Just nu i M3-nätverket
Gå till innehåll
lallarn

Skit i datorn

Rekommendera Poster

Mitt Internet explorer fungerar inte som det ska.. Har varit utan skydd i någon månad sen när jag märkte att det var skit i den så installerade jag panda internet security 2008. Sökte igenom och hittade några som den raderade. Men jag har kvar lite.. Jag köra något internet baserad sökning av virus med panda som var djupgående onlinanalys (totalscanpro). Den hittade tre till saker. Dom ligger på:

 

C:\System Volume Informat...882R2FWJFW\NirCmdC.cfexe]

C:\System Volume Informat...882R2FWJFW\NirCmdC.cfexe]

C:\System Volume Informat...882R2FWJFW\NirCmdC.cfexe]

 

 

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:49:27, on 2008-05-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program\mozilla.org\Mozilla\mozilla.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\apvxdwin.exe

C:\Program\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: {c55fe69e-82de-033b-8ce4-c8d49ad9fa4f} - {f4af9da9-4d8c-4ec8-b330-ed28e96ef55c} - C:\WINDOWS\system32\fwownuve.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [7c4919a3] rundll32.exe "C:\WINDOWS\system32\lbbkymnd.dll",b

O4 - HKLM\..\Run: [bM7f7a2a3f] Rundll32.exe "C:\WINDOWS\system32\tyluchkn.dll",s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210972071953

O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

--

End of file - 7017 bytes

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Ladda ner en ny ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

[log]ComboFix 08-05-25.5 - Administratör 2008-05-26 23:43:47.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.835 [GMT 2:00]

Running from: C:\Documents and Settings\PeterA\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\mcrh.tmp

 

.

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))

.

 

2008-05-25 14:46 . 2008-05-25 14:46 <KAT> d-------- C:\Documents and Settings\PeterA\Application Data\Talkback

2008-05-25 14:45 . 2008-05-25 14:45 <KAT> d-------- C:\Program\mozilla.org

2008-05-25 14:45 . 2008-05-25 14:45 <KAT> d-------- C:\Program\Delade filer\mozilla.org

2008-05-25 14:45 . 2008-05-25 14:45 99,024 --a------ C:\WINDOWS\mozillauninstall.exe

2008-05-25 14:45 . 2008-05-25 14:45 98,512 --a------ C:\WINDOWS\GREUninstall.exe

2008-05-25 01:37 . 2008-05-25 01:37 <KAT> d-------- C:\Program\CCleaner

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\PeterA\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\Administrat÷r

2008-05-24 13:48 . 2008-05-24 13:48 0 --a------ C:\WINDOWS\BM7f7a2a3f.xml

2008-05-24 13:47 . 2008-05-26 19:49 1,194 ---hs---- C:\WINDOWS\system32\dnmykbbl.ini

2008-05-24 13:46 . 2008-05-24 13:46 <KAT> d-------- C:\WINDOWS\system32\xircom

2008-05-24 13:46 . 2008-05-24 13:46 <KAT> d-------- C:\Program\microsoft frontpage

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-24 10:23 . 2008-05-16 17:52 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-24 10:23 . 2008-05-16 17:52 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-24 10:23 . 2008-05-26 23:44 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-24 10:23 . 2008-05-26 23:44 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C4.tmp

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C4.tmp

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C1.tmp

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C1.tmp

2008-05-24 10:23 . 2008-05-24 10:23 <KAT> d-------- C:\Documents and Settings\Administratör

2008-05-24 00:12 . 2008-05-24 00:12 48 --a------ C:\WINDOWS\wininit.ini

2008-05-24 00:03 . 2008-05-24 00:03 133,632 --a------ C:\WINDOWS\system32\fwownuve.dll

2008-05-23 23:59 . 2008-05-25 02:38 48 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat

2008-05-23 23:58 . 2008-05-26 22:43 220,680 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2008-05-23 23:57 . 2008-05-26 22:43 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2008-05-23 14:09 . 2008-05-23 14:09 <KAT> d-------- C:\Program\Trend Micro

2008-05-23 14:03 . 2008-05-26 20:51 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC

2008-05-23 14:00 . 2008-05-26 22:43 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys

2008-05-23 13:59 . 2008-05-23 13:59 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-05-23 13:58 . 2008-05-23 13:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Backup

2008-05-23 13:57 . 2008-05-23 13:57 <KAT> d-------- C:\WINDOWS\system32\PAV

2008-05-23 13:57 . 2008-05-25 01:00 <KAT> d-------- C:\Program\Panda Security

2008-05-23 13:57 . 2008-05-23 13:57 <KAT> d--h----- C:\Program\InstallShield Installation Information

2008-05-23 13:55 . 2008-05-23 13:55 <KAT> d-------- C:\Program\Delade filer\Panda Software

2008-05-23 13:55 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-05-23 13:55 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-05-23 00:19 . 2008-05-23 00:19 <KAT> d-------- C:\Documents and Settings\PeterA\Application Data\vlc

2008-05-22 22:43 . 2008-05-22 22:43 <KAT> d-------- C:\Program\VideoLAN

2008-05-22 21:41 . 2008-05-25 14:45 8,536 --a------ C:\WINDOWS\mozver.dat

2008-05-22 16:19 . 2008-05-22 16:19 622 --a------ C:\WINDOWS\langorig.ini

2008-05-22 15:45 . 2008-05-22 15:45 135,680 --a------ C:\WINDOWS\system32\gpbrlxnj.dll

2008-05-22 15:43 . 2008-05-25 14:46 335 --a------ C:\WINDOWS\nsreg.dat

2008-05-20 22:51 . 2008-05-25 01:47 <KAT> d-------- C:\Program\Delade filer\Symantec Shared

2008-05-20 22:50 . 2008-05-20 22:50 16,896 --a------ C:\WINDOWS\system32\Norton Updater.exe

2008-05-20 17:10 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-05-20 17:10 . 2008-05-20 17:10 383 --a------ C:\WINDOWS\ODBC.INI

2008-05-20 17:09 . 2008-05-20 17:09 <KAT> d-------- C:\WINDOWS\SHELLNEW

2008-05-20 17:09 . 2008-05-20 17:09 <KAT> d-------- C:\Program\Microsoft.NET

2008-05-20 16:32 . 2008-05-20 16:32 <KAT> d-------- C:\Program\D-Tools

2008-05-20 16:32 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys

2008-05-20 16:32 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys

2008-05-20 16:31 . 2008-05-20 16:31 <KAT> d-------- C:\WINDOWS\Downloaded Installations

2008-05-18 17:13 . 2001-09-06 19:55 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-05-18 17:13 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-17 20:17 . 2008-05-17 20:17 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-05-17 20:16 . 2008-05-17 20:16 <KAT> d-------- C:\Program\Messenger Plus! Live

2008-05-17 15:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-17 15:34 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-17 14:56 . 2008-05-17 14:56 <KAT> d-------- C:\WINDOWS\Sun

2008-05-17 14:40 . 2008-05-25 00:52 <KAT> d-------- C:\Program\Delade filer\muvee Technologies

2008-05-17 14:40 . 2007-02-08 21:30 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll

2008-05-17 14:40 . 2007-02-08 21:30 626,688 -ra------ C:\WINDOWS\system32\msvcr80.dll

2008-05-17 14:40 . 2007-02-08 21:30 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll

2008-05-17 14:40 . 2007-02-08 21:30 95,744 -ra------ C:\WINDOWS\system32\atl80.dll

2008-05-17 14:39 . 2008-05-25 00:52 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-05-17 14:38 . 2008-05-17 14:38 <KAT> d-------- C:\Program\OLYMPUS

2008-05-16 23:21 . 2008-05-16 23:21 <KAT> d-------- C:\Program\Synaptics

2008-05-16 23:21 . 2008-05-20 07:26 <KAT> d-------- C:\Program\Microsoft Silverlight

2008-05-16 23:20 . 2008-05-16 23:20 <KAT> d-------- C:\Program\MSBuild

2008-05-16 23:17 . 2008-05-16 23:46 <KAT> d-------- C:\WINDOWS\system32\XPSViewer

2008-05-16 23:16 . 2008-05-16 23:16 <KAT> d-------- C:\Program\Reference Assemblies

2008-05-16 23:16 . 2008-05-16 23:16 <KAT> d-------- C:\Program\CONEXANT

2008-05-16 23:13 . 2008-05-16 23:13 <KAT> d-------- C:\WINDOWS\system32\URTTemp

2008-05-16 20:42 . 2008-05-16 20:42 <KAT> d-------- C:\Program\BitLord

2008-05-16 18:53 . 2008-02-15 10:19 172,032 --a------ C:\WINDOWS\system32\igfxres.dll

2008-05-16 18:50 . 2008-05-16 18:50 <KAT> d-------- C:\Program\MSXML 6.0

2008-05-16 18:47 . 2008-05-16 18:47 <KAT> d-------- C:\Documents and Settings\PeterA\Contacts

2008-05-16 18:45 . 2008-05-23 13:55 <KAT> d-------- C:\Program\Delade filer\InstallShield

2008-05-16 18:45 . 2008-05-16 18:45 <KAT> d-------- C:\Program\Broadcom

2008-05-16 18:45 . 2006-01-19 06:49 667,648 --a------ C:\WINDOWS\system32\BCMLogon.dll

2008-05-16 18:40 . 2008-05-16 18:46 <KAT> d--hsc--- C:\Program\Delade filer\WindowsLiveInstaller

2008-05-16 18:39 . 2008-05-24 23:08 <KAT> d-------- C:\Program\Windows Live

2008-05-16 18:39 . 2008-05-16 18:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-16 18:25 . 2008-05-16 18:27 <KAT> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-05-16 18:11 . 2008-05-16 18:11 <KAT> d-------- C:\WINDOWS\system32\Lang

2008-05-16 18:10 . 2008-05-16 18:10 <KAT> d-------- C:\Program\Intel

2008-05-16 18:10 . 2008-05-16 18:10 <KAT> d-------- C:\Intel

2008-05-16 18:10 . 2007-07-26 13:45 53,248 --a------ C:\WINDOWS\system32\CSVer.dll

2008-05-16 18:03 . 2008-05-16 18:03 <KAT> d-------- C:\Program\Windows Media Connect 2

2008-05-16 18:02 . 2008-05-16 18:02 <KAT> d-------- C:\WINDOWS\system32\LogFiles

2008-05-16 18:02 . 2008-05-16 18:02 <KAT> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-05-16 18:02 . 2007-10-05 15:42 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-05-16 18:01 . 2008-05-16 18:01 <KAT> d-------- C:\Program\Java

2008-05-16 18:01 . 2008-05-16 18:01 <KAT> d-------- C:\Program\Delade filer\Java

2008-05-16 18:01 . 2004-08-04 09:34 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-16 18:01 . 2007-12-13 23:29 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-16 18:00 . 2008-05-16 19:39 <KAT> dr------- C:\Documents and Settings\PeterA\Start-meny

2008-05-16 18:00 . 2008-05-26 23:41 <KAT> d-------- C:\Documents and Settings\PeterA\Skrivbord

2008-05-16 18:00 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\PeterA\Skrivare

2008-05-16 18:00 . 2008-05-21 18:27 <KAT> d--h----- C:\Documents and Settings\PeterA\Nätverket

2008-05-16 18:00 . 2008-05-21 17:49 <KAT> dr------- C:\Documents and Settings\PeterA\Mina dokument

2008-05-16 18:00 . 2008-05-16 17:52 <KAT> d--h----- C:\Documents and Settings\PeterA\Mallar

2008-05-16 18:00 . 2008-05-26 23:44 <KAT> d--h----- C:\Documents and Settings\PeterA\Lokala inställningar

2008-05-16 18:00 . 2008-05-16 18:02 <KAT> dr------- C:\Documents and Settings\PeterA\Favoriter

2008-05-16 18:00 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\PeterA\7zS8C4.tmp

2008-05-16 18:00 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\PeterA\7zS8C1.tmp

2008-05-16 18:00 . 2008-05-26 16:55 <KAT> d-------- C:\Documents and Settings\PeterA

2008-05-16 18:00 . 2003-02-26 22:27 36,864 --------- C:\WINDOWS\system32\wbsys.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-26 20:43 220,680 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-05-26 20:43 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2008-05-22 22:19 --------- d-----w C:\Documents and Settings\PeterA\Application Data\vlc

2008-05-20 20:50 117,248 ----a-w C:\WINDOWS\system32\mqtgsvc.exe

2008-05-16 15:58 --------- d-----w C:\Program\MSXML 4.0

2008-05-16 15:55 --------- d-----w C:\Program\Onlinetjänster

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:52 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:52 162,592 ------w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:01 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:01 1,845,888 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-12 11:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll

2008-03-07 08:26 920,088 ----a-w C:\WINDOWS\system32\igxpun.exe

2008-03-01 14:02 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

.

 

------- Sigcheck -------

 

2008-01-19 08:31 360832 ddd3d4ae703c7ceee45041b58ae243ff C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot@2008-05-24_13.48.33.75 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-05-25 20:07:29 91,488 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2008-05-25 20:07:28 103,776 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

- 2008-05-20 15:09:44 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2008-05-25 20:07:00 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

- 2008-05-20 15:09:43 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2008-05-25 20:06:54 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

- 2008-05-24 11:46:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-26 21:42:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2003-07-15 09:13:58 166,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL

+ 2003-07-15 04:43:20 87,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL

+ 2003-07-15 04:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL

+ 2003-07-15 04:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\AW.DLL

+ 2003-07-15 01:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL

+ 2003-07-15 09:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE

+ 2003-07-26 00:57:20 75,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL

+ 2003-07-15 04:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL

+ 2003-07-15 04:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE

+ 2003-07-31 21:19:52 131,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL

+ 2003-08-13 08:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE

+ 2003-07-15 04:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE

+ 2003-08-03 16:56:16 1,146,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\FM20.DLL

+ 2003-07-24 05:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL

+ 2003-07-15 05:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL

+ 2003-07-15 04:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL

+ 2003-07-26 01:00:16 1,157,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL

+ 2003-07-26 01:14:50 799,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL

+ 2003-07-15 05:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE

+ 2003-07-14 20:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL

+ 2003-07-15 04:53:50 161,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL

+ 2003-07-24 04:32:32 121,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL

+ 2003-08-01 21:07:36 4,815,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\INFOPATH.EXE

+ 2003-07-15 04:45:14 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL

+ 2003-05-28 21:42:48 514,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL

+ 2003-06-18 23:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL

+ 2003-06-18 15:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL

+ 2003-06-18 23:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL

+ 2003-06-18 23:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL

+ 2003-06-18 23:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL

+ 2003-06-18 15:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL

+ 2003-05-28 21:42:50 342,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\METCONV.DLL

+ 2003-07-15 04:46:08 176,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL

+ 2003-08-15 06:54:08 6,627,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE

+ 2003-07-15 09:13:58 130,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL

+ 2003-07-14 20:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL

+ 2003-07-15 04:51:50 116,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL

+ 2002-12-18 01:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL

+ 2002-12-18 01:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL

+ 2003-07-15 04:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL

+ 2003-07-15 09:14:00 139,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL

+ 2002-04-10 02:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL

+ 2003-07-15 04:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL

+ 2003-08-08 06:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSO.DLL

+ 2003-07-14 20:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL

+ 2003-07-15 01:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL

+ 2003-07-23 20:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL

+ 2003-07-15 04:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL

+ 2003-07-15 04:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL

+ 2003-07-15 04:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE

+ 2002-12-18 01:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL

+ 2003-07-11 08:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL

+ 2003-07-15 09:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL

+ 2003-07-14 20:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL

+ 2003-07-15 04:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL

+ 2003-07-15 04:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL

+ 2003-07-15 04:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL

+ 2003-07-15 04:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE

+ 2003-07-15 04:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL

+ 2003-06-18 15:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL

+ 2003-06-18 15:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL

+ 2003-07-28 18:24:40 5,677,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE

+ 2003-06-19 14:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE

+ 2003-07-15 04:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL

+ 2003-07-15 05:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE

+ 2003-07-15 04:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE

+ 2003-07-24 04:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL

+ 2003-07-15 05:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL

+ 2003-07-15 04:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\NAME.DLL

+ 2003-07-15 04:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL

+ 2008-05-20 15:09:43 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL

+ 2003-07-15 09:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OIS.EXE

+ 2003-07-15 09:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL

+ 2003-07-15 09:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL

+ 2003-07-15 09:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL

+ 2003-07-15 05:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL

+ 2003-07-15 04:41:56 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL

+ 2003-07-15 04:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL

+ 2003-07-07 19:36:00 2,058,343 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT

+ 2003-07-08 17:48:00 115,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL

+ 2003-08-10 05:06:42 7,522,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL

+ 2003-07-15 04:44:32 88,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL

+ 2003-07-15 04:45:18 196,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE

+ 2003-07-15 04:43:48 139,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL

+ 2003-07-15 04:43:18 64,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL

+ 2003-07-15 04:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL

+ 2003-08-04 19:19:34 7,330,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OWC10.DLL

+ 2003-08-01 21:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL

+ 2003-07-30 18:40:40 6,133,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE

+ 2003-07-15 09:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL

+ 2003-07-15 09:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL

+ 2003-07-31 21:21:08 1,782,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE

+ 2003-07-15 04:40:26 130,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL

+ 2003-07-15 04:51:12 604,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL

+ 2003-07-15 04:50:26 551,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL

+ 2003-07-15 04:40:16 51,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL

+ 2003-07-15 04:42:26 37,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL

+ 2003-05-09 03:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL

+ 2003-07-15 04:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL

+ 2003-07-15 04:43:30 74,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\RM.DLL

+ 2003-07-21 17:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL

+ 2003-07-15 04:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL

+ 2003-07-14 20:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL

+ 2003-07-15 04:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE

+ 2003-08-06 19:26:18 445,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\SOA.DLL

+ 2003-08-03 16:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL

+ 2003-07-15 05:00:22 99,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL

+ 2003-07-03 13:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL

+ 2008-05-20 15:09:44 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL

+ 2003-08-06 19:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE

+ 2007-03-22 17:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL

+ 2007-03-22 17:07:54 80,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL

+ 2007-04-19 11:53:52 137,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL

+ 2007-05-31 11:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE

+ 2007-04-19 12:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL

+ 2007-04-19 11:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL

+ 2007-04-19 11:54:04 183,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL

+ 2007-06-18 15:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\MSO.DLL

+ 2007-05-10 11:35:04 6,747,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE

+ 2007-05-31 11:43:46 7,613,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL

+ 2007-04-19 11:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL

+ 2007-05-31 11:42:14 200,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE

+ 2007-04-19 11:53:56 149,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL

+ 2007-04-19 11:53:24 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL

+ 2007-05-31 11:35:46 133,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL

+ 2007-05-31 11:36:08 612,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL

+ 2007-05-10 11:34:48 562,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL

+ 2007-03-22 17:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL

+ 2007-03-22 17:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\RM.DLL

+ 2007-03-22 17:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL

+ 2007-05-09 15:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL

+ 2007-05-31 11:37:40 12,310,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\D140110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE

- 2008-05-20 15:10:28 593,920 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-05-25 20:17:43 593,920 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-05-20 15:10:28 12,288 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-05-25 20:17:43 12,288 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-05-20 15:10:28 86,016 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-05-25 20:17:43 86,016 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-05-20 15:10:28 135,168 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-05-25 20:17:43 135,168 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-05-20 15:10:28 11,264 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-05-25 20:17:43 11,264 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-05-20 15:10:28 27,136 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-05-25 20:17:43 27,136 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-05-20 15:10:28 4,096 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-05-25 20:17:43 4,096 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-05-20 15:10:28 794,624 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-05-25 20:17:43 794,624 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-05-20 15:10:28 249,856 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-05-25 20:17:43 249,856 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-05-20 15:10:28 61,440 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-05-25 20:17:43 61,440 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-05-20 15:10:28 23,040 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-05-25 20:17:43 23,040 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-05-20 15:10:28 286,720 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-05-25 20:17:43 286,720 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-05-20 15:10:28 409,600 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-05-25 20:17:43 409,600 ----a-r C:\WINDOWS\Installer\{9011041D-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2003-08-03 16:56:16 1,146,184 ----a-w C:\WINDOWS\system32\FM20.DLL

+ 2007-06-06 08:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL

+ 2007-03-22 17:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL

- 2003-08-19 10:51:16 40,080 ----a-w C:\WINDOWS\system32\FM20SVE.DLL

+ 2007-04-05 08:28:28 45,792 ----a-w C:\WINDOWS\system32\FM20SVE.DLL

- 2008-05-20 17:01:20 194,568 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-05-26 14:50:06 188,200 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2008-05-24 11:18:54 71,642 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-05-26 20:47:05 71,642 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-05-24 11:18:54 83,496 ----a-w C:\WINDOWS\system32\perfc01D.dat

+ 2008-05-26 20:47:05 83,496 ----a-w C:\WINDOWS\system32\perfc01D.dat

- 2008-05-24 11:18:54 441,958 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-05-26 20:47:05 441,958 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-05-24 11:18:54 444,034 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2008-05-26 20:47:05 444,034 ----a-w C:\WINDOWS\system32\perfh01D.dat

- 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

+ 2007-04-09 11:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

- 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

+ 2007-04-09 11:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

- 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

+ 2007-04-09 11:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

- 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

+ 2007-04-09 11:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

- 2003-06-18 23:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

+ 2007-04-09 11:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4af9da9-4d8c-4ec8-b330-ed28e96ef55c}]

2008-05-24 00:03 133632 --a------ C:\WINDOWS\system32\fwownuve.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2008-03-01 15:02 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 01:12 144784]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 10:16 135168]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 10:16 159744]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 10:16 131072]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-01-19 06:49 1236992]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:04 1028096]

"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2008-03-01 15:02 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\BitLord\\BitLord.exe"=

 

S1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]

S1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]

S1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]

S1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]

S1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]

S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]

S1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]

S1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]

S2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]

S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []

S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [2008-05-26 22:43]

S3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]

S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

 

*Newly Created Service* - CATCHME

*Newly Created Service* - MDMXSDK

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E93F94EE-7680-6CCD-AFB3-AE7CEC620937}]

C:\WINDOWS\system32:winregpi.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-26 23:44:35

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-26 23:44:59

ComboFix-quarantined-files.txt 2008-05-26 21:44:57

ComboFix2.txt 2008-05-24 11:48:58

 

Pre-Run: 43,203,858,432 byte ledigt

Post-Run: 43,313,491,968 byte ledigt

 

435 --- E O F --- 2008-05-24 11:52:02

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\dnmykbbl.ini

C:\WINDOWS\system32\fwownuve.dll

C:\WINDOWS\system32\drivers\wnmsav.dat

C:\WINDOWS\langorig.ini

C:\WINDOWS\system32\gpbrlxnj.dll

C:\WINDOWS\system32:winregpi.exe

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

C:\WINDOWS\system32\dnmykbbl.ini = 0%

[log]C:\WINDOWS\system32\drivers\wnmsav.dat-

Avast 4.8.1195.0 2008.05.27 Win32:Vundo@dll

F-Secure 6.70.13260.0 2008.05.27 Vundo.gen179

Fortinet 3.14.0.0 2008.05.27 Virtum!tr

GData 2.0.7306.1023 2008.05.27 Win32:Vundo

Sophos 4.29.0 2008.05.27 Troj/Virtum-Gen

Webwasher-Gateway 6.6.2 2008.05.27 Win32.Malware.gen (suspicious)[/log]

C:\WINDOWS\system32\drivers\wnmsav.dat = 0%

C:\WINDOWS\langorig.ini = 0%

 

 

[log]C:\WINDOWS\system32\gpbrlxnj.dll

Avast 4.8.1195.0 2008.05.27 Win32:Vundo@dll

F-Secure 6.70.13260.0 2008.05.27 Vundo.gen179

Fortinet 3.14.0.0 2008.05.27 Virtum!tr

GData 2.0.7306.1023 2008.05.27 Win32:Vundo

Ikarus T3.1.1.26.0 2008.05.27 Virus.Win32.Vundo@dll

Panda 9.0.0.4 2008.05.27 Suspicious file

Prevx1 V2 2008.05.27 Malicious Software

Sophos 4.29.0 2008.05.27 Troj/Virtum-Gen

Webwasher-Gateway 6.6.2 2008.05.27 Win32.Malware.gen!80 (suspicious)[/log]

 

C:\WINDOWS\system32:winregpi.exe

Den sista går inte att hitta

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Först så har du klistrat in resultat för wnmsav.dat och sedan skriver du 0%. Vilket ska det vara?

 

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

[log]

SDFix: Version 1.186

Run by Administrat”r on 2008-05-27 at 21:24

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-27 21:26:34

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]

"khjeh"=hex:20,02,00,00,df,cc,28,06,7b,65,4a,59,c3,4f,92,b9,a4,68,31,31,2f,..

"hj34z0"=hex:f4,a5,29,b6,7c,13,84,cd,da,34,26,45,bb,49,38,24,89,dd,d1,4a,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]

"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavSRK.sys]

"Status"=dword:00000002

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program\\BitLord\\BitLord.exe"="C:\\Program\\BitLord\\BitLord.exe:*:Enabled:BitLord"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Fri 16 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0dfd3710c94c54eb437b4b3d879c13d9\BIT22.tmp"

Fri 16 May 2008 98,396,175 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3e2960e19f2b91860f4a23095cfd8daf\download\BIT25D.tmp"

 

Finished!

 

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Först så har du klistrat in resultat för wnmsav.dat och sedan skriver du 0%. Vilket ska det vara?

 

Se om det går att skanna denna fil på virustotal-sidan:

C:\WINDOWS\system32

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

Finns det någon fil som heter något med system32 i C:\WINDOWS eller är det bara en mapp som heter så?

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

C:\WINDOWS\system32\drivers\wnmsav.dat- Är den som det vissas massa virus ifrån.

 

C:\WINDOWS\system32\dnmykbbl.ini = är inget ifrån

 

Går inte att scana C:\WINDOWS\system32

 

Jag har alla inställningar på mappalternativ som du sa. Och jag kollade finns bara en mapp som heter system32. Inget annat i typen system.. Bara system.ini

 

 

[inlägget ändrat 2008-05-28 00:05:58 av lallarn]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Kopiera alla rader i rutan (använd markera kod)

File::
C:\WINDOWS\system32\dnmykbbl.ini
C:\WINDOWS\system32\fwownuve.dll
C:\WINDOWS\system32\drivers\wnmsav.dat
C:\WINDOWS\langorig.ini
C:\WINDOWS\system32\gpbrlxnj.dll
C:\WINDOWS\BM7f7a2a3f.xml

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut och en ny HijackThis-logg.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

[log]ComboFix 08-05-25.5 - Administratör 2008-05-28 8:31:43.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.834 [GMT 2:00]

Running from: C:\Documents and Settings\PeterA\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\PeterA\Skrivbord\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\BM7f7a2a3f.xml

C:\WINDOWS\langorig.ini

C:\WINDOWS\system32\dnmykbbl.ini

C:\WINDOWS\system32\drivers\wnmsav.dat

C:\WINDOWS\system32\fwownuve.dll

C:\WINDOWS\system32\gpbrlxnj.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BM7f7a2a3f.xml

C:\WINDOWS\langorig.ini

C:\WINDOWS\system32\dnmykbbl.ini

C:\WINDOWS\system32\drivers\wnmsav.dat

C:\WINDOWS\system32\fwownuve.dll

C:\WINDOWS\system32\gpbrlxnj.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))

.

 

2008-05-27 21:22 . 2008-05-27 21:22 <KAT> d-------- C:\WINDOWS\ERUNT

2008-05-27 21:19 . 2008-05-27 21:28 <KAT> d-------- C:\SDFix

2008-05-25 14:46 . 2008-05-25 14:46 <KAT> d-------- C:\Documents and Settings\PeterA\Application Data\Talkback

2008-05-25 14:45 . 2008-05-25 14:45 <KAT> d-------- C:\Program\mozilla.org

2008-05-25 14:45 . 2008-05-25 14:45 <KAT> d-------- C:\Program\Delade filer\mozilla.org

2008-05-25 14:45 . 2008-05-25 14:45 99,024 --a------ C:\WINDOWS\mozillauninstall.exe

2008-05-25 14:45 . 2008-05-25 14:45 98,512 --a------ C:\WINDOWS\GREUninstall.exe

2008-05-25 01:37 . 2008-05-25 01:37 <KAT> d-------- C:\Program\CCleaner

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\PeterA\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\Administrat÷r

2008-05-24 13:46 . 2008-05-24 13:46 <KAT> d-------- C:\WINDOWS\system32\xircom

2008-05-24 13:46 . 2008-05-24 13:46 <KAT> d-------- C:\Program\microsoft frontpage

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-24 10:23 . 2008-05-28 08:31 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-24 10:23 . 2008-05-28 08:31 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-24 10:23 . 2008-05-16 17:52 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-24 10:23 . 2008-05-16 17:52 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-24 10:23 . 2008-05-28 08:32 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-24 10:23 . 2008-05-28 08:32 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C4.tmp

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C4.tmp

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C1.tmp

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C1.tmp

2008-05-24 10:23 . 2008-05-24 10:23 <KAT> d-------- C:\Documents and Settings\Administratör

2008-05-24 00:12 . 2008-05-24 00:12 48 --a------ C:\WINDOWS\wininit.ini

2008-05-23 23:58 . 2008-05-27 21:55 228,036 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2008-05-23 23:57 . 2008-05-28 08:10 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2008-05-23 14:09 . 2008-05-23 14:09 <KAT> d-------- C:\Program\Trend Micro

2008-05-23 14:03 . 2008-05-27 20:52 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC

2008-05-23 14:00 . 2008-05-27 21:26 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys

2008-05-23 13:59 . 2008-05-23 13:59 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-05-23 13:58 . 2008-05-23 13:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Backup

2008-05-23 13:57 . 2008-05-23 13:57 <KAT> d-------- C:\WINDOWS\system32\PAV

2008-05-23 13:57 . 2008-05-25 01:00 <KAT> d-------- C:\Program\Panda Security

2008-05-23 13:57 . 2008-05-23 13:57 <KAT> d--h----- C:\Program\InstallShield Installation Information

2008-05-23 13:55 . 2008-05-23 13:55 <KAT> d-------- C:\Program\Delade filer\Panda Software

2008-05-23 13:55 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-05-23 13:55 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-05-23 00:19 . 2008-05-23 00:19 <KAT> d-------- C:\Documents and Settings\PeterA\Application Data\vlc

2008-05-22 22:43 . 2008-05-22 22:43 <KAT> d-------- C:\Program\VideoLAN

2008-05-22 21:41 . 2008-05-25 14:45 8,536 --a------ C:\WINDOWS\mozver.dat

2008-05-22 15:43 . 2008-05-25 14:46 335 --a------ C:\WINDOWS\nsreg.dat

2008-05-20 22:51 . 2008-05-25 01:47 <KAT> d-------- C:\Program\Delade filer\Symantec Shared

2008-05-20 22:50 . 2008-05-20 22:50 16,896 --a------ C:\WINDOWS\system32\Norton Updater.exe

2008-05-20 17:10 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-05-20 17:10 . 2008-05-20 17:10 383 --a------ C:\WINDOWS\ODBC.INI

2008-05-20 17:09 . 2008-05-20 17:09 <KAT> d-------- C:\WINDOWS\SHELLNEW

2008-05-20 17:09 . 2008-05-20 17:09 <KAT> d-------- C:\Program\Microsoft.NET

2008-05-20 16:32 . 2008-05-20 16:32 <KAT> d-------- C:\Program\D-Tools

2008-05-20 16:32 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys

2008-05-20 16:32 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys

2008-05-20 16:31 . 2008-05-20 16:31 <KAT> d-------- C:\WINDOWS\Downloaded Installations

2008-05-18 17:13 . 2001-09-06 19:55 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-05-18 17:13 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-17 20:17 . 2008-05-17 20:17 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-05-17 20:16 . 2008-05-17 20:16 <KAT> d-------- C:\Program\Messenger Plus! Live

2008-05-17 15:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-17 15:34 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-17 14:56 . 2008-05-17 14:56 <KAT> d-------- C:\WINDOWS\Sun

2008-05-17 14:40 . 2008-05-25 00:52 <KAT> d-------- C:\Program\Delade filer\muvee Technologies

2008-05-17 14:40 . 2007-02-08 21:30 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll

2008-05-17 14:40 . 2007-02-08 21:30 626,688 -ra------ C:\WINDOWS\system32\msvcr80.dll

2008-05-17 14:40 . 2007-02-08 21:30 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll

2008-05-17 14:40 . 2007-02-08 21:30 95,744 -ra------ C:\WINDOWS\system32\atl80.dll

2008-05-17 14:39 . 2008-05-25 00:52 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-05-17 14:38 . 2008-05-17 14:38 <KAT> d-------- C:\Program\OLYMPUS

2008-05-16 23:21 . 2008-05-16 23:21 <KAT> d-------- C:\Program\Synaptics

2008-05-16 23:21 . 2008-05-20 07:26 <KAT> d-------- C:\Program\Microsoft Silverlight

2008-05-16 23:20 . 2008-05-16 23:20 <KAT> d-------- C:\Program\MSBuild

2008-05-16 23:17 . 2008-05-16 23:46 <KAT> d-------- C:\WINDOWS\system32\XPSViewer

2008-05-16 23:16 . 2008-05-16 23:16 <KAT> d-------- C:\Program\Reference Assemblies

2008-05-16 23:16 . 2008-05-16 23:16 <KAT> d-------- C:\Program\CONEXANT

2008-05-16 23:13 . 2008-05-16 23:13 <KAT> d-------- C:\WINDOWS\system32\URTTemp

2008-05-16 20:42 . 2008-05-16 20:42 <KAT> d-------- C:\Program\BitLord

2008-05-16 18:53 . 2008-02-15 10:19 172,032 --a------ C:\WINDOWS\system32\igfxres.dll

2008-05-16 18:50 . 2008-05-16 18:50 <KAT> d-------- C:\Program\MSXML 6.0

2008-05-16 18:47 . 2008-05-16 18:47 <KAT> d-------- C:\Documents and Settings\PeterA\Contacts

2008-05-16 18:45 . 2008-05-23 13:55 <KAT> d-------- C:\Program\Delade filer\InstallShield

2008-05-16 18:45 . 2008-05-16 18:45 <KAT> d-------- C:\Program\Broadcom

2008-05-16 18:45 . 2006-01-19 06:49 667,648 --a------ C:\WINDOWS\system32\BCMLogon.dll

2008-05-16 18:40 . 2008-05-16 18:46 <KAT> d--hsc--- C:\Program\Delade filer\WindowsLiveInstaller

2008-05-16 18:39 . 2008-05-24 23:08 <KAT> d-------- C:\Program\Windows Live

2008-05-16 18:39 . 2008-05-16 18:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-16 18:25 . 2008-05-16 18:27 <KAT> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-05-16 18:11 . 2008-05-16 18:11 <KAT> d-------- C:\WINDOWS\system32\Lang

2008-05-16 18:10 . 2008-05-16 18:10 <KAT> d-------- C:\Program\Intel

2008-05-16 18:10 . 2008-05-16 18:10 <KAT> d-------- C:\Intel

2008-05-16 18:10 . 2007-07-26 13:45 53,248 --a------ C:\WINDOWS\system32\CSVer.dll

2008-05-16 18:03 . 2008-05-16 18:03 <KAT> d-------- C:\Program\Windows Media Connect 2

2008-05-16 18:02 . 2008-05-16 18:02 <KAT> d-------- C:\WINDOWS\system32\LogFiles

2008-05-16 18:02 . 2008-05-16 18:02 <KAT> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-05-16 18:02 . 2007-10-05 15:42 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-05-16 18:01 . 2008-05-16 18:01 <KAT> d-------- C:\Program\Java

2008-05-16 18:01 . 2008-05-16 18:01 <KAT> d-------- C:\Program\Delade filer\Java

2008-05-16 18:01 . 2004-08-04 09:34 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-16 18:01 . 2007-12-13 23:29 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-16 18:00 . 2008-05-16 19:39 <KAT> dr------- C:\Documents and Settings\PeterA\Start-meny

2008-05-16 18:00 . 2008-05-28 08:32 <KAT> d-------- C:\Documents and Settings\PeterA\Skrivbord

2008-05-16 18:00 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\PeterA\Skrivare

2008-05-16 18:00 . 2008-05-21 18:27 <KAT> d--h----- C:\Documents and Settings\PeterA\Nätverket

2008-05-16 18:00 . 2008-05-21 17:49 <KAT> dr------- C:\Documents and Settings\PeterA\Mina dokument

2008-05-16 18:00 . 2008-05-16 17:52 <KAT> d--h----- C:\Documents and Settings\PeterA\Mallar

2008-05-16 18:00 . 2008-05-28 08:32 <KAT> d--h----- C:\Documents and Settings\PeterA\Lokala inställningar

2008-05-16 18:00 . 2008-05-16 18:02 <KAT> dr------- C:\Documents and Settings\PeterA\Favoriter

2008-05-16 18:00 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\PeterA\7zS8C4.tmp

2008-05-16 18:00 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\PeterA\7zS8C1.tmp

2008-05-16 18:00 . 2008-05-26 16:55 <KAT> d-------- C:\Documents and Settings\PeterA

2008-05-16 18:00 . 2003-02-26 22:27 36,864 --------- C:\WINDOWS\system32\wbsys.dll

2008-05-16 18:00 . 2005-01-22 20:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll

2008-05-16 18:00 . 2007-02-14 00:34 1,754 --a------ C:\WINDOWS\system32\CHOICE.COM

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-28 06:10 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2008-05-27 19:55 228,036 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-05-22 22:19 --------- d-----w C:\Documents and Settings\PeterA\Application Data\vlc

2008-05-20 20:50 117,248 ----a-w C:\WINDOWS\system32\mqtgsvc.exe

2008-05-16 15:58 --------- d-----w C:\Program\MSXML 4.0

2008-05-16 15:55 --------- d-----w C:\Program\Onlinetjänster

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:52 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:52 162,592 ------w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:01 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:01 1,845,888 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-12 11:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll

2008-03-07 08:26 920,088 ----a-w C:\WINDOWS\system32\igxpun.exe

2008-03-01 14:02 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

.

 

------- Sigcheck -------

 

2008-01-19 08:31 360832 ddd3d4ae703c7ceee45041b58ae243ff C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot_2008-05-26_23.44.53,51 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-26 21:42:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-28 06:29:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-27 01:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-05-27 19:22:37 487,424 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-05-27 19:22:37 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-05-27 01:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-05-27 19:22:36 487,424 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-05-27 19:22:36 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2008-05-26 20:47:05 71,642 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-05-28 06:14:24 71,642 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-05-26 20:47:05 83,496 ----a-w C:\WINDOWS\system32\perfc01D.dat

+ 2008-05-28 06:14:24 83,496 ----a-w C:\WINDOWS\system32\perfc01D.dat

- 2008-05-26 20:47:05 441,958 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-05-28 06:14:24 441,958 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-05-26 20:47:05 444,034 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2008-05-28 06:14:24 444,034 ----a-w C:\WINDOWS\system32\perfh01D.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2008-03-01 15:02 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 01:12 144784]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 10:16 135168]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 10:16 159744]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 10:16 131072]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-01-19 06:49 1236992]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:04 1028096]

"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2008-03-01 15:02 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\BitLord\\BitLord.exe"=

 

S1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]

S1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]

S1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]

S1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]

S1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]

S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]

S1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]

S1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]

S2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]

S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []

S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [2008-05-27 21:26]

S3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]

S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

 

*Newly Created Service* - MDMXSDK

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E93F94EE-7680-6CCD-AFB3-AE7CEC620937}]

C:\WINDOWS\system32:winregpi.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-28 08:32:30

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-28 8:32:53

ComboFix-quarantined-files.txt 2008-05-28 06:32:51

ComboFix2.txt 2008-05-26 21:45:00

ComboFix3.txt 2008-05-24 11:48:58

 

Pre-Run: 43,499,532,288 byte ledigt

Post-Run: 43,492,405,248 byte ledigt

 

266 --- E O F --- 2008-05-24 11:52:02

[/log]

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:39, on 2008-05-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Panda Security\Panda Internet Security 2008\ApvxdWin.exe

C:\Program\Java\jre1.6.0_04\bin\jusched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Panda Security\Panda Internet Security 2008\psimreal.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program\mozilla.org\Mozilla\mozilla.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210972071953

O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

--

End of file - 6521 bytes

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java/J2SE/JRE utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

Kopiera alla rader i rutan (använd markera kod)

ADS::
C:\windows\system32
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E93F94EE-7680-6CCD-AFB3-AE7CEC620937}]

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Hur fungerar datorn nu?

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

[log]ComboFix 08-05-25.5 - Administratör 2008-05-28 14:46:11.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.835 [GMT 2:00]

Running from: C:\Documents and Settings\PeterA\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\PeterA\Skrivbord\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))

.

 

2008-05-28 14:41 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-28 14:40 . 2008-05-28 14:41 <KAT> d-------- C:\Program\Java

2008-05-28 14:40 . 2008-05-28 14:40 <KAT> d-------- C:\Program\Delade filer\Java

2008-05-28 14:36 . 2008-05-28 14:36 <KAT> d-------- C:\WINDOWS\LastGood

2008-05-28 14:35 . 2008-05-28 14:35 48 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat

2008-05-27 21:22 . 2008-05-27 21:22 <KAT> d-------- C:\WINDOWS\ERUNT

2008-05-27 21:19 . 2008-05-27 21:28 <KAT> d-------- C:\SDFix

2008-05-25 14:46 . 2008-05-25 14:46 <KAT> d-------- C:\Documents and Settings\PeterA\Application Data\Talkback

2008-05-25 14:45 . 2008-05-25 14:45 <KAT> d-------- C:\Program\mozilla.org

2008-05-25 14:45 . 2008-05-25 14:45 <KAT> d-------- C:\Program\Delade filer\mozilla.org

2008-05-25 14:45 . 2008-05-25 14:45 99,024 --a------ C:\WINDOWS\mozillauninstall.exe

2008-05-25 14:45 . 2008-05-25 14:45 98,512 --a------ C:\WINDOWS\GREUninstall.exe

2008-05-25 01:37 . 2008-05-25 01:37 <KAT> d-------- C:\Program\CCleaner

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\PeterA\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar

2008-05-24 13:49 . 2008-05-24 13:49 <KAT> d-------- C:\Documents and Settings\Administrat÷r

2008-05-24 13:46 . 2008-05-24 13:46 <KAT> d-------- C:\WINDOWS\system32\xircom

2008-05-24 13:46 . 2008-05-24 13:46 <KAT> d-------- C:\Program\microsoft frontpage

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-05-24 10:23 . 2008-05-28 14:46 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-24 10:23 . 2008-05-28 14:46 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Mina dokument

2008-05-24 10:23 . 2008-05-16 17:52 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-24 10:23 . 2008-05-16 17:52 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-05-24 10:23 . 2008-05-28 14:46 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-24 10:23 . 2008-05-28 14:46 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-05-24 10:23 . 2008-05-16 19:39 <KAT> d-------- C:\Documents and Settings\Administratör\Favoriter

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C4.tmp

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C4.tmp

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C1.tmp

2008-05-24 10:23 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\Administratör\7zS8C1.tmp

2008-05-24 10:23 . 2008-05-24 10:23 <KAT> d-------- C:\Documents and Settings\Administratör

2008-05-24 00:12 . 2008-05-24 00:12 48 --a------ C:\WINDOWS\wininit.ini

2008-05-23 23:58 . 2008-05-28 14:39 232,380 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2008-05-23 23:57 . 2008-05-28 14:33 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2008-05-23 14:09 . 2008-05-23 14:09 <KAT> d-------- C:\Program\Trend Micro

2008-05-23 14:03 . 2008-05-27 20:52 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC

2008-05-23 14:00 . 2008-05-28 14:33 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys

2008-05-23 13:59 . 2008-05-23 13:59 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-05-23 13:58 . 2008-05-23 13:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Backup

2008-05-23 13:57 . 2008-05-23 13:57 <KAT> d-------- C:\WINDOWS\system32\PAV

2008-05-23 13:57 . 2008-05-25 01:00 <KAT> d-------- C:\Program\Panda Security

2008-05-23 13:57 . 2008-05-23 13:57 <KAT> d--h----- C:\Program\InstallShield Installation Information

2008-05-23 13:55 . 2008-05-23 13:55 <KAT> d-------- C:\Program\Delade filer\Panda Software

2008-05-23 13:55 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-05-23 13:55 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-05-23 00:19 . 2008-05-23 00:19 <KAT> d-------- C:\Documents and Settings\PeterA\Application Data\vlc

2008-05-22 22:43 . 2008-05-22 22:43 <KAT> d-------- C:\Program\VideoLAN

2008-05-22 21:41 . 2008-05-25 14:45 8,536 --a------ C:\WINDOWS\mozver.dat

2008-05-22 15:43 . 2008-05-25 14:46 335 --a------ C:\WINDOWS\nsreg.dat

2008-05-20 22:51 . 2008-05-25 01:47 <KAT> d-------- C:\Program\Delade filer\Symantec Shared

2008-05-20 22:50 . 2008-05-20 22:50 16,896 --a------ C:\WINDOWS\system32\Norton Updater.exe

2008-05-20 17:10 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-05-20 17:10 . 2008-05-20 17:10 383 --a------ C:\WINDOWS\ODBC.INI

2008-05-20 17:09 . 2008-05-20 17:09 <KAT> d-------- C:\WINDOWS\SHELLNEW

2008-05-20 17:09 . 2008-05-20 17:09 <KAT> d-------- C:\Program\Microsoft.NET

2008-05-20 16:32 . 2008-05-20 16:32 <KAT> d-------- C:\Program\D-Tools

2008-05-20 16:32 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys

2008-05-20 16:32 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys

2008-05-20 16:31 . 2008-05-20 16:31 <KAT> d-------- C:\WINDOWS\Downloaded Installations

2008-05-18 17:13 . 2001-09-06 19:55 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-05-18 17:13 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-17 20:17 . 2008-05-17 20:17 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-05-17 20:16 . 2008-05-17 20:16 <KAT> d-------- C:\Program\Messenger Plus! Live

2008-05-17 15:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-17 15:34 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-17 14:56 . 2008-05-17 14:56 <KAT> d-------- C:\WINDOWS\Sun

2008-05-17 14:40 . 2008-05-25 00:52 <KAT> d-------- C:\Program\Delade filer\muvee Technologies

2008-05-17 14:40 . 2007-02-08 21:30 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll

2008-05-17 14:40 . 2007-02-08 21:30 626,688 -ra------ C:\WINDOWS\system32\msvcr80.dll

2008-05-17 14:40 . 2007-02-08 21:30 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll

2008-05-17 14:40 . 2007-02-08 21:30 95,744 -ra------ C:\WINDOWS\system32\atl80.dll

2008-05-17 14:39 . 2008-05-25 00:52 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-05-17 14:38 . 2008-05-17 14:38 <KAT> d-------- C:\Program\OLYMPUS

2008-05-16 23:21 . 2008-05-16 23:21 <KAT> d-------- C:\Program\Synaptics

2008-05-16 23:21 . 2008-05-20 07:26 <KAT> d-------- C:\Program\Microsoft Silverlight

2008-05-16 23:20 . 2008-05-16 23:20 <KAT> d-------- C:\Program\MSBuild

2008-05-16 23:17 . 2008-05-16 23:46 <KAT> d-------- C:\WINDOWS\system32\XPSViewer

2008-05-16 23:16 . 2008-05-16 23:16 <KAT> d-------- C:\Program\Reference Assemblies

2008-05-16 23:16 . 2008-05-16 23:16 <KAT> d-------- C:\Program\CONEXANT

2008-05-16 23:13 . 2008-05-16 23:13 <KAT> d-------- C:\WINDOWS\system32\URTTemp

2008-05-16 20:42 . 2008-05-16 20:42 <KAT> d-------- C:\Program\BitLord

2008-05-16 18:53 . 2008-02-15 10:19 172,032 --a------ C:\WINDOWS\system32\igfxres.dll

2008-05-16 18:50 . 2008-05-16 18:50 <KAT> d-------- C:\Program\MSXML 6.0

2008-05-16 18:47 . 2008-05-16 18:47 <KAT> d-------- C:\Documents and Settings\PeterA\Contacts

2008-05-16 18:45 . 2008-05-23 13:55 <KAT> d-------- C:\Program\Delade filer\InstallShield

2008-05-16 18:45 . 2008-05-16 18:45 <KAT> d-------- C:\Program\Broadcom

2008-05-16 18:45 . 2006-01-19 06:49 667,648 --a------ C:\WINDOWS\system32\BCMLogon.dll

2008-05-16 18:40 . 2008-05-16 18:46 <KAT> d--hsc--- C:\Program\Delade filer\WindowsLiveInstaller

2008-05-16 18:39 . 2008-05-24 23:08 <KAT> d-------- C:\Program\Windows Live

2008-05-16 18:39 . 2008-05-16 18:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-16 18:25 . 2008-05-16 18:27 <KAT> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-05-16 18:11 . 2008-05-16 18:11 <KAT> d-------- C:\WINDOWS\system32\Lang

2008-05-16 18:10 . 2008-05-16 18:10 <KAT> d-------- C:\Program\Intel

2008-05-16 18:10 . 2008-05-16 18:10 <KAT> d-------- C:\Intel

2008-05-16 18:10 . 2007-07-26 13:45 53,248 --a------ C:\WINDOWS\system32\CSVer.dll

2008-05-16 18:03 . 2008-05-16 18:03 <KAT> d-------- C:\Program\Windows Media Connect 2

2008-05-16 18:02 . 2008-05-16 18:02 <KAT> d-------- C:\WINDOWS\system32\LogFiles

2008-05-16 18:02 . 2008-05-16 18:02 <KAT> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-05-16 18:02 . 2007-10-05 15:42 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-05-16 18:01 . 2004-08-04 09:34 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-16 18:00 . 2008-05-16 19:39 <KAT> dr------- C:\Documents and Settings\PeterA\Start-meny

2008-05-16 18:00 . 2008-05-28 14:46 <KAT> d-------- C:\Documents and Settings\PeterA\Skrivbord

2008-05-16 18:00 . 2008-05-16 19:39 <KAT> d--h----- C:\Documents and Settings\PeterA\Skrivare

2008-05-16 18:00 . 2008-05-21 18:27 <KAT> d--h----- C:\Documents and Settings\PeterA\Nätverket

2008-05-16 18:00 . 2008-05-21 17:49 <KAT> dr------- C:\Documents and Settings\PeterA\Mina dokument

2008-05-16 18:00 . 2008-05-16 17:52 <KAT> d--h----- C:\Documents and Settings\PeterA\Mallar

2008-05-16 18:00 . 2008-05-28 14:46 <KAT> d--h----- C:\Documents and Settings\PeterA\Lokala inställningar

2008-05-16 18:00 . 2008-05-16 18:02 <KAT> dr------- C:\Documents and Settings\PeterA\Favoriter

2008-05-16 18:00 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\PeterA\7zS8C4.tmp

2008-05-16 18:00 . 2008-05-16 17:56 <KAT> d-------- C:\Documents and Settings\PeterA\7zS8C1.tmp

2008-05-16 18:00 . 2008-05-26 16:55 <KAT> d-------- C:\Documents and Settings\PeterA

2008-05-16 18:00 . 2003-02-26 22:27 36,864 --------- C:\WINDOWS\system32\wbsys.dll

2008-05-16 18:00 . 2005-01-22 20:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll

2008-05-16 18:00 . 2007-02-14 00:34 1,754 --a------ C:\WINDOWS\system32\CHOICE.COM

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-28 12:39 232,380 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-05-28 12:33 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2008-05-22 22:19 --------- d-----w C:\Documents and Settings\PeterA\Application Data\vlc

2008-05-20 20:50 117,248 ----a-w C:\WINDOWS\system32\mqtgsvc.exe

2008-05-16 15:58 --------- d-----w C:\Program\MSXML 4.0

2008-05-16 15:55 --------- d-----w C:\Program\Onlinetjänster

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:52 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:52 162,592 ------w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:01 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:01 1,845,888 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-12 11:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll

2008-03-07 08:26 920,088 ----a-w C:\WINDOWS\system32\igxpun.exe

2008-03-01 14:02 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

.

 

------- Sigcheck -------

 

2008-01-19 08:31 360832 ddd3d4ae703c7ceee45041b58ae243ff C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot_2008-05-26_23.44.53,51 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-26 21:42:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-28 12:45:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-27 01:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-05-27 19:22:37 487,424 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-05-27 19:22:37 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-05-27 01:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-05-27 19:22:36 487,424 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-05-27 19:22:36 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2007-12-13 20:27:22 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2007-12-13 20:27:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2007-12-13 21:29:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

- 2008-05-26 20:47:05 71,642 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-05-28 12:37:01 71,642 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-05-26 20:47:05 83,496 ----a-w C:\WINDOWS\system32\perfc01D.dat

+ 2008-05-28 12:37:01 83,496 ----a-w C:\WINDOWS\system32\perfc01D.dat

- 2008-05-26 20:47:05 441,958 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-05-28 12:37:01 441,958 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-05-26 20:47:05 444,034 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2008-05-28 12:37:01 444,034 ----a-w C:\WINDOWS\system32\perfh01D.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2008-03-01 15:02 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 10:16 135168]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 10:16 159744]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 10:16 131072]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-01-19 06:49 1236992]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:04 1028096]

"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2008-03-01 15:02 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program\\BitLord\\BitLord.exe"=

 

S1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]

S1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]

S1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]

S1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]

S1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]

S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]

S1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]

S1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]

S2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]

S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []

S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [2008-05-28 14:33]

S3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]

S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

 

*Newly Created Service* - MDMXSDK

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-28 14:46:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-28 14:47:22

ComboFix-quarantined-files.txt 2008-05-28 12:47:20

ComboFix2.txt 2008-05-28 06:32:54

ComboFix3.txt 2008-05-26 21:45:00

ComboFix4.txt 2008-05-24 11:48:58

 

Pre-Run: 43,429,498,880 byte ledigt

Post-Run: 43,421,585,408 byte ledigt

 

257 --- E O F --- 2008-05-24 11:52:02

[/log]

 

Ja det värkar vara borta.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...