ComboFix 08-09-27.01 - *Anonym* 2008-09-27 21:35:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.574 [GMT 2:00] Running from: C:\Documents and Settings\*Anonym*\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\IEToolbar C:\Programfiler\IEToolbar\Old FaceBook ToolBar\2.png C:\Programfiler\IEToolbar\Old FaceBook ToolBar\autosearch_plugin.dll C:\Programfiler\IEToolbar\Old FaceBook ToolBar\basis.xml C:\Programfiler\IEToolbar\Old FaceBook ToolBar\house.bmp C:\Programfiler\IEToolbar\Old FaceBook ToolBar\house.png C:\Programfiler\IEToolbar\Old FaceBook ToolBar\icons.bmp C:\Programfiler\IEToolbar\Old FaceBook ToolBar\ie_OldFaceBook.crc C:\Programfiler\IEToolbar\Old FaceBook ToolBar\ie_OldFaceBook.dll C:\Programfiler\IEToolbar\Old FaceBook ToolBar\info.txt C:\Programfiler\IEToolbar\Old FaceBook ToolBar\logo.png C:\Programfiler\IEToolbar\Old FaceBook ToolBar\tbhelper.dll C:\Programfiler\IEToolbar\Old FaceBook ToolBar\tbs_include_script_021517.js C:\Programfiler\IEToolbar\Old FaceBook ToolBar\uninst.dll C:\Programfiler\IEToolbar\Old FaceBook ToolBar\uninstall.exe C:\Programfiler\IEToolbar\Old FaceBook ToolBar\update.exe C:\Programfiler\IEToolbar\Old FaceBook ToolBar\version.txt C:\Programfiler\IEToolbar\Old FaceBook ToolBar\your_logo.png . ((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 ))))))))))))))))))))))))))))))) . 2008-09-27 21:30 . 2008-09-27 21:30 d--hs---- C:\Documents and Settings\GuitarMan\Siste 2008-09-27 16:29 . 2008-09-27 16:30 d-------- C:\Programfiler\Spyware Doctor 2008-09-27 16:29 . 2008-09-27 16:29 d-------- C:\Documents and Settings\GuitarMan\Programdata\PC Tools 2008-09-27 16:29 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-09-27 16:29 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-09-27 16:29 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-09-27 16:29 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-09-27 15:42 . 2008-09-27 15:42 d-------- C:\WINDOWS\LastGood 2008-09-27 13:48 . 2008-08-09 16:04 1,538,928 --a------ C:\WINDOWS\WRSetup.dll 2008-09-19 20:18 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll 2008-09-19 20:15 . 2008-09-19 20:17 d-------- C:\FIFA 09 Demo 2008-09-14 17:06 . 2008-09-14 17:07 191 --a------ C:\WINDOWS\setuplog 2008-09-14 17:02 . 2005-05-10 19:00 24,576 -ra------ C:\WINDOWS\system32\P0620Aor.dll 2008-09-14 17:01 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-09-14 17:00 . 2005-03-31 01:06 36,864 --a------ C:\WINDOWS\system32\CtCamMgr.dll 2008-09-02 18:38 . 2008-09-02 18:38 d-------- C:\WINDOWS\Packs 2008-09-02 18:12 . 2008-09-02 18:12 d-------- C:\WINDOWS\system32\no 2008-09-02 18:12 . 2008-09-02 18:12 d-------- C:\WINDOWS\system32\nb-no 2008-09-02 18:12 . 2008-09-02 18:12 d-------- C:\WINDOWS\system32\bits 2008-09-02 18:12 . 2008-09-02 18:12 d-------- C:\WINDOWS\l2schemas 2008-09-02 18:10 . 2008-09-02 18:10 d-------- C:\WINDOWS\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-27 19:38 --------- d-----w C:\Programfiler\DC++ 2008-09-27 19:30 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-09-27 18:47 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-09-27 15:13 --------- d-----w C:\Programfiler\Steam 2008-09-27 15:05 --------- d-----w C:\Documents and Settings\GuitarMan\Programdata\uTorrent 2008-09-27 13:30 --------- d-----w C:\Programfiler\SpeedFan 2008-09-27 13:29 --------- d-----w C:\Documents and Settings\GuitarMan\Programdata\dvdcss 2008-09-14 15:55 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-09-14 15:30 --------- d-----w C:\Programfiler\Creative 2008-09-14 15:06 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-09-02 17:07 --------- d-----w C:\Programfiler\MSN Messenger 2008-09-02 16:39 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-09-01 16:58 --------- d-----w C:\Programfiler\Messenger Plus! Live 2008-08-31 17:48 --------- d-----w C:\Documents and Settings\GuitarMan\Programdata\OpenOffice.org2 2008-08-24 00:17 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-08-20 18:32 --------- d-----w C:\Programfiler\Trend Micro 2008-08-20 16:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-19 18:09 --------- d-----w C:\Programfiler\Java 2008-08-19 17:57 --------- d-----w C:\Programfiler\ESET 2008-08-11 02:40 --------- d-----w C:\Programfiler\eMule 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2007-12-28 13:58 47,360 ----a-w C:\Documents and Settings\GuitarMan\Programdata\pcouffin.sys 2007-02-22 16:51 81,920 ----a-w C:\Documents and Settings\GuitarMan\Programdata\ezpinst.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="C:\WINDOWS\ALAUNCH.EXE" [2005-06-23 520192] "High Definition Audio Property Page Shortcut"="C:\WINDOWS\system32\HDAShCut.exe" [2005-01-07 61952] "RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [2005-09-22 14854144] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776] "nwiz"="C:\WINDOWS\system32\nwiz.exe" [2007-12-05 1626112] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-03-08 949376] "ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\DC++\\DCPlusPlus.exe"= "C:\\Programfiler\\Last.fm\\LastFM.exe"= "C:\\Programfiler\\Steam\\steamapps\\ivar91\\counter-strike\\hl.exe"= "C:\\Programfiler\\Steam\\steamapps\\ivar91\\day of defeat\\hl.exe"= "C:\\Programfiler\\Steam\\steamapps\\ivar91\\condition zero\\hl.exe"= "C:\\Programfiler\\Steam\\steamapps\\ivar91\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\Steam\\steamapps\\ivar91\\half-life 2 deathmatch\\hl2.exe"= "C:\\Programfiler\\Steam\\steamapps\\ivar91\\day of defeat source\\hl2.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "C:\\Programfiler\\eMule\\emule.exe"= "C:\\Programfiler\\Steam\\steam.exe"= "C:\\Programfiler\\Fellesfiler\\AOL\\Loader\\aolload.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9999:UDP"= 9999:UDP:AdminWorks UDP Port "2804:TCP"= 2804:TCP:AdminWorks TCP Port R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-03-08 33920] R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 12106] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-03-31 4010] S3 Acer ODDSpeedControl;Acer ODDSpeedControl;C:\Acer\Empowering Technology\eAcoustics\Driver\speedcontrol.exe [2005-02-15 81920] S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 4392] S3 PortRW;PortRW;C:\WINDOWS\system32\Drivers\PortRW.sys [2003-08-15 3456] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\Setup.exe *Newly Created Service* - INT15.SYS *Newly Created Service* - SDAUXSERVICE *Newly Created Service* - SDCORESERVICE . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{1A551C34-8DD0-46BD-AE97-7B2B25059830} - (no file) BHO-{FC0E590A-3BD8-4241-BADC-FBE4849FD92A} - C:\Programfiler\IEToolbar\Old FaceBook ToolBar\ie_OldFaceBook.dll Toolbar-{D32E48B9-CA14-4983-97F9-F3B6A5199DD0} - C:\Programfiler\IEToolbar\Old FaceBook ToolBar\ie_OldFaceBook.dll WebBrowser-{D32E48B9-CA14-4983-97F9-F3B6A5199DD0} - C:\Programfiler\IEToolbar\Old FaceBook ToolBar\ie_OldFaceBook.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\GuitarMan\Programdata\Mozilla\Firefox\Profiles\8244p0lf.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.vg.no/ FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\npagent.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-27 21:38:44 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-27 21:41:08 ComboFix-quarantined-files.txt 2008-09-27 19:40:43 ComboFix2.txt 2008-08-20 18:42:33 Pre-Run: 11 000 717 312 byte ledig Post-Run: 10,981,974,016 byte ledig 186 --- E O F --- 2008-09-11 16:10:11