]

S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]

S3 RTCore64;RTCore64;m:\programmer\MSI Afterburner\MSIAfterburnerSetup210\MSIAfterburnerSetup210\RTCore64.sys [2010-05-27 14648]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [x]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - MBAMPROTECTOR

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 194560]

"COMODO Internet Security"="d:\antivirus\Comodo Anti Virus\Program\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 9057608]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-11-23 390728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.no/

IE: &Download by Orbit - m:\programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - m:\programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - m:\programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - m:\programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202

IE: E&ksporter til Microsoft Excel - m:\progra~1\MSOFFI~1\Office14\EXCEL.EXE/3000

IE: Se&nd til OneNote - m:\progra~1\MSOFFI~1\Office14\ONBttnIE.dll/105

LSP: m:\programmer\VMware\Workstation\Program\vsocklib.dll

TCP: DhcpNameServer = 217.13.7.140 217.13.4.24 10.0.0.1

TCP: Interfaces\{41F0D486-46D9-4E4B-A54F-D2A203EAE0F6}: NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{73747D7A-C134-4240-824E-A8A144BA1C7B}: NameServer = 208.67.222.222,208.67.220.220

DPF: {58607669-90BF-465D-86ED-077746100F4C} - hxxp://cache.finn.no/auximg/bp/58607669-90bf-465d-86ed-077746100f4c.cab

FF - ProfilePath - c:\users\Kakeshoma\AppData\Roaming\Mozilla\Firefox\Profiles\522bg8cu.default\

.

- - - - TOMME PEKERE FJERNET - - - -

.

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-{A64240FF-9C31-4858-AE9D-65483C5DE63A} - c:\users\Kakeshoma\AppData\Local\{DFF7F5B3-9811-4BE0-94D3-DE8D714CEC8A}\Living Hell Light Setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\m:\programmer\Converters Players\PowerDVD 10 Ultra 3D\PowerDVD10\NavFilter\000.fcl"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]

"ImagePath"="\??\m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Common\NavFilter\000.fcl"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_USERS\S-1-5-21-4267393232-1406148221-1984847428-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c3,5b,1b,2d,f4,76,b8,70,37,7f,48,68,f7,93,a7,c7,c3,96,3a,d2,43,6a,38,

44,07,7e,eb,e0,ae,2e,05,a7,06,1a,d6,17,ef,fe,2d,c6,4f,39,62,23,27,ba,8e,5a,\

"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

.

[HKEY_USERS\S-1-5-21-4267393232-1406148221-1984847428-1000\Software\SecuROM\License information*]

"datasecu"=hex:5a,b2,d9,df,74,7c,3c,2b,28,f7,4f,19,03,13,6b,c6,4b,fe,72,02,a5,

f4,27,77,23,67,66,e3,42,cc,b7,eb,5f,30,4a,f6,a1,47,19,6a,5e,3d,01,03,fa,f5,\

"rkeysecu"=hex:fa,22,bd,a6,f0,6f,8b,5b,b0,d8,9a,91,28,60,71,fe

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:ac,29,b5,58,79,a0,79,ee,ee,7b,2b,b4,66,ba,e5,2e,31,74,e3,32,c6,

c0,05,aa,e3,d2,e8,f5,16,d0,57,ac,57,bb,65,4d,4e,ca,b7,02,32,82,71,24,cd,29,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:ac,29,b5,58,79,a0,79,ee,ee,7b,2b,b4,66,ba,e5,2e,31,74,e3,32,c6,

c0,05,aa,e3,d2,e8,f5,16,d0,57,ac,57,bb,65,4d,4e,ca,b7,02,32,82,71,24,cd,29,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2011-06-21 17:39:45

ComboFix-quarantined-files.txt 2011-06-21 15:39

.

Pre-Run: 20 738 641 920 bytes free

Post-Run: 20 507 107 328 bytes free

.

- - End Of File - - 4F5DCA4DE31C06202173940193BFBA0A

MBAM:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6910

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

21.06.2011 17:28:25

mbam-log-2011-06-21 (17-28-25).txt

Scan type: Quick scan

Objects scanned: 165604

Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Takker :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Takker skal prøve når jeg kommer hjem på torsdag.

Tror dog jeg prøvde alle mulige rettighetsendringer men fikk error uansett hva jeg prøvde.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive