magneman Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 (endret) For det første, i går kveld så oppdaterte jeg Avast! antivirus ved å ta en program update, den er nå versjon 4.8. En ting som er nytt med 4.8, er at Avast! har anti-rootkit i tillegg. (rett meg hvis jeg tar feil) Så, jeg tok en scan og der var det en rootkit gitt. Jeg fikk tilbud om bootscan, noe som jeg gjorde, og den fant ikke noen andre infiserte filer. (Uheldigvis så klikket PC-en etter at bootscanen var ferdig, jeg fikk ikke til å gjøre noe, så måtte slå av PC-en ved å holde inn startknappen på kabinettet. Jeg vet ikke om rootkiten som ble funnet var falsk alarm eller ikke, men har nå søkt gjennom PC-en med andre programmer i tillegg for å forsikre meg om at det ikke er noe mer. (AVG Anti-Spyware, Spybot S&D, Ad-Aware 2007 og AVG anti-rootkit. Tidligere i dag installerte jeg også Spyware Doctor.) Ville vært svært takknemlig om noen kunne sjekke denne HijackThis loggen for meg! Jeg trykte på "Do a system scan and save a logfile", og kopierte teksten som dukka opp i notisblokka her. Si ifra om dette er feil fremgangsmåte! LOGG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:23:13, on 31.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Windows\system32\svchost.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Users\Magnus\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.erepublik.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Acer VCM.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13039 bytes Over til spørsmål 2, det gjelder forskjellige anti-spyware- og anti-virus programmer som kjører samtidig. For eksempel så har både Spyware doctor, AVG Anti-Spyware og Avast! Antivirusen min "sanntidsbeskyttelse", eller resident protection. Går det bra at alle disse tre programmene kjører samtidig, eller bør kun et av dem kjøre? Hvordan funker dette? -Takk for all hjelp! Endret 7. april 2008 av magneman Lenke til kommentar
r2d290 Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 (endret) Du kan ha flere spyware-programmer, men du bør ikke ha flere antivirus-programmer. Spyware doctor og AVG Anti-Spyware kan kjøres samtidig, og tetter opp hverandres hull. Som oftest er det ikke behov for å ha to spyware-program kjørende. Offtopic: anbefaler å kjøre kun SUPERantispyware. Dette er gratis, og bra. side: www.superantispyware.com Avast! Antivirusen er antivirusprogram, og så lenge du ikke kjører flere antivirusprogram enn dette, går det fint... edit: Fortsett med combofix: Hent Combofix, og legg det på skrivebordet. denne kan si litt mer... Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilene fra combofix (c:\combofix.txt) Endret 31. mars 2008 av r2d290 Lenke til kommentar
magneman Skrevet 31. mars 2008 Forfatter Del Skrevet 31. mars 2008 Her er loggen for Combofix, har søkt gjennom etter spyware og sånn med andre programmer en stund nå, har brukt blant annet Vundofix og SUPERantispyware, i tillegg til de som jeg hadde fra før. (se 1. post) Er ikke sikker på hva combofix gjør, er det omtrent det samme som HijackThis? Her er loggen ihvertfall: ComboFix 08-03-30.3 - MITT NAVN 2008-03-31 20:24:09.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.928 [GMT 2:00] Running from: C:\Users\Magnus\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\setup.exe . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))) . 2008-03-31 20:10 . 2008-03-31 20:10 <DIR> d-------- C:\VundoFix Backups 2008-03-31 19:47 . 2008-03-31 19:47 <DIR> d-------- C:\Users\Magnus\AppData\Roaming\SUPERAntiSpyware.com 2008-03-31 19:47 . 2008-03-31 19:47 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-03-31 19:47 . 2008-03-31 19:47 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-03-31 19:47 . 2008-03-31 19:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-03-31 11:42 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe 2008-03-31 11:42 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx 2008-03-31 11:42 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr 2008-03-31 11:42 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys 2008-03-31 11:42 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-03-31 11:42 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys 2008-03-31 11:42 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys 2008-03-31 11:42 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys 2008-03-31 11:28 . 2008-03-31 11:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-24 00:53 . 2008-03-24 02:07 <DIR> d-------- C:\Program Files\Risk 2008-03-23 18:46 . 2008-03-23 18:47 <DIR> d-------- C:\Program Files\DominateGame 2008-03-23 17:54 . 2008-03-23 17:54 <DIR> d-------- C:\Users\Magnus\AppData\Roaming\iWin 2008-03-23 17:53 . 2008-03-23 17:53 <DIR> d-------- C:\Program Files\ReflexiveArcade 2008-03-16 15:36 . 2008-03-16 15:36 <DIR> d-------- C:\Users\Magnus\AppData\Roaming\Turbine 2008-03-16 15:17 . 2008-03-16 15:17 <DIR> d-------- C:\Program Files\Codemasters 2008-03-16 14:27 . 2008-03-16 14:27 <DIR> d-------- C:\Windows\System32\URTTEMP 2008-03-12 12:28 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-12 12:28 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-03-09 01:17 . 2008-03-09 01:17 25 --a------ C:\Windows\cdplayer.ini 2008-03-09 01:15 . 2008-03-09 01:23 <DIR> d-------- C:\Program Files\Real 2008-03-09 01:15 . 2008-03-09 01:23 <DIR> d-------- C:\Program Files\Common Files\Real 2008-03-06 22:13 . 2008-03-06 22:13 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-03-03 18:27 . 2008-03-03 18:28 <DIR> d-------- C:\Program Files\Windows Live 2008-03-03 18:27 . 2008-03-03 18:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-03 18:26 . 2008-03-03 18:26 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-03-03 18:26 . 2008-03-03 18:26 <DIR> d-------- C:\ProgramData\WLInstaller 2008-02-25 17:28 . 2008-02-25 18:05 <DIR> d-------- C:\Program Files\DivX 2008-02-24 15:37 . 2008-03-02 01:29 <DIR> d-------- C:\Users\Magnus\AppData\Roaming\Auslogics 2008-02-23 16:29 . 2008-02-24 03:57 <DIR> d-------- C:\Program Files\Auslogics 2008-02-23 02:53 . 2008-02-23 02:53 <DIR> d-------- C:\Users\Magnus\Pavark 2008-02-23 02:47 . 2008-02-23 02:49 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-02-21 03:57 . 2008-02-21 03:57 54,608 --a------ C:\Windows\System32\xfcodec.dll 2008-02-16 01:31 . 2008-02-16 01:30 691,545 --a------ C:\Windows\unins000.exe 2008-02-16 01:31 . 2008-02-16 01:31 3,444 --a------ C:\Windows\unins000.dat 2008-02-13 19:17 . 2008-02-13 19:17 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys 2008-02-13 16:03 . 2004-08-18 05:14 442,368 -ra------ C:\Windows\System32\vp6vfw.dll 2008-02-13 13:28 . 2008-02-13 13:28 248 --a------ C:\Windows\RomeTW.ini 2008-02-13 12:57 . 2008-02-13 12:57 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-13 12:57 . 2008-02-13 12:57 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-13 12:53 . 2008-02-13 12:53 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-13 12:52 . 2008-02-13 12:52 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 12:52 . 2008-02-13 12:52 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-13 12:50 . 2008-02-13 12:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-10 18:55 . 2008-03-09 14:09 <DIR> d-------- C:\Users\Magnus\AppData\Roaming\Xfire 2008-02-10 18:55 . 2008-03-11 16:40 <DIR> d-------- C:\Users\All Users\Xfire 2008-02-10 18:55 . 2008-03-11 16:40 <DIR> d-------- C:\ProgramData\Xfire 2008-02-10 17:15 . 2008-02-10 17:15 <DIR> d-------- C:\Program Files\Defraggler 2008-02-08 20:23 . 2008-02-09 16:28 22,328 --a------ C:\Users\Magnus\AppData\Roaming\PnkBstrK.sys 2008-02-08 20:22 . 2008-02-09 16:28 319 --a------ C:\Windows\game.ini 2008-02-05 21:36 . 2008-02-05 21:36 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-31 17:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-31 17:28 139,222 ----a-w C:\Users\Magnus\AppData\Roaming\nvModes.dat 2008-03-31 17:13 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-31 17:11 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-31 16:49 --------- d-----w C:\Program Files\Steam 2008-03-31 16:10 --------- d---a-w C:\ProgramData\TEMP 2008-03-31 00:05 1,626 ----a-w C:\Users\Magnus\AppData\Roaming\wklnhst.dat 2008-03-28 22:31 --------- d-----w C:\Program Files\Common Files\Steam 2008-03-28 14:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-28 13:52 --------- d-----w C:\Program Files\EA GAMES 2008-03-28 12:45 --------- d-----w C:\Users\Magnus\AppData\Roaming\LimeWire 2008-03-15 15:25 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-03-15 11:20 --------- d-----w C:\Program Files\Java 2008-03-14 14:35 --------- d-----w C:\Users\Magnus\AppData\Roaming\Hamachi 2008-03-12 14:03 --------- d-----w C:\Program Files\Windows Mail 2008-03-08 10:52 --------- d-----w C:\ProgramData\NVIDIA 2008-03-01 11:52 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-02-23 01:17 --------- d-----w C:\Program Files\Opera 2008-02-21 01:47 --------- d-----w C:\Program Files\Paint.NET 2008-02-15 23:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-13 10:53 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 10:53 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-13 10:53 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 10:53 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 10:53 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 10:53 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 10:53 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-13 10:53 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-13 10:53 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 10:53 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 10:53 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-13 10:52 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 10:52 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 10:52 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 10:52 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 10:51 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 10:51 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 10:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 10:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-10 16:26 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-02-09 13:58 --------- d-----w C:\Program Files\Activision 2008-02-05 20:01 86,016 ----a-w C:\Windows\System32\OpenAL32.dll 2008-02-05 20:01 262,144 ----a-w C:\Windows\System32\wrap_oal.dll 2008-01-30 17:13 --------- d-----w C:\Program Files\IrfanView 2008-01-28 16:50 139,264 ----a-w C:\Windows\War3Unin.exe 2008-01-14 12:52 81,920 ----a-w C:\Windows\System32\frapsvid.dll 2008-01-10 15:25 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2008-01-09 10:54 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-12-12 15:46 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-12 15:46 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-12 15:46 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-10-07 19:56 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:54 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-09 15:32 171448] "Steam"="c:\program files\steam\steam.exe" [2008-03-28 12:38 1271032] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-13 16:32 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 07:09 865840] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144] "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-24 11:49 45056] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-04-25 13:18 174872] "IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 19:00 33304] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 03:36 707080] "Skytel"="Skytel.exe" [2007-05-07 12:51 1826816 C:\Windows\SkyTel.exe] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 22:28 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 22:28 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 22:28 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-10-07 21:24:12 1208320] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 13:11:50 719664] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-13 17:04:13 535336] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CEB82ED7-E435-4579-A95F-E70379C84300}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "TCP Query User{5908052C-D2D0-4032-B17F-CD24CC2896B5}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam "UDP Query User{946A9116-58C9-4C46-88E4-E6A20FFA5159}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam "TCP Query User{3D87DB38-0612-4696-82F4-4632B1710D9A}C:\\program files\\steam\\steamapps\\magnemann\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\magnemann\counter-strike source\hl2.exe:hl2 "UDP Query User{70217DD9-4E12-4F25-B6EB-63C900CDC67C}C:\\program files\\steam\\steamapps\\magnemann\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\magnemann\counter-strike source\hl2.exe:hl2 "TCP Query User{F8624259-9EE5-4759-86D6-0AF9075F701F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1F6149A2-B8C4-4B83-8A27-864725C2797F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{70BD5D5C-0CC3-4421-BE7E-C0AE0089F425}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam "UDP Query User{5918185F-BA2F-4AC5-8417-71A9966AFF32}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam "TCP Query User{ECC28B0F-4F48-42C2-93F0-6822238197B3}C:\\program files\\steam\\steamapps\\magnemann\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\magnemann\source sdk base\hl2.exe:hl2 "UDP Query User{FCC0814A-6268-467A-A130-EB9286AB720A}C:\\program files\\steam\\steamapps\\magnemann\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\magnemann\source sdk base\hl2.exe:hl2 "TCP Query User{2DDDE232-B210-4BF0-B3A8-6050D2FCFA9C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{E1DED5F3-6331-4B91-8EBA-FCEE86FDE2A5}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{1859B562-135C-455C-9A01-D83E6104A86B}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{8003AE7B-FD59-46FA-A006-068156994F73}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{F1C14606-609B-41CF-8946-51E59F97140A}C:\\program files\\steam\\steamapps\\magnemann\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\magnemann\counter-strike source\hl2.exe:hl2 "UDP Query User{FC26A955-E7B2-45A0-9EE4-195CF2A26381}C:\\program files\\steam\\steamapps\\magnemann\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\magnemann\counter-strike source\hl2.exe:hl2 "TCP Query User{46EBE1E1-A7BA-4771-9979-B615F55CE36F}C:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:C:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded "UDP Query User{870CB714-44E9-4D23-B625-C9E64600E4D6}C:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:C:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded "TCP Query User{B418AD08-3DE7-4328-8F20-B35BDD85EE2E}C:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:C:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded "UDP Query User{4FBC3687-2DAF-43FC-AECE-9E5739D2D4D3}C:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:C:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded "{5F91BEAD-88E5-41E4-B337-75EEA1534E70}"= UDP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "{C8DB74CF-FAF1-4636-AB82-5FE0C5915B55}"= TCP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "TCP Query User{F73EC68A-C839-4AAC-86FB-208AF987DD84}C:\\program files\\electronic arts\\kampen om midgard ii\\patchget.dat"= UDP:C:\program files\electronic arts\kampen om midgard ii\patchget.dat:patchgrabber "UDP Query User{1017725E-B275-4BBB-BCA3-2668A98931B3}C:\\program files\\electronic arts\\kampen om midgard ii\\patchget.dat"= TCP:C:\program files\electronic arts\kampen om midgard ii\patchget.dat:patchgrabber "TCP Query User{E6C80067-F6AC-476D-992C-95EEBDB67C58}C:\\program files\\activision\\empires dawn of the modern world\\empires_dmw.exe"= UDP:C:\program files\activision\empires dawn of the modern world\empires_dmw.exe:Empires_DMW "UDP Query User{F2BF17A1-3E79-4B5C-BD6F-002A55F95677}C:\\program files\\activision\\empires dawn of the modern world\\empires_dmw.exe"= TCP:C:\program files\activision\empires dawn of the modern world\empires_dmw.exe:Empires_DMW "TCP Query User{337EBA9D-6011-4CC2-8E60-7D605CD56CD5}D:\\program files\\liquid entertainment\\battle realms\\battle_realms_f.exe"= UDP:D:\program files\liquid entertainment\battle realms\battle_realms_f.exe:Battle_Realms_F "UDP Query User{6F9FF66A-13B2-4304-AF03-7C05C5D16EFB}D:\\program files\\liquid entertainment\\battle realms\\battle_realms_f.exe"= TCP:D:\program files\liquid entertainment\battle realms\battle_realms_f.exe:Battle_Realms_F "TCP Query User{1EB011BC-F06A-4B72-AC75-D25906FEDD91}D:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:D:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II "UDP Query User{ACBD6E83-738F-49A2-9B58-F806C524A08C}D:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:D:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II "TCP Query User{7775D3B1-C7B0-43CC-90AC-436DC98262E3}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{AA09990C-F7A6-4605-AC19-233E93398657}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "TCP Query User{83F4DB28-9782-4D6C-AAFB-BBA7D8F0725E}D:\\program files\\microsoft games\\age of empires\\empiresx.exe"= UDP:D:\program files\microsoft games\age of empires\empiresx.exe:Age of Empires, the Rise of Rome "UDP Query User{D542142F-7CA8-438C-A6CF-C84D7D22FBF2}D:\\program files\\microsoft games\\age of empires\\empiresx.exe"= TCP:D:\program files\microsoft games\age of empires\empiresx.exe:Age of Empires, the Rise of Rome "TCP Query User{1CCF2D75-9D47-463D-B635-16F65052C146}C:\\program files\\steam\\steamapps\\magnemann\\source dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\magnemann\source dedicated server\srcds.exe:srcds "UDP Query User{6FCF48F5-FB78-423A-8676-C9602ED16396}C:\\program files\\steam\\steamapps\\magnemann\\source dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\magnemann\source dedicated server\srcds.exe:srcds "{3F8A75EB-3F7D-4291-AC30-CAD4D80767C9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{BFDDB3B1-FE6A-46E7-9EB8-33241676BD6E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{F9245AE4-E7C4-4ADD-8096-8EB3CE13E3C4}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{0D1DC0FD-4666-4203-905D-03D74A0AFF58}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{FE887B7D-9A33-455B-A817-933C3CB08550}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{3A55882D-AAB9-49F9-AB09-FDEF81C6853F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{36584F46-2FBB-40E6-A709-6FF772461425}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{DE7C957C-A1C2-4D7B-9D10-3DF863DC0183}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{E1914CEF-7BB8-4B89-AACE-4937FF03FCAF}"= UDP:D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{AEC1AEBB-45B8-4E5B-9130-ED4B57D5A6A8}"= TCP:D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{CE2AD8EE-930C-4E9A-8764-4807624D0283}"= UDP:D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{ACB58874-0951-4C20-A556-B7A8BB4640FA}"= TCP:D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "TCP Query User{EF63C5C0-45A1-4EA2-B966-8008C7CADB56}D:\\program files\\activision\\rome - total war\\rometw.exe"= UDP:D:\program files\activision\rome - total war\rometw.exe:Rome: Total War "UDP Query User{A04ED871-67CC-4716-9CE9-83F9E84BF99B}D:\\program files\\activision\\rome - total war\\rometw.exe"= TCP:D:\program files\activision\rome - total war\rometw.exe:Rome: Total War "{F26F3814-82ED-43F3-A492-44B213BFF940}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{60D86CC0-5DAF-4EF7-ABBE-DB4FE0C02C69}D:\\program files\\xfire\\xfire.exe"= UDP:D:\program files\xfire\xfire.exe:Xfire "UDP Query User{FDAEBB23-BFF6-486B-A4FB-262B8F1D3E17}D:\\program files\\xfire\\xfire.exe"= TCP:D:\program files\xfire\xfire.exe:Xfire "{60F0EECF-72EC-4A05-9B84-6A68D5F19FCF}"= UDP:D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{2C1B7F94-D12D-4D74-9F78-A4A8B48B3746}"= TCP:D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{12D4FBB1-3EBD-4855-A322-30B34855E26D}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= Disabled:UDP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient "UDP Query User{504CB212-7888-4D89-8076-1C7D9BFB1075}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= Disabled:TCP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R0 iaNvStor;Intel® Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-07-09 14:28] R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34] R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00] R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57] R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 22:15] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-26 09:33] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 09:09] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 21:46] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 08:20] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 08:20] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-28 19:48] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-31 20:25:59 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-31 20:26:32 ComboFix-quarantined-files.txt 2008-03-31 18:26:29 Pre-Run: 19,699,789,824 byte ledig Post-Run: 19,567,804,416 byte ledig . 2008-03-28 10:28:02 --- E O F --- Lenke til kommentar
r2d290 Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 Fint... nå kommer det sikkert noen litt mer "sak-kyndige" for å se på loggene Lenke til kommentar
magneman Skrevet 31. mars 2008 Forfatter Del Skrevet 31. mars 2008 Får vel vente da. Lenke til kommentar
norbat Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 Det ble fjernet en trojan. Ut over det ser loggen fin ut. Lenke til kommentar
magneman Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 Det ble fjernet en trojan. Ut over det ser loggen fin ut. Hva var det som fjernet trojanen? Combofix? Lenke til kommentar
r2d290 Skrevet 1. april 2008 Del Skrevet 1. april 2008 Fra combofix-loggen: ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). C:\Windows\setup.exe går ut ifra at det er denne han henviser til, så ja: det var combofix... endre innlegget ditt med full redigering, og endre emnetittelen din til: [løst] Et par spørsmål + HijackThis logg Lenke til kommentar
magneman Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 Snart, har fortsatt et par spørsmål. 1: Dette gjelder Spybot search and destroy, immuniseringen. Når jeg har alle programmene immunisert, vil de fortsette å være immunisert etter at jeg har slått av programmet, altså hele tiden? 2: Hva gjør ComFix egentlig? 3: Hvordan kan jeg forsikre meg om at jeg er fri for virus/trojanere osv? Har kjørt en del programmer nå men har ikke funnet noe, men ComboFix fant det, ingen av anti-spyware programmene eller avast! antivirus fant noe... Noen anbefalinger? Lenke til kommentar
r2d290 Skrevet 1. april 2008 Del Skrevet 1. april 2008 1. kan jeg ikke svare på... 2. combofix lager en logg over filer og registere som ligger på maskinen din, og forteller om det er noe galt på maskinen. Dersom det er noe opplagt som er galt, vil combofix fjerne det, men det finnes programmer som er bedre enn combofix til fjerning. 3a. Du kan være sikker på at du ikke har noe virus/trojaner/spyware fordi loggene er blitt bekreftet godkjent av en person som er veldig flink med å gå gjennom logger (fra hijackthis og combofix) 3b. det kan hende at programmet SUPERantispyware (se post #2) hadde funnet dette, da dette er et veldig bra program for fjerning av slike ting. Forøvrig er det sikkert en idé å legge ut hjt+combofix ut hit av og til (annenhver måned kanskje), så du kan få bekreftet at ting fortsatt er som det skal. forøvrig anbefaler jeg deg følgende pakke: avira antivir superantispyware comodo firewall (alt gratis) og i tillegg ccleaner og kanskje et rootkit-program. på https://www.diskusjon.no/index.php?showtopic=776083 får du link til alle disse programmene, og du kan lese litt mer om det... bruk pc-en litt, og så kan du avinstallere combofix: start->kjør skriv følgende: combofix /u og trykk enter... dette vil avinstallere programmet, og lage et gjennoprettingspunkt, som gjør at du kan tilbakestille maskinen din til dette punktet da maskinen din fungerer Lenke til kommentar
magneman Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 1 :SUPERantispyware fant ingenting, og det var Avast! Antivirus som fjernet rootkiten, og Combofix som fjernet den trojanske hesten, og kommer neppe til å avinstallere Avast! Antivirus med det første ihvertfall, men jeg kan jo installere Avira Antivirus bare for å ta èn skan, vet ikke om dette er så veldig lurt, men med tanke på at jeg bare skal bruke programmet til å kjøre èn skan går vel dette bra? 2: trenger fortsatt svar på Spybot S&D spørsmålet. 3: Er det noen som har noen tester eller artikler angående comodo firewall VS Microsoft brannmur? (På Vista) Lenke til kommentar
norbat Skrevet 1. april 2008 Del Skrevet 1. april 2008 Lager Avast en logg som forteller hva den har gjort? Kunne godt tenkt meg og sett hvilken rootkit som ble oppdaget. På forhånd takk. mvh n Lenke til kommentar
magneman Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 Altså, det er forskjellige kategorier i log vieweren, men er ikke sikker på om det som står der er virus. Kategoriene er Emergency, Alert, Critical, Error, Warning, Notice og Info. Under Error stod det: 31.03.2008 19:50:37 SYSTEM 1664 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. 31.03.2008 20:22:02 SYSTEM 1664 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Under Warning stod det: 31.03.2008 19:50:37 SYSTEM 1664 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\Windows\System32\conime.exe (C:\Windows\System32\conime.exe) returning error, 00000005. 31.03.2008 20:22:02 SYSTEM 1664 AAVM - scanning warning: x_AavmCheckFileDirectEx [uNI]: C:\Windows\System32\conime.exe (C:\Windows\System32\conime.exe) returning error, 00000005. Er ikke noe mer som står i loggene bortsett fra det der. (Med unntak av der det står om oppdateringer) Lenke til kommentar
norbat Skrevet 1. april 2008 Del Skrevet 1. april 2008 Ok, conime.exe er en grei prosess. Er da litt usikker på om Avira fjernet en rootkit, men uansett. loggen ser fin ut Lenke til kommentar
magneman Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 Da har jeg dessverre ikke noen logg over hvilke fil(er) som Avast! scannet. Trenger svar på spørsmålene jeg stilte i innlegg nr.11 nå. (Hvis noen vet hvor loggen over filer som Avast! har slettet er, så la meg få vite det. ) Lenke til kommentar
snippsat Skrevet 1. april 2008 Del Skrevet 1. april 2008 (endret) 1 :SUPERantispyware fant ingenting, og det var Avast! Antivirus som fjernet rootkiten, og Combofix som fjernet den trojanske hesten, og kommer neppe til å avinstallere Avast! Antivirus med det første ihvertfall, men jeg kan jo installere Avira Antivirus bare for å ta èn skan, vet ikke om dette er så veldig lurt, men med tanke på at jeg bare skal bruke programmet til å kjøre èn skan går vel dette bra? Nei dette skal du aldri gjøre,kun et antivirus. Skal du scanne for du bruke noen av de mange online scannere. Onlinescann. Nod32 onlinescan + f-secure online + prevx scann + Singel fil scann Ingen metoder slår manuel rensing(du poster da logger som nå) 2: trenger fortsatt svar på Spybot S&D spørsmålet.Svar på det meste her.http://forums.spybot.info/showthread.php?t=3922 3: Er det noen som har noen tester eller artikler angående comodo firewall VS Microsoft brannmur? (På Vista) Dem er ikke i samme klasse,til det er comodo for bra. Win brannvegg har alltid fått 0 i score her,vista sin bedere tviler på det. http://www.matousec.com/projects/windows-p...rewalls-ratings Nye tester. http://www.matousec.com/projects/firewall-...nge/results.php Endret 1. april 2008 av SNIPPSAT Lenke til kommentar
magneman Skrevet 3. april 2008 Forfatter Del Skrevet 3. april 2008 En ting til, det gjelder brannmur. Når jeg installerer comodo brannmur, hva må jeg gjøre med Windows brannmur? Skal jeg bare deaktivere den eller? Og hvor mye beskytter comodo brannmur? Beskytter den mer enn Windows brannmur, men at noen ting WIndows Brannmur blokkerer, blokkerer ikke comodo, eller tar comodo alt som windows brannmur tar, + litt til? Og er comodo kompatibelt med vista? Lenke til kommentar
snippsat Skrevet 3. april 2008 Del Skrevet 3. april 2008 (endret) Når jeg installerer comodo brannmur, hva må jeg gjøre med Windows brannmur? Skal jeg bare deaktivere den eller? Ja. eller tar comodo alt som windows brannmur tar, + litt til? Riktig tar alt win brannmur som ikke er mye + mye mer. Og er comodo kompatibelt med vista? Ja. Endret 3. april 2008 av SNIPPSAT Lenke til kommentar
magneman Skrevet 5. april 2008 Forfatter Del Skrevet 5. april 2008 Har fått meg comodo nå, må si at jeg er litt lei av den, har hatt den i 2 dager nå, og får opp beskjeder hele tiden om jeg vil godta requests og sånn der hele tiden, er det noen måte å slippe alt dette på? Mange av programmene som dukker opp vet jeg ikke hva jeg er, så har måtte søkt meg fram på nettet... Lenke til kommentar
snippsat Skrevet 5. april 2008 Del Skrevet 5. april 2008 (endret) Du vil i starten få en del spørsmål. Comondo er 3 muligheter. Firewall Firewall+Leak Protection Firewall+Defense+ (Recommended) Bruker du bare firewall delen er det stille,men mindere sikkerhet. Sett "Training mode" på både defence+ og firewall. Husk hake på "Remember my Answer". Dobbelklikk på ikon->defence+ ->advance Image Execution Control->sett til disable. Ellers har comodo et bra forum. http://forums.comodo.com/help_for_v3-b105.0/ Endret 5. april 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå