[Løst] Svchost.exe bruker 60% av CPU, hjelper ikke å avslutte prosess

[Seglsten]

Hei, jeg har et problem med at svchost.exe bruker store deler av cpu-en min. Jeg har søkt mye på nettet, men har ikke funnet en løsning som passer til mitt problem. Så jeg prøver derfor å lage mine egen tråd. Kanskje det hjelper.

 

Problemet ligger i at en fil kalt "svchost.exe" bruker opptil 60% av CPU-en hele tiden. Programene som ligger under denne filen er "DCOM Sever Process Launcher" og "Plug and Play", som vist på screenshot-et av process exlporer:

 

 

 

Avslutter jeg svchost.exe som kjører DCOM~ og Plug and Play, rebooter maskinen etter ca ett minutt, fordi Plug and Play ble avsluttet unormalt. Jeg legger merke til at etter jeg avslutter filen, er CPU-en normal, helt til maskinen har rebootet, da starter problemet på nytt.

 

Scannet med HijackThis, og har lagt ved loggen:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:28:54, on 02.01.2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe

C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\Shared Files\CamTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Users\Tony\Desktop\procexp.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll

F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe,"C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe"

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [softGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [iFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [bits active] "C:\ProgramData\ProgramRegsRegs.nuju617"

O4 - HKCU\..\Run: [vc log bows face] "C:\ProgramData\ENC MIX TICK.ny1t4zt"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O17 - HKLM\Software\..\Telephony: DomainName = skole.troms.vgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe

O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe

O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 12233 bytes

 

 

 

Er det noen som har en løsning på dette problemet?

 

Takk på forhånd.

Endret 15. januar 2009 av Seglsten

[snippsat]

Kjør denne og så får vi malware ut av bildet.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

 

Avslutter jeg svchost.exe som kjører DCOM~ og Plug and Play, rebooter maskinen etter ca ett

Vista må kjøre "DCOM Server Process Launcher",så ingen visst og prøve og stoppe den.

Styrer med en del som du ser.

http://itsvista.com/2007/04/dcom-server-process-launcher/

 

Tar mere om hvordan du finner ut av hvilken tjenste under svchost som bruker mest i process explorer eventuelt process monitor.

 

Har du ikke service pack 1 bør du oppgradere til den det kan løse dette.

[korp]

hvis du kjører NORTON antivirus så er det mulig at det er denne som bruker ressursene din. Prøv eventuelt å stopp den.

[Seglsten]

hvis du kjører NORTON antivirus så er det mulig at det er denne som bruker ressursene din. Prøv eventuelt å stopp den.

 

Kjører ikke Norton, så det er ikke problemet.

[Seglsten]

Kjør denne og så får vi malware ut av bildet.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

 

Avslutter jeg svchost.exe som kjører DCOM~ og Plug and Play, rebooter maskinen etter ca ett

Vista må kjøre "DCOM Server Process Launcher",så ingen visst og prøve og stoppe den.

Styrer med en del som du ser.

http://itsvista.com/2007/04/dcom-server-process-launcher/

 

Tar mere om hvordan du finner ut av hvilken tjenste under svchost som bruker mest i process explorer eventuelt process monitor.

 

Har du ikke service pack 1 bør du oppgradere til den det kan løse dette.

 

Kan du gi meg en liten brief om hva malware egentlig er?

 

Combofix logg:

Klikk for å se/fjerne spoilerteksten nedenfor

ComboFix 08-07-31.01 - Tony 2009-01-02 16:53:23.1 - NTFSx86

Microsoft® Windows Vista™ Enterprise 6.0.6000.0.1252.1.1044.18.1011 [GMT 1:00]

Running from: C:\Users\Tony\Downloads\ComboFix.exe

.

- REDUCED FUNCTIONALITY MODE -

.

 

((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))

.

 

2008-12-23 14:13 . 2008-12-23 15:35 <DIR> d-------- C:\Users\All Users\SecTaskMan

2008-12-23 14:13 . 2008-12-23 15:35 <DIR> d-------- C:\ProgramData\SecTaskMan

2008-12-23 14:12 . 2008-12-23 14:13 <DIR> d-------- C:\Program Files\Security Task Manager

2008-12-23 13:57 . 2008-12-23 13:57 <DIR> d-------- C:\Program Files\RegCure

2008-12-22 20:38 . 2008-12-23 14:22 <DIR> d-------- C:\Users\Gaming\AppData\Roaming\SUPERAntiSpyware.com

2008-12-22 19:42 . 2008-12-22 19:42 <DIR> d-------- C:\Program Files\Lavasoft

2008-12-22 14:56 . 2008-12-22 14:57 <DIR> d-------- C:\Users\Gaming\AppData\Roaming\Tibia

2008-12-22 14:51 . 2008-12-22 14:52 <DIR> d-------- C:\Users\Gaming\AppData\Roaming\Teleca

2008-12-22 14:50 . 2008-12-22 14:50 <DIR> d-------- C:\Users\Gaming\Bluetooth Software

2008-12-22 14:50 . 2008-12-22 14:50 <DIR> d-------- C:\Users\Gaming\AppData\Roaming\Sony Ericsson

2008-12-22 14:50 . 2008-12-22 14:50 <DIR> d-------- C:\Users\Gaming\AppData\Roaming\ATI

2008-12-22 14:49 . 2008-12-22 14:49 <DIR> dr------- C:\Users\Gaming\Searches

2008-12-22 14:49 . 2008-12-22 14:49 <DIR> d-------- C:\Users\Gaming\AppData\Roaming\Infineon

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- C:\Users\Gaming\Videos

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- C:\Users\Gaming\Saved Games

2008-12-22 14:48 . 2008-12-24 16:32 <DIR> dr------- C:\Users\Gaming\Pictures

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- C:\Users\Gaming\Music

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- C:\Users\Gaming\Links

2008-12-22 14:48 . 2008-12-24 16:44 <DIR> dr------- C:\Users\Gaming\Downloads

2008-12-22 14:48 . 2008-12-22 14:50 <DIR> dr------- C:\Users\Gaming\Documents

2008-12-22 14:48 . 2008-12-22 14:48 <DIR> dr------- C:\Users\Gaming\Contacts

2008-12-22 14:48 . 2008-12-24 16:51 <DIR> d-------- C:\Users\Gaming\AppData\Roaming\SoftGrid Client

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> d--h----- C:\Users\Gaming\AppData

2008-12-22 14:48 . 2008-12-22 14:50 <DIR> d-------- C:\Users\Gaming

2008-12-20 22:53 . 2008-12-22 14:23 <DIR> d-------- C:\Users\Administrator.32-TOSE8\Tracing

2008-12-20 21:25 . 2008-12-20 21:25 <DIR> d-------- C:\Users\Administrator.32-TOSE8\AppData\Roaming\skypePM

2008-12-20 21:25 . 2008-12-20 21:25 56 --ah----- C:\Windows\System32\ezsidmv.dat

2008-12-20 21:23 . 2008-12-20 22:19 <DIR> d-------- C:\Users\Administrator.32-TOSE8\AppData\Roaming\Skype

2008-12-20 21:22 . 2008-12-20 21:34 <DIR> d-------- C:\Users\Administrator.32-TOSE8\AppData\Roaming\Tibia

2008-12-20 21:21 . 2008-12-20 21:21 <DIR> d-------- C:\Users\Administrator.32-TOSE8\Bluetooth Software

2008-12-20 21:21 . 2008-12-20 21:22 <DIR> d-------- C:\Users\Administrator.32-TOSE8\AppData\Roaming\Teleca

2008-12-20 21:21 . 2008-12-20 21:21 <DIR> d-------- C:\Users\Administrator.32-TOSE8\AppData\Roaming\Sony Ericsson

2008-12-20 21:21 . 2008-12-20 21:21 <DIR> d-------- C:\Users\Administrator.32-TOSE8\AppData\Roaming\ATI

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- C:\Users\Administrator.32-TOSE8\Videos

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- C:\Users\Administrator.32-TOSE8\Searches

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- C:\Users\Administrator.32-TOSE8\Saved Games

2008-12-20 21:20 . 2008-12-22 14:08 <DIR> dr------- C:\Users\Administrator.32-TOSE8\Pictures

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- C:\Users\Administrator.32-TOSE8\Music

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- C:\Users\Administrator.32-TOSE8\Links

2008-12-20 21:20 . 2008-12-20 22:46 <DIR> dr------- C:\Users\Administrator.32-TOSE8\Downloads

2008-12-20 21:20 . 2008-12-21 20:52 <DIR> dr------- C:\Users\Administrator.32-TOSE8\Documents

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- C:\Users\Administrator.32-TOSE8\Contacts

2008-12-20 21:20 . 2008-12-22 14:45 <DIR> d-------- C:\Users\Administrator.32-TOSE8\AppData\Roaming\SoftGrid Client

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> d-------- C:\Users\Administrator.32-TOSE8\AppData\Roaming\Infineon

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> d--h----- C:\Users\Administrator.32-TOSE8\AppData

2008-12-20 21:20 . 2008-12-20 22:53 <DIR> d-------- C:\Users\Administrator.32-TOSE8

2008-12-20 20:37 . 2008-12-20 20:37 <DIR> d-------- C:\Program Files\Windows Live SkyDrive

2008-12-20 20:37 . 2008-12-20 20:37 <DIR> d-------- C:\Program Files\Microsoft

2008-12-19 01:59 . 2008-12-12 02:53 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-12-13 03:05 . 2008-10-22 00:31 2,048 --a------ C:\Windows\System32\tzres.dll

2008-12-12 09:59 . 2008-11-01 00:38 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-12-12 09:59 . 2008-11-01 04:33 1,687,040 --a------ C:\Windows\System32\gameux.dll

2008-12-12 09:59 . 2008-11-01 04:33 28,672 --a------ C:\Windows\System32\Apphlpdm.dll

2008-12-05 00:36 . 2008-12-05 00:36 308,072 --a------ C:\Windows\WLXPGSS.SCR

2008-12-03 15:18 . 2008-12-03 15:26 <DIR> d-------- C:\Users\Tony\AppData\Roaming\Sports Interactive

2008-12-03 15:17 . 2008-12-03 15:17 <DIR> d-------- C:\Users\All Users\Sports Interactive

2008-12-03 15:17 . 2008-12-03 15:17 <DIR> d-------- C:\ProgramData\Sports Interactive

2008-12-03 15:14 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll

2008-12-03 15:13 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll

2008-12-03 15:05 . 2008-12-03 15:05 <DIR> d-------- C:\Program Files\Sports Interactive

2008-12-03 14:55 . 2008-12-03 14:55 1,989 --a------ C:\Windows\System32\Untitled

2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ C:\Windows\System32\sirenacm.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-02 01:01 --------- d-----w C:\Users\Tony\AppData\Roaming\Skype

2009-01-02 00:22 --------- d-----w C:\Users\Tony\AppData\Roaming\SoftGrid Client

2009-01-01 23:26 --------- d-----w C:\Users\Tony\AppData\Roaming\skypePM

2009-01-01 01:34 --------- d---a-w C:\ProgramData\TEMP

2008-12-26 12:05 --------- d-----w C:\ProgramData\tickbarbdelete

2008-12-26 12:05 --------- d-----w C:\ProgramData\Memo Drive Vc Log

2008-12-23 13:22 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-12-23 13:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-12-22 19:26 --------- d-----w C:\Program Files\Trend Micro

2008-12-20 19:41 --------- d-----w C:\Program Files\Windows Live

2008-12-20 19:21 --------- d-----w C:\Program Files\Tibia

2008-12-13 02:18 174 --sha-w C:\Program Files\desktop.ini

2008-12-13 02:15 --------- d-----w C:\Program Files\Windows Mail

2008-12-13 02:14 --------- d-----w C:\Users\Tony\AppData\Roaming\uTorrent

2008-12-13 02:09 --------- d-----w C:\ProgramData\Microsoft Help

2008-12-02 13:33 --------- d-----w C:\Users\Tony\AppData\Roaming\LimeWire

2008-12-01 17:38 --------- d-----w C:\Program Files\Mozilla Firefox 3.1 Beta 1

2008-11-25 08:34 --------- d-----w C:\Users\Tony\AppData\Roaming\Tibia

2008-11-19 11:16 --------- d-----w C:\Program Files\ACSPMonitor

2008-11-17 12:13 --------- d-----w C:\Program Files\Project64 1.6

2008-11-15 00:02 --------- d-----w C:\Program Files\Common Files\Windows Live

2008-11-11 07:28 --------- d--h--w C:\Program Files\Zero G Registry

2008-11-11 07:28 --------- d-----w C:\Program Files\GeoGebra

2008-11-05 07:16 --------- d-----w C:\Users\Tony\AppData\Roaming\TibiaTestserver

2008-11-05 07:08 --------- d-----w C:\Program Files\TibiaTestserver

2008-11-01 03:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-11-01 03:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-11-01 03:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-11-01 03:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-11-01 03:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-10-31 23:23 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-10-29 06:20 2,923,520 ----a-w C:\Windows\explorer.exe

2008-10-22 03:43 95,232 ----a-w C:\Windows\System32\PortableDeviceClassExtension.dll

2008-10-22 03:43 241,152 ----a-w C:\Windows\System32\PortableDeviceApi.dll

2008-10-22 03:43 160,768 ----a-w C:\Windows\System32\PortableDeviceTypes.dll

2008-10-21 05:16 297,472 ----a-w C:\Windows\System32\gdi32.dll

2008-10-21 05:16 1,645,568 ----a-w C:\Windows\System32\connect.dll

2008-10-16 21:13 1,809,944 ----a-w C:\Windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w C:\Windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w C:\Windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w C:\Windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w C:\Windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w C:\Windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w C:\Windows\System32\wudriver.dll

2008-10-16 13:08 162,064 ----a-w C:\Windows\System32\wuwebv.dll

2008-10-16 12:56 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-10-16 04:40 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-10-16 04:40 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-10-16 04:40 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 15:33 1391640]

 

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

2007-07-31 15:33 1391640 --a------ C:\Program Files\Absolutist_Games\tbAbso.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 15:33 1391640]

 

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 15:33 1391640]

 

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bits active"="C:\ProgramData\ProgramRegsRegs.nuju617" [X]

"vc log bows face"="C:\ProgramData\ENC MIX TICK.ny1t4zt" [X]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-24 10:02 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 22:38 3882312]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-07-23 13:11 21738792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]

"SoftGridTray"="C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-05-14 11:35 308592]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 06:00 33648]

"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 15:52 145184]

"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [2007-05-23 15:04 677408]

"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 18:12 17920]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]

"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 08:38 331552]

"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 09:00 1116920]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 11:00 192512]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 17:14 1183744]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 09:14 528384]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-28 09:18 1261336]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 12:57 111936]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 15:09 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 18:57 289576]

 

C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 19:44:36 101440]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 13:11:50 719664]

DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-11-29 13:19:49 192512]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableLockWorkstation"= 0 (0x0)

"DisableChangePassword"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogoff"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "C:\Windows\system32\EZUPBH~1.DLL" [2008-09-17 12:04 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="C:\\Windows\\system32\\ezShellStart.exe,\"C:\\Program Files\\Softricity\\SoftGrid for Windows Desktops\\sftdcc.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=APSHook.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=\\fvgs-fs\WPA2\StartWPA2.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-46142\Scripts\Logon\0\0]

"Script"=32-Prnt-Alle.vbs

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A1D04258-605F-4338-92FD-3E721EF53E27}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{9D3ABFBA-67BE-4118-A03F-805ECDC75F54}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BD28C474-9645-4F97-9026-C908E25452D5}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{D1908F09-CDD8-4B9B-A5FE-6E69E883D59B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{BE47DDA5-EBD2-42F0-AB58-B05B137AC24E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1FCFA284-0ED1-49C7-91BD-C2B8C9BCD4FC}"= UDP:54321:Trend Micro OfficeScan Listener

"{2CA89D4E-791A-4F6C-9230-8E3C2143C0D3}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{EFEC8D85-6448-40C3-ADFC-670B996446F4}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{DDAE5014-C624-4F5F-9906-E02ED35B2EFB}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

"{FB7093B3-2819-4A93-85B2-7C54C190164C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"{79FABE8B-6C68-44D3-A622-77A0092CE753}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{D020BE9C-0E4F-4EEC-97AB-2AB9D78B9F32}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{63F6BFAA-ECEC-4A11-AF86-3691D76C1115}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{2339BECD-FB00-4D88-AC06-9EEFA810DAE9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{F2699D6F-5948-4596-90C8-9B1D400A1D98}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{564D085C-0359-460D-9EF2-2C0999885C9A}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{13B54DB0-8811-4A20-B160-340E141A266B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{8ED7D5DA-FD1A-4592-A157-688C4D46DCDD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{50D3B870-781B-4A21-A91F-5F7F0D1A52F4}"= UDP:C:\Program Files\ACSPMonitor\ASMonitor.exe:System

"{9060B25F-9F8C-4BB6-8A17-5F19F3622EC0}"= TCP:C:\Program Files\ACSPMonitor\ASMonitor.exe:System

"{A1101DE6-3ED8-4C7B-BE8B-CD034B96A58B}"= UDP:C:\Program Files\actual spy\ASMonitor.exe:System

"{1BD3B88B-EB6F-49A7-9853-3B024825F7AF}"= TCP:C:\Program Files\actual spy\ASMonitor.exe:System

"{121EBD8A-D133-4D69-A8C2-1B8E8EA831D4}"= UDP:C:\Program Files\spy\ASMonitor.exe:System

"{8CC7F098-3CE0-42B9-A67A-B52C52332D4A}"= TCP:C:\Program Files\spy\ASMonitor.exe:System

"{24B10E7D-FF1B-4240-AC8D-58E9C5322BB9}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{A4904EEE-D3C8-4707-86A1-B2A58432B057}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{51D3447C-AC48-4ABF-B405-E3DB67FE4AFC}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 11:23]

R0 SbAlg;SbAlg;C:\Windows\system32\drivers\SbAlg.sys [2006-10-09 13:31]

R0 SbFsLock;SbFsLock;C:\Windows\system32\drivers\SbFsLock.sys [2007-03-29 16:54]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-30 11:29]

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]

R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-04-18 20:32]

R1 RsvLock;RsvLock;C:\Windows\system32\drivers\RsvLock.sys [2007-04-22 16:25]

R1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 19:33]

R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 10:44]

R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 11:30]

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2008-09-17 12:04]

R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 16:32]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 03:00]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 08:38]

R2 sftlist;SoftGrid Client;C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [2007-05-14 11:35]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-26 22:00]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 14:52]

R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 11:42]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 11:42]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 11:42]

R3 sftfs;sftfs;C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftfslh.sys [2007-05-14 11:35]

R3 sftplay;sftplay;C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys [2007-05-14 11:35]

R3 sftvol;sftvol;C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftvollh.sys [2007-05-14 11:34]

R3 sftvsa;SoftGrid Virtual Service Agent;C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [2007-05-14 11:35]

S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\Windows\system32\DRIVERS\s716bus.sys [2007-04-04 11:43]

S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 11:43]

S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s716mdm.sys [2007-04-04 11:43]

S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 11:43]

S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\Windows\system32\DRIVERS\s716nd5.sys [2007-04-04 11:43]

S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s716obex.sys [2007-04-04 11:43]

S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\Windows\system32\DRIVERS\s716unic.sys [2007-04-04 11:43]

S3 V0260VID;Live! Cam Vista IM;C:\Windows\system32\DRIVERS\V0260Vid.sys [2006-04-01 16:16]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker ASChannel

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d742e0-3caa-11dd-afe8-001a6b8007a9}]

\shell\AutoRun\command - E:\wd_windows_tools\WDSetup.exe

 

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2009-01-02 C:\Windows\Tasks\RegCure Program Check.job

- C:\Program Files\RegCure\RegCure.exe [2008-11-27 19:55]

 

2009-01-01 C:\Windows\Tasks\RegCure.job

- C:\Program Files\RegCure\RegCure.exe [2008-11-27 19:55]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-SUPERAntiSpyware - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

ShellExecuteHooks-UPB:{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\f8t03fhy.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-02 16:54:31

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2009-01-02 16:58:02

ComboFix-quarantined-files.txt 2009-01-02 15:57:20

 

Pre-Run: 25,045,532,672 byte ledig

Post-Run: 25,446,039,552 byte ledig

 

291 --- E O F --- 2009-01-02 00:21:28

Klikk for å se/fjerne spoilerteksten nedenfor

 

Venter håpfull på svar!

[Seglsten]

Søkte mer på nettet igår, og tror kanskje jeg har funnet en løsning, litt usikkert enda.

 

Jeg fant løsningen på et amerikansk vista forum, men dom som jeg er lagra jeg ikke linken. Men hverfall, her er hva jeg gjorde.

 

Jeg gikk i kontroll panel / lyd / innspilling / mikrofon / egenskaper / mikrofonforbedringer og haket "deaktiver ekstra mikrofonfunskjoner".

 

Virket litt rart hvis dette er løsningen på problemet, men det ser ikke ut som svchost.exe bruker mer enn 0-2% av CPU-en nå.

 

Håper ikke det bare er midlertidig.

[raWrz]

hei

 

kan du kjøre Combofix en gang til fra skriveborde og ikke fra downloads mappa di ?

 

"Kan du gi meg en liten brief om hva malware egentlig er?"

 

les litt her :

https://www.diskusjon.no/index.php?showtopic=776083

 

Fra Norbat's fjerne malware veiledning:

Klikk for å se/fjerne innholdet nedenfor

Malware er en samlebetegnelse på uønsket / skadelig programvare. Malware (Malicious Software) er bedre kjent under betegnelser som Virus, Trojanere, Ormer, Spyware, Rootkit, Adware ...

 

Har man fått dette på pc'n (vi kaller det for en infeksjon), vil man i de fleste tilfellene registrere at noe har skjedd i form av

- treg pc

- ny bakgrunn på skrivebordet med en advarsel om at pc'n er infisert med virus.

- popups med bla. reklame fra såkalte antispywarescannere (eks. Antivirus2008, m.fl)

- nye søkeverktøy i nettleseren

- problemer med å komme inn på enkelte nettsider / nettsider overhode

- ditt antivirusprogram er slått av

- mange funksjoner i windows er ikke tilgjengelig (automatisk oppdatering, kontrollpanel, regedit, brannmur, manglende ikoner og oppgavelinje for å nevne noe)

[Seglsten]

hei

 

kan du kjøre Combofix en gang til fra skriveborde og ikke fra downloads mappa di ?

 

"Kan du gi meg en liten brief om hva malware egentlig er?"

 

les litt her :

https://www.diskusjon.no/index.php?showtopic=776083

 

Fra Norbat's fjerne malware veiledning:

Klikk for å se/fjerne innholdet nedenfor

Malware er en samlebetegnelse på uønsket / skadelig programvare. Malware (Malicious Software) er bedre kjent under betegnelser som Virus, Trojanere, Ormer, Spyware, Rootkit, Adware ...

 

Har man fått dette på pc'n (vi kaller det for en infeksjon), vil man i de fleste tilfellene registrere at noe har skjedd i form av

- treg pc

- ny bakgrunn på skrivebordet med en advarsel om at pc'n er infisert med virus.

- popups med bla. reklame fra såkalte antispywarescannere (eks. Antivirus2008, m.fl)

- nye søkeverktøy i nettleseren

- problemer med å komme inn på enkelte nettsider / nettsider overhode

- ditt antivirusprogram er slått av

- mange funksjoner i windows er ikke tilgjengelig (automatisk oppdatering, kontrollpanel, regedit, brannmur, manglende ikoner og oppgavelinje for å nevne noe)

 

Har kjørt combofix fra skrivebordet denne gangen. Beklager for seint svar, har ikke hatt internettilgang de siste dagene.

 

Combofix.txt

 

ComboFix 09-01-01.02 - Tony 2009-01-08 8:20:26.2 - NTFSx86

Microsoft® Windows Vista™ Enterprise 6.0.6000.0.1252.1.1044.18.1919.923 [GMT 1:00]

Kjører fra: c:\users\Tony\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Tony\AppData\Roaming\.#

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-08 til 2009-01-08 )))))))))))))))))))))))))))))))))

.

 

2008-12-23 14:13 . 2008-12-23 15:35 <DIR> d-------- c:\users\All Users\SecTaskMan

2008-12-23 14:13 . 2008-12-23 15:35 <DIR> d-------- c:\programdata\SecTaskMan

2008-12-23 14:12 . 2008-12-23 14:13 <DIR> d-------- c:\program files\Security Task Manager

2008-12-23 13:57 . 2008-12-23 13:57 <DIR> d-------- c:\program files\RegCure

2008-12-22 20:38 . 2008-12-23 14:22 <DIR> d-------- c:\users\Gaming\AppData\Roaming\SUPERAntiSpyware.com

2008-12-22 19:42 . 2008-12-22 19:42 <DIR> d-------- c:\program files\Lavasoft

2008-12-22 14:56 . 2008-12-22 14:57 <DIR> d-------- c:\users\Gaming\AppData\Roaming\Tibia

2008-12-22 14:51 . 2008-12-22 14:52 <DIR> d-------- c:\users\Gaming\AppData\Roaming\Teleca

2008-12-22 14:50 . 2008-12-22 14:50 <DIR> d-------- c:\users\Gaming\Bluetooth Software

2008-12-22 14:50 . 2008-12-22 14:50 <DIR> d-------- c:\users\Gaming\AppData\Roaming\Sony Ericsson

2008-12-22 14:50 . 2008-12-22 14:50 <DIR> d-------- c:\users\Gaming\AppData\Roaming\ATI

2008-12-22 14:49 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Searches

2008-12-22 14:49 . 2008-12-22 14:49 <DIR> d-------- c:\users\Gaming\AppData\Roaming\Infineon

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Videos

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Saved Games

2008-12-22 14:48 . 2008-12-24 16:32 <DIR> dr------- c:\users\Gaming\Pictures

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Music

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Links

2008-12-22 14:48 . 2008-12-24 16:44 <DIR> dr------- c:\users\Gaming\Downloads

2008-12-22 14:48 . 2008-12-22 14:50 <DIR> dr------- c:\users\Gaming\Documents

2008-12-22 14:48 . 2008-12-22 14:48 <DIR> dr------- c:\users\Gaming\Contacts

2008-12-22 14:48 . 2008-12-24 16:51 <DIR> d-------- c:\users\Gaming\AppData\Roaming\SoftGrid Client

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> d--h----- c:\users\Gaming\AppData

2008-12-22 14:48 . 2008-12-22 14:50 <DIR> d-------- c:\users\Gaming

2008-12-20 22:53 . 2008-12-22 14:23 <DIR> d-------- c:\users\Administrator.32-TOSE8\Tracing

2008-12-20 21:25 . 2008-12-20 21:25 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\skypePM

2008-12-20 21:25 . 2008-12-20 21:25 56 --ah----- c:\windows\System32\ezsidmv.dat

2008-12-20 21:23 . 2008-12-20 22:19 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Skype

2008-12-20 21:22 . 2008-12-20 21:34 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Tibia

2008-12-20 21:21 . 2008-12-20 21:21 <DIR> d-------- c:\users\Administrator.32-TOSE8\Bluetooth Software

2008-12-20 21:21 . 2008-12-20 21:22 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Teleca

2008-12-20 21:21 . 2008-12-20 21:21 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Sony Ericsson

2008-12-20 21:21 . 2008-12-20 21:21 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\ATI

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Videos

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Searches

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Saved Games

2008-12-20 21:20 . 2008-12-22 14:08 <DIR> dr------- c:\users\Administrator.32-TOSE8\Pictures

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Music

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Links

2008-12-20 21:20 . 2008-12-20 22:46 <DIR> dr------- c:\users\Administrator.32-TOSE8\Downloads

2008-12-20 21:20 . 2008-12-21 20:52 <DIR> dr------- c:\users\Administrator.32-TOSE8\Documents

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Contacts

2008-12-20 21:20 . 2008-12-22 14:45 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\SoftGrid Client

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Infineon

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> d--h----- c:\users\Administrator.32-TOSE8\AppData

2008-12-20 21:20 . 2008-12-20 22:53 <DIR> d-------- c:\users\Administrator.32-TOSE8

2008-12-20 20:37 . 2008-12-20 20:37 <DIR> d-------- c:\program files\Windows Live SkyDrive

2008-12-20 20:37 . 2008-12-20 20:37 <DIR> d-------- c:\program files\Microsoft

2008-12-19 01:59 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-12-13 03:05 . 2008-10-22 00:31 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-12 09:59 . 2008-11-01 00:38 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-12 09:59 . 2008-11-01 04:33 1,687,040 --a------ c:\windows\System32\gameux.dll

2008-12-12 09:59 . 2008-11-01 04:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-08 07:29 --------- d-----w c:\users\Tony\AppData\Roaming\SoftGrid Client

2009-01-08 07:15 --------- d-----w c:\users\Tony\AppData\Roaming\Skype

2009-01-08 07:11 --------- d-----w c:\users\Tony\AppData\Roaming\skypePM

2009-01-07 18:54 --------- d-----w c:\users\Tony\AppData\Roaming\uTorrent

2009-01-07 18:29 --------- d-----w c:\programdata\tickbarbdelete

2009-01-07 18:29 --------- d-----w c:\programdata\Memo Drive Vc Log

2009-01-07 10:40 --------- d---a-w c:\programdata\TEMP

2008-12-23 13:22 --------- d-----w c:\program files\SUPERAntiSpyware

2008-12-23 13:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-22 19:26 --------- d-----w c:\program files\Trend Micro

2008-12-20 19:41 --------- d-----w c:\program files\Windows Live

2008-12-20 19:21 --------- d-----w c:\program files\Tibia

2008-12-13 02:18 174 --sha-w c:\program files\desktop.ini

2008-12-13 02:15 --------- d-----w c:\program files\Windows Mail

2008-12-13 02:09 --------- d-----w c:\programdata\Microsoft Help

2008-12-04 23:36 308,072 ----a-w c:\windows\WLXPGSS.SCR

2008-12-03 14:26 --------- d-----w c:\users\Tony\AppData\Roaming\Sports Interactive

2008-12-03 14:17 --------- d-----w c:\programdata\Sports Interactive

2008-12-03 14:05 --------- d-----w c:\program files\Sports Interactive

2008-12-02 13:33 --------- d-----w c:\users\Tony\AppData\Roaming\LimeWire

2008-12-01 17:38 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 1

2008-11-25 08:34 --------- d-----w c:\users\Tony\AppData\Roaming\Tibia

2008-11-19 11:16 --------- d-----w c:\program files\ACSPMonitor

2008-11-17 12:13 --------- d-----w c:\program files\Project64 1.6

2008-11-15 00:02 --------- d-----w c:\program files\Common Files\Windows Live

2008-11-11 07:28 --------- d--h--w c:\program files\Zero G Registry

2008-11-11 07:28 --------- d-----w c:\program files\GeoGebra

2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-02_16.56.17.95 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-02 00:22:20 1,660 ----a-w c:\windows\bthservsdp.dat

+ 2009-01-08 07:29:51 1,660 ----a-w c:\windows\bthservsdp.dat

+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE

- 2009-01-02 00:57:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-01-08 07:31:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-01-02 00:57:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-01-08 07:31:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-01-02 00:59:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-08 07:34:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2009-01-02 00:59:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-08 07:34:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-08 07:34:23 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-01-02 00:57:10 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-08 07:32:10 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-02 00:57:10 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-08 07:32:10 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-02 00:57:10 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-08 07:31:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-02 15:53:04 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-01-08 07:19:19 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2006-11-02 09:45:39 31,744 ----a-w c:\windows\System32\swsc.exe

- 2009-01-02 01:00:10 7,450 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3683755541-701976524-1024527440-1003_UserData.bin

+ 2009-01-08 07:11:14 7,848 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3683755541-701976524-1024527440-1003_UserData.bin

- 2009-01-02 01:00:10 109,094 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-08 07:11:14 109,260 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-12-24 15:52:17 5,100 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat

+ 2009-01-02 16:01:24 5,100 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat

- 2009-01-02 00:29:17 52,746 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-01-07 12:26:31 52,928 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-01-02 15:41:53 358,366 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-01-07 18:28:43 360,716 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-07-31 1391640]

 

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

2007-07-31 15:33 1391640 --a------ c:\program files\Absolutist_Games\tbAbso.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-07-31 1391640]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "c:\program files\Absolutist_Games\tbAbso.dll" [2007-07-31 1391640]

 

[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vc log bows face"="c:\programdata\bold safe amen.rt4bca" [X]

"Bits active"="c:\programdata\ProgramRegsRegs.zkny9" [X]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-24 1232896]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]

"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SoftGridTray"="c:\program files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-05-14 308592]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]

"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

 

c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-11-29 192512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-09-17 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=APSHook.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=\\fvgs-fs\WPA2\StartWPA2.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-46142\Scripts\Logon\0\0]

"Script"=32-Prnt-Alle.vbs

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A1D04258-605F-4338-92FD-3E721EF53E27}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{9D3ABFBA-67BE-4118-A03F-805ECDC75F54}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BD28C474-9645-4F97-9026-C908E25452D5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{D1908F09-CDD8-4B9B-A5FE-6E69E883D59B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{BE47DDA5-EBD2-42F0-AB58-B05B137AC24E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1FCFA284-0ED1-49C7-91BD-C2B8C9BCD4FC}"= UDP:54321:Trend Micro OfficeScan Listener

"{2CA89D4E-791A-4F6C-9230-8E3C2143C0D3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{EFEC8D85-6448-40C3-ADFC-670B996446F4}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{DDAE5014-C624-4F5F-9906-E02ED35B2EFB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{FB7093B3-2819-4A93-85B2-7C54C190164C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{79FABE8B-6C68-44D3-A622-77A0092CE753}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{D020BE9C-0E4F-4EEC-97AB-2AB9D78B9F32}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{63F6BFAA-ECEC-4A11-AF86-3691D76C1115}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{2339BECD-FB00-4D88-AC06-9EEFA810DAE9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{F2699D6F-5948-4596-90C8-9B1D400A1D98}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{564D085C-0359-460D-9EF2-2C0999885C9A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{13B54DB0-8811-4A20-B160-340E141A266B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{8ED7D5DA-FD1A-4592-A157-688C4D46DCDD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{50D3B870-781B-4A21-A91F-5F7F0D1A52F4}"= UDP:c:\program files\ACSPMonitor\ASMonitor.exe:System

"{9060B25F-9F8C-4BB6-8A17-5F19F3622EC0}"= TCP:c:\program files\ACSPMonitor\ASMonitor.exe:System

"{A1101DE6-3ED8-4C7B-BE8B-CD034B96A58B}"= UDP:c:\program files\actual spy\ASMonitor.exe:System

"{1BD3B88B-EB6F-49A7-9853-3B024825F7AF}"= TCP:c:\program files\actual spy\ASMonitor.exe:System

"{121EBD8A-D133-4D69-A8C2-1B8E8EA831D4}"= UDP:c:\program files\spy\ASMonitor.exe:System

"{8CC7F098-3CE0-42B9-A67A-B52C52332D4A}"= TCP:c:\program files\spy\ASMonitor.exe:System

"{24B10E7D-FF1B-4240-AC8D-58E9C5322BB9}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{A4904EEE-D3C8-4707-86A1-B2A58432B057}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{51D3447C-AC48-4ABF-B405-E3DB67FE4AFC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{47D8E2D8-BB27-4EAA-AD71-03DA0508EA4C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{8FCFBC2B-E3F8-41EB-A2F9-E841B6D240C5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker ASChannel

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d742e0-3caa-11dd-afe8-001a6b8007a9}]

\shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-08 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2008-11-27 19:55]

 

2009-01-04 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2008-11-27 19:55]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.hp.com

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\f8t03fhy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-08 08:34:27

Windows 6.0.6000 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'lsass.exe'(620)

c:\windows\SbHpNp.dll

c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll

c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

 

- - - - - - - > 'Explorer.exe'(2532)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\program files\Softricity\SoftGrid for Windows Desktops\sftshlx.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\hpservice.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\System32\AEADISRV.EXE

c:\windows\System32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\progra~1\AVG\AVG8\avgwdsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\ezntsvc.exe

c:\windows\System32\IFXTCS.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

c:\program files\PDF Complete\pdfsvc.exe

c:\windows\System32\IfxPsdSv.exe

c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe

c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe

c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe

c:\windows\System32\conime.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\System32\IfxUAGUI.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Java\jre1.6.0_07\bin\jucheck.exe

c:\windows\System32\wbem\unsecapp.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-01-08 8:41:26 - maskinen ble startet på nytt [Tony]

ComboFix-quarantined-files.txt 2009-01-08 07:41:08

ComboFix2.txt 2009-01-02 15:58:03

 

Pre-Run: 22 523 760 640 byte ledig

Post-Run: 21,830,475,776 byte ledig

 

332 --- E O F --- 2009-01-02 00:21:28

 

 

 

HÅper dette vil hjelpe meg.

Endret 8. januar 2009 av Seglsten

[snippsat]

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

Registry::

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"=-

[-HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"=-

[-HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vc log bows face"=-

"Bits active"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"=-

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

 

Start->kjør->cmd

sc query > c:\services.txt & start notepad c:\services.txt

Post services.txt

 

Dato da problemet oppsto ca?

 

Se om dette hjelper.

Endret 9. januar 2009 av SNIPPSAT

[Seglsten]

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

Registry::

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"=-

[-HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"=-

[-HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vc log bows face"=-

"Bits active"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"=-

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

 

Start->kjør->cmd

sc query > c:\services.txt & start notepad c:\services.txt

Post services.txt

 

Dato da problemet oppsto ca?

 

Se om dette hjelper.

 

combofix.txt

 

ComboFix 09-01-01.02 - Tony 2009-01-12 3:42:07.3 - NTFSx86

Microsoft® Windows Vista™ Enterprise 6.0.6000.0.1252.1.1044.18.1919.1000 [GMT 1:00]

Kjører fra: c:\users\Tony\Desktop\ComboFix.exe

Command switches brukt :: c:\users\Tony\Desktop\CFScript.txt

* Opprettet nytt gjenopprettingspunkt

.

- REDUCED FUNCTIONALITY MODE -

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-12 til 2009-01-12 )))))))))))))))))))))))))))))))))

.

 

2009-01-09 07:13 . 2009-01-09 07:13 <DIR> d-------- c:\program files\Maxis

2009-01-08 21:34 . 2009-01-08 21:34 <DIR> d-------- c:\users\Tony\AppData\Roaming\DAEMON Tools Pro

2009-01-08 21:34 . 2009-01-08 21:34 <DIR> d-------- c:\users\Tony\AppData\Roaming\DAEMON Tools

2009-01-08 21:33 . 2009-01-08 21:33 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite

2009-01-08 21:33 . 2009-01-08 21:33 <DIR> d-------- c:\programdata\DAEMON Tools Lite

2009-01-08 21:30 . 2009-01-08 21:31 <DIR> d-------- c:\program files\DAEMON Tools Toolbar

2009-01-08 21:30 . 2009-01-08 21:31 <DIR> d-------- c:\program files\DAEMON Tools Lite

2009-01-08 21:02 . 2009-01-08 21:43 <DIR> d-------- c:\users\Tony\AppData\Roaming\DAEMON Tools Lite

2009-01-08 21:02 . 2009-01-08 21:02 717,296 --a------ c:\windows\System32\drivers\sptd.sys

2008-12-23 14:13 . 2008-12-23 15:35 <DIR> d-------- c:\users\All Users\SecTaskMan

2008-12-23 14:13 . 2008-12-23 15:35 <DIR> d-------- c:\programdata\SecTaskMan

2008-12-23 14:12 . 2008-12-23 14:13 <DIR> d-------- c:\program files\Security Task Manager

2008-12-23 13:57 . 2008-12-23 13:57 <DIR> d-------- c:\program files\RegCure

2008-12-22 20:38 . 2008-12-23 14:22 <DIR> d-------- c:\users\Gaming\AppData\Roaming\SUPERAntiSpyware.com

2008-12-22 19:42 . 2008-12-22 19:42 <DIR> d-------- c:\program files\Lavasoft

2008-12-22 14:56 . 2008-12-22 14:57 <DIR> d-------- c:\users\Gaming\AppData\Roaming\Tibia

2008-12-22 14:51 . 2008-12-22 14:52 <DIR> d-------- c:\users\Gaming\AppData\Roaming\Teleca

2008-12-22 14:50 . 2008-12-22 14:50 <DIR> d-------- c:\users\Gaming\Bluetooth Software

2008-12-22 14:50 . 2008-12-22 14:50 <DIR> d-------- c:\users\Gaming\AppData\Roaming\Sony Ericsson

2008-12-22 14:50 . 2008-12-22 14:50 <DIR> d-------- c:\users\Gaming\AppData\Roaming\ATI

2008-12-22 14:49 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Searches

2008-12-22 14:49 . 2008-12-22 14:49 <DIR> d-------- c:\users\Gaming\AppData\Roaming\Infineon

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Videos

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Saved Games

2008-12-22 14:48 . 2008-12-24 16:32 <DIR> dr------- c:\users\Gaming\Pictures

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Music

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> dr------- c:\users\Gaming\Links

2008-12-22 14:48 . 2008-12-24 16:44 <DIR> dr------- c:\users\Gaming\Downloads

2008-12-22 14:48 . 2008-12-22 14:50 <DIR> dr------- c:\users\Gaming\Documents

2008-12-22 14:48 . 2008-12-22 14:48 <DIR> dr------- c:\users\Gaming\Contacts

2008-12-22 14:48 . 2008-12-24 16:51 <DIR> d-------- c:\users\Gaming\AppData\Roaming\SoftGrid Client

2008-12-22 14:48 . 2008-12-22 14:49 <DIR> d--h----- c:\users\Gaming\AppData

2008-12-22 14:48 . 2008-12-22 14:50 <DIR> d-------- c:\users\Gaming

2008-12-20 22:53 . 2008-12-22 14:23 <DIR> d-------- c:\users\Administrator.32-TOSE8\Tracing

2008-12-20 21:25 . 2008-12-20 21:25 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\skypePM

2008-12-20 21:25 . 2008-12-20 21:25 56 --ah----- c:\windows\System32\ezsidmv.dat

2008-12-20 21:23 . 2008-12-20 22:19 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Skype

2008-12-20 21:22 . 2008-12-20 21:34 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Tibia

2008-12-20 21:21 . 2008-12-20 21:21 <DIR> d-------- c:\users\Administrator.32-TOSE8\Bluetooth Software

2008-12-20 21:21 . 2008-12-20 21:22 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Teleca

2008-12-20 21:21 . 2008-12-20 21:21 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Sony Ericsson

2008-12-20 21:21 . 2008-12-20 21:21 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\ATI

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Videos

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Searches

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Saved Games

2008-12-20 21:20 . 2008-12-22 14:08 <DIR> dr------- c:\users\Administrator.32-TOSE8\Pictures

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Music

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Links

2008-12-20 21:20 . 2008-12-20 22:46 <DIR> dr------- c:\users\Administrator.32-TOSE8\Downloads

2008-12-20 21:20 . 2008-12-21 20:52 <DIR> dr------- c:\users\Administrator.32-TOSE8\Documents

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> dr------- c:\users\Administrator.32-TOSE8\Contacts

2008-12-20 21:20 . 2008-12-22 14:45 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\SoftGrid Client

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> d-------- c:\users\Administrator.32-TOSE8\AppData\Roaming\Infineon

2008-12-20 21:20 . 2008-12-20 21:20 <DIR> d--h----- c:\users\Administrator.32-TOSE8\AppData

2008-12-20 21:20 . 2008-12-20 22:53 <DIR> d-------- c:\users\Administrator.32-TOSE8

2008-12-20 20:37 . 2008-12-20 20:37 <DIR> d-------- c:\program files\Windows Live SkyDrive

2008-12-20 20:37 . 2008-12-20 20:37 <DIR> d-------- c:\program files\Microsoft

2008-12-19 01:59 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-12-13 03:05 . 2008-10-22 00:31 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-12 09:59 . 2008-11-01 00:38 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-12 09:59 . 2008-11-01 04:33 1,687,040 --a------ c:\windows\System32\gameux.dll

2008-12-12 09:59 . 2008-11-01 04:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-12 02:32 --------- d-----w c:\users\Tony\AppData\Roaming\Skype

2009-01-12 02:25 --------- d-----w c:\users\Tony\AppData\Roaming\SoftGrid Client

2009-01-12 02:20 --------- d-----w c:\users\Tony\AppData\Roaming\skypePM

2009-01-12 02:13 --------- d---a-w c:\programdata\TEMP

2009-01-12 02:12 --------- d-----w c:\users\Tony\AppData\Roaming\uTorrent

2009-01-10 18:05 --------- d-----w c:\program files\TibiaCam TV Lite

2009-01-08 09:44 --------- d-----w c:\users\Tony\AppData\Roaming\Tibia

2009-01-07 18:29 --------- d-----w c:\programdata\tickbarbdelete

2009-01-07 18:29 --------- d-----w c:\programdata\Memo Drive Vc Log

2008-12-23 13:22 --------- d-----w c:\program files\SUPERAntiSpyware

2008-12-23 13:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-22 19:26 --------- d-----w c:\program files\Trend Micro

2008-12-20 19:41 --------- d-----w c:\program files\Windows Live

2008-12-20 19:21 --------- d-----w c:\program files\Tibia

2008-12-13 02:18 174 --sha-w c:\program files\desktop.ini

2008-12-13 02:15 --------- d-----w c:\program files\Windows Mail

2008-12-13 02:09 --------- d-----w c:\programdata\Microsoft Help

2008-12-04 23:36 308,072 ----a-w c:\windows\WLXPGSS.SCR

2008-12-03 14:26 --------- d-----w c:\users\Tony\AppData\Roaming\Sports Interactive

2008-12-03 14:17 --------- d-----w c:\programdata\Sports Interactive

2008-12-03 14:05 --------- d-----w c:\program files\Sports Interactive

2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll

2008-12-02 13:33 --------- d-----w c:\users\Tony\AppData\Roaming\LimeWire

2008-12-01 17:38 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 1

2008-11-19 11:16 --------- d-----w c:\program files\ACSPMonitor

2008-11-17 12:13 --------- d-----w c:\program files\Project64 1.6

2008-11-15 00:02 --------- d-----w c:\program files\Common Files\Windows Live

2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe

2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll

2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll

2008-10-21 05:16 297,472 ----a-w c:\windows\System32\gdi32.dll

2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll

2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll

2008-10-16 04:40 26,624 ----a-w c:\windows\System32\ieUnatt.exe

.

 

((((((((((((((((((((((((((((( snapshot_2009-01-08_ 8.37.45.13 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-08 07:29:51 1,660 ----a-w c:\windows\bthservsdp.dat

+ 2009-01-12 02:25:47 1,660 ----a-w c:\windows\bthservsdp.dat

- 2009-01-08 07:31:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-01-12 02:27:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-01-08 07:31:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-01-12 02:27:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-01-08 07:34:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-12 02:30:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2009-01-08 07:34:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-12 02:30:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-12 02:30:14 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-01-08 07:32:10 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-12 02:28:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-08 07:32:10 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-12 02:28:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-08 07:31:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-12 02:27:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-11 21:12:44 2,456 ----a-w c:\windows\System32\networklist\icons\{9B1D21AA-0E74-457D-94CC-FD21A3BCF999}_24.bin

+ 2009-01-11 21:12:44 4,280 ----a-w c:\windows\System32\networklist\icons\{9B1D21AA-0E74-457D-94CC-FD21A3BCF999}_32.bin

+ 2009-01-11 21:12:44 9,560 ----a-w c:\windows\System32\networklist\icons\{9B1D21AA-0E74-457D-94CC-FD21A3BCF999}_48.bin

- 2008-12-22 13:53:33 103,924 ----a-w c:\windows\System32\perfc009.dat

+ 2009-01-08 20:39:05 103,924 ----a-w c:\windows\System32\perfc009.dat

- 2008-12-22 13:53:33 79,408 ----a-w c:\windows\System32\perfc014.dat

+ 2009-01-08 20:39:05 79,408 ----a-w c:\windows\System32\perfc014.dat

- 2008-12-22 13:53:33 610,142 ----a-w c:\windows\System32\perfh009.dat

+ 2009-01-08 20:39:05 610,142 ----a-w c:\windows\System32\perfh009.dat

- 2008-12-22 13:53:33 476,858 ----a-w c:\windows\System32\perfh014.dat

+ 2009-01-08 20:39:05 476,858 ----a-w c:\windows\System32\perfh014.dat

- 2009-01-08 07:11:14 7,848 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3683755541-701976524-1024527440-1003_UserData.bin

+ 2009-01-12 02:31:11 8,254 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3683755541-701976524-1024527440-1003_UserData.bin

- 2009-01-08 07:11:14 109,260 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-12 02:31:09 110,400 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-01-02 16:01:24 5,100 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat

+ 2009-01-12 02:15:12 5,100 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat

- 2009-01-07 12:26:31 52,928 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-01-12 02:31:06 53,570 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-01-07 18:28:43 360,716 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-01-11 21:11:05 366,534 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-24 1232896]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]

"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SoftGridTray"="c:\program files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-05-14 308592]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]

"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

 

c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-11-29 192512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-09-17 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,\"c:\program files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=APSHook.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=\\fvgs-fs\WPA2\StartWPA2.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-46142\Scripts\Logon\0\0]

"Script"=32-Prnt-Alle.vbs

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A1D04258-605F-4338-92FD-3E721EF53E27}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{9D3ABFBA-67BE-4118-A03F-805ECDC75F54}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BD28C474-9645-4F97-9026-C908E25452D5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{D1908F09-CDD8-4B9B-A5FE-6E69E883D59B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{BE47DDA5-EBD2-42F0-AB58-B05B137AC24E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1FCFA284-0ED1-49C7-91BD-C2B8C9BCD4FC}"= UDP:54321:Trend Micro OfficeScan Listener

"{2CA89D4E-791A-4F6C-9230-8E3C2143C0D3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{EFEC8D85-6448-40C3-ADFC-670B996446F4}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{DDAE5014-C624-4F5F-9906-E02ED35B2EFB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{FB7093B3-2819-4A93-85B2-7C54C190164C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{79FABE8B-6C68-44D3-A622-77A0092CE753}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{D020BE9C-0E4F-4EEC-97AB-2AB9D78B9F32}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{63F6BFAA-ECEC-4A11-AF86-3691D76C1115}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{2339BECD-FB00-4D88-AC06-9EEFA810DAE9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{F2699D6F-5948-4596-90C8-9B1D400A1D98}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{564D085C-0359-460D-9EF2-2C0999885C9A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{13B54DB0-8811-4A20-B160-340E141A266B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{8ED7D5DA-FD1A-4592-A157-688C4D46DCDD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{50D3B870-781B-4A21-A91F-5F7F0D1A52F4}"= UDP:c:\program files\ACSPMonitor\ASMonitor.exe:System

"{9060B25F-9F8C-4BB6-8A17-5F19F3622EC0}"= TCP:c:\program files\ACSPMonitor\ASMonitor.exe:System

"{A1101DE6-3ED8-4C7B-BE8B-CD034B96A58B}"= UDP:c:\program files\actual spy\ASMonitor.exe:System

"{1BD3B88B-EB6F-49A7-9853-3B024825F7AF}"= TCP:c:\program files\actual spy\ASMonitor.exe:System

"{121EBD8A-D133-4D69-A8C2-1B8E8EA831D4}"= UDP:c:\program files\spy\ASMonitor.exe:System

"{8CC7F098-3CE0-42B9-A67A-B52C52332D4A}"= TCP:c:\program files\spy\ASMonitor.exe:System

"{24B10E7D-FF1B-4240-AC8D-58E9C5322BB9}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{A4904EEE-D3C8-4707-86A1-B2A58432B057}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

"{51D3447C-AC48-4ABF-B405-E3DB67FE4AFC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{47D8E2D8-BB27-4EAA-AD71-03DA0508EA4C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{8FCFBC2B-E3F8-41EB-A2F9-E841B6D240C5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

 

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-09 44720]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-03-29 13696]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-15 97928]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-04-18 39080]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2007-04-22 5808]

R1 tvtool;tvtool;\??\c:\program files\TVTool\tvtool.sys [1996-04-03 5248]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-11-02 22016]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-11-02 22016]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-15 231704]

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-09-17 33792]

R2 HpFkCryptService;Drive Encryption Service;"c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-04-22 221184]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-01-05 18944]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-11-29 540448]

R2 sftlist;SoftGrid Client;"c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe" [2007-05-14 525680]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]

R3 sftfs;sftfs;\??\c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftfslh.sys [2007-05-14 564592]

R3 sftplay;sftplay;\??\c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys [2007-05-14 134000]

R3 sftvol;sftvol;\??\c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftvollh.sys [2007-05-14 17776]

R3 sftvsa;SoftGrid Virtual Service Agent;"c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe" [2007-05-14 206192]

S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2008-05-09 83208]

S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2008-05-09 15112]

S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2008-05-09 108552]

S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2008-05-09 100360]

S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2008-05-09 23176]

S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2008-05-09 98568]

S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2008-05-09 98952]

S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-05-15 162176]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker ASChannel

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40d742e0-3caa-11dd-afe8-001a6b8007a9}]

\shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4a05790-ddc0-11dd-832f-001a6b8007a9}]

\shell\AutoRun\command - E:\setup.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-12 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2008-11-27 19:55]

 

2009-01-11 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2008-11-27 19:55]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.hp.com

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\f8t03fhy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-12 03:42:45

Windows 6.0.6000 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'lsass.exe'(692)

c:\windows\SbHpNp.dll

c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll

c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

 

- - - - - - - > 'Explorer.exe'(3452)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\program files\Softricity\SoftGrid for Windows Desktops\sftshlx.dll

.

Tidspunkt ferdig: 2009-01-12 3:46:43

ComboFix-quarantined-files.txt 2009-01-12 02:46:33

ComboFix2.txt 2009-01-08 07:41:31

ComboFix3.txt 2009-01-02 15:58:03

 

Pre-Run: 15 949 500 416 byte ledig

Post-Run: 15,811,821,568 byte ledig

 

342 --- E O F --- 2009-01-02 00:21:28

 

 

 

Fikk ikke til,

c:\services.txt & start notepad c:\services.txt

:S

Har ikke peiling da problemet oppsto, kanskje i begynnelsen av desember, veldig usikker

Endret 12. januar 2009 av Seglsten

[snippsat]

Vi rydder litt.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Kjør en ny runde med CCleaner.

 

Restart.

 

Start nå kun process explorer,se om svhost bruker mye uten at du starter noe.

[Seglsten]

Vi rydder litt.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Kjør en ny runde med CCleaner.

 

Restart.

 

Start nå kun process explorer,se om svhost bruker mye uten at du starter noe.

 

Gjorde dette. Etter ett minutt etter restart, når de fleste programmene er ferdig oppstratet, da begynner svchost å bruke ca 60% av CPU-en. Jeg minner igjen om at tjenestene som blir brukt er "Plug and Play" og "DCOM Server Process Launcher"

[snippsat]

start->søk->services.msc

Finn plug and play dobbelklikk og deaktiver.

For og få den ut av bildet.

 

 

Process monitor er også bra til og finne ut sånne problmer,vi prøver først og finne det ut med process explorer.

[Seglsten]

start->søk->services.msc

Finn plug and play dobbelklikk og deaktiver.

For og få den ut av bildet.

 

 

Process monitor er også bra til og finne ut sånne problmer,vi prøver først og finne det ut med process explorer.

 

Jeg søkte etter services.msc, men fant ingen filer.

 

Det med process explorer er jeg ikke sikker på om jeg gjorde helt riktig, fikk ihvertfall ikke til.

 

Bilde av process explorer:

 

 

 

Jeg har ett spørsmål. Ville dette bli fikset hvis jeg remormaterte hele pc-en (slettet alt på harddiskene)? Jeg har planlagt å gjøre dette uansett, og nå virker det som en bra løsning.

Endret 14. januar 2009 av Seglsten

[korp]

start->søk->services.msc

Finn plug and play dobbelklikk og deaktiver.

For og få den ut av bildet.

 

 

Process monitor er også bra til og finne ut sånne problmer,vi prøver først og finne det ut med process explorer.

 

Skal det være run(kjør) istedet for søk ??

Altså: start->run->services.msc

[snippsat]

Skal det være run(kjør) istedet for søk ??

Han har vista da skal det fungere med søk(som kjør i xp).

Har du kjør i din win versjon bruker du den.

 

Problemet er "ntdll.dll" bruker mye.

Vi må inn i stacken til den da må process explorer settes opp riktig.

Du får si ifra om du vil det,så får du instrukser om hvordan det gjøres.

 

Jeg har ett spørsmål. Ville dette bli fikset hvis jeg remormaterte hele pc-en (slettet alt på harddiskene)? Jeg har planlagt å gjøre dette uansett, og nå virker det som en bra løsning.

Ja det vil bli borte med formatering,du får sifra hva du velger.

[Seglsten]

Skal det være run(kjør) istedet for søk ??

Han har vista da skal det fungere med søk(som kjør i xp).

Har du kjør i din win versjon bruker du den.

 

Problemet er "ntdll.dll" bruker mye.

Vi må inn i stacken til den da må process explorer settes opp riktig.

Du får si ifra om du vil det,så får du instrukser om hvordan det gjøres.

 

Jeg har ett spørsmål. Ville dette bli fikset hvis jeg remormaterte hele pc-en (slettet alt på harddiskene)? Jeg har planlagt å gjøre dette uansett, og nå virker det som en bra løsning.

Ja det vil bli borte med formatering,du får sifra hva du velger.

 

Jeg har lagt alt jeg trenger av dokumenter osv over på ekstern hardisk. Jeg velger å reformatere, lenge tisden det er blitt gjort uansett

 

Tusen takk for hjeelpen alle sammen!