ComboFix 08-05-26.2 - Rebecca 2008-05-27 23:23:32.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.638 [GMT 2:00] Running from: C:\Documents and Settings\Rebecca\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Rebecca\Skrivebord\Ny mappe\Ny mappe\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\sqmdata09.sqm C:\sqmdata10.sqm C:\WINDOWS\BM770ce316.xml C:\WINDOWS\system32\igtisncw.dll C:\WINDOWS\system32\movnbqyf.dll C:\WINDOWS\system32\ovrdqomw.dll C:\WINDOWS\system32\ppsiwmws.dll C:\WINDOWS\system32\taddmicm.dll C:\WINDOWS\system32\tgxgwdej.dll C:\WINDOWS\system32\xxyabyWO.dll C:\WINDOWS\system32\yaywtRli.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\sqmdata09.sqm C:\sqmdata10.sqm C:\WINDOWS\BM770ce316.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\basbwhvy.exe C:\WINDOWS\system32\dcbJQXbc.ini C:\WINDOWS\system32\dcbJQXbc.ini2 C:\WINDOWS\system32\igtisncw.dll C:\WINDOWS\system32\movnbqyf.dll C:\WINDOWS\system32\ovrdqomw.dll C:\WINDOWS\system32\ppsiwmws.dll C:\WINDOWS\system32\taddmicm.dll C:\WINDOWS\system32\tgxgwdej.dll C:\WINDOWS\system32\trgmtqic.ini C:\WINDOWS\system32\xxyabyWO.dll C:\WINDOWS\system32\yaywtRli.dll . ((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))) . 2008-05-27 22:19 . 2008-05-27 22:19 94,720 --a------ C:\WINDOWS\system32\vigglgjl.dll 2008-05-27 22:17 . 2008-05-27 22:17 81,920 --a------ C:\WINDOWS\system32\ciqtmgrt.dll 2008-05-27 22:15 . 2008-05-27 22:15 90,624 --a------ C:\WINDOWS\system32\qbeemncu.dll 2008-05-27 22:14 . 2008-05-27 22:14 280,064 --a------ C:\WINDOWS\system32\cbXQJbcd.dll 2008-05-27 20:54 . 2008-05-27 23:21 dr-h----- C:\Documents and Settings\Rebecca\Siste 2008-05-27 20:32 . 2008-05-27 20:32 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-26 22:57 . 2008-05-26 22:57 d-------- C:\Program Files 2008-05-26 21:19 . 2008-05-26 21:19 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-26 20:31 . 2008-05-27 20:33 d-------- C:\Documents and Settings\Rebecca\Programdata\SUPERAntiSpyware.com 2008-05-26 20:24 . 2008-05-26 21:19 250 --a------ C:\WINDOWS\gmer.ini 2008-05-26 20:14 . 2008-05-27 22:58 d-------- C:\F† bort virus 2008-05-24 18:46 . 2008-05-24 18:46 244 --ah----- C:\sqmnoopt10.sqm 2008-05-24 17:54 . 2008-05-24 18:52 d-------- C:\Programfiler\Google 2008-05-24 17:35 . 2008-05-24 17:35 244 --ah----- C:\sqmnoopt09.sqm 2008-05-08 18:20 . 2008-05-08 18:20 d-------- C:\Programfiler\iTunes 2008-05-08 18:19 . 2008-05-08 18:19 d-------- C:\Programfiler\QuickTime 2008-05-08 18:17 . 2008-05-08 18:17 d-------- C:\Programfiler\Fellesfiler\Apple 2008-05-08 18:12 . 2008-05-08 18:12 d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-05-01 16:09 . 2008-05-01 16:09 d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-05-01 15:46 . 2008-05-01 15:46 d-------- C:\Documents and Settings\Rebecca\Programdata\Datalayer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-26 22:25 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared 2008-05-26 22:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Ericsson 2008-05-26 22:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\Book Slow Axis Web 2008-05-26 20:24 --------- d-----w C:\Programfiler\BearShare 2008-05-15 22:14 --------- d-----w C:\Programfiler\SpeedFan 2008-05-08 16:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-05-08 16:12 --------- d-----w C:\Programfiler\Apple Software Update 2008-05-01 14:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-04-03 19:25 --------- d-----w C:\Programfiler\Messenger Plus! Live 2007-10-22 12:53 26,736 ----a-w C:\Documents and Settings\Rebecca\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-05-27_21.44.02.46 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-27 19:33:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-27 21:26:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05403f65-bd28-4a8c-b71b-04ba113b0a92}] 2008-05-27 22:19 94720 --a------ C:\WINDOWS\system32\vigglgjl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7305A3-FE27-49C7-882F-4FB38A9579FF}] 2008-05-27 22:14 280064 --a------ C:\WINDOWS\system32\cbXQJbcd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "MessengerPlus3"="C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" [2006-10-05 18:44 190024] "msnmsgr"="C:\PROGRAMFILER\WINDOWS LIVE\MESSENGER\MSNMSGR.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "SpywareProMFC"="C:\Programfiler\SpywarePro\SpywarePro.exe" [ ] "SUPERAntiSpyware"="C:\Få bort virus\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848] "nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 86016 C:\WINDOWS\system32\nvmctray.dll] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 16120832 C:\WINDOWS\RTHDCPL.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768] "type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 02:41 196608] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 20:58 81920] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 11:19 223232] "NSLauncher"="C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 10:58 2957312] "WinampAgent"="C:\Programfiler\Winamp\wianmpa.exe" [ ] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] C:\Documents and Settings\Rebecca\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Få bort virus\SUPERAntiSpyware\SASSEH.DLL [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Få bort virus\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\BearShare\\BearShare.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12983f6-5478-11db-8c0a-806d6172696f}] \Shell\AutoRun\command - E:\Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder "2008-05-22 10:27:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-27 23:26:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SSScsiSV.exe . ************************************************************************** . Completion time: 2008-05-27 23:30:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-27 21:30:42 ComboFix2.txt 2008-05-27 19:44:55 Pre-Run: 192,382,070,784 byte ledig Post-Run: 192,377,712,640 byte ledig 174 --- E O F --- 2007-10-15 09:39:52