Gå til innhold

» Data » IKT-drift og sikkerhet

Spyware på ny laptop:/

snipern

Av snipern
24. november 2008 i IKT-drift og sikkerhet

Anbefalte innlegg

snipern

snipern

Skrevet 7. desember 2008

Forfatter

- Del

Skrevet 7. desember 2008

bør det gjøres i sikkerhetsmodus?

Lenke til kommentar

Videoannonse

Annonse

raWrz

raWrz

Skrevet 7. desember 2008

- Del

Skrevet 7. desember 2008

kjør det du kan i normal modus

Lenke til kommentar

snipern

snipern

Skrevet 7. desember 2008

Forfatter

- Del

Skrevet 7. desember 2008

Malwarebyte

Malwarebytes' Anti-Malware 1.30

Database versjon: 1419

Windows 6.0.6001 Service Pack 1

2008-12-07 21:16:44

mbam-log-2008-12-07 (21-16-44).txt

Skanntype: Rask Skann

Objekter skannet: 42365

Tid tilbakelagt: 15 minute(s), 17 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

ComboFix

ComboFix 08-12-06.06 - Lefdal 2008-12-07 21:11:54.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1973 [GMT 1:00]

Kjører fra: c:\users\Lefdal\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-07 til 2008-12-07 )))))))))))))))))))))))))))))))))

.

2008-12-07 21:07 . 2008-12-07 21:07 <DIR> d-------- c:\program files\Trend Micro

2008-12-07 20:48 . 2008-12-07 21:03 <DIR> d-------- c:\users\All Users\BOC427

2008-12-07 20:48 . 2008-12-07 21:03 <DIR> d-------- c:\programdata\BOC427

2008-12-07 20:48 . 2008-12-07 20:48 <DIR> d-------- c:\program files\Comodo

2008-12-07 20:48 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL

2008-12-07 20:48 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE

2008-12-07 20:48 . 2008-01-21 03:23 15,360 --a------ c:\windows\System32\wsock32.dlb

2008-12-07 20:48 . 2008-12-07 21:23 877 --a------ c:\windows\BOC427.INI

2008-12-05 17:46 . 2008-12-05 17:46 <DIR> d-------- C:\Games

2008-12-01 16:55 . 2008-12-04 15:20 <DIR> d--h----- C:\$AVG8.VAULT$

2008-11-29 18:13 . 2008-11-29 18:13 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys

2008-11-29 18:13 . 2008-11-29 18:13 10,520 --a------ c:\windows\System32\avgrsstx.dll

2008-11-29 18:12 . 2008-12-07 12:56 <DIR> d-------- c:\windows\System32\drivers\Avg

2008-11-29 18:12 . 2008-11-29 18:12 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\users\All Users\avg8

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\programdata\avg8

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\program files\AVG

2008-11-29 18:05 . 2008-11-29 18:05 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment

2008-11-28 00:36 . 2008-11-29 16:06 4,838 --a------ c:\windows\System32\PerfStringBackup.TMP

2008-11-27 17:05 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-27 17:05 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-27 17:05 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-27 17:05 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-27 17:04 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-27 17:04 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-27 17:04 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-27 17:04 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-11-27 17:04 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-26 02:51 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-26 02:51 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-26 02:51 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-26 02:51 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-26 02:51 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-24 21:03 . 2008-12-03 16:52 <DIR> d-------- c:\users\Lefdal\Entourage

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\users\All Users\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\programdata\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:04 <DIR> d-------- c:\program files\Lavasoft

2008-11-24 16:21 . 2008-11-24 16:21 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Malwarebytes

2008-11-24 16:21 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-24 16:21 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-24 15:58 . 2008-12-06 19:23 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-12-06 19:23 <DIR> d-------- c:\programdata\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-11-24 15:59 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-24 14:48 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys

2008-11-24 14:47 . 2008-11-24 14:47 <DIR> d-------- c:\program files\Panda Security

2008-11-20 20:36 . 2008-12-01 20:25 <DIR> d-------- c:\program files\Full Tilt Poker

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\users\All Users\Sports Interactive

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\programdata\Sports Interactive

2008-11-20 12:48 . 2008-11-20 12:50 <DIR> d--h----- c:\program files\Zero G Registry

2008-11-20 12:48 . 2008-11-20 12:48 <DIR> d-------- c:\program files\Sports Interactive

2008-11-20 12:47 . 2008-11-20 12:47 <DIR> d--h----- c:\users\Lefdal\InstallAnywhere

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Winamp

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\program files\Winamp

2008-11-19 18:43 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll

2008-11-18 18:29 . 2008-11-18 18:29 <DIR> d-------- c:\program files\Opera

2008-11-18 17:52 . 2008-11-18 17:52 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\InstallShield

2008-11-15 14:36 . 2008-11-15 14:36 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\users\All Users\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\programdata\Apple Computer

2008-11-15 14:33 . 2008-11-21 21:36 <DIR> d-------- c:\program files\QuickTime

2008-11-15 14:31 . 2008-11-18 17:57 <DIR> d-------- c:\program files\Common Files\Apple

2008-11-15 14:27 . 2008-11-18 15:48 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\LimeWire

2008-11-12 14:27 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 14:27 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-12 14:26 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 13:07 . 2008-11-12 13:07 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\OpenOffice.org

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\OpenOffice.org 3

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\JRE

2008-11-12 13:01 . 2008-11-12 13:01 <DIR> d-------- c:\users\Lefdal\Open Office

2008-11-11 21:10 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll

2008-11-11 21:10 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll

2008-11-11 21:10 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll

2008-11-11 21:10 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll

2008-11-11 21:10 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll

2008-11-11 21:10 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll

2008-11-11 21:10 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll

2008-11-07 12:53 . 2008-11-07 12:53 <DIR> dr-h----- c:\users\Lefdal\AppData\Roaming\SecuROM

2008-11-07 12:53 . 2008-11-07 12:53 107,888 --a------ c:\windows\System32\CmdLineExt.dll

2008-11-07 12:41 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll

2008-11-07 12:41 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll

2008-11-07 12:41 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\System32\D3DCompiler_36.dll

2008-11-07 12:41 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll

2008-11-07 12:41 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll

2008-11-07 12:41 . 2007-10-02 09:56 444,776 --a------ c:\windows\System32\d3dx10_36.dll

2008-11-07 12:41 . 2007-10-22 03:39 267,272 --a------ c:\windows\System32\xactengine2_10.dll

2008-11-07 12:41 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll

2008-11-07 12:41 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll

2008-11-07 12:40 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll

2008-11-07 12:40 . 2007-10-22 03:37 17,928 --a------ c:\windows\System32\X3DAudio1_2.dll

2008-11-07 12:36 . 2008-11-07 12:36 <DIR> d-------- c:\windows\System32\AGEIA

2008-11-07 12:36 . 2008-11-24 18:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-07 12:36 . 2008-11-07 12:36 <DIR> d-------- c:\program files\AGEIA Technologies

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-06 18:25 --------- d-----w c:\programdata\WildTangent

2008-12-05 23:22 --------- d-----w c:\users\Lefdal\AppData\Roaming\BitTorrent

2008-12-01 22:19 --------- d-----w c:\program files\ZyX

2008-12-01 19:25 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-30 15:23 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-30 12:46 --------- d-----w c:\programdata\Symantec

2008-11-20 12:38 --------- d-----w c:\users\Lefdal\AppData\Roaming\Sports Interactive

2008-11-18 22:26 --------- d-----w c:\users\Lefdal\AppData\Roaming\vlc

2008-11-18 17:13 --------- d-----w c:\program files\Atheros

2008-11-15 14:11 --------- d-----w c:\program files\Firaxis Games

2008-11-12 11:59 902 ----a-w c:\users\Lefdal\AppData\Roaming\wklnhst.dat

2008-11-03 22:48 22,328 ----a-w c:\users\Lefdal\AppData\Roaming\PnkBstrK.sys

2008-11-01 14:57 --------- d-----w c:\program files\Telenor

2008-11-01 14:57 --------- d-----w c:\program files\Common Files\GtFlashSwitch

2008-10-31 20:00 --------- d-----w c:\users\Lefdal\AppData\Roaming\WildTangent

2008-10-23 10:47 --------- d-----w c:\users\Lefdal\AppData\Roaming\Template

2008-10-19 20:57 --------- d-----w c:\programdata\CyberLink

2008-10-17 10:13 --------- d-----w c:\program files\Java

2008-10-16 21:22 --------- d-----w c:\users\Lefdal\AppData\Roaming\Hewlett-Packard

2008-10-16 07:45 --------- d-----w c:\program files\Windows Mail

2008-10-13 20:56 --------- d-----w c:\program files\VideoLAN

2008-10-13 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-10-12 18:45 --------- d-----w c:\users\Lefdal\AppData\Roaming\CyberLink

2008-10-12 18:44 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools

2008-10-12 18:44 --------- d-----w c:\program files\DAEMON Tools Lite

2008-10-12 18:39 --------- d-----w c:\programdata\DAEMON Tools Pro

2008-10-12 18:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-12 18:34 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools Pro

2008-10-09 16:46 --------- d-----w c:\program files\DNA

2008-10-09 16:46 --------- d-----w c:\program files\BitTorrent

2008-10-07 06:59 --------- d-----w c:\program files\Football Manager 2008

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1261336]

"BOC-427"="c:\progra~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]

Mobilt bredb†nd.lnk - c:\program files\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 733184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1569871572-2635126389-3207917308-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{77EE5ECE-F6EA-460F-8BA9-66AF7E5ED80F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{1F154C7C-27EB-4171-AB63-7DC5A2BA90EC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{A7B725BE-FF70-4A2B-8480-BD3DD5C33BFC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{00610391-0091-4004-B2F0-844B7934448F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{FC457852-B3E8-4F8E-9309-6EEA3B7817F2}"= UDP:c:\program files\DNA\btdna.exe:DNA

"{07A6FA7F-3B38-4D85-863B-6EB6A8EA9A08}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{DFD5330B-04E0-42D4-B2CD-419B17791DA1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3322B0B8-C972-4B7E-B7BC-11CD12220971}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{38AF6483-4E6D-4F33-AD11-5023CE0C489F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{8F4CD06A-1E96-42B9-B89A-D87E849B6EE6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{204432DA-42AA-496E-BDF0-B8A1CE0B1F74}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{C6891F6E-D0EB-417B-90C4-9DACE7698806}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{D5B6544E-3FD2-4FC9-9DB6-145BCB6891B8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{F7105BFA-9197-4A76-A253-71369119BF9D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"TCP Query User{A2A1DD8E-F311-4585-9B3D-C78FE3940DDD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{1E837909-1F76-4FA1-8F2C-5B2671445E79}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-07-28 15416]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-24 28544]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-29 97928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-07-28 73728]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-29 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 231704]

R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe [2008-12-07 73464]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]

R2 GtFlashSwitch;GtFlashSwitch;"c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" [2007-02-09 176128]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-19 19456]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-06-07 341328]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-27 595248]

R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-29 69128]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-27 40752]

S3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-06-07 193840]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 122496]

S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-04-14 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-04-14 37120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b036dad9-a757-11dd-9347-00218672d3ff}]

\shell\AutoRun\command - g:\.\setup.exe AUTORUN=1

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-07 21:22:19

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'lsass.exe'(700)

c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5196)

c:\program files\DigitalPersona\Bin\DpoFeedb.dll

c:\windows\system32\btmmhook.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\System32\wlanext.exe

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\DigitalPersona\Bin\DpAgent.exe

c:\windows\System32\conime.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\program files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe

c:\program files\AVG\AVG8\avgemc.exe

c:\windows\ehome\ehmsas.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2008-12-07 21:30:38 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2008-12-07 20:30:23

Pre-Run: 221 576 216 576 byte ledig

Post-Run: 223,496,302,592 byte ledig

278 --- E O F --- 2008-12-04 20:20:56

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:13, on 2008-12-07

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\CF10206.exe

C:\Windows\system32\conime.exe

C:\Windows\VFIND.exe

C:\Windows\VFIND.exe

C:\Windows\Explorer.exe

C:\Windows\system32\CF10206.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\ComboFix\pv.cfexe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Mobilt bredbånd.lnk = ?

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--

End of file - 6955 bytes

Lenke til kommentar

snipern

snipern

Skrevet 8. desember 2008

Forfatter

- Del

Skrevet 8. desember 2008

Noen som kan ta en kikk?

Lenke til kommentar

raWrz

raWrz

Skrevet 8. desember 2008

- Del

Skrevet 8. desember 2008

du har noen rester av et Symantec antivirus program

last ned dette programmet og kjør det:

ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe

Lenke til kommentar

snipern

snipern

Skrevet 8. desember 2008

Forfatter

- Del

Skrevet 8. desember 2008

Skal det ha vært problemet? :O

Lenke til kommentar

raWrz

raWrz

Skrevet 8. desember 2008

- Del

Skrevet 8. desember 2008 (endret)

hvet ikke men kan føre til andre problemer

ellers synes jeg loggene ser fine ut :hmm:

edit: kan du legge combofix på skriveborde og kjøre det derfra ?

Endret 8. desember 2008 av Submit

Lenke til kommentar

snipern

snipern

Skrevet 8. desember 2008

Forfatter

- Del

Skrevet 8. desember 2008

Her er ComboFix kjørt fra skrivebordet:

ComboFix 08-12-07.01 - Lefdal 2008-12-08 19:52:47.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2120 [GMT 1:00]

Kjører fra: c:\users\Lefdal\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-08 til 2008-12-08 )))))))))))))))))))))))))))))))))

.

2008-12-08 19:13 . 2008-12-08 19:13 <DIR> d-------- c:\users\All Users\NortonInstaller

2008-12-08 19:13 . 2008-12-08 19:13 <DIR> d-------- c:\programdata\NortonInstaller

2008-12-07 21:07 . 2008-12-07 21:07 <DIR> d-------- c:\program files\Trend Micro

2008-12-07 20:48 . 2008-12-07 23:05 <DIR> d-------- c:\program files\Comodo

2008-12-07 20:48 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL

2008-12-07 20:48 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE

2008-12-07 20:48 . 2008-01-21 03:23 15,360 --a------ c:\windows\System32\wsock32.dlb

2008-12-05 17:46 . 2008-12-05 17:46 <DIR> d-------- C:\Games

2008-12-01 16:55 . 2008-12-04 15:20 <DIR> d--h----- C:\$AVG8.VAULT$

2008-11-29 18:13 . 2008-11-29 18:13 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys

2008-11-29 18:13 . 2008-11-29 18:13 10,520 --a------ c:\windows\System32\avgrsstx.dll

2008-11-29 18:12 . 2008-12-08 12:34 <DIR> d-------- c:\windows\System32\drivers\Avg

2008-11-29 18:12 . 2008-11-29 18:12 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\users\All Users\avg8

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\programdata\avg8

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\program files\AVG

2008-11-29 18:05 . 2008-11-29 18:05 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment

2008-11-28 00:36 . 2008-11-29 16:06 4,838 --a------ c:\windows\System32\PerfStringBackup.TMP

2008-11-27 17:05 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-27 17:05 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-27 17:05 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-27 17:05 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-27 17:04 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-27 17:04 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-27 17:04 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-27 17:04 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-11-27 17:04 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-26 02:51 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-26 02:51 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-26 02:51 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-26 02:51 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-26 02:51 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-24 21:03 . 2008-12-03 16:52 <DIR> d-------- c:\users\Lefdal\Entourage

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\users\All Users\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\programdata\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:04 <DIR> d-------- c:\program files\Lavasoft

2008-11-24 16:21 . 2008-11-24 16:21 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Malwarebytes

2008-11-24 16:21 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-24 16:21 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-24 15:58 . 2008-12-06 19:23 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-12-06 19:23 <DIR> d-------- c:\programdata\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-11-24 15:59 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-24 14:47 . 2008-12-07 23:08 <DIR> d-------- c:\program files\Panda Security

2008-11-20 20:36 . 2008-12-01 20:25 <DIR> d-------- c:\program files\Full Tilt Poker

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\users\All Users\Sports Interactive

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\programdata\Sports Interactive

2008-11-20 12:48 . 2008-11-20 12:50 <DIR> d--h----- c:\program files\Zero G Registry

2008-11-20 12:48 . 2008-11-20 12:48 <DIR> d-------- c:\program files\Sports Interactive

2008-11-20 12:47 . 2008-11-20 12:47 <DIR> d--h----- c:\users\Lefdal\InstallAnywhere

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Winamp

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\program files\Winamp

2008-11-19 18:43 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll

2008-11-18 18:29 . 2008-11-18 18:29 <DIR> d-------- c:\program files\Opera

2008-11-18 17:52 . 2008-11-18 17:52 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\InstallShield

2008-11-15 14:36 . 2008-11-15 14:36 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\users\All Users\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\programdata\Apple Computer

2008-11-15 14:33 . 2008-11-21 21:36 <DIR> d-------- c:\program files\QuickTime

2008-11-15 14:31 . 2008-11-18 17:57 <DIR> d-------- c:\program files\Common Files\Apple

2008-11-15 14:27 . 2008-11-18 15:48 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\LimeWire

2008-11-12 14:27 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 14:27 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-12 14:26 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 13:07 . 2008-11-12 13:07 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\OpenOffice.org

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\OpenOffice.org 3

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\JRE

2008-11-12 13:01 . 2008-11-12 13:01 <DIR> d-------- c:\users\Lefdal\Open Office

2008-11-11 21:10 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll

2008-11-11 21:10 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll

2008-11-11 21:10 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll

2008-11-11 21:10 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll

2008-11-11 21:10 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll

2008-11-11 21:10 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll

2008-11-11 21:10 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-07 23:32 --------- d-----w c:\users\Lefdal\AppData\Roaming\BitTorrent

2008-12-07 22:08 --------- d-----w c:\program files\HP Games

2008-12-07 22:07 --------- d-----w c:\programdata\WildTangent

2008-12-01 22:19 --------- d-----w c:\program files\ZyX

2008-12-01 19:25 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-30 15:23 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-24 17:00 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-11-20 12:38 --------- d-----w c:\users\Lefdal\AppData\Roaming\Sports Interactive

2008-11-18 22:26 --------- d-----w c:\users\Lefdal\AppData\Roaming\vlc

2008-11-18 17:13 --------- d-----w c:\program files\Atheros

2008-11-15 14:11 --------- d-----w c:\program files\Firaxis Games

2008-11-12 11:59 902 ----a-w c:\users\Lefdal\AppData\Roaming\wklnhst.dat

2008-11-07 11:53 107,888 ----a-w c:\windows\System32\CmdLineExt.dll

2008-11-07 11:53 --------- d--h--r c:\users\Lefdal\AppData\Roaming\SecuROM

2008-11-07 11:36 --------- d-----w c:\program files\AGEIA Technologies

2008-11-03 22:48 22,328 ----a-w c:\users\Lefdal\AppData\Roaming\PnkBstrK.sys

2008-11-01 14:57 --------- d-----w c:\program files\Telenor

2008-11-01 14:57 --------- d-----w c:\program files\Common Files\GtFlashSwitch

2008-10-23 10:47 --------- d-----w c:\users\Lefdal\AppData\Roaming\Template

2008-10-19 20:57 --------- d-----w c:\programdata\CyberLink

2008-10-17 10:13 --------- d-----w c:\program files\Java

2008-10-16 21:22 --------- d-----w c:\users\Lefdal\AppData\Roaming\Hewlett-Packard

2008-10-16 07:45 --------- d-----w c:\program files\Windows Mail

2008-10-13 20:56 --------- d-----w c:\program files\VideoLAN

2008-10-13 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-10-12 18:45 --------- d-----w c:\users\Lefdal\AppData\Roaming\CyberLink

2008-10-12 18:44 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools

2008-10-12 18:44 --------- d-----w c:\program files\DAEMON Tools Lite

2008-10-12 18:39 --------- d-----w c:\programdata\DAEMON Tools Pro

2008-10-12 18:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-12 18:34 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools Pro

2008-10-09 16:46 --------- d-----w c:\program files\DNA

2008-10-09 16:46 --------- d-----w c:\program files\BitTorrent

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-12-07_21.27.28.79 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-07 20:21:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-12-08 19:00:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-12-07 20:21:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-12-08 19:00:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-12-07 20:22:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-12-08 19:10:54 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-12-08 19:10:54 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-12-07 20:22:15 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-12-08 19:10:54 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-12-07 20:21:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-12-08 19:01:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-12-07 20:21:50 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-08 19:01:05 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-12-07 20:21:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-12-08 19:01:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-12-07 20:10:57 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-12-08 18:52:22 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

- 2008-12-07 19:54:40 7,286 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1569871572-2635126389-3207917308-1000_UserData.bin

+ 2008-12-08 11:33:35 7,714 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1569871572-2635126389-3207917308-1000_UserData.bin

- 2008-12-07 19:54:36 112,876 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-12-08 11:33:33 113,136 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-12-07 19:54:32 46,738 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-12-08 11:33:25 47,216 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-12-07 19:40:18 388,996 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-12-08 17:56:06 391,476 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1261336]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2008-01-21 03:25 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1569871572-2635126389-3207917308-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{77EE5ECE-F6EA-460F-8BA9-66AF7E5ED80F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{1F154C7C-27EB-4171-AB63-7DC5A2BA90EC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{A7B725BE-FF70-4A2B-8480-BD3DD5C33BFC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{00610391-0091-4004-B2F0-844B7934448F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{FC457852-B3E8-4F8E-9309-6EEA3B7817F2}"= UDP:c:\program files\DNA\btdna.exe:DNA

"{07A6FA7F-3B38-4D85-863B-6EB6A8EA9A08}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{DFD5330B-04E0-42D4-B2CD-419B17791DA1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3322B0B8-C972-4B7E-B7BC-11CD12220971}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{38AF6483-4E6D-4F33-AD11-5023CE0C489F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{8F4CD06A-1E96-42B9-B89A-D87E849B6EE6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{204432DA-42AA-496E-BDF0-B8A1CE0B1F74}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{C6891F6E-D0EB-417B-90C4-9DACE7698806}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{D5B6544E-3FD2-4FC9-9DB6-145BCB6891B8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{F7105BFA-9197-4A76-A253-71369119BF9D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"TCP Query User{A2A1DD8E-F311-4585-9B3D-C78FE3940DDD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{1E837909-1F76-4FA1-8F2C-5B2671445E79}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{A6A4EA66-073A-435F-8411-364F71995E32}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{F4294BFA-C377-4740-B656-5F6C4FD4C406}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

"{06CCA15C-DE6F-4635-81A9-FF7557557D22}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)

"{07DC265C-FD0E-4456-8214-373398B7EB70}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

"{1C19186F-BD20-496E-A830-42D55D433E6C}"= UDP:c:\users\Lefdal\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

"{2E401821-956E-4F5D-B56D-5CF0674AE75A}"= TCP:c:\users\Lefdal\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-07-28 15416]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-29 97928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-07-28 73728]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-29 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 231704]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]

R2 GtFlashSwitch;GtFlashSwitch;"c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" [2007-02-09 176128]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-19 19456]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-06-07 341328]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-27 595248]

R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-29 69128]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-27 40752]

S3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-06-07 193840]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 122496]

S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-04-14 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-04-14 37120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b036dad9-a757-11dd-9347-00218672d3ff}]

\shell\AutoRun\command - g:\.\setup.exe AUTORUN=1

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 20:10:55

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'lsass.exe'(692)

c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(2148)

c:\program files\DigitalPersona\Bin\DpoFeedb.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\System32\wlanext.exe

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\program files\DigitalPersona\Bin\DpAgent.exe

c:\windows\System32\conime.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\windows\ehome\ehmsas.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\windows\System32\lpremove.exe

c:\windows\System32\lpksetup.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2008-12-08 20:16:10 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2008-12-08 19:15:53

ComboFix2.txt 2008-12-07 20:30:42

Pre-Run: 230 948 007 936 byte ledig

Post-Run: 230,849,331,200 byte ledig

295 --- E O F --- 2008-12-04 20:20:56

Lenke til kommentar

snipern

snipern

Skrevet 12. desember 2008

Forfatter

- Del

Skrevet 12. desember 2008

Kjørt ComboFix fra skrivebordet, ligger i posten over

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...