Gå til innhold

» Data » IKT-drift og sikkerhet

Spyware på ny laptop:/

snipern

Av snipern
24. november 2008 i IKT-drift og sikkerhet

Anbefalte innlegg

snipern

snipern

Skrevet 7. desember 2008

Forfatter

Skrevet 7. desember 2008

bør det gjøres i sikkerhetsmodus?

Videoannonse

Annonse

raWrz

raWrz

Skrevet 7. desember 2008

Skrevet 7. desember 2008

kjør det du kan i normal modus

snipern

snipern

Skrevet 7. desember 2008

Forfatter

Skrevet 7. desember 2008

Malwarebyte

Malwarebytes' Anti-Malware 1.30

Database versjon: 1419

Windows 6.0.6001 Service Pack 1

2008-12-07 21:16:44

mbam-log-2008-12-07 (21-16-44).txt

Skanntype: Rask Skann

Objekter skannet: 42365

Tid tilbakelagt: 15 minute(s), 17 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

ComboFix

ComboFix 08-12-06.06 - Lefdal 2008-12-07 21:11:54.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1973 [GMT 1:00]

Kjører fra: c:\users\Lefdal\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-07 til 2008-12-07 )))))))))))))))))))))))))))))))))

.

2008-12-07 21:07 . 2008-12-07 21:07 <DIR> d-------- c:\program files\Trend Micro

2008-12-07 20:48 . 2008-12-07 21:03 <DIR> d-------- c:\users\All Users\BOC427

2008-12-07 20:48 . 2008-12-07 21:03 <DIR> d-------- c:\programdata\BOC427

2008-12-07 20:48 . 2008-12-07 20:48 <DIR> d-------- c:\program files\Comodo

2008-12-07 20:48 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL

2008-12-07 20:48 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE

2008-12-07 20:48 . 2008-01-21 03:23 15,360 --a------ c:\windows\System32\wsock32.dlb

2008-12-07 20:48 . 2008-12-07 21:23 877 --a------ c:\windows\BOC427.INI

2008-12-05 17:46 . 2008-12-05 17:46 <DIR> d-------- C:\Games

2008-12-01 16:55 . 2008-12-04 15:20 <DIR> d--h----- C:\$AVG8.VAULT$

2008-11-29 18:13 . 2008-11-29 18:13 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys

2008-11-29 18:13 . 2008-11-29 18:13 10,520 --a------ c:\windows\System32\avgrsstx.dll

2008-11-29 18:12 . 2008-12-07 12:56 <DIR> d-------- c:\windows\System32\drivers\Avg

2008-11-29 18:12 . 2008-11-29 18:12 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\users\All Users\avg8

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\programdata\avg8

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\program files\AVG

2008-11-29 18:05 . 2008-11-29 18:05 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment

2008-11-28 00:36 . 2008-11-29 16:06 4,838 --a------ c:\windows\System32\PerfStringBackup.TMP

2008-11-27 17:05 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-27 17:05 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-27 17:05 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-27 17:05 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-27 17:04 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-27 17:04 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-27 17:04 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-27 17:04 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-11-27 17:04 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-26 02:51 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-26 02:51 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-26 02:51 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-26 02:51 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-26 02:51 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-24 21:03 . 2008-12-03 16:52 <DIR> d-------- c:\users\Lefdal\Entourage

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\users\All Users\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\programdata\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:04 <DIR> d-------- c:\program files\Lavasoft

2008-11-24 16:21 . 2008-11-24 16:21 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Malwarebytes

2008-11-24 16:21 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-24 16:21 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-24 15:58 . 2008-12-06 19:23 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-12-06 19:23 <DIR> d-------- c:\programdata\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-11-24 15:59 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-24 14:48 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys

2008-11-24 14:47 . 2008-11-24 14:47 <DIR> d-------- c:\program files\Panda Security

2008-11-20 20:36 . 2008-12-01 20:25 <DIR> d-------- c:\program files\Full Tilt Poker

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\users\All Users\Sports Interactive

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\programdata\Sports Interactive

2008-11-20 12:48 . 2008-11-20 12:50 <DIR> d--h----- c:\program files\Zero G Registry

2008-11-20 12:48 . 2008-11-20 12:48 <DIR> d-------- c:\program files\Sports Interactive

2008-11-20 12:47 . 2008-11-20 12:47 <DIR> d--h----- c:\users\Lefdal\InstallAnywhere

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Winamp

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\program files\Winamp

2008-11-19 18:43 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll

2008-11-18 18:29 . 2008-11-18 18:29 <DIR> d-------- c:\program files\Opera

2008-11-18 17:52 . 2008-11-18 17:52 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\InstallShield

2008-11-15 14:36 . 2008-11-15 14:36 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\users\All Users\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\programdata\Apple Computer

2008-11-15 14:33 . 2008-11-21 21:36 <DIR> d-------- c:\program files\QuickTime

2008-11-15 14:31 . 2008-11-18 17:57 <DIR> d-------- c:\program files\Common Files\Apple

2008-11-15 14:27 . 2008-11-18 15:48 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\LimeWire

2008-11-12 14:27 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 14:27 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-12 14:26 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 13:07 . 2008-11-12 13:07 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\OpenOffice.org

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\OpenOffice.org 3

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\JRE

2008-11-12 13:01 . 2008-11-12 13:01 <DIR> d-------- c:\users\Lefdal\Open Office

2008-11-11 21:10 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll

2008-11-11 21:10 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll

2008-11-11 21:10 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll

2008-11-11 21:10 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll

2008-11-11 21:10 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll

2008-11-11 21:10 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll

2008-11-11 21:10 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll

2008-11-07 12:53 . 2008-11-07 12:53 <DIR> dr-h----- c:\users\Lefdal\AppData\Roaming\SecuROM

2008-11-07 12:53 . 2008-11-07 12:53 107,888 --a------ c:\windows\System32\CmdLineExt.dll

2008-11-07 12:41 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll

2008-11-07 12:41 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll

2008-11-07 12:41 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\System32\D3DCompiler_36.dll

2008-11-07 12:41 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll

2008-11-07 12:41 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll

2008-11-07 12:41 . 2007-10-02 09:56 444,776 --a------ c:\windows\System32\d3dx10_36.dll

2008-11-07 12:41 . 2007-10-22 03:39 267,272 --a------ c:\windows\System32\xactengine2_10.dll

2008-11-07 12:41 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll

2008-11-07 12:41 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll

2008-11-07 12:40 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll

2008-11-07 12:40 . 2007-10-22 03:37 17,928 --a------ c:\windows\System32\X3DAudio1_2.dll

2008-11-07 12:36 . 2008-11-07 12:36 <DIR> d-------- c:\windows\System32\AGEIA

2008-11-07 12:36 . 2008-11-24 18:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-07 12:36 . 2008-11-07 12:36 <DIR> d-------- c:\program files\AGEIA Technologies

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-06 18:25 --------- d-----w c:\programdata\WildTangent

2008-12-05 23:22 --------- d-----w c:\users\Lefdal\AppData\Roaming\BitTorrent

2008-12-01 22:19 --------- d-----w c:\program files\ZyX

2008-12-01 19:25 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-30 15:23 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-30 12:46 --------- d-----w c:\programdata\Symantec

2008-11-20 12:38 --------- d-----w c:\users\Lefdal\AppData\Roaming\Sports Interactive

2008-11-18 22:26 --------- d-----w c:\users\Lefdal\AppData\Roaming\vlc

2008-11-18 17:13 --------- d-----w c:\program files\Atheros

2008-11-15 14:11 --------- d-----w c:\program files\Firaxis Games

2008-11-12 11:59 902 ----a-w c:\users\Lefdal\AppData\Roaming\wklnhst.dat

2008-11-03 22:48 22,328 ----a-w c:\users\Lefdal\AppData\Roaming\PnkBstrK.sys

2008-11-01 14:57 --------- d-----w c:\program files\Telenor

2008-11-01 14:57 --------- d-----w c:\program files\Common Files\GtFlashSwitch

2008-10-31 20:00 --------- d-----w c:\users\Lefdal\AppData\Roaming\WildTangent

2008-10-23 10:47 --------- d-----w c:\users\Lefdal\AppData\Roaming\Template

2008-10-19 20:57 --------- d-----w c:\programdata\CyberLink

2008-10-17 10:13 --------- d-----w c:\program files\Java

2008-10-16 21:22 --------- d-----w c:\users\Lefdal\AppData\Roaming\Hewlett-Packard

2008-10-16 07:45 --------- d-----w c:\program files\Windows Mail

2008-10-13 20:56 --------- d-----w c:\program files\VideoLAN

2008-10-13 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-10-12 18:45 --------- d-----w c:\users\Lefdal\AppData\Roaming\CyberLink

2008-10-12 18:44 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools

2008-10-12 18:44 --------- d-----w c:\program files\DAEMON Tools Lite

2008-10-12 18:39 --------- d-----w c:\programdata\DAEMON Tools Pro

2008-10-12 18:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-12 18:34 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools Pro

2008-10-09 16:46 --------- d-----w c:\program files\DNA

2008-10-09 16:46 --------- d-----w c:\program files\BitTorrent

2008-10-07 06:59 --------- d-----w c:\program files\Football Manager 2008

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1261336]

"BOC-427"="c:\progra~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]

Mobilt bredb†nd.lnk - c:\program files\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 733184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1569871572-2635126389-3207917308-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{77EE5ECE-F6EA-460F-8BA9-66AF7E5ED80F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{1F154C7C-27EB-4171-AB63-7DC5A2BA90EC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{A7B725BE-FF70-4A2B-8480-BD3DD5C33BFC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{00610391-0091-4004-B2F0-844B7934448F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{FC457852-B3E8-4F8E-9309-6EEA3B7817F2}"= UDP:c:\program files\DNA\btdna.exe:DNA

"{07A6FA7F-3B38-4D85-863B-6EB6A8EA9A08}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{DFD5330B-04E0-42D4-B2CD-419B17791DA1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3322B0B8-C972-4B7E-B7BC-11CD12220971}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{38AF6483-4E6D-4F33-AD11-5023CE0C489F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{8F4CD06A-1E96-42B9-B89A-D87E849B6EE6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{204432DA-42AA-496E-BDF0-B8A1CE0B1F74}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{C6891F6E-D0EB-417B-90C4-9DACE7698806}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{D5B6544E-3FD2-4FC9-9DB6-145BCB6891B8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{F7105BFA-9197-4A76-A253-71369119BF9D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"TCP Query User{A2A1DD8E-F311-4585-9B3D-C78FE3940DDD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{1E837909-1F76-4FA1-8F2C-5B2671445E79}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-07-28 15416]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-24 28544]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-29 97928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-07-28 73728]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-29 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 231704]

R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe [2008-12-07 73464]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]

R2 GtFlashSwitch;GtFlashSwitch;"c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" [2007-02-09 176128]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-19 19456]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-06-07 341328]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-27 595248]

R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-29 69128]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-27 40752]

S3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-06-07 193840]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 122496]

S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-04-14 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-04-14 37120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b036dad9-a757-11dd-9347-00218672d3ff}]

\shell\AutoRun\command - g:\.\setup.exe AUTORUN=1

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-07 21:22:19

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'lsass.exe'(700)

c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5196)

c:\program files\DigitalPersona\Bin\DpoFeedb.dll

c:\windows\system32\btmmhook.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\System32\wlanext.exe

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\DigitalPersona\Bin\DpAgent.exe

c:\windows\System32\conime.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\program files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe

c:\program files\AVG\AVG8\avgemc.exe

c:\windows\ehome\ehmsas.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2008-12-07 21:30:38 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2008-12-07 20:30:23

Pre-Run: 221 576 216 576 byte ledig

Post-Run: 223,496,302,592 byte ledig

278 --- E O F --- 2008-12-04 20:20:56

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:13, on 2008-12-07

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\CF10206.exe

C:\Windows\system32\conime.exe

C:\Windows\VFIND.exe

C:\Windows\VFIND.exe

C:\Windows\Explorer.exe

C:\Windows\system32\CF10206.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\ComboFix\pv.cfexe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Mobilt bredbånd.lnk = ?

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--

End of file - 6955 bytes

snipern

snipern

Skrevet 8. desember 2008

Forfatter

Skrevet 8. desember 2008

Noen som kan ta en kikk?

raWrz

raWrz

Skrevet 8. desember 2008

Skrevet 8. desember 2008

du har noen rester av et Symantec antivirus program

last ned dette programmet og kjør det:

ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe

snipern

snipern

Skrevet 8. desember 2008

Forfatter

Skrevet 8. desember 2008

Skal det ha vært problemet? :O

raWrz

raWrz

Skrevet 8. desember 2008

Skrevet 8. desember 2008 (endret)

hvet ikke men kan føre til andre problemer

ellers synes jeg loggene ser fine ut :hmm:

edit: kan du legge combofix på skriveborde og kjøre det derfra ?

Endret 8. desember 2008 av Submit

snipern

snipern

Skrevet 8. desember 2008

Forfatter

Skrevet 8. desember 2008

Her er ComboFix kjørt fra skrivebordet:

ComboFix 08-12-07.01 - Lefdal 2008-12-08 19:52:47.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2120 [GMT 1:00]

Kjører fra: c:\users\Lefdal\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-08 til 2008-12-08 )))))))))))))))))))))))))))))))))

.

2008-12-08 19:13 . 2008-12-08 19:13 <DIR> d-------- c:\users\All Users\NortonInstaller

2008-12-08 19:13 . 2008-12-08 19:13 <DIR> d-------- c:\programdata\NortonInstaller

2008-12-07 21:07 . 2008-12-07 21:07 <DIR> d-------- c:\program files\Trend Micro

2008-12-07 20:48 . 2008-12-07 23:05 <DIR> d-------- c:\program files\Comodo

2008-12-07 20:48 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL

2008-12-07 20:48 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE

2008-12-07 20:48 . 2008-01-21 03:23 15,360 --a------ c:\windows\System32\wsock32.dlb

2008-12-05 17:46 . 2008-12-05 17:46 <DIR> d-------- C:\Games

2008-12-01 16:55 . 2008-12-04 15:20 <DIR> d--h----- C:\$AVG8.VAULT$

2008-11-29 18:13 . 2008-11-29 18:13 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys

2008-11-29 18:13 . 2008-11-29 18:13 10,520 --a------ c:\windows\System32\avgrsstx.dll

2008-11-29 18:12 . 2008-12-08 12:34 <DIR> d-------- c:\windows\System32\drivers\Avg

2008-11-29 18:12 . 2008-11-29 18:12 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\users\All Users\avg8

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\programdata\avg8

2008-11-29 18:11 . 2008-11-29 18:11 <DIR> d-------- c:\program files\AVG

2008-11-29 18:05 . 2008-11-29 18:05 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment

2008-11-28 00:36 . 2008-11-29 16:06 4,838 --a------ c:\windows\System32\PerfStringBackup.TMP

2008-11-27 17:05 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-27 17:05 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-27 17:05 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-27 17:05 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-27 17:04 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-27 17:04 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-27 17:04 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-27 17:04 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-11-27 17:04 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-26 02:51 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-26 02:51 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-26 02:51 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-26 02:51 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-26 02:51 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-24 21:03 . 2008-12-03 16:52 <DIR> d-------- c:\users\Lefdal\Entourage

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\users\All Users\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:06 <DIR> d-------- c:\programdata\Lavasoft

2008-11-24 18:04 . 2008-11-24 18:04 <DIR> d-------- c:\program files\Lavasoft

2008-11-24 16:21 . 2008-11-24 16:21 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Malwarebytes

2008-11-24 16:21 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-24 16:21 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-24 16:20 . 2008-11-24 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-24 15:58 . 2008-12-06 19:23 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-12-06 19:23 <DIR> d-------- c:\programdata\Spybot - Search & Destroy

2008-11-24 15:58 . 2008-11-24 15:59 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-24 14:47 . 2008-12-07 23:08 <DIR> d-------- c:\program files\Panda Security

2008-11-20 20:36 . 2008-12-01 20:25 <DIR> d-------- c:\program files\Full Tilt Poker

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\users\All Users\Sports Interactive

2008-11-20 13:32 . 2008-11-20 13:32 <DIR> d-------- c:\programdata\Sports Interactive

2008-11-20 12:48 . 2008-11-20 12:50 <DIR> d--h----- c:\program files\Zero G Registry

2008-11-20 12:48 . 2008-11-20 12:48 <DIR> d-------- c:\program files\Sports Interactive

2008-11-20 12:47 . 2008-11-20 12:47 <DIR> d--h----- c:\users\Lefdal\InstallAnywhere

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Winamp

2008-11-19 18:43 . 2008-11-19 18:44 <DIR> d-------- c:\program files\Winamp

2008-11-19 18:43 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll

2008-11-18 18:29 . 2008-11-18 18:29 <DIR> d-------- c:\program files\Opera

2008-11-18 17:52 . 2008-11-18 17:52 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\InstallShield

2008-11-15 14:36 . 2008-11-15 14:36 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\users\All Users\Apple Computer

2008-11-15 14:33 . 2008-11-18 15:33 <DIR> d-------- c:\programdata\Apple Computer

2008-11-15 14:33 . 2008-11-21 21:36 <DIR> d-------- c:\program files\QuickTime

2008-11-15 14:31 . 2008-11-18 17:57 <DIR> d-------- c:\program files\Common Files\Apple

2008-11-15 14:27 . 2008-11-18 15:48 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\LimeWire

2008-11-12 14:27 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-12 14:27 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-12 14:26 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 13:07 . 2008-11-12 13:07 <DIR> d-------- c:\users\Lefdal\AppData\Roaming\OpenOffice.org

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\OpenOffice.org 3

2008-11-12 13:02 . 2008-11-12 13:02 <DIR> d-------- c:\program files\JRE

2008-11-12 13:01 . 2008-11-12 13:01 <DIR> d-------- c:\users\Lefdal\Open Office

2008-11-11 21:10 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll

2008-11-11 21:10 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll

2008-11-11 21:10 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll

2008-11-11 21:10 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll

2008-11-11 21:10 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll

2008-11-11 21:10 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll

2008-11-11 21:10 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-07 23:32 --------- d-----w c:\users\Lefdal\AppData\Roaming\BitTorrent

2008-12-07 22:08 --------- d-----w c:\program files\HP Games

2008-12-07 22:07 --------- d-----w c:\programdata\WildTangent

2008-12-01 22:19 --------- d-----w c:\program files\ZyX

2008-12-01 19:25 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-30 15:23 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-24 17:00 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-11-20 12:38 --------- d-----w c:\users\Lefdal\AppData\Roaming\Sports Interactive

2008-11-18 22:26 --------- d-----w c:\users\Lefdal\AppData\Roaming\vlc

2008-11-18 17:13 --------- d-----w c:\program files\Atheros

2008-11-15 14:11 --------- d-----w c:\program files\Firaxis Games

2008-11-12 11:59 902 ----a-w c:\users\Lefdal\AppData\Roaming\wklnhst.dat

2008-11-07 11:53 107,888 ----a-w c:\windows\System32\CmdLineExt.dll

2008-11-07 11:53 --------- d--h--r c:\users\Lefdal\AppData\Roaming\SecuROM

2008-11-07 11:36 --------- d-----w c:\program files\AGEIA Technologies

2008-11-03 22:48 22,328 ----a-w c:\users\Lefdal\AppData\Roaming\PnkBstrK.sys

2008-11-01 14:57 --------- d-----w c:\program files\Telenor

2008-11-01 14:57 --------- d-----w c:\program files\Common Files\GtFlashSwitch

2008-10-23 10:47 --------- d-----w c:\users\Lefdal\AppData\Roaming\Template

2008-10-19 20:57 --------- d-----w c:\programdata\CyberLink

2008-10-17 10:13 --------- d-----w c:\program files\Java

2008-10-16 21:22 --------- d-----w c:\users\Lefdal\AppData\Roaming\Hewlett-Packard

2008-10-16 07:45 --------- d-----w c:\program files\Windows Mail

2008-10-13 20:56 --------- d-----w c:\program files\VideoLAN

2008-10-13 15:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-10-12 18:45 --------- d-----w c:\users\Lefdal\AppData\Roaming\CyberLink

2008-10-12 18:44 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools

2008-10-12 18:44 --------- d-----w c:\program files\DAEMON Tools Lite

2008-10-12 18:39 --------- d-----w c:\programdata\DAEMON Tools Pro

2008-10-12 18:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-12 18:34 --------- d-----w c:\users\Lefdal\AppData\Roaming\DAEMON Tools Pro

2008-10-09 16:46 --------- d-----w c:\program files\DNA

2008-10-09 16:46 --------- d-----w c:\program files\BitTorrent

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-12-07_21.27.28.79 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-07 20:21:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-12-08 19:00:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-12-07 20:21:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-12-08 19:00:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-12-07 20:22:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-12-08 19:10:54 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-12-08 19:10:54 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-12-07 20:22:15 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-12-08 19:10:54 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-12-07 20:21:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-12-08 19:01:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-12-07 20:21:50 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-08 19:01:05 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-12-07 20:21:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-12-08 19:01:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-12-07 20:10:57 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-12-08 18:52:22 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

- 2008-12-07 19:54:40 7,286 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1569871572-2635126389-3207917308-1000_UserData.bin

+ 2008-12-08 11:33:35 7,714 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1569871572-2635126389-3207917308-1000_UserData.bin

- 2008-12-07 19:54:36 112,876 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-12-08 11:33:33 113,136 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-12-07 19:54:32 46,738 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-12-08 11:33:25 47,216 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-12-07 19:40:18 388,996 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-12-08 17:56:06 391,476 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1261336]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-17 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2008-01-21 03:25 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1569871572-2635126389-3207917308-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{77EE5ECE-F6EA-460F-8BA9-66AF7E5ED80F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{1F154C7C-27EB-4171-AB63-7DC5A2BA90EC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{A7B725BE-FF70-4A2B-8480-BD3DD5C33BFC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{00610391-0091-4004-B2F0-844B7934448F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{FC457852-B3E8-4F8E-9309-6EEA3B7817F2}"= UDP:c:\program files\DNA\btdna.exe:DNA

"{07A6FA7F-3B38-4D85-863B-6EB6A8EA9A08}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{DFD5330B-04E0-42D4-B2CD-419B17791DA1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3322B0B8-C972-4B7E-B7BC-11CD12220971}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{38AF6483-4E6D-4F33-AD11-5023CE0C489F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{8F4CD06A-1E96-42B9-B89A-D87E849B6EE6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{204432DA-42AA-496E-BDF0-B8A1CE0B1F74}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{C6891F6E-D0EB-417B-90C4-9DACE7698806}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{D5B6544E-3FD2-4FC9-9DB6-145BCB6891B8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{F7105BFA-9197-4A76-A253-71369119BF9D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"TCP Query User{A2A1DD8E-F311-4585-9B3D-C78FE3940DDD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{1E837909-1F76-4FA1-8F2C-5B2671445E79}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{A6A4EA66-073A-435F-8411-364F71995E32}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{F4294BFA-C377-4740-B656-5F6C4FD4C406}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

"{06CCA15C-DE6F-4635-81A9-FF7557557D22}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)

"{07DC265C-FD0E-4456-8214-373398B7EB70}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

"{1C19186F-BD20-496E-A830-42D55D433E6C}"= UDP:c:\users\Lefdal\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

"{2E401821-956E-4F5D-B56D-5CF0674AE75A}"= TCP:c:\users\Lefdal\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-07-28 15416]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-29 97928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-07-28 73728]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-29 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 231704]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]

R2 GtFlashSwitch;GtFlashSwitch;"c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" [2007-02-09 176128]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-19 19456]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-06-07 341328]

R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-27 595248]

R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-29 69128]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]

R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-27 40752]

S3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-06-07 193840]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 122496]

S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-04-14 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-04-14 37120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b036dad9-a757-11dd-9347-00218672d3ff}]

\shell\AutoRun\command - g:\.\setup.exe AUTORUN=1

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 20:10:55

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'lsass.exe'(692)

c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(2148)

c:\program files\DigitalPersona\Bin\DpoFeedb.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\System32\wlanext.exe

c:\program files\DigitalPersona\Bin\DpHostW.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\program files\DigitalPersona\Bin\DpAgent.exe

c:\windows\System32\conime.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\windows\ehome\ehmsas.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\windows\System32\lpremove.exe

c:\windows\System32\lpksetup.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2008-12-08 20:16:10 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2008-12-08 19:15:53

ComboFix2.txt 2008-12-07 20:30:42

Pre-Run: 230 948 007 936 byte ledig

Post-Run: 230,849,331,200 byte ledig

295 --- E O F --- 2008-12-04 20:20:56

snipern

snipern

Skrevet 12. desember 2008

Forfatter

Skrevet 12. desember 2008

Kjørt ComboFix fra skrivebordet, ligger i posten over

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...