Grindal Skrevet 14. november 2008 Del Skrevet 14. november 2008 (endret) Hei! Noe rart foregår på pcen min. Noen ganger har pcen nektet å slå seg på og nå får jeg ikke byttet windowsbakgrunn, selv ikke med mine egne bilder. Derfor frykter jeg at jeg har fått noe rart på maskina. Legger ved en HJT logg. MBAM scan kommer senere, grunnet at den enda scanner. BTW, har vista og Combofix funker ikke på vista, så hvordan får jeg brukte det? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:04:21, on 12.11.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\svchost.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\Windows\system32\svchost.exe C:\Program Files\ThreatFire\TFService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\System32\rundll32.exe C:\Windows\PLFSetI.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ThreatFire\TFTray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Acer\Acer VCM\acp2HID.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\conime.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [steam] "D:\Program Files\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Acer VCM.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe -- End of file - 11761 bytes Endret 14. november 2008 av *meep*meep* Lenke til kommentar
r2d290 Skrevet 14. november 2008 Del Skrevet 14. november 2008 (endret) ref: https://www.diskusjon.no/index.php?showtopic=691246 Du skal først kjøre MBAM, deretter combofix og til slutt HijackThis Så når du har postet mbam-logg, scanner du med Combofix, og så til slutt med HijackThis edit: sorry, leste ikke siste linja Har du prøvd med combofix? Det fungerer på windows 32-bit. Men hvis du ikke får det til, får vi greie oss med mbam og hijackthis, men som sagt: de skal være i motsatt rekkefølge av det du har gjort til nå. Endret 14. november 2008 av r2d290 Lenke til kommentar
Grindal Skrevet 14. november 2008 Forfatter Del Skrevet 14. november 2008 K, MBAM sccanner fremdeles, så poster MBAM logg først og HJT etterpå. BTW, har 32bit vista Lenke til kommentar
r2d290 Skrevet 14. november 2008 Del Skrevet 14. november 2008 da SKAL combofix fungere... har du prøvd? Lenke til kommentar
Grindal Skrevet 14. november 2008 Forfatter Del Skrevet 14. november 2008 kan godt prøve igjen, men tviler på at det virker... Lenke til kommentar
Grindal Skrevet 14. november 2008 Forfatter Del Skrevet 14. november 2008 Her er loggene: Combofix: ComboFix 08-11-12.02 - Jørgen 2008-11-14 18:09:57.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1946 [GMT 1:00] Running from: c:\users\Jørgen\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\users\Jørgen\AppData\Roaming\.# c:\users\Jørgen\AppData\Roaming\.#\MBX@129C@1BB2990.### c:\users\Jørgen\AppData\Roaming\.#\MBX@129C@1BB29C0.### c:\users\Jørgen\AppData\Roaming\.#\MBX@129C@1BB29F0.### D:\install.exe ----- BITS: Possible infected sites ----- hxxp://www.threatfire.com hxxp://www.pctools.com . ((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 ))))))))))))))))))))))))))))))) . 2008-11-14 18:05 . 2008-11-14 18:05 61,440 --a------ c:\windows\System32\drivers\ofixdp.sys 2008-11-14 16:29 . 2008-11-14 16:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-14 16:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-14 16:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-13 20:50 . 2008-11-13 20:50 <DIR> d-------- c:\windows\Re-Volt Track Manager 2008-11-13 20:49 . 2008-11-13 20:49 <DIR> d-------- C:\CircuitsCustoms 2008-11-12 22:04 . 2008-11-12 22:04 <DIR> d-------- c:\program files\Trend Micro 2008-11-12 18:35 . 2008-11-12 18:35 <DIR> d-------- c:\program files\Acclaim 2008-11-12 18:16 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 18:16 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-12 17:55 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-11 18:39 . 2008-11-11 18:39 <DIR> d-------- c:\program files\RV House 2008-11-11 18:39 . 2008-07-06 11:39 54,694 --a------ c:\windows\System32\pthreadGC.dll 2008-11-10 18:39 . 2008-11-10 18:39 <DIR> d-------- c:\users\Jørgen\SystemRequirementsLab 2008-11-10 18:39 . 2008-11-10 18:39 <DIR> d-------- c:\users\Jørgen\SystemRequirementsLab 2008-11-10 18:39 . 2008-11-10 18:39 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-11-04 17:28 . 2008-11-04 17:28 <DIR> d-------- c:\users\Jørgen\AppData\Roaming\WinRAR 2008-11-03 18:23 . 2008-11-03 18:23 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-11-02 20:36 . 2008-11-02 20:36 <DIR> d-------- c:\program files\Common Files\Adobe 2008-11-02 17:08 . 2008-11-02 17:37 <DIR> d-------- c:\users\All Users\Test Drive Unlimited 2008-11-02 17:08 . 2008-11-02 17:37 <DIR> d-------- c:\programdata\Test Drive Unlimited 2008-11-02 17:05 . 2008-11-02 17:05 <DIR> dr-h----- c:\users\Jørgen\AppData\Roaming\SecuROM 2008-11-02 17:05 . 2008-11-02 17:05 107,888 --a------ c:\windows\System32\CmdLineExt.dll 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Links 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents 2008-10-29 22:07 . 2008-10-29 22:07 <DIR> d-------- c:\users\Jørgen\AppData\Roaming\Malwarebytes 2008-10-29 22:07 . 2008-10-29 22:07 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-10-29 22:07 . 2008-10-29 22:07 <DIR> d-------- c:\programdata\Malwarebytes 2008-10-29 21:09 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-29 21:09 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll 2008-10-29 21:09 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll 2008-10-28 16:30 . 2008-10-29 22:20 <DIR> d-------- c:\users\Jørgen\AppData\Roaming\Xfire 2008-10-28 16:30 . 2008-10-30 13:42 <DIR> d-------- c:\users\All Users\Xfire 2008-10-28 16:30 . 2008-10-30 13:42 <DIR> d-------- c:\programdata\Xfire 2008-10-28 16:30 . 2008-10-28 16:30 <DIR> d-------- c:\program files\Xfire 2008-10-25 22:48 . 2008-11-09 11:10 <DIR> d-------- c:\program files\Common Files\Steam 2008-10-23 16:44 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-10-23 16:44 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-10-23 16:44 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-10-23 16:44 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-10-23 16:44 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-10-19 18:39 . 2008-10-19 18:39 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-10-18 17:48 . 2008-10-18 17:48 <DIR> d-------- c:\users\Jørgen\AppData\Roaming\Mozilla 2008-10-18 10:59 . 2008-10-18 10:59 <DIR> d-------- c:\users\Jørgen\Bluetooth Software 2008-10-18 10:59 . 2008-10-18 10:59 <DIR> d-------- c:\users\Jørgen\Bluetooth Software 2008-10-15 15:13 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-10-15 15:13 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll 2008-10-15 15:12 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2008-10-15 15:12 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2008-10-15 15:12 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys 2008-10-15 15:12 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-14 17:13 2,359,296 --sha-w c:\users\Jørgen\NTUSER.DAT 2008-11-14 17:13 2,359,296 --sha-w c:\users\Jørgen\NTUSER.DAT 2008-11-14 17:09 56,542 ----a-w c:\users\All Users\nvModes.dat 2008-11-14 17:09 56,542 ----a-w c:\programdata\nvModes.dat 2008-11-14 17:03 --------- d---a-w c:\programdata\TEMP 2008-11-14 17:03 --------- d-----w c:\program files\ThreatFire 2008-11-13 20:48 --------- d-----w c:\users\Jørgen\AppData\Roaming\OpenOffice.org2 2008-11-11 19:21 --------- d-----w c:\programdata\TrackMania 2008-11-11 15:33 --------- d-----w c:\program files\Yahoo! 2008-11-11 15:29 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-11 15:29 111,928 ----a-w c:\windows\System32\PnkBstrB.exe 2008-11-10 21:24 --------- d-----w c:\users\Jørgen\AppData\Roaming\dvdcss 2008-11-07 20:35 --------- d-----w c:\programdata\CyberLink 2008-11-04 16:28 --------- d-----w c:\users\Jørgen\AppData\Roaming\WinRAR 2008-11-02 16:05 --------- d--h--r c:\users\Jørgen\AppData\Roaming\SecuROM 2008-11-02 15:31 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-30 14:56 --------- d-s---w c:\users\Jørgen\AppData\Roaming\Microsoft 2008-10-29 21:59 682,280 ----a-w c:\windows\System32\pbsvc.exe 2008-10-29 21:59 22,328 ----a-w c:\users\Jørgen\AppData\Roaming\PnkBstrK.sys 2008-10-29 21:59 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-29 21:20 --------- d-----w c:\users\Jørgen\AppData\Roaming\Xfire 2008-10-29 21:07 --------- d-----w c:\users\Jørgen\AppData\Roaming\Malwarebytes 2008-10-25 16:10 --------- d-----w c:\users\Jørgen\AppData\Roaming\LimeWire 2008-10-18 16:48 --------- d-----w c:\users\Jørgen\AppData\Roaming\Mozilla 2008-10-17 22:27 --------- d-----w c:\users\Jørgen\AppData\Roaming\CyberLink 2008-10-16 13:20 --------- d-----w c:\program files\Windows Mail 2008-10-13 21:09 --------- d-----w c:\program files\TmNationsForever 2008-10-13 17:32 --------- d-----w c:\program files\Game Cam V2 2008-10-13 17:29 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-10-13 16:19 --------- d-----w c:\users\Jørgen\AppData\Roaming\Ashampoo 2008-10-11 13:46 --------- d-----w c:\users\Jørgen\AppData\Roaming\vlc 2008-10-11 13:45 --------- d-----w c:\program files\VideoLAN 2008-10-10 17:59 --------- d-----w c:\program files\Acer GameZone 2008-10-09 00:48 42,320 ----a-w c:\windows\System32\xfcodec.dll 2008-10-08 14:52 --------- d-----w c:\users\Jørgen\AppData\Roaming\Adobe 2008-10-07 15:40 --------- d-----w c:\program files\Audacity 2008-10-06 19:57 --------- d-----w c:\programdata\Futuremark 2008-10-06 19:52 --------- d-----w c:\program files\AGEIA Technologies 2008-10-06 19:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-06 18:07 --------- d-----w c:\program files\Common Files\Futuremark Shared 2008-10-05 16:28 --------- d-----w c:\programdata\Microsoft Help 2008-10-05 16:28 --------- d-----w c:\program files\Microsoft Works 2008-10-05 16:22 --------- d-----w c:\program files\CCleaner 2008-10-05 13:01 --------- d-----w c:\programdata\Last.fm 2008-10-05 13:01 --------- d-----w c:\program files\iTunes 2008-10-05 13:00 --------- d-----w c:\program files\Last.fm 2008-10-01 11:43 --------- d-----w c:\program files\Java 2008-10-01 11:39 --------- d-----w c:\program files\Common Files\Java 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-29 18:30 --------- d-----w c:\program files\OpenOffice.org 2.4 2008-09-28 15:36 --------- d-----w c:\users\Jørgen\AppData\Roaming\Apple Computer 2008-09-28 15:35 --------- d-----w c:\programdata\Apple Computer 2008-09-28 15:35 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-28 15:35 --------- d-----w c:\program files\iPod 2008-09-28 15:35 --------- d-----w c:\program files\Bonjour 2008-09-28 15:34 --------- d-----w c:\program files\QuickTime 2008-09-28 15:34 --------- d-----w c:\program files\Common Files\Apple 2008-09-28 15:33 --------- d-----w c:\programdata\Apple 2008-09-28 15:33 --------- d-----w c:\program files\Apple Software Update 2008-09-28 14:31 --------- d-----w c:\program files\Winamp 2008-09-28 13:06 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-09-28 13:06 --------- d-----w c:\program files\Windows Live 2008-09-28 13:01 --------- d-----w c:\programdata\WLInstaller 2008-09-27 20:57 28,728 ----a-w c:\windows\system32\drivers\msahci.sys 2008-09-27 20:57 21,560 ----a-w c:\windows\system32\drivers\atapi.sys 2008-09-27 17:11 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2008-09-27 16:43 --------- d-----w c:\programdata\PlayMovie 2008-09-27 16:20 --------- d-----w c:\programdata\VIZ_MPS 2008-09-27 16:20 --------- d-----w c:\program files\Vizky 2008-09-27 16:14 --------- d-----w c:\users\Jørgen\AppData\Roaming\Google 2008-09-27 15:03 --------- d-----w c:\users\Jørgen\AppData\Roaming\PCToolsFirewallPlus 2008-09-27 14:43 --------- d-----w c:\program files\Google 2008-09-27 14:00 --------- d-----w c:\program files\EA GAMES 2008-09-27 13:16 --------- d-----w c:\programdata\Avira 2008-09-27 13:16 --------- d-----w c:\program files\Avira 2008-09-27 13:14 --------- d-----w c:\programdata\McAfee 2008-09-27 13:12 --------- d-----w c:\programdata\SiteAdvisor 2008-09-27 12:52 --------- d-----w c:\program files\MSXML 4.0 2008-09-27 11:52 --------- d-----w c:\programdata\NVIDIA 2008-09-27 11:51 --------- d-----w c:\program files\Acer 2008-09-27 11:48 --------- d-----w c:\program files\Acer Inc 2008-09-27 11:48 --------- d-----w c:\program files\Acer Arcade Deluxe 2008-09-27 11:39 --------- d-----w c:\programdata\eSobi 2008-09-27 11:34 --------- d-----w c:\users\Jørgen\AppData\Roaming\Yahoo! 2008-09-27 11:33 --------- d-----w c:\users\Jørgen\AppData\Roaming\Acer 2008-09-27 11:33 --------- d-----w c:\program files\Launch Manager 2008-09-27 11:32 --------- d-----w c:\users\Jørgen\AppData\Roaming\InstallShield 2008-09-27 11:32 --------- d-----w c:\program files\SuYin 2008-09-27 11:30 --------- d-----w c:\program files\WIDCOMM 2008-09-27 11:26 315,392 ----a-w c:\windows\HideWin.exe 2008-09-27 11:18 --------- d-----w c:\users\Jørgen\AppData\Roaming\Macromedia 2008-09-27 11:18 --------- d-----w c:\users\Jørgen\AppData\Roaming\Identities 2008-09-27 11:13 --------- d-sh--w c:\programdata\Start-meny 2008-09-27 11:13 --------- d-sh--w c:\programdata\Skrivebord 2008-09-27 11:13 --------- d-sh--w c:\programdata\Programdata 2008-09-27 11:13 --------- d-sh--w c:\programdata\Maler 2008-09-27 11:13 --------- d-sh--w c:\programdata\Favoritter 2008-09-27 11:13 --------- d-sh--w c:\programdata\Dokumenter 2008-09-27 11:13 --------- d-sh--w c:\program files\Fellesfiler 2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-27 171448] "Steam"="d:\program files\Steam\Steam.exe" [2008-10-25 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-09-27 1216512] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Users^Jørgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Jørgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk] path=c:\users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-09-27 15:43 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{E22A63B7-9EE9-4636-8B2C-81D1E5FDFBC4}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{E8F0DA3C-3A30-4583-9D6C-F70113CF165C}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{DE011E25-F451-49B1-88BE-0E5F3932A963}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{1E0C1E8C-D616-4A79-A510-A8550E92B3CE}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{0E0BF7B8-8DAA-4197-80E9-E461CAE460B0}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{F87C9358-645F-481F-AFE5-138B952DE647}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{33F6901F-78FC-4CEA-99A4-26CC31BDF08D}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{04A494E9-4A65-42AF-8BCF-BFFA48D11F8F}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{DEA85F90-51EB-401B-A13C-4127C7779290}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{E28DC5E9-EA09-4DE9-9A45-6E7872C0CF38}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{0376ED7B-3027-4EFE-9E42-540D1ED3571B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{DB216395-2107-4A4C-846B-D4243C4B6F45}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{BE13E7C7-1E91-4B51-9A75-49EF03328C3B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A91357C3-1B18-47DC-A77B-14C1AEBBC688}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CE3D0B47-1F29-42AA-9EB2-02390D803BD3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{30007B58-088F-4DB7-BF6B-4D216FF608B7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{2A45297D-79B0-491B-A197-31F3271958F4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{130BF4CE-CC92-490B-931D-23B05F1C77D8}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{81480371-74EB-4FC7-BC50-F9A908384FA6}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever "TCP Query User{18995F6E-0CD6-4A79-B4AF-124A499655E9}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{CB90BF18-6003-4E94-B590-940FA6D6A00D}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{778FB47D-38DB-487D-B39A-6BA01666FFFC}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire "UDP Query User{4BFE2437-C3FC-4605-AF01-A04A4C218D1B}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire "TCP Query User{0B63AFBE-8BDC-4546-99E8-0DA846DDE8BE}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer "UDP Query User{86642A40-E0A7-4D62-85D6-477C945C69A8}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer "TCP Query User{B1CF11E1-9685-470E-82B0-43CA698FED8D}d:\\program files\\steam\\steamapps\\step_jor\\counter-strike source\\hl2.exe"= UDP:d:\program files\steam\steamapps\step_jor\counter-strike source\hl2.exe:hl2 "UDP Query User{88213B51-8847-4DE6-8D3D-EBA90F07CB01}d:\\program files\\steam\\steamapps\\step_jor\\counter-strike source\\hl2.exe"= TCP:d:\program files\steam\steamapps\step_jor\counter-strike source\hl2.exe:hl2 "TCP Query User{658626C3-D1CA-443C-9A21-3BA62C1E6EEF}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= UDP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "UDP Query User{DF4D618E-45E3-4757-94E6-FAD5BE4C4D11}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= TCP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "TCP Query User{10DF046D-6465-454D-A2BE-38FF889AA139}d:\\program files\\test drive unlimited\\testdriveunlimited.exe"= UDP:d:\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited "UDP Query User{10A05F44-3C3A-4CCB-9F27-0BD477EB8F78}d:\\program files\\test drive unlimited\\testdriveunlimited.exe"= TCP:d:\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited "TCP Query User{853D7338-9926-4264-983B-C499284DAD88}d:\\program files\\steam\\steamapps\\step_jor\\day of defeat source\\hl2.exe"= UDP:d:\program files\steam\steamapps\step_jor\day of defeat source\hl2.exe:hl2 "UDP Query User{A7216022-9D1D-400D-80EC-A224ED07B087}d:\\program files\\steam\\steamapps\\step_jor\\day of defeat source\\hl2.exe"= TCP:d:\program files\steam\steamapps\step_jor\day of defeat source\hl2.exe:hl2 "TCP Query User{5E9E9E00-88CB-45A7-882D-5890DC64074F}d:\\program files\\steam\\steamapps\\step_jor\\half-life 2 deathmatch\\hl2.exe"= UDP:d:\program files\steam\steamapps\step_jor\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{FE1BC222-6D03-4056-9F0A-FD8FB1BF520B}d:\\program files\\steam\\steamapps\\step_jor\\half-life 2 deathmatch\\hl2.exe"= TCP:d:\program files\steam\steamapps\step_jor\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{764BB503-A459-4032-870F-99F8DA400A63}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{2F9B39BD-AAF6-48C2-9FCD-34864137BD74}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{7914D2DF-D4B5-4C46-AFB1-5EDA30DC3326}d:\\program files\\rv house\\rv_house.exe"= UDP:d:\program files\rv house\rv_house.exe:rv_house "UDP Query User{615F2EDE-4B2D-4E6F-BF94-74D4374684AB}d:\\program files\\rv house\\rv_house.exe"= TCP:d:\program files\rv house\rv_house.exe:rv_house "TCP Query User{1515EE6B-3E56-448A-B7FA-6DC1242B1C61}c:\\program files\\acclaim\\revolt\\revolt.exe"= UDP:c:\program files\acclaim\revolt\revolt.exe:revolt "UDP Query User{9A134B9B-FE5E-4D62-9DBA-A90ADB55BF1F}c:\\program files\\acclaim\\revolt\\revolt.exe"= TCP:c:\program files\acclaim\revolt\revolt.exe:revolt R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 14:01 61424] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-03 43552] R3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-11-09 99576] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LPDService REG_MULTI_SZ LPDSVC *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKLM-Run-eRecoveryService - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\users\Jørgen\AppData\Roaming\Mozilla\Firefox\Profiles\yewj90h5.default\ FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Vizky\npVizky.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-14 18:13:42 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-14 18:15:51 ComboFix-quarantined-files.txt 2008-11-14 17:15:45 Pre-Run: 87 923 412 992 byte ledig Post-Run: 87,590,682,624 byte ledig 326 --- E O F --- 2008-11-13 13:58:48 MBAM Scan: Malwarebytes' Anti-Malware 1.30 Database versjon: 1397 Windows 6.0.6001 Service Pack 1 14.11.2008 18:04:31 mbam-log-2008-11-14 (18-04-23).txt Skanntype: Rask Skann Objekter skannet: 42518 Tid tilbakelagt: 2 minute(s), 37 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 7 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:58, on 14.11.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe D:\Program Files\Steam\Steam.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Acer\Acer VCM\acp2HID.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Last.fm\LastFM.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [steam] "D:\Program Files\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Acer VCM.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 9437 bytes Lenke til kommentar
r2d290 Skrevet 14. november 2008 Del Skrevet 14. november 2008 Legg merke til at alle instruksjonene som blir gitt i denne tråden er skreddersydd for denne maskinen, og at verktøyene som blir brukt her, kan forårsake skade på en annen maskin med andre typer infeksjoner. Hvis du tror du har det samme problemet, bør du følge veiledningen til norbat, og poste loggene i en ny tråd. Hallo Mitt navn er r2d290, og jeg skal være med på å hjelpe deg med å fjerne alle infeksjoner du måtte ha på PC-en. Det kommer til å bli gitt en rekke instruksjoner som må bli fulgt i den rekkefølgen vi skriver dem i. Hvis det er en instruksjon du ikke forstår, du er usikker på noe, eller det skjer noe uventet, må du ikke gjette/gå videre, men skrive en post på forumet der du spør om det du lurer på. Ikke start flere tråder (hverken her på diskusjon.no eller på andre forum). Dette vil bare forvirre oss som driver support. Det kan hende at opperasjonen vil gå i flere ledd, og det kan hende det tar litt tid før du får svar, men vi gir oss ikke hvis ikke du gjør det. Ikke gi opp og formater PC-en (selvom noen sier at det er det eneste som hjelper). Det er svært usansynlig at man må formatere grunnet virus. I noen tilfeller hender det at tråder går oss hus forbi, så hvis du ikke har fått svar innen 24 timer kan det være lurt å skrive en liten "purre-post" så tråden din havner øverst på lista. Hvis du følger disse instruksjonene, skal vi nok få fikset problemet med maskinen. Jeg analyserer loggene dine nå, og vil komme tilbake med respons så snart jeg kan... PS: Det kan hende at sikkerhetsprogrammene dine gir advarsler på noen av verktøyene vi ber deg om å bruke. sikkerhetsprogrammene kan ikke vite om verktøyene har gode eller dårlige hensikter. Verktøyene blir brukt av profesjonelle rundt om i hele verden, så du kan stole på at programmene er trygge. Lenke til kommentar
r2d290 Skrevet 14. november 2008 Del Skrevet 14. november 2008 (endret) Viktig Loggene viser at det finnes ett eller fler P2P (Person to Person) fildelingsprogram på maskinen din. Limewire Vær klar over at så lenge du bruker noen form for Peer-to-Peer nettverk for å laste ned filer fra en "uoffisiell" kilde, må du gå ut ifra at maskinen din kan bli infisert.Før i tiden ble P2P fildeling regnet som ganske trygt. Dette er ikke lenger tilfelle. Du kan fortsette å bruke P2P på din egen risiko, men husk at dette kan være kilden til din nåværende eller neste infeksjon. Referanser om risikoen for disse programmene, kan du finne i disse linkene: http://www.microsoft.com/windows/ie/commun...protection.mspxhttp://www.techweb.com/wire/160500554http://www.internetworldstats.com/articles/art053.htm Se en liste over rene/risikable P2P-programmer her: http://p2p.malwareremoval.com/ Jeg anbefaler at du avinstallerer de nevnte programmene, men valget er ditt. Hvis du velger å fjerne disse programmene, kan du gjøre det fra Kontrollpanel->Legg til/fjern programmer. Hvis du ønsker å beholde programmet, ber jeg deg om å ikke bruke det før maskinen er ren for malware.Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: c:\windows\System32\drivers\ofixdp.sys Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. ellers ser det stort sett greit ut. Hvordan kjører pc-en? Endret 14. november 2008 av r2d290 Lenke til kommentar
Grindal Skrevet 14. november 2008 Forfatter Del Skrevet 14. november 2008 K, Ny logg: ComboFix 08-11-12.02 - Jørgen 2008-11-14 21:28:02.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1918 [GMT 1:00] Running from: c:\users\Jørgen\Downloads\ComboFix.exe Command switches used :: c:\users\Jørgen\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\System32\drivers\ofixdp.sys . ((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 ))))))))))))))))))))))))))))))) . 2008-11-14 16:29 . 2008-11-14 16:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-14 16:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-14 16:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-13 20:50 . 2008-11-13 20:50 <DIR> d-------- c:\windows\Re-Volt Track Manager 2008-11-13 20:49 . 2008-11-13 20:49 <DIR> d-------- C:\CircuitsCustoms 2008-11-12 22:04 . 2008-11-12 22:04 <DIR> d-------- c:\program files\Trend Micro 2008-11-12 18:35 . 2008-11-12 18:35 <DIR> d-------- c:\program files\Acclaim 2008-11-12 18:16 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 18:16 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-12 17:55 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-11 18:39 . 2008-11-11 18:39 <DIR> d-------- c:\program files\RV House 2008-11-11 18:39 . 2008-07-06 11:39 54,694 --a------ c:\windows\System32\pthreadGC.dll 2008-11-10 18:39 . 2008-11-10 18:39 <DIR> d-------- c:\users\Jørgen\SystemRequirementsLab 2008-11-10 18:39 . 2008-11-10 18:39 <DIR> d-------- c:\users\Jørgen\SystemRequirementsLab 2008-11-10 18:39 . 2008-11-10 18:39 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-11-04 17:28 . 2008-11-04 17:28 <DIR> d-------- c:\users\Jørgen\AppData\Roaming\WinRAR 2008-11-03 18:23 . 2008-11-03 18:23 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-11-02 20:36 . 2008-11-02 20:36 <DIR> d-------- c:\program files\Common Files\Adobe 2008-11-02 17:08 . 2008-11-02 17:37 <DIR> d-------- c:\users\All Users\Test Drive Unlimited 2008-11-02 17:08 . 2008-11-02 17:37 <DIR> d-------- c:\programdata\Test Drive Unlimited 2008-11-02 17:05 . 2008-11-02 17:05 <DIR> dr-h----- c:\users\Jørgen\AppData\Roaming\SecuROM 2008-11-02 17:05 . 2008-11-02 17:05 107,888 --a------ c:\windows\System32\CmdLineExt.dll 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Links 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads 2008-11-02 16:31 . 2008-11-02 16:31 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents 2008-10-29 22:07 . 2008-10-29 22:07 <DIR> d-------- c:\users\Jørgen\AppData\Roaming\Malwarebytes 2008-10-29 22:07 . 2008-10-29 22:07 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-10-29 22:07 . 2008-10-29 22:07 <DIR> d-------- c:\programdata\Malwarebytes 2008-10-29 21:09 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-29 21:09 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll 2008-10-29 21:09 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll 2008-10-28 16:30 . 2008-10-29 22:20 <DIR> d-------- c:\users\Jørgen\AppData\Roaming\Xfire 2008-10-28 16:30 . 2008-10-30 13:42 <DIR> d-------- c:\users\All Users\Xfire 2008-10-28 16:30 . 2008-10-30 13:42 <DIR> d-------- c:\programdata\Xfire 2008-10-28 16:30 . 2008-10-28 16:30 <DIR> d-------- c:\program files\Xfire 2008-10-25 22:48 . 2008-11-09 11:10 <DIR> d-------- c:\program files\Common Files\Steam 2008-10-23 16:44 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-10-23 16:44 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-10-23 16:44 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-10-23 16:44 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-10-23 16:44 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-10-19 18:39 . 2008-10-19 18:39 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-10-18 17:48 . 2008-10-18 17:48 <DIR> d-------- c:\users\Jørgen\AppData\Roaming\Mozilla 2008-10-18 10:59 . 2008-10-18 10:59 <DIR> d-------- c:\users\Jørgen\Bluetooth Software 2008-10-18 10:59 . 2008-10-18 10:59 <DIR> d-------- c:\users\Jørgen\Bluetooth Software 2008-10-15 15:13 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-10-15 15:13 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll 2008-10-15 15:12 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2008-10-15 15:12 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2008-10-15 15:12 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys 2008-10-15 15:12 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-14 20:29 2,621,440 --sha-w c:\users\Jørgen\NTUSER.DAT 2008-11-14 20:29 2,621,440 --sha-w c:\users\Jørgen\NTUSER.DAT 2008-11-14 20:24 56,542 ----a-w c:\users\All Users\nvModes.dat 2008-11-14 20:24 56,542 ----a-w c:\programdata\nvModes.dat 2008-11-14 17:03 --------- d---a-w c:\programdata\TEMP 2008-11-14 17:03 --------- d-----w c:\program files\ThreatFire 2008-11-13 20:48 --------- d-----w c:\users\Jørgen\AppData\Roaming\OpenOffice.org2 2008-11-11 19:21 --------- d-----w c:\programdata\TrackMania 2008-11-11 15:33 --------- d-----w c:\program files\Yahoo! 2008-11-11 15:29 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-11 15:29 111,928 ----a-w c:\windows\System32\PnkBstrB.exe 2008-11-10 21:24 --------- d-----w c:\users\Jørgen\AppData\Roaming\dvdcss 2008-11-07 20:35 --------- d-----w c:\programdata\CyberLink 2008-11-04 16:28 --------- d-----w c:\users\Jørgen\AppData\Roaming\WinRAR 2008-11-02 16:05 --------- d--h--r c:\users\Jørgen\AppData\Roaming\SecuROM 2008-11-02 15:31 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-30 14:56 --------- d-s---w c:\users\Jørgen\AppData\Roaming\Microsoft 2008-10-29 21:59 682,280 ----a-w c:\windows\System32\pbsvc.exe 2008-10-29 21:59 22,328 ----a-w c:\users\Jørgen\AppData\Roaming\PnkBstrK.sys 2008-10-29 21:59 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-29 21:20 --------- d-----w c:\users\Jørgen\AppData\Roaming\Xfire 2008-10-29 21:07 --------- d-----w c:\users\Jørgen\AppData\Roaming\Malwarebytes 2008-10-25 16:10 --------- d-----w c:\users\Jørgen\AppData\Roaming\LimeWire 2008-10-18 16:48 --------- d-----w c:\users\Jørgen\AppData\Roaming\Mozilla 2008-10-17 22:27 --------- d-----w c:\users\Jørgen\AppData\Roaming\CyberLink 2008-10-16 13:20 --------- d-----w c:\program files\Windows Mail 2008-10-13 21:09 --------- d-----w c:\program files\TmNationsForever 2008-10-13 17:32 --------- d-----w c:\program files\Game Cam V2 2008-10-13 17:29 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-10-13 16:19 --------- d-----w c:\users\Jørgen\AppData\Roaming\Ashampoo 2008-10-11 13:46 --------- d-----w c:\users\Jørgen\AppData\Roaming\vlc 2008-10-11 13:45 --------- d-----w c:\program files\VideoLAN 2008-10-10 17:59 --------- d-----w c:\program files\Acer GameZone 2008-10-09 00:48 42,320 ----a-w c:\windows\System32\xfcodec.dll 2008-10-08 14:52 --------- d-----w c:\users\Jørgen\AppData\Roaming\Adobe 2008-10-07 15:40 --------- d-----w c:\program files\Audacity 2008-10-06 19:57 --------- d-----w c:\programdata\Futuremark 2008-10-06 19:52 --------- d-----w c:\program files\AGEIA Technologies 2008-10-06 19:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-06 18:07 --------- d-----w c:\program files\Common Files\Futuremark Shared 2008-10-05 16:28 --------- d-----w c:\programdata\Microsoft Help 2008-10-05 16:28 --------- d-----w c:\program files\Microsoft Works 2008-10-05 16:22 --------- d-----w c:\program files\CCleaner 2008-10-05 13:01 --------- d-----w c:\programdata\Last.fm 2008-10-05 13:01 --------- d-----w c:\program files\iTunes 2008-10-05 13:00 --------- d-----w c:\program files\Last.fm 2008-10-01 11:43 --------- d-----w c:\program files\Java 2008-10-01 11:39 --------- d-----w c:\program files\Common Files\Java 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-29 18:30 --------- d-----w c:\program files\OpenOffice.org 2.4 2008-09-28 15:36 --------- d-----w c:\users\Jørgen\AppData\Roaming\Apple Computer 2008-09-28 15:35 --------- d-----w c:\programdata\Apple Computer 2008-09-28 15:35 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-28 15:35 --------- d-----w c:\program files\iPod 2008-09-28 15:35 --------- d-----w c:\program files\Bonjour 2008-09-28 15:34 --------- d-----w c:\program files\QuickTime 2008-09-28 15:34 --------- d-----w c:\program files\Common Files\Apple 2008-09-28 15:33 --------- d-----w c:\programdata\Apple 2008-09-28 15:33 --------- d-----w c:\program files\Apple Software Update 2008-09-28 14:31 --------- d-----w c:\program files\Winamp 2008-09-28 13:06 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-09-28 13:06 --------- d-----w c:\program files\Windows Live 2008-09-28 13:01 --------- d-----w c:\programdata\WLInstaller 2008-09-27 20:57 28,728 ----a-w c:\windows\system32\drivers\msahci.sys 2008-09-27 20:57 21,560 ----a-w c:\windows\system32\drivers\atapi.sys 2008-09-27 17:11 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2008-09-27 16:43 --------- d-----w c:\programdata\PlayMovie 2008-09-27 16:20 --------- d-----w c:\programdata\VIZ_MPS 2008-09-27 16:20 --------- d-----w c:\program files\Vizky 2008-09-27 16:14 --------- d-----w c:\users\Jørgen\AppData\Roaming\Google 2008-09-27 15:03 --------- d-----w c:\users\Jørgen\AppData\Roaming\PCToolsFirewallPlus 2008-09-27 14:43 --------- d-----w c:\program files\Google 2008-09-27 14:00 --------- d-----w c:\program files\EA GAMES 2008-09-27 13:16 --------- d-----w c:\programdata\Avira 2008-09-27 13:16 --------- d-----w c:\program files\Avira 2008-09-27 13:14 --------- d-----w c:\programdata\McAfee 2008-09-27 13:12 --------- d-----w c:\programdata\SiteAdvisor 2008-09-27 12:52 --------- d-----w c:\program files\MSXML 4.0 2008-09-27 11:52 --------- d-----w c:\programdata\NVIDIA 2008-09-27 11:51 --------- d-----w c:\program files\Acer 2008-09-27 11:48 --------- d-----w c:\program files\Acer Inc 2008-09-27 11:48 --------- d-----w c:\program files\Acer Arcade Deluxe 2008-09-27 11:39 --------- d-----w c:\programdata\eSobi 2008-09-27 11:34 --------- d-----w c:\users\Jørgen\AppData\Roaming\Yahoo! 2008-09-27 11:33 --------- d-----w c:\users\Jørgen\AppData\Roaming\Acer 2008-09-27 11:33 --------- d-----w c:\program files\Launch Manager 2008-09-27 11:32 --------- d-----w c:\users\Jørgen\AppData\Roaming\InstallShield 2008-09-27 11:32 --------- d-----w c:\program files\SuYin 2008-09-27 11:30 --------- d-----w c:\program files\WIDCOMM 2008-09-27 11:26 315,392 ----a-w c:\windows\HideWin.exe 2008-09-27 11:18 --------- d-----w c:\users\Jørgen\AppData\Roaming\Macromedia 2008-09-27 11:18 --------- d-----w c:\users\Jørgen\AppData\Roaming\Identities 2008-09-27 11:13 --------- d-sh--w c:\programdata\Start-meny 2008-09-27 11:13 --------- d-sh--w c:\programdata\Skrivebord 2008-09-27 11:13 --------- d-sh--w c:\programdata\Programdata 2008-09-27 11:13 --------- d-sh--w c:\programdata\Maler 2008-09-27 11:13 --------- d-sh--w c:\programdata\Favoritter 2008-09-27 11:13 --------- d-sh--w c:\programdata\Dokumenter 2008-09-27 11:13 --------- d-sh--w c:\program files\Fellesfiler 2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-14_18.14.31,76 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-14 14:43:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-11-14 17:21:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-11-14 14:43:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-11-14 17:21:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-11-14 14:43:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-11-14 17:26:50 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-11-14 17:26:50 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-11-14 14:43:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-11-14 18:17:15 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-11-14 14:50:04 101,250 ----a-w c:\windows\System32\perfc009.dat + 2008-11-14 17:25:44 101,250 ----a-w c:\windows\System32\perfc009.dat - 2008-11-14 14:50:04 76,478 ----a-w c:\windows\System32\perfc014.dat + 2008-11-14 17:25:44 76,478 ----a-w c:\windows\System32\perfc014.dat - 2008-11-14 14:50:04 587,178 ----a-w c:\windows\System32\perfh009.dat + 2008-11-14 17:25:44 587,178 ----a-w c:\windows\System32\perfh009.dat - 2008-11-14 14:50:04 452,326 ----a-w c:\windows\System32\perfh014.dat + 2008-11-14 17:25:44 452,326 ----a-w c:\windows\System32\perfh014.dat - 2008-11-14 14:45:21 6,690 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3706400041-907056601-1480726456-1000_UserData.bin + 2008-11-14 17:28:24 6,832 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3706400041-907056601-1480726456-1000_UserData.bin - 2008-11-14 14:45:21 81,146 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-11-14 17:28:23 81,298 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-11-14 14:45:07 52,678 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-11-14 17:28:21 52,686 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-11-13 20:33:25 276,334 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-11-14 20:24:45 276,600 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-27 171448] "Steam"="d:\program files\Steam\Steam.exe" [2008-10-25 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-09-27 1216512] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Users^Jørgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Jørgen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk] path=c:\users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-09-27 15:43 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{E22A63B7-9EE9-4636-8B2C-81D1E5FDFBC4}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{E8F0DA3C-3A30-4583-9D6C-F70113CF165C}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{DE011E25-F451-49B1-88BE-0E5F3932A963}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{1E0C1E8C-D616-4A79-A510-A8550E92B3CE}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{0E0BF7B8-8DAA-4197-80E9-E461CAE460B0}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{F87C9358-645F-481F-AFE5-138B952DE647}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{33F6901F-78FC-4CEA-99A4-26CC31BDF08D}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{04A494E9-4A65-42AF-8BCF-BFFA48D11F8F}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{DEA85F90-51EB-401B-A13C-4127C7779290}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{E28DC5E9-EA09-4DE9-9A45-6E7872C0CF38}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{0376ED7B-3027-4EFE-9E42-540D1ED3571B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{DB216395-2107-4A4C-846B-D4243C4B6F45}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{BE13E7C7-1E91-4B51-9A75-49EF03328C3B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A91357C3-1B18-47DC-A77B-14C1AEBBC688}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CE3D0B47-1F29-42AA-9EB2-02390D803BD3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{30007B58-088F-4DB7-BF6B-4D216FF608B7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{2A45297D-79B0-491B-A197-31F3271958F4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{130BF4CE-CC92-490B-931D-23B05F1C77D8}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{81480371-74EB-4FC7-BC50-F9A908384FA6}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever "TCP Query User{18995F6E-0CD6-4A79-B4AF-124A499655E9}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{CB90BF18-6003-4E94-B590-940FA6D6A00D}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{778FB47D-38DB-487D-B39A-6BA01666FFFC}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire "UDP Query User{4BFE2437-C3FC-4605-AF01-A04A4C218D1B}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire "TCP Query User{0B63AFBE-8BDC-4546-99E8-0DA846DDE8BE}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer "UDP Query User{86642A40-E0A7-4D62-85D6-477C945C69A8}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer "TCP Query User{B1CF11E1-9685-470E-82B0-43CA698FED8D}d:\\program files\\steam\\steamapps\\step_jor\\counter-strike source\\hl2.exe"= UDP:d:\program files\steam\steamapps\step_jor\counter-strike source\hl2.exe:hl2 "UDP Query User{88213B51-8847-4DE6-8D3D-EBA90F07CB01}d:\\program files\\steam\\steamapps\\step_jor\\counter-strike source\\hl2.exe"= TCP:d:\program files\steam\steamapps\step_jor\counter-strike source\hl2.exe:hl2 "TCP Query User{658626C3-D1CA-443C-9A21-3BA62C1E6EEF}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= UDP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "UDP Query User{DF4D618E-45E3-4757-94E6-FAD5BE4C4D11}c:\\program files\\electronic arts\\sports car gt\\spcar.exe"= TCP:c:\program files\electronic arts\sports car gt\spcar.exe:Sports Car GT "TCP Query User{10DF046D-6465-454D-A2BE-38FF889AA139}d:\\program files\\test drive unlimited\\testdriveunlimited.exe"= UDP:d:\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited "UDP Query User{10A05F44-3C3A-4CCB-9F27-0BD477EB8F78}d:\\program files\\test drive unlimited\\testdriveunlimited.exe"= TCP:d:\program files\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited "TCP Query User{853D7338-9926-4264-983B-C499284DAD88}d:\\program files\\steam\\steamapps\\step_jor\\day of defeat source\\hl2.exe"= UDP:d:\program files\steam\steamapps\step_jor\day of defeat source\hl2.exe:hl2 "UDP Query User{A7216022-9D1D-400D-80EC-A224ED07B087}d:\\program files\\steam\\steamapps\\step_jor\\day of defeat source\\hl2.exe"= TCP:d:\program files\steam\steamapps\step_jor\day of defeat source\hl2.exe:hl2 "TCP Query User{5E9E9E00-88CB-45A7-882D-5890DC64074F}d:\\program files\\steam\\steamapps\\step_jor\\half-life 2 deathmatch\\hl2.exe"= UDP:d:\program files\steam\steamapps\step_jor\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{FE1BC222-6D03-4056-9F0A-FD8FB1BF520B}d:\\program files\\steam\\steamapps\\step_jor\\half-life 2 deathmatch\\hl2.exe"= TCP:d:\program files\steam\steamapps\step_jor\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{764BB503-A459-4032-870F-99F8DA400A63}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{2F9B39BD-AAF6-48C2-9FCD-34864137BD74}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{7914D2DF-D4B5-4C46-AFB1-5EDA30DC3326}d:\\program files\\rv house\\rv_house.exe"= UDP:d:\program files\rv house\rv_house.exe:rv_house "UDP Query User{615F2EDE-4B2D-4E6F-BF94-74D4374684AB}d:\\program files\\rv house\\rv_house.exe"= TCP:d:\program files\rv house\rv_house.exe:rv_house "TCP Query User{1515EE6B-3E56-448A-B7FA-6DC1242B1C61}c:\\program files\\acclaim\\revolt\\revolt.exe"= UDP:c:\program files\acclaim\revolt\revolt.exe:revolt "UDP Query User{9A134B9B-FE5E-4D62-9DBA-A90ADB55BF1F}c:\\program files\\acclaim\\revolt\\revolt.exe"= TCP:c:\program files\acclaim\revolt\revolt.exe:revolt R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 14:01 61424] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-03 43552] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-11-09 99576] S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LPDService REG_MULTI_SZ LPDSVC . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-14 21:29:51 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-14 21:31:06 ComboFix-quarantined-files.txt 2008-11-14 20:31:03 ComboFix2.txt 2008-11-14 17:15:52 Pre-Run: 88 931 045 376 byte ledig Post-Run: 88,902,397,952 byte ledig 334 --- E O F --- 2008-11-13 13:58:48 Alt ser mye bedre ut nå. Bakgrunnen er tilbake og har ikke oppdaga noe nytt kluss med pcen. Ser ut som at problemet er fikset. Tusen takk for hjelpen hvertfall! Setter [Midlertidig Løst] på tråden for å sjekke om noe skjer... Lenke til kommentar
r2d290 Skrevet 14. november 2008 Del Skrevet 14. november 2008 (endret) Ja, tror det skulle vere greit nå Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /uPS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Du kan avinstallere HijackThis hvis du ønsker: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. MBAM anbefaler jeg deg å beholde, men hvis du likavel ønsker å slette den, kan du gjøre det fra legg til/fjern programmer. Nedenfor har jeg kommet med noen anbefalinger for hvordan du kan beskytte maskinen din bedre, ved å redusere sansynligheten for å bli infisert igjen. Det er viktig at du tar disse anbefalingene serriøst; disse få enkle stegene kan gjøre at du slipper de fleste malware-problemer. 1) Gå til http://windowsupdate.microsoft.com og last ned alle de "kritiske oppdateringene" for Windows. Dette vil tette igjen mange av sikkerhetshullene som angripere kan bruke til å få tilgang til maskinen din. Skru på Automatic Updates under Start -> Kontrollpanel -> Automatiske Oppdateringer, eller gjør det til en vane å sjekke regelmessig om det er kommet noen nye Windows oppdateringerer. Dette er veldig viktig! 2) For å kunne beskytte deg mot spyware, bør du vurdere å kjøre en av disse gratisprogrammene : SUPERAntiSpyware (Velg gratisversjonen) En veiledning for SUPERAntiSpyware finner du her Malwarebytes' Anti-Malware En veiledning for Malwarebytes' Anti-Malware finner du her Pass på å holde disse programmene oppdatert og kjør dem regelmessig, siden dette kan beskytte mot en del spyware. 4) Pass på å kjøre antivirusprogrammet ditt regelmessig, og hold det oppdatert. [ Viktig: Velg kun ett antivirusprogram. Å ha fler programmer samtidig, vil føre til kollisjon. Ta også gjerne en titt i "wil" sin artikkel: Hvordan får dere all Spywaren og Virusene? Dette vil forhåpentligvis ta seg av fremtidige problemer. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Endret 14. november 2008 av r2d290 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå