Nidhogg

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-08 20:10:40

Windows 6.0.6000

 

 

---- Disk sectors - GMER 1.0.15 ----

 

Disk \Device\Harddisk0\DR0 sector 08: copy of MBR

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

 

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.36

Databaseversjon: 1952

Windows 6.0.6000

 

08.04.2009 18:45:02

mbam-log-2009-04-08 (18-45-02).txt

 

Skanntype: Rask Skann

Objekter skannet: 58354

Tid tilbakelagt: 2 minute(s), 38 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

ComboFix 09-04-04.01 - Henrik 2009-04-08 18:55:06.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.3062.1977 [GMT 2:00]

Kjører fra: c:\users\Henrik\Downloads\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-08 til 2009-04-08 )))))))))))))))))))))))))))))))))

.

 

2009-04-09 01:22 . 2009-04-09 01:22 974,336 --a------ c:\windows\System32\crypt32.dll

2009-04-09 01:22 . 2009-04-09 01:22 220,160 --a------ c:\windows\System32\drivers\bthport.sys

2009-04-09 01:22 . 2009-04-09 01:22 196,608 --a------ c:\windows\KB929577.LOG.perf

2009-04-09 01:22 . 2009-04-09 01:22 181,760 --a------ c:\windows\System32\fsquirt.exe

2009-04-09 01:22 . 2009-04-09 01:23 131,072 --a------ c:\windows\KB931573.LOG.perf

2009-04-09 01:22 . 2009-04-09 01:23 131,072 --a------ c:\windows\KB931573.LOG.dpx

2009-04-09 01:22 . 2009-04-09 01:22 131,072 --a------ c:\windows\KB929577.LOG.dpx

2009-04-09 01:22 . 2009-04-09 01:22 29,184 --a------ c:\windows\System32\drivers\BTHUSB.SYS

2009-04-09 01:22 . 2009-04-09 01:22 19,456 --a------ c:\windows\System32\drivers\bthenum.sys

2009-04-09 01:21 . 2009-04-09 01:21 1,060,920 --a------ c:\windows\System32\drivers\ntfs.sys

2009-04-09 01:21 . 2009-04-09 01:21 154,624 --a------ c:\windows\System32\drivers\nwifi.sys

2009-04-09 01:21 . 2009-04-09 01:22 131,072 --a------ c:\windows\KB943899.LOG.perf

2009-04-09 01:21 . 2009-04-09 01:22 131,072 --a------ c:\windows\KB943899.LOG.dpx

2009-04-09 01:21 . 2009-04-09 01:21 131,072 --a------ c:\windows\KB943412.LOG.perf

2009-04-09 01:21 . 2009-04-09 01:21 131,072 --a------ c:\windows\KB943412.LOG.dpx

2009-04-09 01:20 . 2009-04-09 01:20 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2009-04-09 01:20 . 2009-04-09 01:20 1,686,016 --a------ c:\windows\System32\gameux.dll

2009-04-09 01:20 . 2009-04-09 01:21 196,608 --a------ c:\windows\KB943411.LOG.dpx

2009-04-09 01:20 . 2009-04-09 01:21 131,072 --a------ c:\windows\KB943411.LOG.perf

2009-04-09 01:20 . 2009-04-09 01:20 131,072 --a------ c:\windows\KB943302.LOG.perf

2009-04-09 01:20 . 2009-04-09 01:20 131,072 --a------ c:\windows\KB943302.LOG.dpx

2009-04-09 01:20 . 2009-04-09 01:20 11,776 --a------ c:\windows\System32\sbunattend.exe

2009-04-09 01:19 . 2009-04-09 01:19 3,505,848 --a------ c:\windows\System32\ntkrnlpa.exe

2009-04-09 01:19 . 2009-04-09 01:19 3,472,056 --a------ c:\windows\System32\ntoskrnl.exe

2009-04-09 01:19 . 2009-04-09 01:19 196,608 --a------ c:\windows\KB942763.LOG.dpx

2009-04-09 01:19 . 2009-04-09 01:20 131,072 --a------ c:\windows\KB943078.LOG.perf

2009-04-09 01:19 . 2009-04-09 01:20 131,072 --a------ c:\windows\KB943078.LOG.dpx

2009-04-09 01:19 . 2009-04-09 01:19 131,072 --a------ c:\windows\KB942763.LOG.perf

2009-04-09 01:19 . 2009-04-09 01:19 2,048 --a------ c:\windows\System32\tzres.dll

2009-04-09 01:18 . 2009-04-09 01:19 131,072 --a------ c:\windows\KB942624.LOG.perf

2009-04-09 01:18 . 2009-04-09 01:19 131,072 --a------ c:\windows\KB942624.LOG.dpx

2009-04-09 01:18 . 2009-04-09 01:18 130,048 --a------ c:\windows\System32\drivers\srv2.sys

2009-04-09 01:18 . 2009-04-09 01:18 101,888 --a------ c:\windows\System32\drivers\mrxsmb.sys

2009-04-09 01:18 . 2009-04-09 01:18 84,992 --a------ c:\windows\System32\drivers\srvnet.sys

2009-04-09 01:18 . 2009-04-09 01:18 58,368 --a------ c:\windows\System32\drivers\mrxsmb20.sys

2009-04-09 01:15 . 2009-04-09 01:15 802,816 --a------ c:\windows\System32\drivers\tcpip.sys

2009-04-09 01:14 . 2009-04-09 01:14 1,327,104 --a------ c:\windows\System32\quartz.dll

2009-04-09 01:14 . 2009-04-09 01:14 737,792 --a------ c:\windows\System32\inetcomm.dll

2009-04-09 01:14 . 2009-04-09 01:15 131,072 --a------ c:\windows\KB941568.LOG.perf

2009-04-09 01:14 . 2009-04-09 01:15 131,072 --a------ c:\windows\KB941568.LOG.dpx

2009-04-09 01:14 . 2009-04-09 01:14 131,072 --a------ c:\windows\KB941202.LOG.perf

2009-04-09 01:14 . 2009-04-09 01:14 131,072 --a------ c:\windows\KB941202.LOG.dpx

2009-04-09 01:14 . 2009-04-09 01:14 131,072 --a------ c:\windows\KB939165.LOG.perf

2009-04-09 01:14 . 2009-04-09 01:14 131,072 --a------ c:\windows\KB939165.LOG.dpx

2009-04-09 01:14 . 2009-04-09 01:14 84,480 --a------ c:\windows\System32\INETRES.dll

2009-04-09 01:14 . 2009-04-09 01:14 8,888 --a------ c:\windows\System32\RacUR.xml

2009-04-09 01:14 . 2009-04-09 01:14 150 --a------ c:\windows\System32\RacUREx.xml

2009-04-09 01:13 . 2009-04-09 01:13 750,080 --a------ c:\windows\System32\qmgr.dll

2009-04-09 01:13 . 2009-04-09 01:14 131,072 --a------ c:\windows\KB939159.LOG.perf

2009-04-09 01:13 . 2009-04-09 01:14 131,072 --a------ c:\windows\KB939159.LOG.dpx

2009-04-09 01:11 . 2009-04-09 01:11 694,784 --a------ c:\windows\System32\localspl.dll

2009-04-09 01:10 . 2009-04-09 01:10 <DIR> d-------- c:\windows\Users

2009-04-09 01:10 . 2009-04-09 01:11 131,072 --a------ c:\windows\KB937077.LOG.perf

2009-04-09 01:10 . 2009-04-09 01:11 131,072 --a------ c:\windows\KB937077.LOG.dpx

2009-04-09 01:10 . 2009-04-09 01:10 131,072 --a------ c:\windows\KB936825.LOG.perf

2009-04-09 01:10 . 2009-04-09 01:10 131,072 --a------ c:\windows\KB936825.LOG.dpx

2009-04-09 01:10 . 2009-04-09 01:10 131,072 --a------ c:\windows\KB936824.LOG.perf

2009-04-09 01:10 . 2009-04-09 01:10 131,072 --a------ c:\windows\KB936824.LOG.dpx

2009-04-09 01:10 . 2009-04-09 01:10 82,432 --a------ c:\windows\System32\drivers\sdbus.sys

2009-04-09 01:09 . 2009-04-09 01:09 1,191,936 --a------ c:\windows\System32\msxml3.dll

2009-04-09 01:09 . 2009-04-09 01:09 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll

2009-04-09 01:09 . 2009-04-09 01:10 131,072 --a------ c:\windows\KB936782.LOG.perf

2009-04-09 01:09 . 2009-04-09 01:10 131,072 --a------ c:\windows\KB936782.LOG.dpx

2009-04-09 01:09 . 2009-04-09 01:09 131,072 --a------ c:\windows\KB936357.LOG.perf

2009-04-09 01:09 . 2009-04-09 01:09 131,072 --a------ c:\windows\KB936357.LOG.dpx

2009-04-09 01:09 . 2009-04-09 01:09 131,072 --a------ c:\windows\KB936021.LOG.perf

2009-04-09 01:09 . 2009-04-09 01:09 131,072 --a------ c:\windows\KB936021.LOG.dpx

2009-04-09 01:09 . 2009-04-09 01:09 2,048 --a------ c:\windows\System32\msxml3r.dll

2009-04-09 01:07 . 2009-04-09 01:07 1,335,296 --a------ c:\windows\System32\msxml6.dll

2009-04-09 01:06 . 2009-04-09 01:06 500,224 --a------ c:\windows\System32\msdtcprx.dll

2009-04-09 01:06 . 2009-04-09 01:06 376,320 --a------ c:\windows\System32\winsrv.dll

2009-04-09 01:06 . 2009-04-09 01:06 196,608 --a------ c:\windows\KB930193.LOG.perf

2009-04-09 01:06 . 2009-04-09 01:07 131,072 --a------ c:\windows\KB930857.LOG.perf

2009-04-09 01:06 . 2009-04-09 01:07 131,072 --a------ c:\windows\KB930857.LOG.dpx

2009-04-09 01:06 . 2009-04-09 01:06 131,072 --a------ c:\windows\KB930585.LOG.perf

2009-04-09 01:06 . 2009-04-09 01:06 131,072 --a------ c:\windows\KB930585.LOG.dpx

2009-04-09 01:06 . 2009-04-09 01:06 131,072 --a------ c:\windows\KB930193.LOG.dpx

2009-04-09 01:06 . 2009-04-09 01:06 104,448 --a------ c:\windows\System32\DWWIN.EXE

2009-04-09 01:06 . 2009-04-09 01:06 49,664 --a------ c:\windows\System32\csrsrv.dll

2009-04-09 01:06 . 2009-04-09 01:06 30,208 --a------ c:\windows\System32\xolehlp.dll

2009-04-09 01:05 . 2009-04-09 01:05 196,608 --a------ c:\windows\KB929916.LOG.dpx

2009-04-09 01:05 . 2009-04-09 01:06 131,072 --a------ c:\windows\KB930178.LOG.perf

2009-04-09 01:05 . 2009-04-09 01:06 131,072 --a------ c:\windows\KB930178.LOG.dpx

2009-04-09 01:05 . 2009-04-09 01:05 131,072 --a------ c:\windows\KB930163.LOG.perf

2009-04-09 01:05 . 2009-04-09 01:05 131,072 --a------ c:\windows\KB930163.LOG.dpx

2009-04-09 01:05 . 2009-04-09 01:05 131,072 --a------ c:\windows\KB929916.LOG.perf

2009-04-09 01:05 . 2009-04-09 01:05 131,072 --a------ c:\windows\KB929777.LOG.perf

2009-04-09 01:05 . 2009-04-09 01:05 131,072 --a------ c:\windows\KB929777.LOG.dpx

2009-04-09 01:05 . 2009-04-09 01:05 131,072 --a------ c:\windows\KB929763.LOG.perf

2009-04-09 01:05 . 2009-04-09 01:05 131,072 --a------ c:\windows\KB929763.LOG.dpx

2009-04-09 01:05 . 2009-04-09 01:05 74,752 --a------ c:\windows\System32\drivers\rasl2tp.sys

2009-04-09 01:05 . 2009-04-09 01:05 60,928 --a------ c:\windows\System32\drivers\raspptp.sys

2009-04-09 01:04 . 2009-04-09 01:04 414,208 --a------ c:\windows\System32\msscp.dll

2009-04-09 01:04 . 2009-04-09 01:04 229,888 --a------ c:\windows\System32\msshsq.dll

2009-04-09 01:04 . 2009-04-09 01:04 205,824 --a------ c:\windows\System32\msoeacct.dll

2009-04-09 01:04 . 2009-04-09 01:05 131,072 --a------ c:\windows\KB929735.LOG.perf

2009-04-09 01:04 . 2009-04-09 01:05 131,072 --a------ c:\windows\KB929735.LOG.dpx

2009-04-09 01:04 . 2009-04-09 01:04 131,072 --a------ c:\windows\KB929399.LOG.perf

2009-04-09 01:04 . 2009-04-09 01:04 131,072 --a------ c:\windows\KB929399.LOG.dpx

2009-04-09 01:04 . 2009-04-09 01:04 131,072 --a------ c:\windows\KB929123.LOG.perf

2009-04-09 01:04 . 2009-04-09 01:04 131,072 --a------ c:\windows\KB929123.LOG.dpx

2009-04-09 01:04 . 2009-04-09 01:04 87,040 --a------ c:\windows\System32\msoert2.dll

2009-04-09 01:04 . 2009-04-09 01:04 39,424 --a------ c:\windows\System32\ACCTRES.dll

2009-04-09 01:02 . 2009-04-08 17:23 476,858 --a------ c:\windows\System32\perfh014.dat

2009-04-09 01:02 . 2009-04-09 01:01 294,254 --a------ c:\windows\System32\perfi014.dat

2009-04-09 01:02 . 2009-04-08 17:23 79,408 --a------ c:\windows\System32\perfc014.dat

2009-04-09 01:02 . 2009-04-09 01:01 35,166 --a------ c:\windows\System32\perfd014.dat

2009-04-09 01:01 . 2009-04-09 01:01 <DIR> d-------- c:\windows\System32\no

2009-04-09 01:01 . 2009-04-09 01:01 <DIR> d-------- c:\windows\System32\drivers\nb-NO

2009-04-09 01:01 . 2009-04-09 01:01 <DIR> d-------- c:\windows\nb-NO

2009-04-09 00:59 . 2009-04-09 01:03 2,162,688 --a------ c:\windows\NOLP.LOG.dpx

2009-04-09 00:59 . 2009-04-09 01:03 131,072 --a------ c:\windows\NOLP.LOG.perf

2009-04-09 00:59 . 2009-04-09 00:59 55 --a------ C:\syslevel.lgl

2009-04-09 00:58 . 2009-04-08 16:10 <DIR> d-------- C:\DRIVERS

2009-04-08 18:58 . 2009-04-08 18:59 282,708,610 --a------ c:\windows\MEMORY.DMP

2009-04-08 18:41 . 2009-04-08 18:41 <DIR> d-------- c:\users\Henrik\AppData\Roaming\Malwarebytes

2009-04-08 18:41 . 2009-04-08 18:41 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-04-08 18:41 . 2009-04-08 18:41 <DIR> d-------- c:\programdata\Malwarebytes

2009-04-08 18:41 . 2009-04-08 18:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-04-08 18:41 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-04-08 18:41 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-04-08 16:45 . 2009-04-08 16:45 <DIR> d-------- c:\users\Henrik\Bluetooth Software

2009-04-08 16:45 . 2009-04-08 16:45 <DIR> d-------- c:\users\Henrik\AppData\Roaming\Lenovo

2009-04-08 16:42 . 2006-11-02 15:01 <DIR> dr------- c:\users\Henrik\Videos

2009-04-08 16:42 . 2009-04-08 16:44 <DIR> dr------- c:\users\Henrik\Searches

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-08 23:21 45,112 ----a-w c:\windows\system32\drivers\pciidex.sys

2009-04-08 23:21 25,656 ----a-w c:\windows\system32\drivers\msahci.sys

2009-04-08 23:21 211,000 ----a-w c:\windows\system32\drivers\volsnap.sys

2009-04-08 23:21 21,560 ----a-w c:\windows\system32\drivers\atapi.sys

2009-04-08 23:21 20,024 ------w c:\windows\system32\drivers\viaide.sys

2009-04-08 23:21 19,000 ------w c:\windows\system32\drivers\cmdide.sys

2009-04-08 23:21 17,976 ------w c:\windows\system32\drivers\amdide.sys

2009-04-08 23:21 17,464 ----a-w c:\windows\system32\drivers\intelide.sys

2009-04-08 23:21 17,464 ------w c:\windows\system32\drivers\aliide.sys

2009-04-08 23:21 15,928 ------w c:\windows\system32\drivers\pciide.sys

2009-04-08 23:21 109,624 ----a-w c:\windows\system32\drivers\ataport.sys

2009-04-08 23:21 --------- d-----w c:\program files\Windows Sidebar

2009-04-08 23:20 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2009-04-08 23:20 449,024 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2009-04-08 23:20 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2009-04-08 23:20 2,143,744 ----a-w c:\windows\AppPatch\AcGenral.dll

2009-04-08 23:20 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2009-04-08 23:17 824,832 ----a-w c:\windows\System32\wininet.dll

2009-04-08 23:17 56,320 ----a-w c:\windows\System32\iesetup.dll

2009-04-08 23:17 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2009-04-08 23:17 26,624 ----a-w c:\windows\System32\ieUnatt.exe

2009-04-08 23:15 9,728 ----a-w c:\windows\System32\LAPRXY.DLL

2009-04-08 23:12 88,576 ----a-w c:\windows\System32\avifil32.dll

2009-04-08 23:11 8,192 ----a-w c:\windows\System32\riched32.dll

2009-04-08 23:10 53,760 ----a-w c:\windows\system32\drivers\hdaudbus.sys

2009-04-08 23:10 13,312 ------w c:\windows\system32\drivers\sffdisk.sys

2009-04-08 23:10 12,800 ------w c:\windows\system32\drivers\sffp_sd.sys

2009-04-08 23:10 12,800 ------w c:\windows\system32\drivers\sffp_mmc.sys

2009-04-08 23:07 5,120 ----a-w c:\windows\System32\wmi.dll

2009-04-08 23:07 36,864 ----a-w c:\windows\System32\wmdmps.dll

2009-04-08 23:07 311,296 ----a-w c:\windows\System32\mswmdm.dll

2009-04-08 23:07 31,744 ----a-w c:\windows\System32\wmdmlog.dll

2009-04-08 23:07 2,048 ----a-w c:\windows\System32\msxml6r.dll

2009-04-08 23:07 152,576 ----a-w c:\windows\System32\imagehlp.dll

2009-04-08 23:07 12,800 ----a-w c:\windows\system32\drivers\fs_rec.sys

2009-04-08 23:07 --------- d-----w c:\program files\Windows Defender

2009-04-08 23:05 160,872 ----a-w c:\windows\System32\halmacpi.dll

2009-04-08 23:05 134,760 ----a-w c:\windows\System32\halacpi.dll

2009-04-08 23:04 --------- d-----w c:\program files\Windows Mail

2009-04-08 23:03 633,856 ----a-w c:\windows\System32\user32.dll

2009-04-08 23:03 558,080 ----a-w c:\windows\System32\MSMPEG2VDEC.DLL

2009-04-08 23:03 505,856 ----a-w c:\windows\System32\MSMPEG2ENC.DLL

2009-04-08 23:03 386,560 ----a-w c:\windows\System32\MSMPEG2ADEC.DLL

2009-04-08 23:03 38,912 ----a-w c:\windows\system32\drivers\hidclass.sys

2009-04-08 23:03 25,472 ----a-w c:\windows\system32\drivers\hidparse.sys

2009-04-08 23:03 12,288 ----a-w c:\windows\system32\drivers\hidusb.sys

2009-04-08 23:01 --------- d-----w c:\program files\Windows Photo Gallery

2009-04-08 23:01 --------- d-----w c:\program files\Windows Collaboration

2009-04-08 14:36 --------- d-sh--w c:\programdata\Start-meny

2009-04-08 14:36 --------- d-sh--w c:\programdata\Skrivebord

2009-04-08 14:36 --------- d-sh--w c:\programdata\Programdata

2009-04-08 14:36 --------- d-sh--w c:\programdata\Maler

2009-04-08 14:36 --------- d-sh--w c:\programdata\Favoritter

2009-04-08 14:36 --------- d-sh--w c:\programdata\Dokumenter

2009-04-08 14:36 --------- d-sh--w c:\program files\Fellesfiler

2009-04-08 13:44 319,456 ----a-w c:\windows\DIFxAPI.dll

2009-04-08 13:29 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-09 1232896]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-28 569344]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-06-05 34352]

"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-04 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-04 154392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-04 138008]

"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 536576]

"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe" [2007-05-31 946176]

"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2007-08-22 16384]

"RemoteControl"="c:\program files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2007-03-29 719664]

Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

LenovoRegistration.lnk - c:\swtools\LenovoWelcome\LenovoRegistration.cmd [2007-10-04 166]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.clmp3enc"= c:\progra~1\LENOVO~3\Power2Go\CLMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D16ABD9D-A509-42BD-8D94-9762D9FCF55D}"= c:\program files\Lenovo Multimedia Center\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [2007-02-19 13744]

R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [2007-05-11 54832]

R2 TPHKSVC;Visning på skjermen;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2007-05-11 55936]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-02-08 179712]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [2007-05-22 30336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-04-08 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://lenovo.live.com

IE: Send bilde til &Bluetooth-enhet... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Henrik\AppData\Roaming\Mozilla\Firefox\Profiles\3xs4eual.default\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-08 19:00:03

Windows 6.0.6000 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'Explorer.exe'(5196)

c:\windows\system32\btmmhook.dll

c:\program files\Pure Networks\Network Magic\nmrsrc.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\audiodg.exe

c:\windows\System32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Lenovo\PM Driver\PMSveH.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Pure Networks\Network Magic\nmsrvc.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\System32\conime.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\Lenovo\PM Driver\PMHandler.exe

c:\program files\Lenovo\LenovoCare\LPMGR.EXE

c:\windows\System32\igfxsrvc.exe

c:\program files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

c:\program files\Lenovo\Bluetooth Software\BTStackServer.exe

c:\windows\System32\VSSVC.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-04-08 19:03:48 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-04-08 17:03:45

 

Pre-Run: 96 801 935 360 byte ledig

Post-Run: 96,343,597,056 byte ledig

 

329