Gå til innhold

Spyware på ny laptop:/

snipern

Av snipern
i IKT-drift og sikkerhet

Anbefalte innlegg

snipern

snipern

Skrevet
Skrevet

Hei

 

Jeg har en ganske ny HP-laptop, kjøpt i høst. Etter ivrig program-nedlasting, har jeg fått med meg noen blindpassasjerer... PCen jobber tregt, "lagger" under avspilling av filmer og musikk etc. Vil tippe det er typiske spyware-symptomer. Har snust rundt på hw.no på jakt etter tips, og jeg ser at mange får løst probleme sine av at noen analyserer hijackthis-loggen deres. Så jeg håper noen vil ta en kikk på min! :thumbup:

 

Jeg har lastet ned Malwarebytes, Ad-Aware 2008 og Spybot SD, samt CCleaner. De finner litt forskjellig, men ikke alt (tydeligvis). Det morsomme er at når jeg scanner med Norton, ser jeg på at den går igjennom filer som heter f.eks "Infostealer", "SpyWareVermins" og "Trojan.host" etc etc, UTEN at den gjør noe!

 

Ps: I tillegg har fingeravtrykkleseren min sluttet å fungere.

 

Her er loggen min fra Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:29, on 24.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Lefdal\Programmer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: D - {EDF597F6-798F-38E9-B8FD-2F47D0EB9A8C} - C:\Windows\system32\xwr12683.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Mobilt bredbånd.lnk = ?
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [url="http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab"]http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[/url]
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [url="http://ax.emsisoft.com/asquared.cab"]http://ax.emsisoft.com/asquared.cab[/url]
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 9083 bytes

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
snipern

snipern

Skrevet
  • Forfatter
Skrevet
kan du følge guiden som er linket øverst i signaturen min :)

hvis du har tatt et søk med Mbam venglist post logg ;)

 

på forhånd takk!

 

Malwarebytes' Anti-Malware 1.30
Database versjon: 1419
Windows 6.0.6001 Service Pack 1

24.11.2008 18:32:47
mbam-log-2008-11-24 (18-32-47).txt

Skanntype: Rask Skann
Objekter skannet: 43207
Tid tilbakelagt: 10 minute(s), 1 second(s)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 2
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 1

Minneprosesser infisert:
(Ingen mistenkelige filer funnet)

Minnemoduler infisert:
(Ingen mistenkelige filer funnet)

Registernøkler infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{edf597f6-798f-38e9-b8fd-2f47d0eb9a8c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{edf597f6-798f-38e9-b8fd-2f47d0eb9a8c} (Trojan.BHO) -> Quarantined and deleted successfully.

Registerverdier infisert:
(Ingen mistenkelige filer funnet)

Registerfiler infisert:
(Ingen mistenkelige filer funnet)

Mapper infisert:
(Ingen mistenkelige filer funnet)

Filer infisert:
C:\Windows\System32\xwr12683.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Lenke til kommentar
Tosha0007

Tosha0007

Skrevet
Skrevet (endret)

då vente me berre på ein Combofix logg så står me klare til å analysera loggane dine :thumbs:

 

Tips: legg heller loggane i spoiler

[1spoiler]- lim inn loggen her- [/1spoiler]

(fjern 1-tala for å legge dei i spoiler) Då ver det mykje lettare å lese loggane

 

Last ned Combofix (av sUBs), og legg det på Skrivebordet.

 

Kjør combofix.exe, og følg veiledningen. Du får et spørsmål om at "Roughly 1/100 machines failed to make it through the disinfection process!! Are you sure you want to do this??" - Svar Yes

Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.

 

Hva gjør ComboFix:

 

- ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre.

 

PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det.

 

Post loggfilen fra Combofix (c:\combofix.txt)

Endret av tosha0007
Lenke til kommentar
snipern

snipern

Skrevet
  • Forfatter
Skrevet (endret)

Her er ComboFix-loggen!

 

 

 

ComboFix 08-11-23.02 - Lefdal 2008-11-24 20:05:11.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1108 [GMT 1:00]

Running from: c:\users\Lefdal\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))

.

 

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\users\All Users\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\programdata\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:04 <DIR> d-------- c:\program files\Lavasoft

2008-11-24 16:21 . 2008-11-24 16:21 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Malwarebytes

2008-11-24 16:21 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-24 16:21 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-24 15:58 . 2008-11-24 18:00 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-11-24 18:00 <DIR> d-------- c:\programdata\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-11-24 15:59 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-24 14:48 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys

2008-11-24 14:47 . 2008-11-24 14:47 <DIR> d-------- c:\program files\Panda Security

2008-11-20 20:36 . 2008-11-21 07:37 <DIR> d-------- c:\program files\Full Tilt Poker

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\users\All Users\Sports Interactive

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\programdata\Sports Interactive

2008-11-20 12:48 . 2008-11-20 12:50 <DIR> d--h----- c:\program files\Zero G Registry

2008-11-20 12:48 . 2008-11-20 12:48 <DIR> d-------- c:\program files\Sports Interactive

2008-11-20 12:47 . 2008-11-20 12:47 <DIR> d--h----- c:\users\Lefdal\InstallAnywhere

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Winamp

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\program files\Winamp

2008-11-19 18:43 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll

2008-11-18 18:29 . 2008-11-18 18:29 <DIR> d-------- c:\program files\Opera

2008-11-18 17:52 . 2008-11-18 17:52 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\InstallShield

2008-11-15 14:36 . 2008-11-15 14:36 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\users\All Users\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\programdata\Apple Computer

2008-11-15 14:33 . 2008-11-21 21:36 <DIR> d-------- c:\program files\QuickTime

2008-11-15 14:31 . 2008-11-18 17:57 <DIR> d-------- c:\program files\Common Files\Apple

2008-11-15 14:27 . 2008-11-18 15:48 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\LimeWire

2008-11-12 14:27 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 14:27 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-12 14:26 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 13:07 . 2008-11-12 13:07 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\OpenOffice.org

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\OpenOffice.org 3

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\JRE

2008-11-12 13:01 . 2008-11-12 13:01 <DIR> d-------- c:\users\Lefdal\Open Office

2008-11-11 21:10 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll

2008-11-11 21:10 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll

2008-11-11 21:10 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll

2008-11-11 21:10 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll

2008-11-11 21:10 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll

2008-11-11 21:10 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll

2008-11-11 21:10 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll

2008-11-07 12:53 . 2008-11-07 12:53 <DIR> dr-h----- c:\users\Lefdal\AppData\Roaming\SecuROM

2008-11-07 12:53 . 2008-11-07 12:53 107,888 --a------ c:\windows\System32\CmdLineExt.dll

2008-11-07 12:41 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll

2008-11-07 12:41 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll

2008-11-07 12:41 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\System32\D3DCompiler_36.dll

2008-11-07 12:41 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll

2008-11-07 12:41 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll

2008-11-07 12:41 . 2007-10-02 09:56 444,776 --a------ c:\windows\System32\d3dx10_36.dll

2008-11-07 12:41 . 2007-10-22 03:39 267,272 --a------ c:\windows\System32\xactengine2_10.dll

2008-11-07 12:41 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll

2008-11-07 12:41 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll

2008-11-07 12:40 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll

2008-11-07 12:40 . 2007-10-22 03:37 17,928 --a------ c:\windows\System32\X3DAudio1_2.dll

2008-11-07 12:36 . 2008-11-07 12:36 <DIR> d-------- c:\windows\System32\AGEIA

2008-11-07 12:36 . 2008-11-24 18:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-07 12:36 . 2008-11-07 12:36 <DIR> d-------- c:\program files\AGEIA Technologies

2008-11-06 12:49 . 2008-11-15 15:11 <DIR> d-------- c:\program files\Firaxis Games

2008-11-03 23:48 . 2008-11-03 23:48 22,328 --a------ c:\users\Lefdal\AppData\Roaming\PnkBstrK.sys

2008-11-03 11:29 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll

2008-11-02 19:40 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll

2008-11-02 19:40 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll

2008-11-02 19:40 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax

2008-11-02 19:40 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax

2008-11-02 19:40 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax

2008-11-01 15:57 . 2008-11-01 15:57 <DIR> d-------- c:\program files\Telenor

2008-11-01 15:57 . 2008-11-01 15:57 <DIR> d-------- c:\program files\Common Files\GtFlashSwitch

2008-10-31 21:00 . 2008-10-31 21:00 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\WildTangent

2008-10-29 18:31 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-29 18:31 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-29 18:31 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-26 00:22 . 2008-10-26 16:57 <DIR> d-------- c:\program files\ZyX

2008-10-26 00:18 . 1999-12-17 09:13 86,016 --a------ c:\windows\unvise32.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-21 06:37 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-20 17:22 --------- d-----w c:\users\Lefdal\AppData\Roaming\BitTorrent

2008-11-20 12:38 --------- d-----w c:\users\Lefdal\AppData\Roaming\Sports Interactive

2008-11-18 22:26 --------- d-----w c:\users\Lefdal\AppData\Roaming\vlc

2008-11-18 17:13 --------- d-----w c:\program files\Atheros

2008-11-12 11:59 902 ----a-w c:\users\Lefdal\AppData\Roaming\wklnhst.dat

2008-11-03 17:45 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-10-31 20:04 --------- d-----w c:\programdata\WildTangent

2008-10-23 10:47 --------- d-----w c:\users\Lefdal\AppData\Roaming\Template

2008-10-21 12:34 172,032 ----a-w c:\windows\System32\wr12683.dll

2008-10-20 10:33 --------- d-----w c:\programdata\Symantec

2008-10-19 20:57 --------- d-----w c:\programdata\CyberLink

2008-10-17 10:13 --------- d-----w c:\program files\Java

2008-10-16 21:22 --------- d-----w c:\users\Lefdal\AppData\Roaming\Hewlett-Packard

2008-10-16 07:45 --------- d-----w c:\program files\Windows Mail

2008-10-13 20:56 --------- d-----w c:\program files\VideoLAN

2008-10-13 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-10-12 18:45 --------- d-----w c:\users\Lefdal\AppData\Roaming\CyberLink

2008-10-12 18:44 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools

2008-10-12 18:44 --------- d-----w c:\program files\DAEMON Tools Lite

2008-10-12 18:39 --------- d-----w c:\programdata\DAEMON Tools Pro

2008-10-12 18:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-12 18:34 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools Pro

2008-10-09 16:46 --------- d-----w c:\program files\DNA

2008-10-09 16:46 --------- d-----w c:\program files\BitTorrent

2008-10-07 06:59 --------- d-----w c:\program files\Football Manager 2008

2008-10-05 00:25 --------- d-----w c:\program files\MSXML 4.0

2008-10-04 14:19 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2008-10-04 14:19 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2008-10-04 14:19 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2008-10-04 14:19 --------- d-----w c:\program files\Symantec

2008-10-04 13:52 --------- d-----w c:\program files\CCleaner

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

c:\users\Lefdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]

Mobilt bredb†nd.lnk - c:\program files\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 733184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{77EE5ECE-F6EA-460F-8BA9-66AF7E5ED80F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{1F154C7C-27EB-4171-AB63-7DC5A2BA90EC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{A7B725BE-FF70-4A2B-8480-BD3DD5C33BFC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{00610391-0091-4004-B2F0-844B7934448F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{FC457852-B3E8-4F8E-9309-6EEA3B7817F2}"= UDP:c:\program files\DNA\btdna.exe:DNA

"{07A6FA7F-3B38-4D85-863B-6EB6A8EA9A08}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{DFD5330B-04E0-42D4-B2CD-419B17791DA1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3322B0B8-C972-4B7E-B7BC-11CD12220971}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{38AF6483-4E6D-4F33-AD11-5023CE0C489F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{8F4CD06A-1E96-42B9-B89A-D87E849B6EE6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{204432DA-42AA-496E-BDF0-B8A1CE0B1F74}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{C6891F6E-D0EB-417B-90C4-9DACE7698806}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R0 ahcix86s;ahcix86s;c:\windows\system32\DRIVERS\ahcix86s.sys [2008-04-14 170000]

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-07-28 15416]

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2006-10-29 7680]

R0 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-24 28544]

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081120.001\IDSvix86.sys [2008-11-21 270384]

R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-03-28 3544064]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-27 40752]

S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-13 23888]

S3 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 122496]

S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-04-14 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-04-14 37120]

S3 HpqRemHid;HP Remote Control HID Device;c:\windows\system32\DRIVERS\HpqRemHid.sys [2008-06-07 7168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b036dad9-a757-11dd-9347-00218672d3ff}]

\shell\AutoRun\command - g:\.\setup.exe AUTORUN=1

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8eaa046-988c-11dd-a7e3-00218672d3ff}]

\shell\AutoRun\command - F:\autorun.exe

 

*Newly Created Service* - COMHOST

*Newly Created Service* - PAVBOOT

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-24 c:\windows\Tasks\Norton Internet Security - Kjør fullt systemsøk - Lefdal.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 13:05]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-24 20:20:09

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'lsass.exe'(724)

c:\windows\system32\DPPWDFLT.dll

 

- - - - - - - > 'Explorer.exe'(6072)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\hpservice.exe

c:\windows\System32\vfsFPService.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\System32\wlanext.exe

c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe

c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\windows\SMINST\BLService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\conime.exe

c:\program files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

.

**************************************************************************

.

Completion time: 2008-11-24 20:28:44 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-24 19:28:05

 

Pre-Run: 227 754 496 000 byte ledig

Post-Run: 226,791,673,856 byte ledig

 

269 --- E O F --- 2008-11-21 06:40:36

 

 

Endret av snipern
Lenke til kommentar
r2d290

r2d290

Skrevet
Skrevet (endret)

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

 

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

 

File::
c:\windows\System32\wr12683.dll

 

Lagre det som CFScriptSkrivebordet

 

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

 

CFScriptB-4.gif

 

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

 

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

 

Fortell hvordan maskinen fungerer etter dette :)

Endret av r2d290
Lenke til kommentar
snipern

snipern

Skrevet
  • Forfatter
Skrevet

Done! her er resultatet

 

ComboFix 08-11-23.02 - Lefdal 2008-11-26 17:46:48.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1650 [GMT 1:00]

Running from: c:\users\Lefdal\Desktop\ComboFix.exe

Command switches used :: c:\users\Lefdal\Desktop\CFScript.txt

 

FILE ::

c:\windows\System32\wr12683.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\System32\wr12683.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))

.

 

2008-11-26 02:51 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-26 02:51 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-26 02:51 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-26 02:51 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-26 02:51 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-24 21:03 . 2008-11-24 21:10 <DIR> d-------- c:\users\Lefdal\Entourage

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\users\All Users\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\programdata\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:04 <DIR> d-------- c:\program files\Lavasoft

2008-11-24 16:21 . 2008-11-24 16:21 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Malwarebytes

2008-11-24 16:21 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-24 16:21 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-24 15:58 . 2008-11-25 12:57 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-11-25 12:57 <DIR> d-------- c:\programdata\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-11-24 15:59 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-24 14:48 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys

2008-11-24 14:47 . 2008-11-24 14:47 <DIR> d-------- c:\program files\Panda Security

2008-11-20 20:36 . 2008-11-21 07:37 <DIR> d-------- c:\program files\Full Tilt Poker

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\users\All Users\Sports Interactive

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\programdata\Sports Interactive

2008-11-20 12:48 . 2008-11-20 12:50 <DIR> d--h----- c:\program files\Zero G Registry

2008-11-20 12:48 . 2008-11-20 12:48 <DIR> d-------- c:\program files\Sports Interactive

2008-11-20 12:47 . 2008-11-20 12:47 <DIR> d--h----- c:\users\Lefdal\InstallAnywhere

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Winamp

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\program files\Winamp

2008-11-19 18:43 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll

2008-11-18 18:29 . 2008-11-18 18:29 <DIR> d-------- c:\program files\Opera

2008-11-18 17:52 . 2008-11-18 17:52 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\InstallShield

2008-11-15 14:36 . 2008-11-15 14:36 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\users\All Users\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\programdata\Apple Computer

2008-11-15 14:33 . 2008-11-21 21:36 <DIR> d-------- c:\program files\QuickTime

2008-11-15 14:31 . 2008-11-18 17:57 <DIR> d-------- c:\program files\Common Files\Apple

2008-11-15 14:27 . 2008-11-18 15:48 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\LimeWire

2008-11-12 14:27 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 14:27 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-12 14:26 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 13:07 . 2008-11-12 13:07 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\OpenOffice.org

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\OpenOffice.org 3

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\JRE

2008-11-12 13:01 . 2008-11-12 13:01 <DIR> d-------- c:\users\Lefdal\Open Office

2008-11-11 21:10 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll

2008-11-11 21:10 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll

2008-11-11 21:10 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll

2008-11-11 21:10 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll

2008-11-11 21:10 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll

2008-11-11 21:10 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll

2008-11-11 21:10 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll

2008-11-07 12:53 . 2008-11-07 12:53 <DIR> dr-h----- c:\users\Lefdal\AppData\Roaming\SecuROM

2008-11-07 12:53 . 2008-11-07 12:53 107,888 --a------ c:\windows\System32\CmdLineExt.dll

2008-11-07 12:41 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll

2008-11-07 12:41 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll

2008-11-07 12:41 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\System32\D3DCompiler_36.dll

2008-11-07 12:41 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll

2008-11-07 12:41 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll

2008-11-07 12:41 . 2007-10-02 09:56 444,776 --a------ c:\windows\System32\d3dx10_36.dll

2008-11-07 12:41 . 2007-10-22 03:39 267,272 --a------ c:\windows\System32\xactengine2_10.dll

2008-11-07 12:41 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll

2008-11-07 12:41 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll

2008-11-07 12:40 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll

2008-11-07 12:40 . 2007-10-22 03:37 17,928 --a------ c:\windows\System32\X3DAudio1_2.dll

2008-11-07 12:36 . 2008-11-07 12:36 <DIR> d-------- c:\windows\System32\AGEIA

2008-11-07 12:36 . 2008-11-24 18:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-07 12:36 . 2008-11-07 12:36 <DIR> d-------- c:\program files\AGEIA Technologies

2008-11-06 12:49 . 2008-11-15 15:11 <DIR> d-------- c:\program files\Firaxis Games

2008-11-03 23:48 . 2008-11-03 23:48 22,328 --a------ c:\users\Lefdal\AppData\Roaming\PnkBstrK.sys

2008-11-03 11:29 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll

2008-11-02 19:40 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll

2008-11-02 19:40 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll

2008-11-02 19:40 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax

2008-11-02 19:40 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax

2008-11-02 19:40 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax

2008-11-01 15:57 . 2008-11-01 15:57 <DIR> d-------- c:\program files\Telenor

2008-11-01 15:57 . 2008-11-01 15:57 <DIR> d-------- c:\program files\Common Files\GtFlashSwitch

2008-10-31 21:00 . 2008-10-31 21:00 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\WildTangent

2008-10-29 18:31 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-29 18:31 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-29 18:31 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-26 00:22 . 2008-10-26 16:57 <DIR> d-------- c:\program files\ZyX

2008-10-26 00:18 . 1999-12-17 09:13 86,016 --a------ c:\windows\unvise32.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-26 16:55 --------- d-----w c:\users\Lefdal\AppData\Roaming\BitTorrent

2008-11-21 06:37 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-20 12:38 --------- d-----w c:\users\Lefdal\AppData\Roaming\Sports Interactive

2008-11-18 22:26 --------- d-----w c:\users\Lefdal\AppData\Roaming\vlc

2008-11-18 17:13 --------- d-----w c:\program files\Atheros

2008-11-12 11:59 902 ----a-w c:\users\Lefdal\AppData\Roaming\wklnhst.dat

2008-11-03 17:45 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-10-31 20:04 --------- d-----w c:\programdata\WildTangent

2008-10-23 10:47 --------- d-----w c:\users\Lefdal\AppData\Roaming\Template

2008-10-20 10:33 --------- d-----w c:\programdata\Symantec

2008-10-19 20:57 --------- d-----w c:\programdata\CyberLink

2008-10-17 10:13 --------- d-----w c:\program files\Java

2008-10-16 21:22 --------- d-----w c:\users\Lefdal\AppData\Roaming\Hewlett-Packard

2008-10-16 07:45 --------- d-----w c:\program files\Windows Mail

2008-10-13 20:56 --------- d-----w c:\program files\VideoLAN

2008-10-13 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-10-12 18:45 --------- d-----w c:\users\Lefdal\AppData\Roaming\CyberLink

2008-10-12 18:44 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools

2008-10-12 18:44 --------- d-----w c:\program files\DAEMON Tools Lite

2008-10-12 18:39 --------- d-----w c:\programdata\DAEMON Tools Pro

2008-10-12 18:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-12 18:34 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools Pro

2008-10-09 16:46 --------- d-----w c:\program files\DNA

2008-10-09 16:46 --------- d-----w c:\program files\BitTorrent

2008-10-07 06:59 --------- d-----w c:\program files\Football Manager 2008

2008-10-05 00:25 --------- d-----w c:\program files\MSXML 4.0

2008-10-04 14:19 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2008-10-04 14:19 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2008-10-04 14:19 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2008-10-04 14:19 --------- d-----w c:\program files\Symantec

2008-10-04 13:52 --------- d-----w c:\program files\CCleaner

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-24_20.25.20.82 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-24 19:18:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-11-26 16:57:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-11-24 19:18:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-11-26 16:57:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-11-24 19:19:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-26 16:58:49 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-26 16:58:49 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-11-24 19:19:46 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-26 17:00:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-11-24 19:19:08 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-11-26 16:58:46 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-11-24 19:19:08 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-26 16:58:46 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-11-24 19:19:08 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-11-26 16:58:46 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-11-16 22:31:41 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2008-11-26 02:08:10 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2008-11-22 14:26:27 6,224 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1569871572-2635126389-3207917308-1000_UserData.bin

+ 2008-11-24 19:21:35 6,558 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1569871572-2635126389-3207917308-1000_UserData.bin

- 2008-11-24 19:21:28 111,678 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-11-26 17:00:44 111,834 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-11-21 06:34:33 376,766 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-11-26 16:35:59 379,014 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2008-11-13 02:01:32 39,282,291 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-11-26 01:50:56 43,223,595 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-10-21 05:16:20 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_62ed735b99bf2599\connect.dll

+ 2008-10-21 05:06:53 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_6386b028b2d1f29e\connect.dll

+ 2008-10-21 05:25:17 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_64e182cb96dae69e\connect.dll

+ 2008-10-21 05:21:42 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_6537dd96b0202b74\connect.dll

+ 2008-08-28 03:24:50 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.16740_none_c85de4f0e87e1001\PhotoMetadataHandler.dll

+ 2008-08-28 03:21:23 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.20905_none_c917c4c40176bbe1\PhotoMetadataHandler.dll

+ 2008-08-28 03:40:09 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.18131_none_ca4ff3cce59b9e58\PhotoMetadataHandler.dll

+ 2008-08-28 03:37:44 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.22253_none_cac5f153fec7a8b2\PhotoMetadataHandler.dll

+ 2008-08-28 03:24:51 712,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16740_none_94703b0aa417f9f5\WindowsCodecs.dll

+ 2008-08-28 03:22:04 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20905_none_952a1addbd10a5d5\WindowsCodecs.dll

+ 2008-08-28 03:40:11 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\WindowsCodecs.dll

+ 2008-08-28 03:37:46 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22253_none_96d8476dba6192a6\WindowsCodecs.dll

+ 2008-08-28 03:24:51 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.16740_none_91804ffcbb9f565c\WindowsCodecsExt.dll

+ 2008-08-28 03:22:04 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20905_none_923a2fcfd498023c\WindowsCodecsExt.dll

+ 2008-08-28 03:40:11 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.18131_none_93725ed8b8bce4b3\WindowsCodecsExt.dll

+ 2008-08-28 03:37:46 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22253_none_93e85c5fd1e8ef0d\WindowsCodecsExt.dll

+ 2008-10-22 03:43:51 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceApi.dll

+ 2008-10-22 03:43:51 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceClassExtension.dll

+ 2008-10-22 03:43:51 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceTypes.dll

+ 2008-10-22 03:39:42 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceApi.dll

+ 2008-10-22 03:39:42 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceClassExtension.dll

+ 2008-10-22 03:39:42 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceTypes.dll

+ 2008-10-22 03:57:30 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceApi.dll

+ 2008-01-21 02:25:16 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceClassExtension.dll

+ 2008-01-21 02:25:16 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceTypes.dll

+ 2008-10-22 03:34:55 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceApi.dll

+ 2008-10-22 03:34:55 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceClassExtension.dll

+ 2008-10-22 03:34:55 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceTypes.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

c:\users\Lefdal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]

Mobilt bredb†nd.lnk - c:\program files\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 733184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{77EE5ECE-F6EA-460F-8BA9-66AF7E5ED80F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{1F154C7C-27EB-4171-AB63-7DC5A2BA90EC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{A7B725BE-FF70-4A2B-8480-BD3DD5C33BFC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{00610391-0091-4004-B2F0-844B7934448F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{FC457852-B3E8-4F8E-9309-6EEA3B7817F2}"= UDP:c:\program files\DNA\btdna.exe:DNA

"{07A6FA7F-3B38-4D85-863B-6EB6A8EA9A08}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{DFD5330B-04E0-42D4-B2CD-419B17791DA1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3322B0B8-C972-4B7E-B7BC-11CD12220971}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{38AF6483-4E6D-4F33-AD11-5023CE0C489F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{8F4CD06A-1E96-42B9-B89A-D87E849B6EE6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{204432DA-42AA-496E-BDF0-B8A1CE0B1F74}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{C6891F6E-D0EB-417B-90C4-9DACE7698806}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R0 ahcix86s;ahcix86s;c:\windows\system32\DRIVERS\ahcix86s.sys [2008-04-14 170000]

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-07-28 15416]

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2006-10-29 7680]

R0 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-24 28544]

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081125.004\IDSvix86.sys [2008-11-26 270384]

R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-03-28 3544064]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-27 40752]

S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-13 23888]

S3 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 122496]

S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-04-14 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-04-14 37120]

S3 HpqRemHid;HP Remote Control HID Device;c:\windows\system32\DRIVERS\HpqRemHid.sys [2008-06-07 7168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b036dad9-a757-11dd-9347-00218672d3ff}]

\shell\AutoRun\command - g:\.\setup.exe AUTORUN=1

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8eaa046-988c-11dd-a7e3-00218672d3ff}]

\shell\AutoRun\command - F:\autorun.exe

 

*Newly Created Service* - COMHOST

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-24 c:\windows\Tasks\Norton Internet Security - Kjør fullt systemsøk - Lefdal.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 13:05]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-26 18:00:21

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'lsass.exe'(708)

c:\windows\system32\DPPWDFLT.dll

 

- - - - - - - > 'Explorer.exe'(3608)

c:\program files\DigitalPersona\Bin\DpoFeedb.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\hpservice.exe

c:\windows\System32\vfsFPService.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\System32\wlanext.exe

c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\program files\DigitalPersona\Bin\DpAgent.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe

c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\windows\SMINST\BLService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\conime.exe

c:\program files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

.

**************************************************************************

.

Completion time: 2008-11-26 18:08:19 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-26 17:07:35

ComboFix2.txt 2008-11-24 19:28:47

 

Pre-Run: 226 291 974 144 byte ledig

Post-Run: 225,526,108,160 byte ledig

 

341 --- E O F --- 2008-11-26 02:02:27

 

 

Lenke til kommentar
snipern

snipern

Skrevet
  • Forfatter
Skrevet
Den skal i alle fall være renere nå...

 

Vente litt og se om noen andre har noe mer å tilføye, hvis ikke kan vi prøve litt generell opprensing.

 

 

Ser ikke ut som noen andre har løsningen på problemet... Litt generell opprensing er kanskje tingen?

Lenke til kommentar
raWrz

raWrz

Skrevet
Skrevet (endret)

last ned Ccleaner: http://www.filehippo.com/download_ccleaner/

også kan du velge mellom windows sin defragg eller tredjepart's program som Defragg: http://www.filehippo.com/download_defraggler/

 

også en link til en fin vista speed up guide (kan ta litt tid ;) brukte ca 1 time på hele guiden)

http://www.pcstats.com/articleview.cfm?art...2238&page=1

hvis du ikke er så god i engelsk så er det en norsk guide her:

http://www.win-xp.no/Sections/op=viewarticle/artid=81.html

 

 

hvet ikke om r2d290 mente slik oprensing :mrgreen: men er verdt et forsøk :)

 

Endret av Submit
Lenke til kommentar
r2d290

r2d290

Skrevet
Skrevet

Combofix må avinstalleres.

 

Gå til Start > Kjør

Skriv følgende i boksen:

  • ComboFix /u

PS: legg merke til mellomrommet mellom X og /u

 

Du skal nå ha noe som tilsvarer bildet nedenfor:

CF_Cleanup.png

 

Trykk Enter.

 

Denne kommandoen vil:

  • Fjerne følgende:
    • ComboFix og dets tilhørende filer og mapper.
      VundoFix backups, hvis de eksisterer.
      Mappen C:\Deckard, hvis den eksisterer
      Mappen C:\OtMoveIt, hvis den eksisterer

    [*] Nullstille klokke-instillingene.

     

    [*] Skjule filetternavn hvis det er nødvendig.

     

    [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

     

    [*] Nullstille systemgjennoprettingspunkter.

Lenke til kommentar
  • 2 uker senere...
snipern

snipern

Skrevet
  • Forfatter
Skrevet

Trenger fortsatt hjelp: Jeg scanner forgjeves gjennom maskinen med programmene Malwarebytes, Ad-Aware, Spybot og AVG Antivirus - og jeg ser filene som trolig er kilden til problemene. Jeg ser at programmene scanner gjennom filer som x_Dialer, DialUpAD og Trojan.Addial etc etc. Dog ingen av programmene ender opp med å slette noe som helst.

 

Ps: Hjelper ikke å starte maskinen i sikkerhetsmodus.

 

Jeg ber til jomfru maria om at noen har løsningen1!!

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...