tror jeg har virus? Trojan.Zlob :s

[raWrz]

mbam har funnet virus som jeg har hatt før og mbam greier ikke slette det.

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-10-04.07 - Dah L33T LapTop 2008-11-06 18:24:54.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2275 [GMT 1:00]

Running from: C:\Users\Dah L33T LapTop\Desktop\COMBOFIX\ComboFix.exe

.

- REDUCED FUNCTIONALITY MODE -

.

 

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))

.

 

2008-11-06 18:10 . 2008-11-06 18:10 61,440 --a------ C:\Windows\System32\drivers\bdzdhfcy.sys

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- C:\Users\All Users\NOS

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- C:\ProgramData\NOS

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- C:\Program Files\NOS

2008-10-29 19:40 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll

2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d--h----- C:\Program Files\Temp

2008-10-28 19:37 . 2008-10-28 19:39 <DIR> d-------- C:\Program Files\Realtek

2008-10-28 19:37 . 2008-10-28 19:37 2,346,016 --a------ C:\Windows\System32\RtkAPO.dll

2008-10-28 18:18 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll

2008-10-28 18:18 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll

2008-10-28 18:18 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll

2008-10-26 08:54 . 2008-10-22 19:42 958,464 --a------ C:\Windows\System32\nvsvcr.dll

2008-10-26 08:54 . 2008-10-22 19:42 122,880 --a------ C:\Windows\System32\nvcod135.dll

2008-10-26 08:54 . 2008-07-15 05:27 92,704 --a------ C:\Windows\System32\nvmctray.dll

2008-10-26 08:54 . 2008-10-22 19:42 4,160 --a------ C:\Windows\System32\drivers\nvBridge.kmd

2008-10-25 00:24 . 2008-10-25 00:24 <DIR> d-------- C:\Program Files\LITEON

2008-10-25 00:23 . 2008-10-25 00:23 <DIR> d-------- C:\Windows\Downloaded Installations

2008-10-25 00:16 . 2008-02-25 15:28 238,080 --a------ C:\Windows\System32\ITEIO_64.dll

2008-10-25 00:16 . 2008-02-25 15:29 14,544 --a------ C:\Windows\System32\drivers\TVicPort.sys

2008-10-25 00:16 . 2008-02-25 15:29 6,080 --a------ C:\Windows\System32\drivers\zntport.sys

2008-10-25 00:01 . 2008-10-25 00:01 <DIR> d-------- C:\Program Files\Marvell

2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- C:\Windows\Sun

2008-10-23 20:39 . 2008-10-23 20:39 <DIR> d-------- C:\directx

2008-10-23 19:54 . 2008-10-23 19:54 277 --a------ C:\Windows\game.ini

2008-10-21 14:52 . 2008-10-21 14:52 268 --ah----- C:\sqmdata02.sqm

2008-10-21 14:52 . 2008-10-21 14:52 244 --ah----- C:\sqmnoopt02.sqm

2008-10-20 16:59 . 2008-11-06 16:51 <DIR> dr------- C:\Users\Dah L33T LapTop\Downloads

2008-10-19 18:50 . 2008-10-19 18:50 268 --ah----- C:\sqmdata01.sqm

2008-10-19 18:50 . 2008-10-19 18:50 244 --ah----- C:\sqmnoopt01.sqm

2008-10-18 00:58 . 2008-10-18 00:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-10-15 19:15 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 18:18 . 2008-10-15 18:18 <DIR> d-------- C:\Users\Dah L33T LapTop\AppData\Roaming\Acreon

2008-10-15 10:52 . 2008-10-15 10:52 <DIR> d-------- C:\Users\All Users\Blizzard

2008-10-15 10:52 . 2008-10-15 10:52 <DIR> d-------- C:\ProgramData\Blizzard

2008-10-13 16:14 . 2008-09-12 02:05 122,880 --a------ C:\Windows\System32\nvcod134.dll

2008-10-06 17:29 . 2008-05-22 02:34 446,464 --a------ C:\Windows\System32\nvuhda.exe

2008-10-06 17:29 . 2008-05-22 02:34 43,040 --a------ C:\Windows\System32\drivers\nvhda32v.sys

2008-10-06 17:29 . 2008-05-22 02:34 351 --a------ C:\Windows\System32\nvhda.nvu

2008-10-06 16:34 . 2008-10-06 16:37 <DIR> d-------- C:\Windows\Google Earth Pro 4.2

2008-10-06 13:34 . 2008-10-06 13:34 <DIR> d-------- C:\Program Files\Trend Micro

2008-10-06 13:17 . 2008-10-06 13:17 <DIR> d-------- C:\Users\Dah L33T LapTop\AppData\Roaming\PCF-VLC

2008-10-06 13:15 . 2008-10-06 13:15 <DIR> d-------- C:\Users\Dah L33T LapTop\AppData\Roaming\JLC's Software

2008-10-06 13:14 . 2008-10-06 13:14 <DIR> d-------- C:\Users\Dah L33T LapTop\AppData\Roaming\Participatory Culture Foundation

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-06 14:02 --------- d-----w C:\Program Files\Common Files\Adobe

2008-11-06 05:45 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\uTorrent

2008-11-05 20:15 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment

2008-11-05 15:27 98,320 ----a-w C:\Windows\system32\drivers\cmdguard.sys

2008-11-05 15:27 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys

2008-11-05 15:27 143,096 ----a-w C:\Windows\System32\guard32.dll

2008-11-05 14:18 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\LimeWire

2008-11-03 14:30 --------- d-----w C:\ProgramData\NVIDIA

2008-11-02 14:10 183,120 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-11-02 14:10 137,480 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-10-31 15:02 32,821 ----a-w C:\Users\All Users\nvModes.dat

2008-10-31 15:02 32,821 ----a-w C:\ProgramData\nvModes.dat

2008-10-29 18:34 682,280 ----a-w C:\Windows\System32\pbsvc.exe

2008-10-29 18:34 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-10-29 18:34 22,328 ----a-w C:\Users\Dah L33T LapTop\AppData\Roaming\PnkBstrK.sys

2008-10-29 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-24 23:01 53,248 ----a-w C:\Windows\System32\CSVer.dll

2008-10-23 17:16 --------- d-----w C:\Program Files\Common Files\Steam

2008-10-22 18:42 801,312 ----a-w C:\Windows\System32\nvcplui.exe

2008-10-22 18:42 1,108,512 ----a-w C:\Windows\System32\nvcpluir.dll

2008-10-22 15:55 453,152 ----a-w C:\Windows\System32\nvuninst.exe

2008-10-21 06:20 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-10-15 18:57 --------- d-----w C:\Program Files\Windows Mail

2008-10-15 18:18 --------- d-----w C:\ProgramData\Microsoft Help

2008-10-07 10:05 --------- d-----w C:\Program Files\Acer GameZone

2008-10-07 10:01 --------- d-----w C:\Program Files\Windows Live

2008-10-05 18:34 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\vlc

2008-10-05 11:20 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\AusLogics

2008-10-04 17:01 --------- d-----w C:\ProgramData\CyberLink

2008-10-04 16:52 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\CyberLink

2008-10-04 15:33 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\InstallShield Installation Information

2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-09-30 04:47 --------- d-----w C:\Program Files\Xvid

2008-09-27 19:36 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\Ventrilo

2008-09-27 13:46 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-27 10:50 --------- d-----w C:\Program Files\ElcomSoft

2008-09-26 13:39 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\IObit

2008-09-24 18:56 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\Winamp

2008-09-23 17:51 --------- d-----w C:\ProgramData\Avira

2008-09-22 13:00 --------- d-----w C:\Program Files\Java

2008-09-22 12:59 --------- d-----w C:\Program Files\Common Files\Java

2008-09-22 12:57 --------- d-----w C:\Program Files\UltraMon

2008-09-21 18:37 28,728 ----a-w C:\Windows\system32\drivers\msahci.sys

2008-09-21 18:37 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-09-21 18:01 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\Realtime Soft

2008-09-21 18:01 --------- d-----w C:\ProgramData\Realtime Soft

2008-09-21 12:40 --------- d-----w C:\Program Files\Cyberlink

2008-09-21 12:27 --------- d-----w C:\Program Files\eSobi

2008-09-21 12:03 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-09-21 12:03 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\Malwarebytes

2008-09-21 12:03 --------- d-----w C:\ProgramData\Malwarebytes

2008-09-21 12:02 --------- d-----w C:\ProgramData\WLInstaller

2008-09-21 11:35 92,704 ----a-w C:\Windows\System32\nvhotkey.dll

2008-09-21 11:35 313,888 ----a-w C:\Windows\System32\nvexpbar.dll

2008-09-21 11:35 217,088 ----a-w C:\Windows\System32\oemdspif.dll

2008-09-21 10:52 --------- d-----w C:\ProgramData\McAfee

2008-09-21 10:44 --------- d-----w C:\ProgramData\SiteAdvisor

2008-09-21 10:23 --------- d-----w C:\Program Files\MSXML 4.0

2008-09-21 10:18 --------- d-----w C:\ProgramData\Comodo

2008-09-21 10:17 --------- d-----w C:\Program Files\Acer

2008-09-21 09:50 --------- d-----w C:\Program Files\Acer Inc

2008-09-21 09:50 --------- d-----w C:\Program Files\Acer Arcade Deluxe

2008-09-21 09:40 --------- d-----w C:\ProgramData\eSobi

2008-09-21 09:31 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\Yahoo!

2008-09-21 09:30 --------- d-----w C:\Program Files\Launch Manager

2008-09-21 09:29 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\Acer

2008-09-21 09:27 --------- d-----w C:\Program Files\SuYin

2008-09-21 09:26 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\InstallShield

2008-09-21 09:24 --------- d-----w C:\Program Files\WIDCOMM

2008-09-21 09:22 --------- d-----w C:\Users\Dah L33T LapTop\AppData\Roaming\Comodo

2008-09-21 09:07 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-09-21 08:56 --------- d-sh--w C:\ProgramData\Start-meny

2008-09-21 08:56 --------- d-sh--w C:\ProgramData\Skrivebord

2008-09-21 08:56 --------- d-sh--w C:\ProgramData\Programdata

2008-09-21 08:56 --------- d-sh--w C:\ProgramData\Maler

2008-09-21 08:56 --------- d-sh--w C:\ProgramData\Favoritter

2008-09-21 08:56 --------- d-sh--w C:\ProgramData\Dokumenter

2008-09-21 08:56 --------- d-sh--w C:\Program Files\Fellesfiler

2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys

2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys

2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-09-03 03:59 468,992 ----a-w C:\Windows\System32\newdev.dll

2008-09-03 03:58 74,752 ----a-w C:\Windows\System32\newdev.exe

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-28 6335008]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-15 13576736]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-07-15 92704]

"COMODO Firewall Pro"="D:\comodo\Firewall\cfp.exe" [2008-11-05 1797880]

"COMODO Internet Security"="D:\comodo\Firewall\cfp.exe" [2008-11-05 1797880]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableStatusMessages"= 1 (0x1)

"DisableStartupSound"= 1 (0x1)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\Windows\system32\guard32.dll

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]

backup=C:\Windows\pss\Acer VCM.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

backup=C:\Windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

-ra------ 2008-09-26 11:02 2356088 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]

--------- 2008-04-10 15:30 147456 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

--a------ 2008-04-06 21:42 34040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

--------- 2008-04-10 15:30 167936 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]

--------- 2008-03-07 02:36 544768 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

--a------ 2008-03-04 22:38 526896 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]

--a------ 2008-04-30 18:02 397312 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2008-04-01 02:01 793096 C:\PROGRA~1\LAUNCH~1\LManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 10:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]

--------- 2008-04-18 14:18 167936 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2008-02-22 20:50 1037608 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

--a------ 2008-01-29 08:03 303104 C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-04 00:02 36352 D:\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-21 03:23 1008184 C:\Program Files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-283551383-3393271654-1372367075-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C2484D3D-1116-48C4-BFB8-B91B14183680}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F0ED5C80-031A-42D7-AC02-276BBDB43C1E}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM

"{825E1D77-3D30-470B-A386-04056CDD27BE}"= UDP:D:\utorrent\uTorrent.exe:µTorrent (TCP-In)

"{5FC90F3E-F89B-48C6-BC14-7A076996F39C}"= TCP:D:\utorrent\uTorrent.exe:µTorrent (UDP-In)

"{E0D7E821-B200-408B-9A95-FAB595A18E8F}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{5A91D12D-2525-4F45-955A-B58B6F59F9D8}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{3C51D6BC-65D2-4F47-B1F1-DCA2CE4444F3}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{306C9E70-1147-4C33-BED8-40599F5AE5A3}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{2207945A-421A-49DD-9DEA-C6A0E1EB0F17}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-11-05 98320]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-11-05 25104]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 14:01 61424]

R2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]

R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]

R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-05-22 43040]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]

S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]

S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]

S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-23 87288]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-nwiz - nwiz.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Dah L33T LapTop\AppData\Roaming\Mozilla\Firefox\Profiles\mp2hby2n.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - C:\Users\Dah L33T LapTop\AppData\Roaming\Mozilla\Firefox\Profiles\mp2hby2n.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll

FF -: plugin - D:\firefox\plugins\np-mswmp.dll

FF -: plugin - D:\firefox\plugins\np_gp.dll

FF -: plugin - D:\firefox\plugins\np32dsw.dll

FF -: plugin - D:\firefox\plugins\npbittorrent.dll

FF -: plugin - D:\firefox\plugins\npLegitCheckPlugin.dll

FF -: plugin - D:\firefox\plugins\npnul32.dll

FF -: plugin - D:\firefox\plugins\nppdf32.dll

FF -: plugin - D:\VLC\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-06 18:25:29

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\Windows\system32\winlogon.exe

-> C:\Windows\system32\guard32.dll

 

PROCESS: C:\Windows\system32\lsass.exe

-> C:\Windows\system32\guard32.dll

.

Completion time: 2008-11-06 18:27:12

ComboFix-quarantined-files.txt 2008-11-06 17:27:09

ComboFix2.txt 2008-10-05 11:44:41

 

Pre-Run: 103 962 890 240 byte ledig

Post-Run: 103,926,857,728 byte ledig

 

286 --- E O F --- 2008-10-28 18:13:20

 

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.28

Database versjon: 1215

Windows 6.0.6001 Service Pack 1

 

06.11.2008 18:32:22

mbam-log-2008-11-06 (18-32-12).txt

 

Skanntype: Rask Skann

Objekter skannet: 39939

Tid tilbakelagt: 1 minute(s), 52 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 3

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.

 

står No action taken og det hvet jeg :s

 

si ifra hvis HJT trengs

 

edit: og jeg tror denne har skjylda for at internette mitt noen ganger er nede osv :ss

Endret 6. november 2008 av Submit

[norbat]

Last ned ny combofix og kjør programmet.

Kjør også en ny rask skan med MBAM

[raWrz]

gi meg et sekund

 

hva må man skrive i kjør for at combofix skulle av innstalere seg?

 

edit:

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.30

Database versjon: 1370

Windows 6.0.6001 Service Pack 1

 

06.11.2008 19:14:45

mbam-log-2008-11-06 (19-14-45).txt

 

Skanntype: Rask Skann

Objekter skannet: 42290

Tid tilbakelagt: 1 minute(s), 15 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 7

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.

Endret 6. november 2008 av Submit

[r2d290]

combofix /u

[raWrz]

selv etter reboot så er nøyaktig de samma filene der :s

skal kjøre combofix nå

[raWrz]

combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-11-05.02 - Dah L33T LapTop 2008-11-06 19:26:14.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2153 [GMT 1:00]

Running from: c:\users\Dah L33T LapTop\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))

.

 

2008-11-06 19:23 . 2008-11-06 19:23 61,440 --a------ c:\windows\System32\drivers\rqzwnumm.sys

2008-11-06 19:20 . 2008-11-06 19:24 <DIR> d-------- C:\32788R22FWJFW

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- c:\users\All Users\NOS

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- c:\programdata\NOS

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- c:\program files\NOS

2008-10-29 19:40 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll

2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d--h----- c:\program files\Temp

2008-10-28 19:37 . 2008-10-28 19:39 <DIR> d-------- c:\program files\Realtek

2008-10-28 19:37 . 2008-10-28 19:37 2,346,016 --a------ c:\windows\System32\RtkAPO.dll

2008-10-28 18:18 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-28 18:18 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-28 18:18 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-26 08:54 . 2008-10-22 19:42 958,464 --a------ c:\windows\System32\nvsvcr.dll

2008-10-26 08:54 . 2008-10-22 19:42 122,880 --a------ c:\windows\System32\nvcod135.dll

2008-10-26 08:54 . 2008-07-15 05:27 92,704 --a------ c:\windows\System32\nvmctray.dll

2008-10-26 08:54 . 2008-10-22 19:42 4,160 --a------ c:\windows\System32\drivers\nvBridge.kmd

2008-10-25 00:24 . 2008-10-25 00:24 <DIR> d-------- c:\program files\LITEON

2008-10-25 00:23 . 2008-10-25 00:23 <DIR> d-------- c:\windows\Downloaded Installations

2008-10-25 00:16 . 2008-02-25 15:28 238,080 --a------ c:\windows\System32\ITEIO_64.dll

2008-10-25 00:16 . 2008-02-25 15:29 14,544 --a------ c:\windows\System32\drivers\TVicPort.sys

2008-10-25 00:16 . 2008-02-25 15:29 6,080 --a------ c:\windows\System32\drivers\zntport.sys

2008-10-25 00:01 . 2008-10-25 00:01 <DIR> d-------- c:\program files\Marvell

2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\windows\Sun

2008-10-23 20:39 . 2008-10-23 20:39 <DIR> d-------- C:\directx

2008-10-23 19:54 . 2008-10-23 19:54 277 --a------ c:\windows\game.ini

2008-10-21 14:52 . 2008-10-21 14:52 268 --ah----- C:\sqmdata02.sqm

2008-10-21 14:52 . 2008-10-21 14:52 244 --ah----- C:\sqmnoopt02.sqm

2008-10-20 16:59 . 2008-11-06 19:24 <DIR> dr------- c:\users\Dah L33T LapTop\Downloads

2008-10-19 18:50 . 2008-10-19 18:50 268 --ah----- C:\sqmdata01.sqm

2008-10-19 18:50 . 2008-10-19 18:50 244 --ah----- C:\sqmnoopt01.sqm

2008-10-18 00:58 . 2008-10-18 00:58 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-10-15 19:15 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys

2008-10-15 18:18 . 2008-10-15 18:18 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\Acreon

2008-10-15 10:52 . 2008-10-15 10:52 <DIR> d-------- c:\users\All Users\Blizzard

2008-10-15 10:52 . 2008-10-15 10:52 <DIR> d-------- c:\programdata\Blizzard

2008-10-13 16:14 . 2008-09-12 02:05 122,880 --a------ c:\windows\System32\nvcod134.dll

2008-10-06 17:29 . 2008-05-22 02:34 446,464 --a------ c:\windows\System32\nvuhda.exe

2008-10-06 17:29 . 2008-05-22 02:34 43,040 --a------ c:\windows\System32\drivers\nvhda32v.sys

2008-10-06 17:29 . 2008-05-22 02:34 351 --a------ c:\windows\System32\nvhda.nvu

2008-10-06 16:34 . 2008-10-06 16:37 <DIR> d-------- c:\windows\Google Earth Pro 4.2

2008-10-06 13:34 . 2008-10-06 13:34 <DIR> d-------- c:\program files\Trend Micro

2008-10-06 13:17 . 2008-10-06 13:17 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\PCF-VLC

2008-10-06 13:15 . 2008-10-06 13:15 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\JLC's Software

2008-10-06 13:14 . 2008-10-06 13:14 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\Participatory Culture Foundation

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-06 18:23 794 ----a-w c:\program files\houvggv.txt

2008-11-06 14:02 --------- d-----w c:\program files\Common Files\Adobe

2008-11-06 05:45 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\uTorrent

2008-11-05 20:15 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-11-05 15:27 98,320 ----a-w c:\windows\system32\drivers\cmdguard.sys

2008-11-05 15:27 25,104 ----a-w c:\windows\system32\drivers\cmdhlp.sys

2008-11-05 15:27 143,096 ----a-w c:\windows\System32\guard32.dll

2008-11-05 14:18 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\LimeWire

2008-11-03 14:30 --------- d-----w c:\programdata\NVIDIA

2008-11-02 14:10 183,120 ----a-w c:\windows\System32\PnkBstrB.exe

2008-11-02 14:10 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-10-31 15:02 32,821 ----a-w c:\users\All Users\nvModes.dat

2008-10-31 15:02 32,821 ----a-w c:\programdata\nvModes.dat

2008-10-29 18:34 682,280 ----a-w c:\windows\System32\pbsvc.exe

2008-10-29 18:34 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-10-29 18:34 22,328 ----a-w c:\users\Dah L33T LapTop\AppData\Roaming\PnkBstrK.sys

2008-10-29 18:34 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-24 23:01 53,248 ----a-w c:\windows\System32\CSVer.dll

2008-10-23 17:16 --------- d-----w c:\program files\Common Files\Steam

2008-10-22 18:42 801,312 ----a-w c:\windows\System32\nvcplui.exe

2008-10-22 18:42 1,108,512 ----a-w c:\windows\System32\nvcpluir.dll

2008-10-22 15:55 453,152 ----a-w c:\windows\System32\nvuninst.exe

2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-21 06:20 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-15 18:57 --------- d-----w c:\program files\Windows Mail

2008-10-15 18:18 --------- d-----w c:\programdata\Microsoft Help

2008-10-07 10:05 --------- d-----w c:\program files\Acer GameZone

2008-10-07 10:01 --------- d-----w c:\program files\Windows Live

2008-10-05 18:34 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\vlc

2008-10-05 11:20 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\AusLogics

2008-10-04 17:01 --------- d-----w c:\programdata\CyberLink

2008-10-04 16:52 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\CyberLink

2008-10-04 15:33 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\InstallShield Installation Information

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 04:47 --------- d-----w c:\program files\Xvid

2008-09-27 19:36 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Ventrilo

2008-09-27 13:46 --------- d-----w c:\program files\Common Files\InstallShield

2008-09-27 10:50 --------- d-----w c:\program files\ElcomSoft

2008-09-26 13:39 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\IObit

2008-09-24 18:56 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Winamp

2008-09-23 17:51 --------- d-----w c:\programdata\Avira

2008-09-22 13:00 --------- d-----w c:\program files\Java

2008-09-22 12:59 --------- d-----w c:\program files\Common Files\Java

2008-09-22 12:57 --------- d-----w c:\program files\UltraMon

2008-09-21 18:37 28,728 ----a-w c:\windows\system32\drivers\msahci.sys

2008-09-21 18:37 21,560 ----a-w c:\windows\system32\drivers\atapi.sys

2008-09-21 18:01 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Realtime Soft

2008-09-21 18:01 --------- d-----w c:\programdata\Realtime Soft

2008-09-21 12:40 --------- d-----w c:\program files\Cyberlink

2008-09-21 12:27 --------- d-----w c:\program files\eSobi

2008-09-21 12:03 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-09-21 12:03 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Malwarebytes

2008-09-21 12:03 --------- d-----w c:\programdata\Malwarebytes

2008-09-21 12:02 --------- d-----w c:\programdata\WLInstaller

2008-09-21 11:35 92,704 ----a-w c:\windows\System32\nvhotkey.dll

2008-09-21 11:35 313,888 ----a-w c:\windows\System32\nvexpbar.dll

2008-09-21 11:35 217,088 ----a-w c:\windows\System32\oemdspif.dll

2008-09-21 10:52 --------- d-----w c:\programdata\McAfee

2008-09-21 10:44 --------- d-----w c:\programdata\SiteAdvisor

2008-09-21 10:23 --------- d-----w c:\program files\MSXML 4.0

2008-09-21 10:18 --------- d-----w c:\programdata\Comodo

2008-09-21 10:17 --------- d-----w c:\program files\Acer

2008-09-21 09:50 --------- d-----w c:\program files\Acer Inc

2008-09-21 09:50 --------- d-----w c:\program files\Acer Arcade Deluxe

2008-09-21 09:40 --------- d-----w c:\programdata\eSobi

2008-09-21 09:31 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Yahoo!

2008-09-21 09:30 --------- d-----w c:\program files\Launch Manager

2008-09-21 09:29 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Acer

2008-09-21 09:27 --------- d-----w c:\program files\SuYin

2008-09-21 09:26 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\InstallShield

2008-09-21 09:24 --------- d-----w c:\program files\WIDCOMM

2008-09-21 09:22 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Comodo

2008-09-21 09:07 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-09-21 08:56 --------- d-sh--w c:\programdata\Start-meny

2008-09-21 08:56 --------- d-sh--w c:\programdata\Skrivebord

2008-09-21 08:56 --------- d-sh--w c:\programdata\Programdata

2008-09-21 08:56 --------- d-sh--w c:\programdata\Maler

2008-09-21 08:56 --------- d-sh--w c:\programdata\Favoritter

2008-09-21 08:56 --------- d-sh--w c:\programdata\Dokumenter

2008-09-21 08:56 --------- d-sh--w c:\program files\Fellesfiler

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll

2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-06_18.25.50.93 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-06 16:47:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-11-06 18:16:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-11-06 16:47:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-11-06 18:16:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-11-06 17:25:02 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-06 18:17:34 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-06 18:17:34 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-11-06 16:53:28 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-06 18:17:39 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-06 18:17:39 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-11-06 17:24:49 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-11-06 18:26:07 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-11-06 18:26:07 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-11-06 16:54:03 101,250 ----a-w c:\windows\System32\perfc009.dat

+ 2008-11-06 18:22:44 101,250 ----a-w c:\windows\System32\perfc009.dat

- 2008-11-06 16:54:03 76,478 ----a-w c:\windows\System32\perfc014.dat

+ 2008-11-06 18:22:44 76,478 ----a-w c:\windows\System32\perfc014.dat

- 2008-11-06 16:54:03 587,178 ----a-w c:\windows\System32\perfh009.dat

+ 2008-11-06 18:22:44 587,178 ----a-w c:\windows\System32\perfh009.dat

- 2008-11-06 16:54:03 452,326 ----a-w c:\windows\System32\perfh014.dat

+ 2008-11-06 18:22:44 452,326 ----a-w c:\windows\System32\perfh014.dat

+ 2006-11-02 09:45:39 31,744 ----a-w c:\windows\System32\swsc.exe

- 2008-11-06 16:49:32 8,470 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-283551383-3393271654-1372367075-1000_UserData.bin

+ 2008-11-06 18:18:01 8,642 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-283551383-3393271654-1372367075-1000_UserData.bin

- 2008-11-06 16:49:32 82,856 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-11-06 18:18:00 83,046 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-11-06 16:49:32 50,928 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-11-06 18:18:00 51,134 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="d:\avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-28 6335008]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-15 13576736]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-15 92704]

"COMODO Firewall Pro"="d:\comodo\Firewall\cfp.exe" [2008-11-05 1797880]

"COMODO Internet Security"="d:\comodo\Firewall\cfp.exe" [2008-11-05 1797880]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2008-10-22 1261200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableStatusMessages"= 1 (0x1)

"DisableStartupSound"= 1 (0x1)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= c:\windows\system32\guard32.dll

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]

backup=c:\windows\pss\Acer VCM.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

-ra------ 2008-09-26 11:02 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]

--------- 2008-04-10 15:30 147456 c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

--a------ 2008-04-06 21:42 34040 c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

--------- 2008-04-10 15:30 167936 c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]

--------- 2008-03-07 02:36 544768 c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

--a------ 2008-03-04 22:38 526896 c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]

--a------ 2008-04-30 18:02 397312 c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2008-04-01 02:01 793096 c:\progra~1\LAUNCH~1\LManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]

--------- 2008-04-18 14:18 167936 c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2008-02-22 20:50 1037608 c:\program files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

--a------ 2008-01-29 08:03 303104 c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-04 00:02 36352 d:\winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-283551383-3393271654-1372367075-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C2484D3D-1116-48C4-BFB8-B91B14183680}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F0ED5C80-031A-42D7-AC02-276BBDB43C1E}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM

"{825E1D77-3D30-470B-A386-04056CDD27BE}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)

"{5FC90F3E-F89B-48C6-BC14-7A076996F39C}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)

"{E0D7E821-B200-408B-9A95-FAB595A18E8F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{5A91D12D-2525-4F45-955A-B58B6F59F9D8}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{3C51D6BC-65D2-4F47-B1F1-DCA2CE4444F3}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{306C9E70-1147-4C33-BED8-40599F5AE5A3}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{2207945A-421A-49DD-9DEA-C6A0E1EB0F17}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-05 98320]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-05 25104]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 14:01 61424]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-22 43040]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

S3 btwaudio;Bluetooth-lydenhet;c:\windows\system32\drivers\btwaudio.sys [2008-02-14 80424]

S3 btwavdt;Bluetooth AVDT;c:\windows\system32\drivers\btwavdt.sys [2007-07-16 80936]

S3 btwrchid;btwrchid;c:\windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]

S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-10-23 87288]

S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\users\Dah L33T LapTop\AppData\Roaming\Mozilla\Firefox\Profiles\mp2hby2n.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - c:\users\Dah L33T LapTop\AppData\Roaming\Mozilla\Firefox\Profiles\mp2hby2n.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll

FF -: plugin - d:\firefox\plugins\np-mswmp.dll

FF -: plugin - d:\firefox\plugins\np_gp.dll

FF -: plugin - d:\firefox\plugins\np32dsw.dll

FF -: plugin - d:\firefox\plugins\npbittorrent.dll

FF -: plugin - d:\firefox\plugins\npLegitCheckPlugin.dll

FF -: plugin - d:\firefox\plugins\npnul32.dll

FF -: plugin - d:\firefox\plugins\nppdf32.dll

FF -: plugin - d:\vlc\npvlc.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-06 19:30:54

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-06 19:32:33

ComboFix-quarantined-files.txt 2008-11-06 18:32:29

ComboFix2.txt 2008-11-06 17:27:13

ComboFix3.txt 2008-10-05 11:44:41

 

Pre-Run: 104 516 194 304 byte ledig

Post-Run: 104,676,630,528 byte ledig

 

312 --- E O F --- 2008-10-28 18:13:20

Endret 6. november 2008 av Submit

[norbat]

Sjekk følgende fil på virustotal:

c:\windows\System32\drivers\rqzwnumm.sys

[raWrz]

File has already been analysed:

MD5: 589312a3b46721c5a751e4d5222a89be

First received: 09.13.2008 14:30:26 (CET)

Date: 11.05.2008 13:42:35 (CET) [+1D]

Results: 9/36

Permalink: analisis/cca2e42561d9c1facabea277b92545a2

 

skal jeg lage en CF script med den fila? ser ut som virus

Endret 6. november 2008 av Submit

[raWrz]

skal CSscript se slik ut da :

 

File::

 

 

Folder::

 

 

Registry::

 

 

Driver::

rqzwnumm.sys

 

 

DirLook::

 

(tør ikke prøve hvis noe går til helvete :s)

[norbat]

La Virustotal kjøre en ny scan på fila. Ønsker å se resultatet.

[raWrz]

ohh så ikke den knappen der gitt >.<

 

Klikk for å se/fjerne innholdet nedenfor

File rqzwnumm.sys received on 11.06.2008 19:50:14 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 9/36 (25%)

Loading server information...

Your file is queued in position: 1.

Estimated start time is between 38 and 55 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Compact

Print results Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

 

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

 

Antivirus Version Last Update Result

AhnLab-V3 2008.11.5.3 2008.11.06 Win-Trojan/Avenger.61440

AntiVir 7.9.0.26 2008.11.06 -

Authentium 5.1.0.4 2008.11.06 -

Avast 4.8.1248.0 2008.11.06 -

AVG 8.0.0.161 2008.11.06 -

BitDefender 7.2 2008.11.06 -

CAT-QuickHeal 9.50 2008.11.04 Hoax.Agent.fz (Not a Virus)

ClamAV 0.94.1 2008.11.06 -

DrWeb 4.44.0.09170 2008.11.06 -

eSafe 7.0.17.0 2008.11.06 Hoax.Win32.Agent.fu

eTrust-Vet 31.6.6195 2008.11.06 -

Ewido 4.0 2008.11.06 -

F-Prot 4.4.4.56 2008.11.06 -

F-Secure 8.0.14332.0 2008.11.06 -

Fortinet 3.117.0.0 2008.11.06 PossibleThreat

GData 19 2008.11.06 -

Ikarus T3.1.1.45.0 2008.11.06 -

K7AntiVirus 7.10.518 2008.11.06 Trojan.Win32.Malware.2

Kaspersky 7.0.0.125 2008.11.06 -

McAfee 5425 2008.11.05 -

Microsoft 1.4005 2008.11.06 -

NOD32 3592 2008.11.06 -

Norman 5.80.02 2008.11.06 W32/Agent.HHSF

Panda 9.0.0.4 2008.11.05 Trj/Downloader.MDW

PCTools 4.4.2.0 2008.11.06 -

Prevx1 V2 2008.11.06 Malicious Software

Rising 21.02.32.00 2008.11.06 -

SecureWeb-Gateway 6.7.6 2008.11.06 -

Sophos 4.35.0 2008.11.06 -

Sunbelt 3.1.1783.2 2008.11.05 -

Symantec 10 2008.11.06 -

TheHacker 6.3.1.1.141 2008.11.05 -

TrendMicro 8.700.0.1004 2008.11.06 -

VBA32 3.12.8.9 2008.11.05 -

ViRobot 2008.11.6.1455 2008.11.06 Hoax..Agent.61440

VirusBuster 4.5.11.0 2008.11.06 -

Additional information

File size: 61440 bytes

MD5...: 589312a3b46721c5a751e4d5222a89be

SHA1..: 3a497d3968a4f6e3c648d196da38e5f98e75ec30

SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae

SHA512: c8abe050c97efe34541c3ef293a750e34b82117ae41f41d83db1f1489eb5d776

a1d59d0b4a1e13536e5bebda630693daf4be66cc386f587a69288c76df98cf7b

PEiD..: -

TrID..: File type identification

Clipper DOS Executable (33.3%)

Generic Win/DOS Executable (33.0%)

DOS Executable Generic (33.0%)

VXD Driver (0.5%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x1d394

timedatestamp.....: 0x476b398b (Fri Dec 21 03:56:59 2007)

machinetype.......: 0x14c (I386)

 

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x400 0xd756 0xd780 5.52 e0dc8fff10e3a7c6343455cd02a67954

.rdata 0xdb80 0x10e 0x180 3.44 d2fd0bc28e070ccc67879e04b7cd5302

.data 0xdd00 0xc0 0x100 0.04 66a415a49d751cb335895306ecfb3389

INIT 0xde00 0x376 0x380 5.17 79cc3d62ef3ba8053786e08dc9b6cddc

.reloc 0xe180 0xe2c 0xe80 6.60 4f845320301140370066cbceee4c5e4c

 

( 1 imports )

> ntoskrnl.exe: ZwWriteFile, wcslen, RtlUpcaseUnicodeChar, ZwClose, ZwCreateFile, RtlInitUnicodeString, wcscat, wcscpy, _wcsicmp, ZwQueryValueKey, ZwOpenKey, ZwDeleteKey, swprintf, ZwEnumerateKey, ExFreePoolWithTag, DbgPrint, ExAllocatePoolWithTag, RtlPrefixUnicodeString, RtlDeleteRegistryValue, ZwSetValueKey, RtlWriteRegistryValue, ZwEnumerateValueKey, ZwOpenFile, ZwSetInformationFile, KeTickCount, ZwQueryInformationFile, KeBugCheck, MmGetSystemRoutineAddress, ZwFlushKey, PsTerminateSystemThread, KeSetPriorityThread, KeGetCurrentThread, RtlCheckRegistryKey, KeDelayExecutionThread, ZwReadFile, PsCreateSystemThread, PsGetVersion

 

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp...CA22500289EA8D6

ThreatExpert info: http://www.threatexpert.com/report.aspx?md...751e4d5222a89be

 

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

[norbat]

Lag deg et cfscript med følgendei innhold:

 

File::

c:\windows\System32\drivers\rqzwnumm.sys

 

DirLook::

C:\Users\Default\My Documents\My Pictures

C:\Users\Default\My Documents\My Music

[raWrz]

skal jeg dra den over combofix eller skal jeg gjøre noe annet først?

[norbat]

Dra den bare over combofix-iconet, ja.

[raWrz]

ny combofix log :

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-11-05.02 - Dah L33T LapTop 2008-11-06 20:18:40.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1980 [GMT 1:00]

Running from: c:\users\Dah L33T LapTop\Desktop\ComboFix.exe

Command switches used :: c:\users\Dah L33T LapTop\Desktop\CFscript.txt

* Created a new restore point

 

FILE ::

c:\windows\System32\drivers\rqzwnumm.sys

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\System32\drivers\rqzwnumm.sys

 

.

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))

.

 

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- c:\users\All Users\NOS

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- c:\programdata\NOS

2008-11-05 16:19 . 2008-11-05 16:19 <DIR> d-------- c:\program files\NOS

2008-10-29 19:40 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll

2008-10-28 19:37 . 2008-10-28 19:37 <DIR> d--h----- c:\program files\Temp

2008-10-28 19:37 . 2008-10-28 19:39 <DIR> d-------- c:\program files\Realtek

2008-10-28 19:37 . 2008-10-28 19:37 2,346,016 --a------ c:\windows\System32\RtkAPO.dll

2008-10-28 18:18 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-28 18:18 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-28 18:18 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-26 08:54 . 2008-10-22 19:42 958,464 --a------ c:\windows\System32\nvsvcr.dll

2008-10-26 08:54 . 2008-10-22 19:42 122,880 --a------ c:\windows\System32\nvcod135.dll

2008-10-26 08:54 . 2008-07-15 05:27 92,704 --a------ c:\windows\System32\nvmctray.dll

2008-10-26 08:54 . 2008-10-22 19:42 4,160 --a------ c:\windows\System32\drivers\nvBridge.kmd

2008-10-25 00:24 . 2008-10-25 00:24 <DIR> d-------- c:\program files\LITEON

2008-10-25 00:23 . 2008-10-25 00:23 <DIR> d-------- c:\windows\Downloaded Installations

2008-10-25 00:16 . 2008-02-25 15:28 238,080 --a------ c:\windows\System32\ITEIO_64.dll

2008-10-25 00:16 . 2008-02-25 15:29 14,544 --a------ c:\windows\System32\drivers\TVicPort.sys

2008-10-25 00:16 . 2008-02-25 15:29 6,080 --a------ c:\windows\System32\drivers\zntport.sys

2008-10-25 00:01 . 2008-10-25 00:01 <DIR> d-------- c:\program files\Marvell

2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\windows\Sun

2008-10-23 20:39 . 2008-10-23 20:39 <DIR> d-------- C:\directx

2008-10-23 19:54 . 2008-10-23 19:54 277 --a------ c:\windows\game.ini

2008-10-21 14:52 . 2008-10-21 14:52 268 --ah----- C:\sqmdata02.sqm

2008-10-21 14:52 . 2008-10-21 14:52 244 --ah----- C:\sqmnoopt02.sqm

2008-10-20 16:59 . 2008-11-06 20:03 <DIR> dr------- c:\users\Dah L33T LapTop\Downloads

2008-10-19 18:50 . 2008-10-19 18:50 268 --ah----- C:\sqmdata01.sqm

2008-10-19 18:50 . 2008-10-19 18:50 244 --ah----- C:\sqmnoopt01.sqm

2008-10-18 00:58 . 2008-10-18 00:58 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-10-15 19:15 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys

2008-10-15 18:18 . 2008-10-15 18:18 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\Acreon

2008-10-15 10:52 . 2008-10-15 10:52 <DIR> d-------- c:\users\All Users\Blizzard

2008-10-15 10:52 . 2008-10-15 10:52 <DIR> d-------- c:\programdata\Blizzard

2008-10-13 16:14 . 2008-09-12 02:05 122,880 --a------ c:\windows\System32\nvcod134.dll

2008-10-06 17:29 . 2008-05-22 02:34 446,464 --a------ c:\windows\System32\nvuhda.exe

2008-10-06 17:29 . 2008-05-22 02:34 43,040 --a------ c:\windows\System32\drivers\nvhda32v.sys

2008-10-06 17:29 . 2008-05-22 02:34 351 --a------ c:\windows\System32\nvhda.nvu

2008-10-06 16:34 . 2008-10-06 16:37 <DIR> d-------- c:\windows\Google Earth Pro 4.2

2008-10-06 13:34 . 2008-10-06 13:34 <DIR> d-------- c:\program files\Trend Micro

2008-10-06 13:17 . 2008-10-06 13:17 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\PCF-VLC

2008-10-06 13:15 . 2008-10-06 13:15 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\JLC's Software

2008-10-06 13:14 . 2008-10-06 13:14 <DIR> d-------- c:\users\Dah L33T LapTop\AppData\Roaming\Participatory Culture Foundation

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-06 19:07 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\uTorrent

2008-11-06 19:07 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\LimeWire

2008-11-06 18:23 794 ----a-w c:\program files\houvggv.txt

2008-11-06 14:02 --------- d-----w c:\program files\Common Files\Adobe

2008-11-05 20:15 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-11-05 15:27 98,320 ----a-w c:\windows\system32\drivers\cmdguard.sys

2008-11-05 15:27 25,104 ----a-w c:\windows\system32\drivers\cmdhlp.sys

2008-11-05 15:27 143,096 ----a-w c:\windows\System32\guard32.dll

2008-11-03 14:30 --------- d-----w c:\programdata\NVIDIA

2008-11-02 14:10 183,120 ----a-w c:\windows\System32\PnkBstrB.exe

2008-11-02 14:10 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-10-31 15:02 32,821 ----a-w c:\users\All Users\nvModes.dat

2008-10-31 15:02 32,821 ----a-w c:\programdata\nvModes.dat

2008-10-29 18:34 682,280 ----a-w c:\windows\System32\pbsvc.exe

2008-10-29 18:34 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-10-29 18:34 22,328 ----a-w c:\users\Dah L33T LapTop\AppData\Roaming\PnkBstrK.sys

2008-10-29 18:34 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-24 23:01 53,248 ----a-w c:\windows\System32\CSVer.dll

2008-10-23 17:16 --------- d-----w c:\program files\Common Files\Steam

2008-10-22 18:42 801,312 ----a-w c:\windows\System32\nvcplui.exe

2008-10-22 18:42 1,108,512 ----a-w c:\windows\System32\nvcpluir.dll

2008-10-22 15:55 453,152 ----a-w c:\windows\System32\nvuninst.exe

2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-21 06:20 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-15 18:57 --------- d-----w c:\program files\Windows Mail

2008-10-15 18:18 --------- d-----w c:\programdata\Microsoft Help

2008-10-07 10:05 --------- d-----w c:\program files\Acer GameZone

2008-10-07 10:01 --------- d-----w c:\program files\Windows Live

2008-10-05 18:34 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\vlc

2008-10-05 11:20 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\AusLogics

2008-10-04 17:01 --------- d-----w c:\programdata\CyberLink

2008-10-04 16:52 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\CyberLink

2008-10-04 15:33 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\InstallShield Installation Information

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 04:47 --------- d-----w c:\program files\Xvid

2008-09-27 19:36 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Ventrilo

2008-09-27 13:46 --------- d-----w c:\program files\Common Files\InstallShield

2008-09-27 10:50 --------- d-----w c:\program files\ElcomSoft

2008-09-26 13:39 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\IObit

2008-09-24 18:56 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Winamp

2008-09-23 17:51 --------- d-----w c:\programdata\Avira

2008-09-22 13:00 --------- d-----w c:\program files\Java

2008-09-22 12:59 --------- d-----w c:\program files\Common Files\Java

2008-09-22 12:57 --------- d-----w c:\program files\UltraMon

2008-09-21 18:37 28,728 ----a-w c:\windows\system32\drivers\msahci.sys

2008-09-21 18:37 21,560 ----a-w c:\windows\system32\drivers\atapi.sys

2008-09-21 18:01 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Realtime Soft

2008-09-21 18:01 --------- d-----w c:\programdata\Realtime Soft

2008-09-21 12:40 --------- d-----w c:\program files\Cyberlink

2008-09-21 12:27 --------- d-----w c:\program files\eSobi

2008-09-21 12:03 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-09-21 12:03 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Malwarebytes

2008-09-21 12:03 --------- d-----w c:\programdata\Malwarebytes

2008-09-21 12:02 --------- d-----w c:\programdata\WLInstaller

2008-09-21 11:35 92,704 ----a-w c:\windows\System32\nvhotkey.dll

2008-09-21 11:35 313,888 ----a-w c:\windows\System32\nvexpbar.dll

2008-09-21 11:35 217,088 ----a-w c:\windows\System32\oemdspif.dll

2008-09-21 10:52 --------- d-----w c:\programdata\McAfee

2008-09-21 10:44 --------- d-----w c:\programdata\SiteAdvisor

2008-09-21 10:23 --------- d-----w c:\program files\MSXML 4.0

2008-09-21 10:18 --------- d-----w c:\programdata\Comodo

2008-09-21 10:17 --------- d-----w c:\program files\Acer

2008-09-21 09:50 --------- d-----w c:\program files\Acer Inc

2008-09-21 09:50 --------- d-----w c:\program files\Acer Arcade Deluxe

2008-09-21 09:40 --------- d-----w c:\programdata\eSobi

2008-09-21 09:31 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Yahoo!

2008-09-21 09:30 --------- d-----w c:\program files\Launch Manager

2008-09-21 09:29 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Acer

2008-09-21 09:27 --------- d-----w c:\program files\SuYin

2008-09-21 09:26 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\InstallShield

2008-09-21 09:24 --------- d-----w c:\program files\WIDCOMM

2008-09-21 09:22 --------- d-----w c:\users\Dah L33T LapTop\AppData\Roaming\Comodo

2008-09-21 09:07 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-09-21 08:56 --------- d-sh--w c:\programdata\Start-meny

2008-09-21 08:56 --------- d-sh--w c:\programdata\Skrivebord

2008-09-21 08:56 --------- d-sh--w c:\programdata\Programdata

2008-09-21 08:56 --------- d-sh--w c:\programdata\Maler

2008-09-21 08:56 --------- d-sh--w c:\programdata\Favoritter

2008-09-21 08:56 --------- d-sh--w c:\programdata\Dokumenter

2008-09-21 08:56 --------- d-sh--w c:\program files\Fellesfiler

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll

2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of c:\users\Default\My Documents\My Music ----

 

2006-11-02 14:02 0 d--hs---l c:\users\Default\My Documents\My Music\

 

---- Directory of c:\users\Default\My Documents\My Pictures ----

 

2006-11-02 14:02 0 d--hs---l c:\users\Default\My Documents\My Pictures\

 

 

((((((((((((((((((((((((((((( snapshot@2008-11-06_18.25.50.93 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-06 16:47:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-11-06 18:16:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-11-06 16:47:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-11-06 18:16:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-11-06 17:25:02 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-06 18:17:34 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-06 18:17:34 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-11-06 16:53:28 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-06 18:17:39 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-06 18:17:39 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-11-06 17:24:49 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-11-06 19:18:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-11-06 19:18:21 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-11-06 16:54:03 101,250 ----a-w c:\windows\System32\perfc009.dat

+ 2008-11-06 18:22:44 101,250 ----a-w c:\windows\System32\perfc009.dat

- 2008-11-06 16:54:03 76,478 ----a-w c:\windows\System32\perfc014.dat

+ 2008-11-06 18:22:44 76,478 ----a-w c:\windows\System32\perfc014.dat

- 2008-11-06 16:54:03 587,178 ----a-w c:\windows\System32\perfh009.dat

+ 2008-11-06 18:22:44 587,178 ----a-w c:\windows\System32\perfh009.dat

- 2008-11-06 16:54:03 452,326 ----a-w c:\windows\System32\perfh014.dat

+ 2008-11-06 18:22:44 452,326 ----a-w c:\windows\System32\perfh014.dat

+ 2006-11-02 09:45:39 31,744 ----a-w c:\windows\System32\swsc.exe

- 2008-11-06 16:49:32 8,470 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-283551383-3393271654-1372367075-1000_UserData.bin

+ 2008-11-06 18:18:01 8,642 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-283551383-3393271654-1372367075-1000_UserData.bin

- 2008-11-06 16:49:32 82,856 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-11-06 18:18:00 83,046 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-11-06 16:49:32 50,928 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-11-06 18:18:00 51,134 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="d:\avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-28 6335008]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-15 13576736]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-15 92704]

"COMODO Firewall Pro"="d:\comodo\Firewall\cfp.exe" [2008-11-05 1797880]

"COMODO Internet Security"="d:\comodo\Firewall\cfp.exe" [2008-11-05 1797880]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2008-10-22 1261200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableStatusMessages"= 1 (0x1)

"DisableStartupSound"= 1 (0x1)

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= c:\windows\system32\guard32.dll

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]

backup=c:\windows\pss\Acer VCM.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

-ra------ 2008-09-26 11:02 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]

--------- 2008-04-10 15:30 147456 c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

--a------ 2008-04-06 21:42 34040 c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

--------- 2008-04-10 15:30 167936 c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]

--------- 2008-03-07 02:36 544768 c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

--a------ 2008-03-04 22:38 526896 c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]

--a------ 2008-04-30 18:02 397312 c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2008-04-01 02:01 793096 c:\progra~1\LAUNCH~1\LManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]

--------- 2008-04-18 14:18 167936 c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2008-02-22 20:50 1037608 c:\program files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

--a------ 2008-01-29 08:03 303104 c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-04 00:02 36352 d:\winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-283551383-3393271654-1372367075-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C2484D3D-1116-48C4-BFB8-B91B14183680}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F0ED5C80-031A-42D7-AC02-276BBDB43C1E}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM

"{825E1D77-3D30-470B-A386-04056CDD27BE}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)

"{5FC90F3E-F89B-48C6-BC14-7A076996F39C}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)

"{E0D7E821-B200-408B-9A95-FAB595A18E8F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{5A91D12D-2525-4F45-955A-B58B6F59F9D8}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{3C51D6BC-65D2-4F47-B1F1-DCA2CE4444F3}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{306C9E70-1147-4C33-BED8-40599F5AE5A3}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{2207945A-421A-49DD-9DEA-C6A0E1EB0F17}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-05 98320]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-05 25104]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 14:01 61424]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-22 43040]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

S3 btwaudio;Bluetooth-lydenhet;c:\windows\system32\drivers\btwaudio.sys [2008-02-14 80424]

S3 btwavdt;Bluetooth AVDT;c:\windows\system32\drivers\btwavdt.sys [2007-07-16 80936]

S3 btwrchid;btwrchid;c:\windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]

S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-10-23 87288]

S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-06 20:23:07

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-06 20:24:35

ComboFix-quarantined-files.txt 2008-11-06 19:24:32

ComboFix2.txt 2008-11-06 18:32:33

ComboFix3.txt 2008-11-06 17:27:13

ComboFix4.txt 2008-10-05 11:44:41

 

Pre-Run: 104 525 082 624 byte ledig

Post-Run: 104,784,687,104 byte ledig

 

311 --- E O F --- 2008-10-28 18:13:20

 

forresten tror denne ødelegger internette mitt ja fordi sists gang jeg hadde denne trojaneren så ble internett forbindelsen min helt ødelagt så jeg tok formatering og da ble det borte

[norbat]

Finner MBAM fortsatt de samme ved skan?

[raWrz]

jepp :-/

[norbat]

Hm, ok.

Vi kan se om filene faktisk ligger der mbam sier de ligger. Dette er noen litt spesielle mapper, så det må noen triks for å få tilgang til den:

 

1. Gå til kontrollpanel->mappealternativer->vis. Sett på 'Vis skjulte filer og mapper' samt fjern merket framfor 'Skjul beskyttede operativsystemfiler'

 

2. Bla deg fram til C:\Users\Default

Der vil du se My Documents, men du vil ikke få tilgang.

Gjør følgende:

-høyreklikk på mappa og velg egenskaper

- velg arkfanen Sikkerhet

- Merk Alle (under Gruppe- eller brukernavn)

- klikk Avansert-knappen

- merk linja som starter med Avslå ...............Vise mapper/lese....

-klikk Rediger

- si ja.....

- merk linja igjen og klikk Rediger

- Flytt merket fra Avslå til Tillat ved Vise mapper/lese data

- klikk deg ut ved å trykke på ja-knappene

Du vil nå få tilgang til mappa My Documents

For å se hva som evt. ligger i mappa My Music, må du gjennom samme prosedyre.

Hvis du finner noen filer der, så kan du høyreklikke på fila og velg å scanne med MBAM direkte på fila.

[raWrz]

"C:\Users\Default\My Documents\My Pictures er ikke tilgjengelig

Navnet på fila kan ikke løses"

 

har prøvd på de andre også :s

[norbat]

Endret du rettighetene på mappen My Pictures først (på samme måte som My Documents)?