ComboFix 08-05-26.2 - Rebecca 2008-05-27 21:39:21.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.631 [GMT 2:00] Running from: C:\Documents and Settings\Rebecca\Skrivebord\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini . ---- Previous Run ------- . C:\WINDOWS\BM770ce316.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\evdvexqo.exe C:\WINDOWS\system32\jmoorBeg.ini C:\WINDOWS\system32\jmoorBeg.ini2 C:\WINDOWS\system32\jtbqlujo.exe C:\WINDOWS\system32\lfsuldpg.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\npybhlia.ini C:\WINDOWS\system32\pjnnpewh.exe C:\WINDOWS\system32\rpqadqdd.ini C:\WINDOWS\system32\wmoqdrvo.ini C:\WINDOWS\system32\YxGfgMoq.ini C:\WINDOWS\system32\YxGfgMoq.ini2 . ((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))) . 2008-05-27 21:39 . 2008-05-27 21:39 0 --a------ C:\WINDOWS\BM770ce316.xml 2008-05-27 20:54 . 2008-05-27 20:54 dr-h----- C:\Documents and Settings\Rebecca\Siste 2008-05-27 20:32 . 2008-05-27 20:32 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-27 00:26 . 2008-05-27 00:26 80,384 --a------ C:\WINDOWS\system32\ovrdqomw.dll 2008-05-27 00:18 . 2008-05-27 00:18 90,624 --a------ C:\WINDOWS\system32\ppsiwmws.dll 2008-05-26 23:43 . 2008-05-26 23:43 90,624 --a------ C:\WINDOWS\system32\igtisncw.dll 2008-05-26 23:43 . 2008-05-26 23:43 80,384 --a------ C:\WINDOWS\system32\movnbqyf.dll 2008-05-26 22:57 . 2008-05-26 22:57 d-------- C:\Program Files 2008-05-26 21:19 . 2008-05-26 21:19 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-26 20:31 . 2008-05-27 20:33 d-------- C:\Documents and Settings\Rebecca\Programdata\SUPERAntiSpyware.com 2008-05-26 20:24 . 2008-05-26 21:19 250 --a------ C:\WINDOWS\gmer.ini 2008-05-26 20:14 . 2008-05-27 20:33 d-------- C:\Få bort virus 2008-05-25 23:42 . 2008-05-25 23:42 90,624 --a------ C:\WINDOWS\system32\taddmicm.dll 2008-05-24 23:47 . 2008-05-24 23:48 96,256 --a------ C:\WINDOWS\system32\tgxgwdej.dll 2008-05-24 18:46 . 2008-05-24 18:46 316 --ah----- C:\sqmdata10.sqm 2008-05-24 18:46 . 2008-05-24 18:46 244 --ah----- C:\sqmnoopt10.sqm 2008-05-24 18:04 . 2008-05-24 18:04 30,720 --a------ C:\WINDOWS\system32\yaywtRli.dll 2008-05-24 17:54 . 2008-05-24 18:52 d-------- C:\Programfiler\Google 2008-05-24 17:35 . 2008-05-24 17:35 244 --ah----- C:\sqmnoopt09.sqm 2008-05-24 17:35 . 2008-05-24 17:35 232 --ah----- C:\sqmdata09.sqm 2008-05-24 17:26 . 2008-05-24 17:26 30,720 --a------ C:\WINDOWS\system32\xxyabyWO.dll 2008-05-08 18:20 . 2008-05-08 18:20 d-------- C:\Programfiler\iTunes 2008-05-08 18:19 . 2008-05-08 18:19 d-------- C:\Programfiler\QuickTime 2008-05-08 18:17 . 2008-05-08 18:17 d-------- C:\Programfiler\Fellesfiler\Apple 2008-05-08 18:12 . 2008-05-08 18:12 d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-05-01 16:09 . 2008-05-01 16:09 d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-05-01 15:46 . 2008-05-01 15:46 d-------- C:\Documents and Settings\Rebecca\Programdata\Datalayer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-26 22:25 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared 2008-05-26 22:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Ericsson 2008-05-26 22:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\Book Slow Axis Web 2008-05-26 20:24 --------- d-----w C:\Programfiler\BearShare 2008-05-15 22:14 --------- d-----w C:\Programfiler\SpeedFan 2008-05-08 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-05-08 16:12 --------- d-----w C:\Programfiler\Apple Software Update 2008-05-01 14:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-04-03 19:25 --------- d-----w C:\Programfiler\Messenger Plus! Live 2007-10-22 12:53 26,736 ----a-w C:\Documents and Settings\Rebecca\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A4D7AA8-E015-45A2-B857-3AD9AE56AFA1}] C:\WINDOWS\system32\geBroomj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9523A8F7-75D0-4E0C-854A-7CF2A1EF79EA}] 2008-05-24 17:26 30720 --a------ C:\WINDOWS\system32\xxyabyWO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A005BD30-299D-4A67-9A67-349931166665}] C:\WINDOWS\system32\qoMgfGxY.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbcae0b2-d7e4-4730-a6f5-10a2215af72f}] C:\WINDOWS\system32\kekkakim.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "MessengerPlus3"="C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" [2006-10-05 18:44 190024] "msnmsgr"="C:\PROGRAMFILER\WINDOWS LIVE\MESSENGER\MSNMSGR.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "SpywareProMFC"="C:\Programfiler\SpywarePro\SpywarePro.exe" [ ] "SUPERAntiSpyware"="C:\Få bort virus\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848] "nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 86016 C:\WINDOWS\system32\nvmctray.dll] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 16120832 C:\WINDOWS\RTHDCPL.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768] "type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 02:41 196608] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 20:58 81920] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 11:19 223232] "NSLauncher"="C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 10:58 2957312] "WinampAgent"="C:\Programfiler\Winamp\wianmpa.exe" [ ] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "743fd08a"="C:\WINDOWS\system32\ovrdqomw.dll" [2008-05-27 00:26 80384] "BM770ce316"="C:\WINDOWS\system32\ppsiwmws.dll" [2008-05-27 00:18 90624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] C:\Documents and Settings\Rebecca\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{9523A8F7-75D0-4E0C-854A-7CF2A1EF79EA}"= C:\WINDOWS\system32\xxyabyWO.dll [2008-05-24 17:26 30720] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Få bort virus\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Få bort virus\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Få bort virus\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyabyWO] xxyabyWO.dll 2008-05-24 17:26 30720 C:\WINDOWS\system32\xxyabyWO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\BearShare\\BearShare.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12983f6-5478-11db-8c0a-806d6172696f}] \Shell\AutoRun\command - E:\Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder "2008-05-22 10:27:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-27 21:42:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\xxyabyWO.dll . Completion time: 2008-05-27 21:44:54 ComboFix-quarantined-files.txt 2008-05-27 19:44:47 Pre-Run: 192,403,894,272 byte ledig Post-Run: 192,367,620,096 byte ledig 164 --- E O F --- 2007-10-15 09:39:52