svigers har en sliten og treg pc. noen som kan se på en hijackthis log for meg?

[MysticoN]

har tatt en panda søk og rydda opp litt selv. skal nevnest at jeg fant over 100 infected files, men måtte be de slette de selv siden jeg måtte på jobb før søket var ferdig.

 

Pc'en er veldig treg og takler ikke oppgaver som å se en film på youtube og firefox og internet.

 

Logfile of HijackThis v1.99.1

Scan saved at 22:30:59, on 30.08.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Åge\Desktop\hijackthis_sfx.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: XBTP00092 - {9AC83520-B347-4190-870A-DBB2AD2E22FE} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {F275EF20-1E52-47B8-98D3-0537A2EB8223} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?7d659f0ad0bb48028b2266041b0f7654

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?7d659f0ad0bb48028b2266041b0f7654

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {252A91C9-65FA-4BC5-B1DA-BE6693517F70} (FileObjectDnD.DndObject) - http://www.24sevenoffice.com/media/activex...leObjectDnD.CAB

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

[Newklear]

Litt off-topic d her, men når PCen først har blitt såppass godt infisert skal d godt gjøres å "fikse" den igjen.. Vurdert å reinstallere?

[norbat]

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt)

[r2d290]

Litt off-topic d her, men når PCen først har blitt såppass godt infisert skal d godt gjøres å "fikse" den igjen.. Vurdert å reinstallere?

reinstallere er ikke et alternativ vi pleier å tipse om. Vi får stort sett fikset alle malware-problemer ved å fjerne filer manuelt

 

Du kan jo følge med, og se hvordan det går med denne personen, så får du litt innblikk i hvordan vi gjør det

[MysticoN]

Litt off-topic d her, men når PCen først har blitt såppass godt infisert skal d godt gjøres å "fikse" den igjen.. Vurdert å reinstallere?

reinstallere er ikke et alternativ vi pleier å tipse om. Vi får stort sett fikset alle malware-problemer ved å fjerne filer manuelt

 

Du kan jo følge med, og se hvordan det går med denne personen, så får du litt innblikk i hvordan vi gjør det

 

 

jepp, har selv sett maskiner som har vært i veldig hardt vær blitt fixet opp. kommer med svar hvordan det gikk med combo på søndag en gang.

[MysticoN]

her kommer combofix log. beklager for at det tok så lang tid. svigers var redd for at jeg kom til å ødelegge pc'en.

 

ComboFix 08-09-01.01 - Åge 2008-09-02 0:51:56.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.489 [GMT 2:00]

Running from: C:\Documents and Settings\Åge\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Åge\Application Data\macromedia\Flash Player\#SharedObjects\3UR6U8AN\bin.clearspring.com

C:\Documents and Settings\Åge\Application Data\macromedia\Flash Player\#SharedObjects\3UR6U8AN\bin.clearspring.com\clearspring.sol

C:\Documents and Settings\Åge\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com

C:\Documents and Settings\Åge\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\tcpwrk.dll

C:\WINDOWS\system32\winprint.dll

D:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))

.

 

2008-08-28 22:35 . 2008-08-28 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-08-28 22:31 . 2008-08-28 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-08-28 22:30 . 2008-08-28 22:30 <DIR> d-------- C:\WINDOWS\system32\PAV

2008-08-28 22:30 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2008-08-28 22:30 . 2008-08-28 22:30 248 --a------ C:\WINDOWS\system32\PavCPL.dat

2008-08-28 22:29 . 2008-08-28 22:29 <DIR> d-------- C:\Program Files\Panda Security

2008-08-28 22:29 . 2007-03-15 17:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl

2008-08-28 22:29 . 2007-02-15 19:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll

2008-08-28 22:26 . 2008-08-28 22:26 <DIR> d-------- C:\Program Files\Common Files\Panda Software

2008-08-28 22:26 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-08-28 22:26 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-08-14 19:36 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-14 19:35 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-10 23:52 . 2008-08-10 23:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-08-10 23:52 . 2008-08-10 23:52 1,409 --a------ C:\WINDOWS\QTFont.for

2008-08-03 18:32 . 2008-08-03 22:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-25 22:06 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2008-07-25 22:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf

2008-07-25 22:05 --------- d-----w C:\Program Files\Zune

2008-07-23 17:14 --------- d-----w C:\Program Files\CCleaner

2008-07-15 10:40 --------- d-----w C:\Program Files\AVG

2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-22 14:10 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]

"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a------ 2004-08-10 20:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

--a------ 2004-08-10 20:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a------ 2004-08-10 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a------ 2004-08-10 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]

R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{9AC83520-B347-4190-870A-DBB2AD2E22FE} - (no file)

Toolbar-{F275EF20-1E52-47B8-98D3-0537A2EB8223} - (no file)

WebBrowser-{F275EF20-1E52-47B8-98D3-0537A2EB8223} - (no file)

HKLM-Run-LaunchApp - (no file)

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Åge\Application Data\Mozilla\Firefox\Profiles\5gr0elb3.default\

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-02 01:00:24

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS 2008\PAVSRV51.EXE

C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS 2008\AVENGINE.EXE

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE

C:\WINDOWS\EHOME\EHRECVR.EXE

C:\WINDOWS\EHOME\EHSCHED.EXE

C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE

C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS 2008\PSCTRLS.EXE

C:\PROGRAM FILES\COMMON FILES\PANDA SOFTWARE\PAVSHLD\PAVPRSRV.EXE

C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS 2008\PSIMSVC.EXE

C:\WINDOWS\EHOME\MCRDSVC.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRAM FILES\ZUNE\ZUNENSS.EXE

C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE

C:\WINDOWS\SYSTEM32\DLLHOST.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-09-02 1:04:17 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-01 23:04:04

 

Pre-Run: 36,986,617,856 bytes free

Post-Run: 37,792,317,440 byte ledig

 

177 --- E O F --- 2008-08-14 20:25:08

 

 

skal også nevnest at panda fant et program som heter: Application/psexec.A som var plassert i c:\windows\psexesvc.exe

 

velgte å slette det programmet.