AzureDragon Skrevet 24. oktober 2008 Del Skrevet 24. oktober 2008 (endret) Nå har jeg gått igjennom prosedyren til Norbat, og her er resultatene. Notes: - Jeg kjører Google Chrome nettleser. CCleaner skulle fjerne internettfiler? Vel, ingen chromefiler ble slettet. - Under kjøring av Combofix forsvant windows-baren - Etter restart pga Malwarebytes-scan forsvant skrivebordsbakgrunnen og noen nettsider ble litt forandret. Diskusjon.no er fortsatt forandret, med altfor stor skrift og generelt uoversiktlig og rotete. Enkelte andre sider kan ikke vise bilder osv. Bla. har baren med smileys og skrifttyper og koder forsvunnet her nå. ----------------------------------- MALWARE SCAN: [code]Malwarebytes' Anti-Malware 1.30 Database versjon: 1311 Windows 6.0.6001 Service Pack 1 24.10.2008 12:11:48 mbam-log-2008-10-24 (12-11-48).txt Skanntype: Rask Skann Objekter skannet: 46574 Tid tilbakelagt: 2 minute(s), 22 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 4 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 8 Minneprosesser infisert: C:\Users\Vegard\AppData\Roaming\Adobe\Player.exe (Trojan.Agent) -> Unloaded process successfully. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc1ucj0et1j (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Users\Vegard\AppData\Roaming\Adobe\Player.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot. C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot. C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot. C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot. C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot. C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot. C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot. -------------------------------------- COMBOFIX SCAN: ComboFix 08-10-23.08 - Vegard 2008-10-24 12:26:10.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1981 [GMT 2:00] Running from: C:\Users\Vegard\Documents\Nedlastinger\ComboFix.exe . Error: Cfiles.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Vegard\AppData\Roaming\.# C:\Users\Vegard\AppData\Roaming\Adobe\crc.dat C:\Users\Vegard\AppData\Roaming\Adobe\Player.exe.bak . ((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 ))))))))))))))))))))))))))))))) . 2008-10-24 12:25 . 2008-10-24 12:25 <DIR> d-------- C:\32788R22FWJFW 2008-10-24 12:07 . 2008-10-24 12:07 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\Malwarebytes 2008-10-24 12:07 . 2008-10-24 12:07 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-24 12:07 . 2008-10-24 12:07 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-24 12:07 . 2008-10-24 12:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-24 12:07 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-24 12:07 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-24 12:01 . 2008-10-24 12:01 <DIR> d-------- C:\Program Files\CCleaner 2008-10-23 17:56 . 2008-10-23 17:56 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\MAGIX 2008-10-23 17:54 . 2008-10-23 17:55 <DIR> d-------- C:\Users\All Users\MAGIX 2008-10-23 17:54 . 2008-10-23 17:55 <DIR> d-------- C:\ProgramData\MAGIX 2008-10-23 17:54 . 2008-10-23 17:55 <DIR> d-------- C:\Program Files\MAGIX 2008-10-23 17:54 . 2007-04-27 10:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll 2008-10-23 17:52 . 2008-10-23 17:55 <DIR> d-------- C:\Windows\System32\MAGIX 2008-10-23 17:52 . 2008-04-15 16:14 700,416 --a------ C:\Windows\System32\mgxoschk.dll 2008-10-23 17:52 . 2008-10-23 17:55 5,937 --a------ C:\Windows\mgxoschk.ini 2008-10-23 17:10 . 2008-10-23 17:10 <DIR> d-------- C:\Program Files\Magic Music Editor 2008-10-23 17:10 . 2005-03-29 07:57 2,084,864 --a------ C:\Windows\System32\NCTAudioDesign2.dll 2008-10-23 17:10 . 2005-05-17 12:37 1,986,560 --a------ C:\Windows\System32\NCTAudioFile2.dll 2008-10-23 17:10 . 2005-05-18 11:52 1,212,416 --a------ C:\Windows\System32\NCTAudioInformation2.dll 2008-10-23 17:10 . 2005-04-15 12:08 880,640 --a------ C:\Windows\System32\NCTAudioEditor2.dll 2008-10-23 17:10 . 2004-11-04 13:31 835,584 --a------ C:\Windows\System32\NCTAudioCDGrabber2.dll 2008-10-23 17:10 . 2005-04-04 17:21 602,112 --a------ C:\Windows\System32\NCTAudioTransform2.dll 2008-10-23 17:10 . 2005-03-28 15:54 479,232 --a------ C:\Windows\System32\NCTAudioVisualization2.dll 2008-10-23 17:10 . 2005-04-25 13:01 458,752 --a------ C:\Windows\System32\NCTAudioRecord2.dll 2008-10-23 17:10 . 2005-04-25 13:01 458,752 --a------ C:\Windows\System32\NCTAudioPlayer2.dll 2008-10-23 17:10 . 2005-03-28 15:56 417,792 --a------ C:\Windows\System32\NCTAudioDisplay2.dll 2008-10-23 17:10 . 2005-04-04 15:06 348,160 --a------ C:\Windows\System32\NCTWMAFile2.dll 2008-10-23 17:10 . 2006-03-23 12:56 113,486 --a------ C:\Windows\System32\NCTWMAProfiles.prx 2008-10-21 17:42 . 2008-10-21 17:42 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-10-21 17:41 . 2008-10-21 17:41 <DIR> d--h----- C:\Users\All Users\CanonBJ 2008-10-21 17:41 . 2008-10-21 17:41 <DIR> d--h----- C:\ProgramData\CanonBJ 2008-10-19 18:56 . 2008-10-19 18:56 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-19 18:56 . 2008-10-19 18:56 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-19 18:56 . 2008-10-19 18:56 <DIR> d-------- C:\Program Files\iTunes 2008-10-19 18:56 . 2008-10-19 18:56 <DIR> d-------- C:\Program Files\iPod 2008-10-19 18:40 . 2008-10-19 18:40 <DIR> d----c--- C:\Windows\System32\DRVSTORE 2008-10-19 18:40 . 2008-10-19 18:40 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\Apple Computer 2008-10-19 18:40 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll 2008-10-19 18:40 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys 2008-10-19 18:39 . 2008-10-19 18:56 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-10-19 18:39 . 2008-10-19 18:56 <DIR> d-------- C:\ProgramData\Apple Computer 2008-10-19 18:39 . 2008-10-19 18:39 <DIR> d-------- C:\Program Files\QuickTime 2008-10-19 18:39 . 2008-10-19 18:39 <DIR> d-------- C:\Program Files\Bonjour 2008-10-19 18:38 . 2008-10-19 18:38 <DIR> d-------- C:\Users\All Users\Apple 2008-10-19 18:38 . 2008-10-19 18:38 <DIR> d-------- C:\ProgramData\Apple 2008-10-19 18:38 . 2008-10-19 18:39 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-10-19 18:38 . 2008-10-19 18:38 <DIR> d-------- C:\Program Files\Apple Software Update 2008-10-17 00:56 . 2008-10-17 00:56 <DIR> d-a------ C:\Users\All Users\TEMP 2008-10-17 00:56 . 2008-10-17 00:56 <DIR> d-a------ C:\ProgramData\TEMP 2008-10-15 19:47 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-10-15 19:47 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-10-15 19:47 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys 2008-10-15 19:43 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys 2008-10-15 19:38 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-10-15 19:38 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll 2008-10-13 21:26 . 2008-10-13 21:26 <DIR> d-------- C:\Program Files\Veoh Networks 2008-10-10 22:35 . 2008-10-10 22:36 <DIR> d-------- C:\Program Files\BitTorrent 2008-10-09 00:59 . 2008-10-09 00:59 <DIR> d-------- C:\Levende 2008-10-09 00:59 . 1996-10-16 11:58 301,056 --a------ C:\Windows\unin0414.exe 2008-10-09 00:56 . 2008-10-09 00:56 <DIR> d-------- C:\Program Files\Common Files\3DO Shared 2008-10-09 00:56 . 2008-10-09 00:56 <DIR> d-------- C:\Program Files\3DO 2008-10-09 00:55 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-10-04 23:25 . 2008-10-04 23:28 <DIR> d-------- C:\Program Files\MP3 WAV Converter 2008-10-04 23:25 . 2000-03-07 00:00 278,581 --a------ C:\Windows\System32\temp.000 2008-10-04 21:20 . 2008-10-04 21:20 14,848 --a------ C:\Program Files\file.exe 2008-10-01 23:50 . 2008-10-01 23:50 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\vlc 2008-10-01 20:54 . 2008-10-01 20:54 <DIR> d-------- C:\Program Files\VideoLAN 2008-10-01 20:51 . 2008-10-01 20:51 <DIR> d-------- C:\Program Files\PKWARE 2008-10-01 20:51 . 2008-10-01 20:51 <DIR> d-------- C:\Program Files\Common Files\PKWARE 2008-10-01 20:50 . 2008-10-01 20:50 <DIR> d-------- C:\Windows\Downloaded Installations 2008-09-29 01:09 . 2008-10-04 14:32 <DIR> d-------- C:\Program Files\Turbine 2008-09-29 01:08 . 2008-09-29 01:08 <DIR> d-------- C:\Windows\System32\URTTEMP 2008-09-28 19:10 . 2008-10-04 16:35 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-09-28 19:10 . 2008-10-04 16:35 <DIR> d-------- C:\ProgramData\WLInstaller 2008-09-28 19:10 . 2008-09-28 19:13 <DIR> d-------- C:\Program Files\Windows Live 2008-09-28 19:10 . 2008-09-28 19:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-28 16:14 . 2008-10-01 20:48 <DIR> d-------- C:\Program Files\MP3 CD Ripper Pro 2008-09-28 16:11 . 2008-09-28 16:11 <DIR> d-------- C:\My Music 2008-09-28 15:28 . 2008-10-22 16:31 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> dr------- C:\Users\Gjest\Videos 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> dr------- C:\Users\Gjest\Searches 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> dr------- C:\Users\Gjest\Saved Games 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> dr------- C:\Users\Gjest\Pictures 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> dr------- C:\Users\Gjest\Music 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> dr------- C:\Users\Gjest\Links 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> dr------- C:\Users\Gjest\Downloads 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> dr------- C:\Users\Gjest\Documents 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> dr------- C:\Users\Gjest\Contacts 2008-09-27 19:34 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Gjest\AppData\Roaming\Media Center Programs 2008-09-27 19:34 . 2008-05-12 22:30 <DIR> d-------- C:\Users\Gjest\AppData\Roaming\Acer GameZone Console 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> d--h----- C:\Users\Gjest\AppData 2008-09-27 19:34 . 2008-09-27 19:34 <DIR> d-------- C:\Users\Gjest 2008-09-24 22:54 . 2008-09-24 22:55 <DIR> d--h----- C:\Windows\msdownld.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-24 10:28 --------- d-----w C:\Users\Vegard\AppData\Roaming\DNA 2008-10-24 10:20 63,534 ----a-w C:\Users\All Users\nvModes.dat 2008-10-24 10:20 63,534 ----a-w C:\ProgramData\nvModes.dat 2008-10-23 17:51 --------- d-----w C:\Users\Vegard\AppData\Roaming\BitTorrent 2008-10-16 19:07 --------- d-----w C:\Program Files\Windows Mail 2008-10-16 00:25 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-15 12:50 --------- d-----w C:\Program Files\Yahoo! 2008-10-13 12:17 --------- d-----w C:\Program Files\Acer GameZone 2008-09-30 23:27 --------- d-----w C:\ProgramData\CyberLink 2008-09-29 01:01 --------- d-----w C:\Program Files\Microsoft Works 2008-09-23 13:32 --------- d-----w C:\Program Files\DNA 2008-09-23 13:18 --------- d-----w C:\ProgramData\eSobi 2008-09-23 13:17 --------- d-----w C:\Users\Vegard\AppData\Roaming\eSobi 2008-09-22 19:43 --------- d-----w C:\Users\Vegard\AppData\Roaming\CyberLink 2008-09-22 14:12 --------- d-----w C:\Program Files\Common Files\Panda Software 2008-09-22 14:08 38,968 ----a-w C:\Windows\system32\drivers\ShlDrv51.sys 2008-09-22 14:08 178,872 ----a-w C:\Windows\system32\drivers\PavProc.sys 2008-09-22 14:02 --------- d-----w C:\ProgramData\sentinel 2008-09-22 14:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-22 14:00 --------- d-----w C:\Program Files\Panda Security 2008-09-22 13:56 --------- d-----w C:\ProgramData\McAfee 2008-09-22 13:54 --------- d-----w C:\ProgramData\SiteAdvisor 2008-09-22 09:38 885,248 ----a-w C:\Windows\System32\RacEngn.dll 2008-09-22 09:38 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-09-22 09:37 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS 2008-09-22 09:37 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys 2008-09-22 09:37 181,760 ----a-w C:\Windows\System32\fsquirt.exe 2008-09-22 09:37 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-09-22 09:36 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-09-22 09:36 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-09-22 09:35 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-09-22 09:35 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-09-22 09:35 1,695,744 ----a-w C:\Windows\System32\gameux.dll 2008-09-22 09:33 988,216 ----a-w C:\Windows\System32\winload.exe 2008-09-22 09:33 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-09-22 09:33 615,992 ----a-w C:\Windows\System32\ci.dll 2008-09-22 09:33 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-09-22 09:33 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-09-22 09:33 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-09-22 09:33 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-09-22 09:33 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-09-22 09:33 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-09-22 09:33 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-09-22 09:32 28,728 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-09-22 09:32 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-09-21 21:06 --------- d-----w C:\Program Files\Common Files\xing shared 2008-09-21 21:06 --------- d-----w C:\Program Files\Common Files\Real 2008-09-21 21:05 --------- d-----w C:\Program Files\Real 2008-09-21 18:37 --------- d-----w C:\Program Files\MSXML 4.0 2008-09-21 18:22 --------- d-----w C:\ProgramData\NVIDIA 2008-09-21 18:21 --------- d-----w C:\Program Files\Acer 2008-09-21 18:18 --------- d-----w C:\Program Files\Acer Inc 2008-09-21 18:18 --------- d-----w C:\Program Files\Acer Arcade Deluxe 2008-09-21 18:10 --------- d-----w C:\Program Files\eSobi 2008-09-21 18:05 --------- d-----w C:\Users\Vegard\AppData\Roaming\Yahoo! 2008-09-21 18:05 --------- d-----w C:\Program Files\Launch Manager 2008-09-21 18:04 --------- d-----w C:\Users\Vegard\AppData\Roaming\Acer 2008-09-21 18:03 --------- d-----w C:\Users\Vegard\AppData\Roaming\InstallShield 2008-09-21 18:01 --------- d-----w C:\Program Files\WIDCOMM 2008-09-21 17:57 319,488 ----a-w C:\Windows\HideWin.exe 2008-09-21 17:57 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-09-21 17:57 --------- d-----w C:\Program Files\Realtek 2008-09-21 17:55 --------- d-----w C:\Program Files\Convesoft 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Start-meny 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Skrivebord 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Programdata 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Maler 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Favoritter 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Dokumenter 2008-09-21 17:50 --------- d-sh--w C:\Program Files\Fellesfiler 2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll 2008-08-07 01:19 805,920 ----a-w C:\Windows\System32\RtkPgExt.dll 2008-08-07 01:19 40,992 ----a-w C:\Windows\System32\RtkCoInst.dll 2008-08-07 01:19 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll 2008-08-07 01:19 2,167,840 ----a-w C:\Windows\System32\RtkAPO.dll 2008-08-07 01:19 1,833,504 ----a-w C:\Windows\SkyTel.exe 2008-08-07 01:19 1,202,720 ----a-w C:\Windows\RtlUpd.exe 2008-08-07 01:18 6,265,376 ----a-w C:\Windows\RtHDVCpl.exe 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll 2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll 2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-29 23:42 528,384 ----a-w C:\Windows\RtlExUpd.dll 2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "Google Update"="C:\Users\Vegard\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-21 133104] "BitTorrent DNA"="C:\Users\Vegard\Program Files\DNA\btdna.exe" [2008-09-23 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-04-03 92704] "PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-07-25 809480] "eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456] "CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936] "WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-21 185896] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 455984] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-07 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2008-08-07 C:\Windows\SkyTel.exe] C:\Users\Vegard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-09-21 1216512] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2007-02-15 20:02 50736 C:\Windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{E22A63B7-9EE9-4636-8B2C-81D1E5FDFBC4}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{61D77CC8-079E-4E63-BF73-A1C97A703764}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{E9F7F002-3272-4193-9C40-1ED990441481}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{F59B2B13-7885-4033-95A9-D334591169D5}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{2B84393C-BCF0-48DF-9418-CCB379B8C38C}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{EC6C02F2-23BE-4842-A1F3-F16F077D6F05}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{06D98909-4431-4F5F-8DA8-B3D9D1A6BEB6}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{AF223522-7770-4C57-BB45-889C9FAEC84C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{50DD01AA-5EF8-4FE1-8DC1-C7062B07E35C}"= UDP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In) "{E2C0CCB0-D696-45D9-BC2A-496A5AF23F22}"= TCP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In) "TCP Query User{C8896AFE-D748-4DC1-9C12-DB8A0DFFAE9E}C:\\users\\vegard\\program files\\dna\\btdna.exe"= UDP:C:\users\vegard\program files\dna\btdna.exe:btdna.exe "UDP Query User{235B69F3-7E2E-49D1-88CF-4D6F0BD274E5}C:\\users\\vegard\\program files\\dna\\btdna.exe"= TCP:C:\users\vegard\program files\dna\btdna.exe:btdna.exe "TCP Query User{4669EE9A-611A-4B54-A28C-30C882E07B04}C:\\users\\vegard\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:C:\users\vegard\appdata\local\google\chrome\application\chrome.exe:chrome.exe "UDP Query User{DDF9CB1F-FEF5-4C72-9107-878FE1BBB666}C:\\users\\vegard\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:C:\users\vegard\appdata\local\google\chrome\application\chrome.exe:chrome.exe "{45EE5818-0780-434A-837C-AB6D1837FE1B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F0F65E7D-C6DC-4E0F-B9C0-ECFBB1761032}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{25397A33-9723-4F15-9FBE-B431E77B4CB3}"= UDP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{4ACA3B67-99AC-4BE5-8E41-611EE490FE67}"= TCP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{19CCABDB-1A47-43BE-8EB6-67138F2ABA9C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D93C141E-5AE0-41C4-AA26-1D9DA17FC322}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{AE072A8D-77C2-4B8C-834C-39B8D1650CE9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{0809548B-2854-44DD-AD65-42F3AA1946EC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2008-09-22 38968] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 15:01 61424] R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-09-28 46648] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2008-09-22 178872] R2 PskSvcRetail;Panda PSK service;C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe [2007-03-21 27696] R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-04-03 43552] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ rsmsvcs REG_MULTI_SZ ntmssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1d36742-8836-11dd-ae85-806e6f6e6963}] \shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder 2008-10-19 C:\Windows\Tasks\GoogleUpdateTaskUser.job - C:\Users\Vegard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-21 22:23] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Turbine Download Manager Tray Icon - C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe HKLM-Run-eRecoveryService - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://no.intl.acer.yahoo.com R0 -: HKLM-Main,Start Page = hxxp://no.intl.acer.yahoo.com R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 -: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-24 12:31:24 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Users\Vegard\AppData\Local\Temp\etilqs_PTn3L2n7UY2lxv7 4100 bytes C:\Users\Vegard\AppData\Local\Temp\etilqs_rV2kfPKhry7sbZ5 16400 bytes scan completed successfully hidden files: 2 ************************************************************************** . Completion time: 2008-10-24 12:32:42 ComboFix-quarantined-files.txt 2008-10-24 10:32:39 Pre-Run: 75,737,247,744 byte ledig Post-Run: 75,705,069,568 byte ledig 342 --- E O F --- 2008-10-22 10:51:21[/code] ------------------------------------------------ HIJACK THIS SCAN: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:40:55, on 24.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Vegard\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Vegard\Program Files\DNA\btdna.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Acer\Acer VCM\acp2HID.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Users\Vegard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Vegard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Vegard\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\TESTjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://no.intl.acer.yahoo.com"]http://no.intl.acer.yahoo.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://no.intl.acer.yahoo.com"]http://no.intl.acer.yahoo.com[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Vegard\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Vegard\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Acer VCM.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe -- End of file - 10258 bytes ------------------------------------------------- takker for evt hjelp :-) Endret 24. oktober 2008 av AzureDragon Lenke til kommentar
AzureDragon Skrevet 30. oktober 2008 Forfatter Del Skrevet 30. oktober 2008 BUMP! Hadde vært supert hvis en datakyndig tar seg tid til å se gjennom! Lenke til kommentar
Tosha0007 Skrevet 30. oktober 2008 Del Skrevet 30. oktober 2008 (endret) beklager at ingen har tatt seg tid til å sjekke loggene dine. Skal sørgje for at dette skjer snarast! Hadde vore veldig fint viss du kunne fjerne kode-taggene på MBAM og HijackThis loggen. Eg syns iallfall det er lettare å lese då. edit: har send pm til dei beste til dette på forumet. Forhåpentligvis kan dei snart hjelpe deg Endret 30. oktober 2008 av tosha0007 Lenke til kommentar
norbat Skrevet 30. oktober 2008 Del Skrevet 30. oktober 2008 Kunne du ha kjørt combofix igjen og posten den nye loggen. Combofix vil sannsynligvis oppdatere seg om du kjører den versjonen du evt. har liggende fra forrige runde. Lenke til kommentar
AzureDragon Skrevet 30. oktober 2008 Forfatter Del Skrevet 30. oktober 2008 ComboFix 08-10-30.09 - Vegard 2008-10-31 0:12:31.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1845 [GMT 1:00] Running from: C:\Users\Vegard\Documents\Nedlastinger\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 ))))))))))))))))))))))))))))))) . 2008-10-31 00:05 . 2008-10-31 00:05 318,976 --a------ C:\Windows\System32\CF5849.exe 2008-10-29 21:47 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll 2008-10-29 21:47 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll 2008-10-29 21:47 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll 2008-10-28 16:58 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-10-28 16:58 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-10-28 16:58 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax 2008-10-28 16:58 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax 2008-10-28 16:58 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-10-27 10:19 . 2008-10-27 10:19 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-10-24 22:36 . 2008-10-24 22:36 <DIR> d-------- C:\Program Files\Mightsoft 2008-10-24 22:00 . 2008-10-24 22:00 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\NCH Swift Sound 2008-10-24 22:00 . 2008-10-24 22:00 <DIR> d-------- C:\Users\All Users\NCH Swift Sound 2008-10-24 22:00 . 2008-10-24 22:00 <DIR> d-------- C:\ProgramData\NCH Swift Sound 2008-10-24 21:55 . 2008-10-24 22:00 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-10-24 18:23 . 2008-10-24 18:25 <DIR> d-------- C:\Program Files\MAGIX 2008-10-24 11:36 . 2008-10-24 11:36 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-24 11:07 . 2008-10-24 11:07 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\Malwarebytes 2008-10-24 11:07 . 2008-10-24 11:07 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-24 11:07 . 2008-10-24 11:07 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-24 11:07 . 2008-10-24 11:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-24 11:07 . 2008-10-22 15:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-24 11:07 . 2008-10-22 15:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-24 11:01 . 2008-10-24 11:01 <DIR> d-------- C:\Program Files\CCleaner 2008-10-23 16:56 . 2008-10-23 16:56 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\MAGIX 2008-10-23 16:54 . 2008-10-23 16:55 <DIR> d-------- C:\Users\All Users\MAGIX 2008-10-23 16:54 . 2008-10-23 16:55 <DIR> d-------- C:\ProgramData\MAGIX 2008-10-23 16:54 . 2007-04-27 09:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll 2008-10-23 16:52 . 2008-10-24 18:25 <DIR> d-------- C:\Windows\System32\MAGIX 2008-10-23 16:52 . 2008-04-15 15:14 700,416 --a------ C:\Windows\System32\mgxoschk.dll 2008-10-23 16:52 . 2008-10-24 18:25 5,937 --a------ C:\Windows\mgxoschk.ini 2008-10-21 16:42 . 2008-10-21 16:42 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-10-21 16:41 . 2008-10-21 16:41 <DIR> d--h----- C:\Users\All Users\CanonBJ 2008-10-21 16:41 . 2008-10-21 16:41 <DIR> d--h----- C:\ProgramData\CanonBJ 2008-10-19 17:56 . 2008-10-19 17:56 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-19 17:56 . 2008-10-19 17:56 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-19 17:56 . 2008-10-19 17:56 <DIR> d-------- C:\Program Files\iTunes 2008-10-19 17:56 . 2008-10-19 17:56 <DIR> d-------- C:\Program Files\iPod 2008-10-19 17:40 . 2008-10-19 17:40 <DIR> d----c--- C:\Windows\System32\DRVSTORE 2008-10-19 17:40 . 2008-10-19 17:40 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\Apple Computer 2008-10-19 17:40 . 2008-04-17 12:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll 2008-10-19 17:40 . 2008-04-17 12:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys 2008-10-19 17:39 . 2008-10-19 17:56 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-10-19 17:39 . 2008-10-19 17:56 <DIR> d-------- C:\ProgramData\Apple Computer 2008-10-19 17:39 . 2008-10-19 17:39 <DIR> d-------- C:\Program Files\QuickTime 2008-10-19 17:39 . 2008-10-19 17:39 <DIR> d-------- C:\Program Files\Bonjour 2008-10-19 17:38 . 2008-10-19 17:38 <DIR> d-------- C:\Users\All Users\Apple 2008-10-19 17:38 . 2008-10-19 17:38 <DIR> d-------- C:\ProgramData\Apple 2008-10-19 17:38 . 2008-10-19 17:39 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-10-19 17:38 . 2008-10-19 17:38 <DIR> d-------- C:\Program Files\Apple Software Update 2008-10-16 23:56 . 2008-10-16 23:56 <DIR> d-a------ C:\Users\All Users\TEMP 2008-10-16 23:56 . 2008-10-16 23:56 <DIR> d-a------ C:\ProgramData\TEMP 2008-10-15 18:47 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-10-15 18:47 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-10-15 18:47 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys 2008-10-15 18:43 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys 2008-10-15 18:38 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-10-15 18:38 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll 2008-10-13 20:26 . 2008-10-13 20:26 <DIR> d-------- C:\Program Files\Veoh Networks 2008-10-10 21:35 . 2008-10-10 21:36 <DIR> d-------- C:\Program Files\BitTorrent 2008-10-08 23:59 . 2008-10-08 23:59 <DIR> d-------- C:\Levende 2008-10-08 23:59 . 1996-10-16 10:58 301,056 --a------ C:\Windows\unin0414.exe 2008-10-08 23:56 . 2008-10-08 23:56 <DIR> d-------- C:\Program Files\Common Files\3DO Shared 2008-10-08 23:56 . 2008-10-08 23:56 <DIR> d-------- C:\Program Files\3DO 2008-10-08 23:55 . 1998-10-29 15:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-10-04 22:25 . 2000-03-06 23:00 278,581 --a------ C:\Windows\System32\temp.000 2008-10-04 20:20 . 2008-10-04 20:20 14,848 --a------ C:\Program Files\file.exe 2008-10-01 22:50 . 2008-10-01 22:50 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\vlc 2008-10-01 19:54 . 2008-10-01 19:54 <DIR> d-------- C:\Program Files\VideoLAN 2008-10-01 19:51 . 2008-10-01 19:51 <DIR> d-------- C:\Program Files\PKWARE 2008-10-01 19:51 . 2008-10-01 19:51 <DIR> d-------- C:\Program Files\Common Files\PKWARE 2008-10-01 19:50 . 2008-10-01 19:50 <DIR> d-------- C:\Windows\Downloaded Installations 2008-09-29 00:08 . 2008-09-29 00:08 <DIR> d-------- C:\Windows\System32\URTTEMP 2008-09-28 18:10 . 2008-10-04 15:35 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-09-28 18:10 . 2008-10-04 15:35 <DIR> d-------- C:\ProgramData\WLInstaller 2008-09-28 18:10 . 2008-09-28 18:13 <DIR> d-------- C:\Program Files\Windows Live 2008-09-28 18:10 . 2008-09-28 18:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-28 15:14 . 2008-10-01 19:48 <DIR> d-------- C:\Program Files\MP3 CD Ripper Pro 2008-09-28 15:11 . 2008-09-28 15:11 <DIR> d-------- C:\My Music 2008-09-28 14:28 . 2008-10-22 15:31 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> dr------- C:\Users\Gjest\Videos 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> dr------- C:\Users\Gjest\Searches 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> dr------- C:\Users\Gjest\Saved Games 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> dr------- C:\Users\Gjest\Pictures 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> dr------- C:\Users\Gjest\Music 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> dr------- C:\Users\Gjest\Links 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> dr------- C:\Users\Gjest\Downloads 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> dr------- C:\Users\Gjest\Documents 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> dr------- C:\Users\Gjest\Contacts 2008-09-27 18:34 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Gjest\AppData\Roaming\Media Center Programs 2008-09-27 18:34 . 2008-05-12 21:30 <DIR> d-------- C:\Users\Gjest\AppData\Roaming\Acer GameZone Console 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> d--h----- C:\Users\Gjest\AppData 2008-09-27 18:34 . 2008-09-27 18:34 <DIR> d-------- C:\Users\Gjest 2008-09-24 21:54 . 2008-09-24 21:55 <DIR> d--h----- C:\Windows\msdownld.tmp 2008-09-23 21:18 . 2008-09-23 21:18 <DIR> d-------- C:\Users\Vegard\Bluetooth Software 2008-09-23 21:17 . 2008-09-23 21:17 <DIR> d-------- C:\Users\Vegard\Program Files 2008-09-23 14:59 . 2008-10-31 00:13 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\BitTorrent 2008-09-23 14:32 . 2008-10-31 00:08 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\DNA 2008-09-23 14:32 . 2008-09-23 14:32 <DIR> d-------- C:\Program Files\DNA 2008-09-23 14:16 . 2008-09-23 14:17 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\eSobi 2008-09-22 20:43 . 2008-09-22 20:43 <DIR> d-------- C:\Users\Vegard\AppData\Roaming\CyberLink 2008-09-22 20:14 . 2008-07-19 06:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-09-22 20:14 . 2008-07-19 04:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-09-22 20:14 . 2008-07-19 06:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-09-22 20:14 . 2008-07-19 06:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-09-22 20:13 . 2008-07-19 06:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-09-22 20:13 . 2008-07-18 21:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-09-22 20:13 . 2008-07-19 04:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-09-22 20:13 . 2008-07-19 06:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-09-22 20:13 . 2008-07-18 19:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-09-22 15:12 . 2008-09-22 15:12 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-09-22 15:12 . 2008-09-22 15:08 178,872 --a------ C:\Windows\System32\drivers\PavProc.sys 2008-09-22 15:12 . 2008-09-22 15:08 38,968 --a------ C:\Windows\System32\drivers\ShlDrv51.sys 2008-09-22 15:08 . 2007-09-28 12:24 46,648 --a------ C:\Windows\System32\drivers\amm8660.sys 2008-09-22 15:02 . 2008-09-22 15:02 <DIR> d-------- C:\Users\All Users\sentinel 2008-09-22 15:02 . 2008-09-22 15:02 <DIR> d-------- C:\ProgramData\sentinel 2008-09-22 15:00 . 2008-09-23 14:19 <DIR> d-------- C:\Windows\System32\PAV 2008-09-22 15:00 . 2008-09-22 15:00 <DIR> d-------- C:\Program Files\Panda Security 2008-09-22 15:00 . 2007-03-15 17:38 54,832 --a------ C:\Windows\System32\pavcpl.cpl 2008-09-22 15:00 . 2007-02-15 19:02 50,736 --a------ C:\Windows\System32\avldr.dll 2008-09-22 15:00 . 2008-09-22 15:00 248 --a------ C:\Windows\System32\PavCPL.dat 2008-09-22 10:39 . 2008-05-06 19:10 749,568 --a------ C:\Windows\AcerStore.exe 2008-09-22 10:39 . 2008-01-10 20:44 199,176 --a------ C:\Windows\GVUni.exe 2008-09-22 10:39 . 2008-08-13 01:51 3,857 --ahs---- C:\Patch.rev 2008-09-22 10:39 . 2008-09-22 10:39 1,300 --a------ C:\Windows\AceStore.cfg . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-16 19:07 --------- d-----w C:\Program Files\Windows Mail 2008-10-16 00:25 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-15 12:50 --------- d-----w C:\Program Files\Yahoo! 2008-10-13 12:17 --------- d-----w C:\Program Files\Acer GameZone 2008-09-30 23:27 --------- d-----w C:\ProgramData\CyberLink 2008-09-29 01:01 --------- d-----w C:\Program Files\Microsoft Works 2008-09-22 14:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-22 13:56 --------- d-----w C:\ProgramData\McAfee 2008-09-22 13:54 --------- d-----w C:\ProgramData\SiteAdvisor 2008-09-22 09:35 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-09-22 09:32 28,728 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-09-22 09:32 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-09-21 18:21 --------- d-----w C:\Program Files\Acer 2008-09-21 17:57 319,488 ----a-w C:\Windows\HideWin.exe 2008-09-21 17:57 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Start-meny 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Skrivebord 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Programdata 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Maler 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Favoritter 2008-09-21 17:50 --------- d-sh--w C:\ProgramData\Dokumenter 2008-09-21 17:50 --------- d-sh--w C:\Program Files\Fellesfiler 2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll 2008-08-07 01:19 805,920 ----a-w C:\Windows\System32\RtkPgExt.dll 2008-08-07 01:19 40,992 ----a-w C:\Windows\System32\RtkCoInst.dll 2008-08-07 01:19 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll 2008-08-07 01:19 2,167,840 ----a-w C:\Windows\System32\RtkAPO.dll 2008-08-07 01:19 1,833,504 ----a-w C:\Windows\SkyTel.exe 2008-08-07 01:19 1,202,720 ----a-w C:\Windows\RtlUpd.exe 2008-08-07 01:18 6,265,376 ----a-w C:\Windows\RtHDVCpl.exe 2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll 2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll 2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-29 23:42 528,384 ----a-w C:\Windows\RtlExUpd.dll 2008-07-12 06:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll 2008-07-12 06:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll 2008-07-12 06:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll 2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-10-24_12.31.51.76 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-22 09:36:11 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe + 2008-08-05 09:51:47 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe - 2008-09-22 09:36:11 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll + 2008-08-05 09:51:30 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll - 2008-09-22 09:36:11 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll + 2008-08-05 09:51:56 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll - 2008-09-22 09:36:11 373,248 ----a-w C:\Windows\ehome\ehglid.dll + 2008-08-05 09:49:54 373,248 ----a-w C:\Windows\ehome\ehglid.dll - 2008-09-22 09:36:11 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll + 2008-08-05 09:49:54 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll - 2008-09-22 09:36:11 254,464 ----a-w C:\Windows\ehome\ehReplay.dll + 2008-08-05 09:49:54 254,464 ----a-w C:\Windows\ehome\ehReplay.dll - 2008-09-22 09:36:11 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll + 2008-08-05 09:51:30 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll - 2008-09-22 09:36:12 18,944 ----a-w C:\Windows\ehome\ehtrace.dll + 2008-08-06 03:27:39 18,944 ----a-w C:\Windows\ehome\ehtrace.dll - 2008-09-22 09:36:10 522,240 ----a-w C:\Windows\ehome\ehui.dll + 2008-08-05 09:49:54 522,240 ----a-w C:\Windows\ehome\ehui.dll - 2008-01-21 02:25:14 172,544 ----a-w C:\Windows\ehome\McrMgr.exe + 2008-08-05 09:49:28 173,056 ----a-w C:\Windows\ehome\McrMgr.exe - 2008-09-22 09:36:11 140,288 ----a-w C:\Windows\ehome\mcupdate.exe + 2008-08-05 09:51:47 140,288 ----a-w C:\Windows\ehome\mcupdate.exe - 2008-09-22 09:36:11 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll + 2008-08-05 09:51:56 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll - 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 19:02:28 163,328 ----a-w C:\Windows\ERDNT\Hiv-backup\ERDNT.EXE + 2008-10-27 09:20:14 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe - 2000-08-31 06:00:00 28,672 ----a-w C:\Windows\NIRCMD.exe + 2000-08-31 07:00:00 28,672 ----a-w C:\Windows\NIRCMD.exe - 2008-10-24 10:18:13 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-10-30 21:07:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-10-24 10:18:13 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-10-30 21:07:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-10-24 10:19:12 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-10-30 21:08:12 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-10-30 21:08:12 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-10-24 10:18:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-10-30 21:14:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-10-30 21:14:18 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2000-08-31 06:00:00 161,792 ----a-w C:\Windows\SWREG.exe + 2000-08-31 07:00:00 161,792 ----a-w C:\Windows\SWREG.exe + 2004-11-04 10:31:22 835,584 ----a-w C:\Windows\System32\arAudioCDGrabber2.dll + 2004-05-20 11:57:42 1,794,048 ----a-w C:\Windows\System32\ARAudioDesign2.dll + 2005-02-25 09:21:56 876,544 ----a-w C:\Windows\System32\ARAudioEditor2.dll + 2005-03-11 15:37:10 1,986,560 ----a-w C:\Windows\System32\ARAudioFile2.dll + 2003-12-08 10:16:22 327,680 ----a-w C:\Windows\System32\ARAudioGrabber2.dll + 2005-02-24 10:11:06 1,212,416 ----a-w C:\Windows\System32\ARAudioInformation2.dll + 2005-02-24 13:21:12 458,752 ----a-w C:\Windows\System32\ARAudioPlayer2.dll + 2005-03-10 14:00:30 454,656 ----a-w C:\Windows\System32\ARAudioRecord2.dll + 2005-02-24 10:11:46 602,112 ----a-w C:\Windows\System32\ARAudioTransform2.dll + 2005-02-24 10:11:56 479,232 ----a-w C:\Windows\System32\ARAudioVisualization2.dll + 2004-10-18 12:26:30 118,784 ----a-w C:\Windows\System32\ARFolder.dll + 2004-10-18 13:14:20 172,032 ----a-w C:\Windows\System32\ARoptions.dll + 2004-10-18 12:26:56 180,224 ----a-w C:\Windows\System32\ARServiceBar.dll + 2005-02-24 09:51:38 348,160 ----a-w C:\Windows\System32\ARWMAFile2.dll - 2008-10-24 10:18:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-10-30 23:16:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-10-24 10:18:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-10-30 23:16:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-10-24 10:18:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-10-30 23:16:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-10-24 10:16:01 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-10-30 23:12:26 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-10-30 23:12:26 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 + 2004-01-06 01:57:40 36,864 ----a-w C:\Windows\System32\edtExt.dll - 2008-10-24 09:48:22 299,104 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-10-25 00:36:20 299,888 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2003-08-07 12:01:50 237,568 ----a-w C:\Windows\System32\lame_enc.dll - 2008-01-21 02:23:42 466,944 ----a-w C:\Windows\System32\netapi32.dll + 2008-10-16 04:47:33 466,944 ----a-w C:\Windows\System32\netapi32.dll - 2008-10-24 10:24:43 103,140 ----a-w C:\Windows\System32\perfc009.dat + 2008-10-30 21:13:59 105,276 ----a-w C:\Windows\System32\perfc009.dat - 2008-10-24 10:24:43 80,798 ----a-w C:\Windows\System32\perfc014.dat + 2008-10-30 21:13:59 80,798 ----a-w C:\Windows\System32\perfc014.dat - 2008-10-24 10:24:43 593,810 ----a-w C:\Windows\System32\perfh009.dat + 2008-10-30 21:13:59 595,946 ----a-w C:\Windows\System32\perfh009.dat - 2008-10-24 10:24:43 460,618 ----a-w C:\Windows\System32\perfh014.dat + 2008-10-30 21:13:59 460,618 ----a-w C:\Windows\System32\perfh014.dat - 2008-10-24 10:17:02 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-10-30 17:47:16 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-10-24 10:19:59 6,204 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443142323-2617257544-3122356939-1000_UserData.bin + 2008-10-30 21:09:23 6,564 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-443142323-2617257544-3122356939-1000_UserData.bin - 2008-10-24 10:19:59 81,568 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-10-30 21:09:23 81,616 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-10-24 10:19:58 58,982 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-10-30 21:09:22 59,720 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-10-22 21:49:26 200,558 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-10-25 03:34:47 213,080 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2008-10-12 22:02:46 93,736 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-10-25 15:55:02 116,712 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin - 2008-10-24 10:02:39 78,282 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-10-29 20:47:01 2,909,893 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-08-06 03:28:23 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16724_none_d9ab5d3ed1ce7791\ehepg.dll + 2008-08-06 03:22:33 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20889_none_d9f91bf3eb183db4\ehepg.dll + 2008-08-06 03:28:25 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16724_none_bcf0d9f4c1bddadc\ehexthost.exe + 2008-08-06 03:22:34 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20889_none_bd3e98a9db07a0ff\ehexthost.exe + 2008-08-06 03:28:27 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16724_none_fbd3e0d909c338d1\ehiExtens.dll + 2008-08-06 03:22:36 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20889_none_fc219f8e230cfef4\ehiExtens.dll + 2008-08-06 03:28:32 4,374,528 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16724_none_899e787f448205e3\ehshell.dll + 2008-08-06 03:22:41 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20889_none_89ec37345dcbcc06\ehshell.dll + 2008-08-05 09:51:30 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18115_none_8b90875b419f943a\ehshell.dll + 2008-08-06 04:03:14 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22237_none_8c0684e25acb9e94\ehshell.dll + 2008-08-06 03:28:49 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16724_none_4e9c1c3698c67c7 \Microsoft.MediaCenter.Shell.dll + 2008-08-06 03:22:59 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20889_none_4ee9daebb210429 \Microsoft.MediaCenter.Shell.dll + 2008-08-06 03:28:50 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16724_none_312a6ae65a1a7993\Microsoft.MediaCenter.UI.dll + 2008-08-06 03:23:00 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20889_none_3178299b73643fb6\Microsoft.MediaCenter.UI.dll + 2008-08-05 09:51:56 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18115_none_331c79c2573807ea\Microsoft.MediaCenter.UI.dll + 2008-08-06 04:03:38 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22237_none_3392774970641244\Microsoft.MediaCenter.UI.dll + 2008-08-06 03:28:48 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16724_none_2385c3d9cf32e5a9\Microsoft.MediaCenter.dll + 2008-08-06 03:22:59 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20889_none_23d3828ee87cabcc\Microsoft.MediaCenter.dll + 2008-08-06 03:28:43 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16724_none_c6a4f64faeb4680c\mcupdate.exe + 2008-08-06 03:22:54 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20889_none_c6f2b504c7fe2e2f\mcupdate.exe + 2008-08-05 09:51:47 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18115_none_c897052babd1f663\mcupdate.exe + 2008-08-06 04:03:31 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22237_none_c90d02b2c4fe00bd\mcupdate.exe + 2008-08-06 03:27:39 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16724_none_12bf9ca3a298d741\ehReplay.dll + 2008-08-06 03:18:00 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20889_none_130d5b58bbe29d64\ehReplay.dll + 2008-08-05 09:49:54 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18115_none_14b1ab7f9fb66598\ehReplay.dll + 2008-08-06 03:56:06 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22237_none_1527a906b8e26ff2\ehReplay.dll + 2008-08-06 03:27:40 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.dll + 2008-08-06 03:27:11 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.exe + 2008-08-06 03:19:18 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.dll + 2008-08-06 02:50:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.exe + 2008-01-21 02:25:14 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.dll + 2008-08-05 09:49:28 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.exe + 2008-08-06 03:57:56 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.dll + 2008-08-06 03:27:54 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.exe + 2008-08-06 03:27:39 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16724_none_2de5dbb18528130f\ehdebug.dll + 2008-08-06 03:17:56 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20889_none_2e339a669e71d932\ehdebug.dll + 2008-08-06 03:27:39 372,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16724_none_2d43ff096d0817ea\ehglid.dll + 2008-08-06 03:17:58 372,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20889_none_2d91bdbe8651de0d\ehglid.dll + 2008-08-05 09:49:54 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18115_none_2f360de56a25a641\ehglid.dll + 2008-08-06 03:56:06 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22237_none_2fac0b6c8351b09b\ehglid.dll + 2008-08-06 03:27:39 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16724_none_24d0bc2864e02dde\ehPresenter.dll + 2008-08-06 03:17:59 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20889_none_251e7add7e29f401\ehPresenter.dll + 2008-08-05 09:49:54 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18115_none_26c2cb0461fdbc35\ehPresenter.dll + 2008-08-06 03:56:06 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22237_none_2738c88b7b29c68f\ehPresenter.dll + 2008-08-06 03:21:59 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16724_none_50142885535e3590\ehres.dll + 2008-08-06 03:18:12 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20889_none_5061e73a6ca7fbb3\ehres.dll + 2008-08-06 03:27:39 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16724_none_36c4edb116c5f8a5\ehtrace.dll + 2008-08-06 03:18:12 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20889_none_3712ac66300fbec8\ehtrace.dll + 2008-08-06 03:27:39 517,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16724_none_cccc40dbcc4dcbaa\ehui.dll + 2008-08-06 03:18:12 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20889_none_cd19ff90e59791cd\ehui.dll + 2008-08-05 09:49:54 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18115_none_cebe4fb7c96b5a01\ehui.dll + 2008-08-06 03:56:08 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22237_none_cf344d3ee297645b\ehui.dll + 2008-08-06 03:27:39 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16724_none_3a1333122e23804c\ehuihlp.dll + 2008-08-06 03:18:13 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20889_none_3a60f1c7476d466f\ehuihlp.dll + 2008-09-18 04:56:02 147,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\Faultrep.dll + 2008-01-21 02:24:06 217,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe + 2008-01-21 02:24:06 860,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFaultSecure.exe + 2008-09-20 04:00:23 147,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\Faultrep.dll + 2008-09-20 04:00:16 217,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe + 2008-09-20 04:00:16 860,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFaultSecure.exe + 2008-09-18 04:56:07 125,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\wersvc.dll + 2008-09-20 04:00:26 125,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.22271_none_7a0ae2e8aa3b1988\wersvc.dll + 2008-08-06 03:27:40 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16724_none_3d328dcd626a3334\mcmde.dll + 2008-08-06 03:19:18 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20889_none_3d804c827bb3f957\mcmde.dll + 2008-10-16 04:40:36 425,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.16764_none_8b10fff30496576a\netapi32.dll + 2008-10-16 04:22:27 425,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.20937_none_8bbe0f461d98ec8d\netapi32.dll + 2008-10-16 04:47:33 466,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f\netapi32.dll + 2008-10-16 04:38:26 466,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.22288_none_8d6f3cb41ae72563\netapi32.dll + 2008-08-12 03:29:17 37,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\printcom.dll + 2008-08-12 03:29:18 441,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\win32spl.dll + 2008-08-12 03:17:47 37,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\printcom.dll + 2008-08-12 03:18:17 444,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\win32spl.dll + 2008-01-21 02:24:22 37,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\printcom.dll + 2008-08-12 03:39:08 443,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\win32spl.dll + 2008-08-12 03:25:35 37,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\printcom.dll + 2008-08-12 03:25:37 443,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\win32spl.dll + 2008-08-06 03:27:39 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16724_none_de803b00914caa46\EncDec.dll + 2008-08-06 03:18:16 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20889_none_decdf9b5aa967069\EncDec.dll + 2008-08-05 09:49:58 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18115_none_e07249dc8e6a389d\EncDec.dll + 2008-08-06 04:00:35 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22237_none_e0e84763a79642f7\EncDec.dll + 2008-08-06 03:27:43 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16724_none_da055cba59f5adf1\psisdecd.dll + 2008-08-06 03:21:05 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20889_none_da531b6f733f7414\psisdecd.dll + 2008-08-05 09:49:58 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18115_none_dbf76b9657133c48\psisdecd.dll + 2008-08-06 04:00:45 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22237_none_dc6d691d703f46a2\psisdecd.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 22:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "Google Update"="C:\Users\Vegard\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-21 133104] "BitTorrent DNA"="C:\Users\Vegard\Program Files\DNA\btdna.exe" [2008-09-23 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-04-03 92704] "PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-07-25 809480] "eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456] "CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936] "WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-21 185896] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 455984] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-07 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2008-08-07 C:\Windows\SkyTel.exe] C:\Users\Vegard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-09-21 1216512] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2007-02-15 19:02 50736 C:\Windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{E22A63B7-9EE9-4636-8B2C-81D1E5FDFBC4}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{61D77CC8-079E-4E63-BF73-A1C97A703764}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{E9F7F002-3272-4193-9C40-1ED990441481}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{F59B2B13-7885-4033-95A9-D334591169D5}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{2B84393C-BCF0-48DF-9418-CCB379B8C38C}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{EC6C02F2-23BE-4842-A1F3-F16F077D6F05}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{06D98909-4431-4F5F-8DA8-B3D9D1A6BEB6}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{AF223522-7770-4C57-BB45-889C9FAEC84C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{50DD01AA-5EF8-4FE1-8DC1-C7062B07E35C}"= UDP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In) "{E2C0CCB0-D696-45D9-BC2A-496A5AF23F22}"= TCP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In) "TCP Query User{C8896AFE-D748-4DC1-9C12-DB8A0DFFAE9E}C:\\users\\vegard\\program files\\dna\\btdna.exe"= UDP:C:\users\vegard\program files\dna\btdna.exe:btdna.exe "UDP Query User{235B69F3-7E2E-49D1-88CF-4D6F0BD274E5}C:\\users\\vegard\\program files\\dna\\btdna.exe"= TCP:C:\users\vegard\program files\dna\btdna.exe:btdna.exe "TCP Query User{4669EE9A-611A-4B54-A28C-30C882E07B04}C:\\users\\vegard\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:C:\users\vegard\appdata\local\google\chrome\application\chrome.exe:chrome.exe "UDP Query User{DDF9CB1F-FEF5-4C72-9107-878FE1BBB666}C:\\users\\vegard\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:C:\users\vegard\appdata\local\google\chrome\application\chrome.exe:chrome.exe "{45EE5818-0780-434A-837C-AB6D1837FE1B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F0F65E7D-C6DC-4E0F-B9C0-ECFBB1761032}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{25397A33-9723-4F15-9FBE-B431E77B4CB3}"= UDP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{4ACA3B67-99AC-4BE5-8E41-611EE490FE67}"= TCP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{19CCABDB-1A47-43BE-8EB6-67138F2ABA9C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D93C141E-5AE0-41C4-AA26-1D9DA17FC322}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{AE072A8D-77C2-4B8C-834C-39B8D1650CE9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{0809548B-2854-44DD-AD65-42F3AA1946EC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2008-09-22 38968] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl [2008-04-18 14:01 61424] R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-09-28 46648] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2008-09-22 178872] R2 PskSvcRetail;Panda PSK service;C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe [2007-03-21 27696] R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-04-03 43552] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ rsmsvcs REG_MULTI_SZ ntmssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1d36742-8836-11dd-ae85-806e6f6e6963}] \shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder 2008-10-25 C:\Windows\Tasks\GoogleUpdateTaskUser.job - C:\Users\Vegard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-21 21:23] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://no.intl.acer.yahoo.com R0 -: HKLM-Main,Start Page = hxxp://no.intl.acer.yahoo.com R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 -: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"][url="http://www.gmer.net"]http://www.gmer.net[/url][/url] Rootkit scan 2008-10-31 00:17:17 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-31 0:18:40 ComboFix-quarantined-files.txt 2008-10-30 23:18:35 ComboFix2.txt 2008-10-24 10:32:43 Pre-Run: 74,181,074,944 byte ledig Post-Run: 73,843,986,432 byte ledig 495 --- E O F --- 2008-10-30 17:53:55 glemte å slå av virusprogrammet; det spurte en 8-10 ganger om trusler, regner med det var combofix så jeg tillot alle. Lenke til kommentar
norbat Skrevet 31. oktober 2008 Del Skrevet 31. oktober 2008 Klarer ikke å se noe spesielt i loggen ang. malware. Har du fortsatt problemer med pc'n og i såfall hva? Lenke til kommentar
AzureDragon Skrevet 2. november 2008 Forfatter Del Skrevet 2. november 2008 Ok, flott det var bare det jeg ville ha bekreftet. PCen går bedre nå, og alle nettsidene fungerer som de skal igjen. Den er litt treg avogtil og lugger littegranne. Men er ikke så gale at det gjør noe. Forresten hvor ofte bør jeg scanne maskinen med disse tre programmene? Og en annen ting, hva er det som gjør at enkelte programmer slutter å virke og må avsluttes med en gang jeg klikker meg inn på dem, selv om de fungerte fint de par første gangene? music edit programmer etc Lenke til kommentar
AzureDragon Skrevet 2. november 2008 Forfatter Del Skrevet 2. november 2008 beklager at ingen har tatt seg tid til å sjekke loggene dine. Skal sørgje for at dette skjer snarast! Hadde vore veldig fint viss du kunne fjerne kode-taggene på MBAM og HijackThis loggen. Eg syns iallfall det er lettare å lese då. edit: har send pm til dei beste til dette på forumet. Forhåpentligvis kan dei snart hjelpe deg takk skal du ha, så ikke denne posten før nå Lenke til kommentar
r2d290 Skrevet 2. november 2008 Del Skrevet 2. november 2008 Forresten hvor ofte bør jeg scanne maskinen med disse tre programmene? Vel, MBAM kan du gjerne kjøre en eller to ganger i uka. Combofix og HijackThis skal du helst ikke bruke uten at du har mistanke om noe (eller hvis det har tatt veldig lang tid fra forrige gang du gjorde det, og vil bare ta en sjekk). Men nå i første omgang avinstallerer vi combofix: Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Du kan avinstallere HijackThis hvis du ønsker: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå