Virus skjekk, HJT, MBAM og Combofix logger!

[Pizzaen]

Hei Tenkte jeg skulle ta en skjekk på laptoppen min etter virus, fikk den nettopp av min bror og det er sikkert endel virus innpå den fordi den er utrolig treg...

 

MBAM

 

 

Malwarebytes' Anti-Malware 1.28

Database versjon: 1204

Windows 5.1.2600 Service Pack 2

 

25.09.2008 18:41:40

mbam-log-2008-09-25 (18-41-40).txt

 

Skanntype: Rask Skann

Objekter skannet: 44774

Tid tilbakelagt: 3 minute(s), 12 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

 

 

Combofix:

 

 

ComboFix 08-09-25.01 - Administrator 2008-09-25 18:46:10.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1455 [GMT 2:00]

Running from: D:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 )))))))))))))))))))))))))))))))

.

 

2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- D:\Programfiler\Malwarebytes' Anti-Malware

2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Malwarebytes

2008-09-25 18:37 . 2008-09-10 00:04 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-25 18:37 . 2008-09-10 00:03 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys

2008-09-24 13:33 . 2008-09-24 13:34 <DIR> d-------- D:\Programfiler\SystemRequirementsLab

2008-09-24 13:33 . 2008-09-24 13:33 <DIR> d-------- D:\Documents and Settings\Administrator\SystemRequirementsLab

2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Programfiler\Viewpoint

2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Programfiler\Fellesfiler\AOL

2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Viewpoint

2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\AOL OCP

2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\AOL

2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\acccore

2008-09-24 13:26 . 2008-09-24 13:27 <DIR> d-------- D:\Programfiler\AIM6

2008-09-24 13:26 . 2008-09-24 13:27 366 --ah----- D:\IPH.PH

2008-09-22 19:57 . 2008-09-22 19:57 <DIR> d-------- D:\Programfiler\TeamViewer3

2008-09-22 19:57 . 2008-09-22 19:57 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\TeamViewer

2008-09-22 19:56 . 2008-09-22 19:56 <DIR> d-------- D:\Documents and Settings\Administrator\temp

2008-09-22 17:52 . 2008-09-22 17:52 <DIR> d-------- D:\Programfiler\CodeStuff

2008-09-22 13:08 . 2008-09-22 13:08 268 --ah----- D:\sqmdata06.sqm

2008-09-22 13:08 . 2008-09-22 13:08 244 --ah----- D:\sqmnoopt06.sqm

2008-09-21 21:35 . 2008-09-21 21:35 268 --ah----- D:\sqmdata05.sqm

2008-09-21 21:35 . 2008-09-21 21:35 244 --ah----- D:\sqmnoopt05.sqm

2008-09-21 18:55 . 2008-09-21 18:55 268 --ah----- D:\sqmdata04.sqm

2008-09-21 18:55 . 2008-09-21 18:55 244 --ah----- D:\sqmnoopt04.sqm

2008-09-21 18:17 . 2008-09-21 18:17 268 --ah----- D:\sqmdata03.sqm

2008-09-21 18:17 . 2008-09-21 18:17 244 --ah----- D:\sqmnoopt03.sqm

2008-09-21 17:13 . 2008-09-21 17:13 268 --ah----- D:\sqmdata02.sqm

2008-09-21 17:13 . 2008-09-21 17:13 244 --ah----- D:\sqmnoopt02.sqm

2008-09-21 15:56 . 2008-09-21 15:56 268 --ah----- D:\sqmdata01.sqm

2008-09-21 15:56 . 2008-09-21 15:56 244 --ah----- D:\sqmnoopt01.sqm

2008-09-21 15:35 . 2008-09-21 15:35 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\vlc

2008-09-21 15:34 . 2008-09-21 15:34 <DIR> d-------- D:\Programfiler\VideoLAN

2008-09-21 14:58 . 2008-09-21 14:58 268 --ah----- D:\sqmdata00.sqm

2008-09-21 14:58 . 2008-09-21 14:58 244 --ah----- D:\sqmnoopt00.sqm

2008-09-02 00:04 . 2008-09-02 00:04 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\ESET

2008-09-02 00:01 . 2008-09-02 00:01 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\ESET

2008-08-31 19:25 . 2007-10-18 12:59 201,488 --------- D:\WINDOWS\system32\MACD32.DLL

2008-08-31 19:25 . 2007-10-18 12:59 144,144 --------- D:\WINDOWS\system32\MASE32.DLL

2008-08-31 19:25 . 2007-10-18 12:59 141,584 --------- D:\WINDOWS\system32\MAMC32.DLL

2008-08-31 19:25 . 2007-10-18 12:59 63,248 --------- D:\WINDOWS\system32\MASD32.DLL

2008-08-31 19:25 . 2007-10-18 12:59 33,040 --------- D:\WINDOWS\system32\MA32.DLL

2008-08-31 19:24 . 2008-08-31 19:24 <DIR> d-------- D:\Programfiler\Pinnacle

2008-08-31 19:24 . 2003-03-19 06:28 2,179,072 --------- D:\WINDOWS\system32\mfc71d.dll

2008-08-31 19:24 . 2003-03-19 05:04 765,952 --------- D:\WINDOWS\system32\msvcp71d.dll

2008-08-31 19:24 . 2002-01-05 21:16 737,280 --------- D:\WINDOWS\system32\msvcp70d.dll

2008-08-31 19:24 . 2006-12-01 23:54 626,688 --------- D:\WINDOWS\system32\msvcr80.dll

2008-08-31 19:24 . 2006-12-01 23:54 548,864 --------- D:\WINDOWS\system32\msvcp80.dll

2008-08-31 19:24 . 2003-03-19 05:03 544,768 --------- D:\WINDOWS\system32\msvcr71d.dll

2008-08-31 19:24 . 2002-01-05 13:40 487,424 --------- D:\WINDOWS\system32\MSVCP70.DLL

2008-08-31 19:24 . 2004-07-23 09:00 446,464 --------- D:\WINDOWS\system32\HHActiveX.dll

2008-08-31 19:24 . 2004-06-03 12:47 385,100 --------- D:\WINDOWS\system32\MSVCRTD.DLL

2008-08-31 19:24 . 2002-01-05 13:37 344,064 --------- D:\WINDOWS\system32\MSVCR70.DLL

2008-08-31 19:22 . 2008-08-31 19:29 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Pinnacle

2008-08-31 19:20 . 2008-08-31 19:20 <DIR> d-------- D:\Documents and Settings\Administrator\Pinnacle

2008-08-31 18:59 . 2008-08-31 18:59 <DIR> d-------- D:\WINDOWS\Sun

2008-08-31 18:59 . 2008-08-31 19:01 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Download Manager

2008-08-31 12:32 . 2008-08-31 12:32 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Apple Computer

2008-08-31 12:31 . 2008-08-31 12:31 <DIR> d-------- D:\Programfiler\iPod

2008-08-31 12:30 . 2008-08-31 12:32 <DIR> d-------- D:\Programfiler\iTunes

2008-08-31 12:25 . 2008-08-31 12:25 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Apple Computer

2008-08-31 12:24 . 2008-08-31 12:24 <DIR> d-------- D:\Programfiler\Apple Software Update

2008-08-31 12:22 . 2008-08-31 12:22 <DIR> d-------- D:\Programfiler\Fellesfiler\Apple

2008-08-31 12:22 . 2008-08-31 12:22 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Apple

2008-08-31 02:53 . 2008-08-31 02:53 <DIR> d-------- D:\Programfiler\Fellesfiler\Control Panels

2008-08-31 02:51 . 2008-08-31 02:51 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\ALM

2008-08-31 02:48 . 2008-08-31 02:48 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\FLEXnet

2008-08-31 02:40 . 2008-08-31 12:27 <DIR> d-------- D:\Programfiler\QuickTime

2008-08-31 02:32 . 2007-02-20 16:04 2,463,976 --a------ D:\WINDOWS\system32\NPSWF32.dll

2008-08-31 02:32 . 2007-02-20 16:04 190,696 --a------ D:\WINDOWS\system32\NPSWF32_FlashUtil.exe

2008-08-31 02:29 . 2008-08-31 02:29 <DIR> d-------- D:\Programfiler\CoffeeCup Software

2008-08-31 02:29 . 1999-03-22 12:29 233,472 --a------ D:\WINDOWS\system32\Ilda32.dll

2008-08-31 02:29 . 1998-06-17 04:00 18,944 --a------ D:\WINDOWS\system32\BORLNDMM.DLL

2008-08-31 02:23 . 2008-08-31 12:28 <DIR> d-------- D:\Programfiler\Bonjour

2008-08-31 02:19 . 2008-08-31 02:19 <DIR> d-------- D:\Programfiler\Fellesfiler\Macrovision Shared

2008-08-31 02:12 . 2008-08-31 02:56 <DIR> d-------- D:\Programfiler\Fellesfiler\Adobe

2008-08-31 01:54 . 2006-10-26 19:56 32,592 --a------ D:\WINDOWS\system32\msonpmon.dll

2008-08-31 01:53 . 2008-08-31 01:53 <DIR> d-------- D:\Programfiler\Microsoft Works

2008-08-31 01:52 . 2008-08-31 01:52 <DIR> d-------- D:\Programfiler\Microsoft.NET

2008-08-31 01:49 . 2008-08-31 01:50 <DIR> d-------- D:\WINDOWS\SHELLNEW

2008-08-31 01:49 . 2008-08-31 01:49 <DIR> dr-h----- D:\MSOCache

2008-08-31 01:49 . 2008-08-31 01:54 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-31 00:56 . 2008-09-22 16:11 <DIR> d-------- D:\Documents and Settings\Administrator\Contacts

2008-08-30 23:17 . 2008-08-30 23:22 <DIR> d--hsc--- D:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-08-30 23:16 . 2008-08-30 23:22 <DIR> d-------- D:\Programfiler\Windows Live

2008-08-30 23:16 . 2008-08-30 23:16 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\WLInstaller

2008-08-30 23:13 . 2008-09-25 18:00 <DIR> d-------- D:\WINDOWS\system32\Lang

2008-08-30 23:13 . 2008-08-30 23:13 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav

2008-08-30 23:13 . 2008-08-30 23:13 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav

2008-08-30 23:07 . 2008-08-30 23:07 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Windows Search

2008-08-30 23:07 . 2008-08-30 23:07 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Windows Desktop Search

2008-08-30 23:06 . 2008-08-30 23:06 <DIR> d-------- D:\WINDOWS\system32\GroupPolicy

2008-08-30 23:06 . 2008-08-30 23:06 <DIR> d-------- D:\Programfiler\Windows Desktop Search

2008-08-30 23:06 . 2008-03-07 18:56 192,000 -----c--- D:\WINDOWS\system32\dllcache\offfilt.dll

2008-08-30 23:06 . 2008-03-07 18:56 98,304 -----c--- D:\WINDOWS\system32\dllcache\nlhtml.dll

2008-08-30 23:06 . 2008-03-07 18:56 29,696 -----c--- D:\WINDOWS\system32\dllcache\mimefilt.dll

2008-08-30 23:00 . 2008-08-30 23:00 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Locktime

2008-08-30 22:59 . 2008-08-30 22:59 <DIR> d-------- D:\Programfiler\DirectVobSub

2008-08-30 22:58 . 2008-08-30 22:58 <DIR> d-------- D:\Programfiler\NetLimiter 2 Pro

2008-08-30 22:58 . 2008-08-30 22:58 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Locktime

2008-08-30 22:54 . 2004-08-04 01:03 130,048 --a------ D:\WINDOWS\system32\ksproxy.ax

2008-08-30 22:53 . 2004-08-04 01:03 74,240 --a------ D:\WINDOWS\system32\usbui.dll

2008-08-30 22:53 . 2004-08-04 01:03 74,240 --a--c--- D:\WINDOWS\system32\dllcache\usbui.dll

2008-08-30 22:53 . 2004-08-04 01:07 14,080 --a------ D:\WINDOWS\system32\drivers\CmBatt.sys

2008-08-30 22:53 . 2001-08-17 23:57 14,080 --a------ D:\WINDOWS\system32\drivers\battc.sys

2008-08-30 22:53 . 2001-08-17 23:58 9,344 --a------ D:\WINDOWS\system32\drivers\compbatt.sys

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> dr------- D:\Documents and Settings\Default User\Start-meny

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\Default User\Skrivere

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- D:\Documents and Settings\Default User\Skrivebord

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\Default User\Siste

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- D:\Documents and Settings\Default User\Mine dokumenter

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\Default User\Maler

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> dr-h----- D:\Documents and Settings\Default User\Lokale innstillinger

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- D:\Documents and Settings\Default User\Favoritter

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\Default User\AndrMask

2008-08-30 22:52 . 2008-08-30 21:19 <DIR> dr------- D:\Documents and Settings\All Users\Start-meny

2008-08-30 22:52 . 2008-09-25 18:37 <DIR> d-------- D:\Documents and Settings\All Users\Skrivebord

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\All Users\Maler

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- D:\Documents and Settings\All Users\Favoritter

2008-08-30 22:52 . 2008-08-31 19:26 <DIR> dr------- D:\Documents and Settings\All Users\Dokumenter

2008-08-30 22:51 . 2008-08-30 22:52 <DIR> dr-h----- D:\Documents and Settings\Default User\Programdata

2008-08-30 22:51 . 2008-09-24 21:58 <DIR> d--h----- D:\Documents and Settings\Default User

2008-08-30 22:51 . 2008-09-25 18:37 <DIR> dr-h----- D:\Documents and Settings\All Users\Programdata

2008-08-30 22:51 . 2008-08-30 20:59 <DIR> d-------- D:\Documents and Settings\All Users

2008-08-30 22:34 . 2008-08-30 22:34 <DIR> d-------- D:\Programfiler\uTorrent

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-21 13:07 --------- d-----w D:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-31 17:24 --------- d--h--w D:\Programfiler\InstallShield Installation Information

2008-08-31 00:58 --------- d-----w D:\Documents and Settings\Administrator\Programdata\Media Player Classic

2008-08-30 20:07 --------- d-----w D:\Programfiler\Intel

2008-08-30 19:59 --------- d-----w D:\Programfiler\Wireless Console 2

2008-08-30 19:59 --------- d-----w D:\Programfiler\Toshiba

2008-08-30 19:58 --------- d-----w D:\Programfiler\Synaptics

2008-08-30 19:57 --------- d-----w D:\Programfiler\Realtek

2008-08-30 19:56 --------- d-----w D:\Programfiler\Fellesfiler\InstallShield

2008-08-30 19:52 --------- d-----w D:\Programfiler\DAEMON Tools

2008-08-30 19:50 472,576 ----a-w D:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

2008-08-30 19:50 --------- d-----w D:\Programfiler\Radeon Omega Drivers

2008-08-30 19:19 --------- d-----w D:\Programfiler\Spybot - Search & Destroy

2008-08-30 19:19 --------- d-----w D:\Programfiler\Settings2

2008-08-30 19:19 --------- d-----w D:\Programfiler\HighMAT CD Writing Wizard

2008-08-30 19:19 --------- d-----w D:\Programfiler\Clue

2008-08-30 19:18 --------- d-----w D:\Programfiler\Unlocker

2008-08-30 19:18 --------- d-----w D:\Programfiler\Java

2008-08-30 19:18 --------- d-----w D:\Programfiler\Alarm

2008-08-30 19:18 --------- d-----w D:\Programfiler\Ahead

2008-08-30 19:18 --------- d-----w D:\Documents and Settings\All Users\Programdata\Ahead

2008-08-30 19:17 --------- d-----w D:\Programfiler\Xvid

2008-08-30 19:17 --------- d-----w D:\Programfiler\Fellesfiler\Java

2008-08-30 19:17 --------- d-----w D:\Programfiler\Fellesfiler\Ahead

2008-08-30 19:17 --------- d-----w D:\Programfiler\AC3Filter

2008-08-30 19:16 --------- d-----w D:\Programfiler\MPC

2008-08-30 19:15 --------- d-----w D:\Programfiler\MSBuild

2008-08-30 19:12 --------- d-----w D:\Programfiler\Reference Assemblies

2008-08-30 19:04 --------- d-----w D:\Programfiler\WGA

2008-08-30 19:04 --------- d-----w D:\Programfiler\microsoft frontpage

2008-08-30 19:02 715,248 ----a-w D:\WINDOWS\system32\drivers\sptd.sys

2008-08-30 19:01 --------- d-----w D:\Programfiler\MSXML 6.0

2008-08-30 19:01 --------- d-----w D:\Programfiler\MSXML 4.0

2008-08-30 19:00 --------- d-----w D:\Programfiler\Windows Media Connect 2

2008-08-30 18:58 --------- d-----w D:\Programfiler\Fellesfiler\Tjenester

2008-08-30 18:58 --------- d-----w D:\Programfiler\Elektroniske tjenester

2008-07-16 23:02 633,856 ------w D:\WINDOWS\system32\gpprefcl.dll

2008-07-07 20:23 253,952 ----a-w D:\WINDOWS\system32\es.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-24_21.56.27.92 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-24 14:45:50 16,384 --sha-w D:\WINDOWS\Temp\Cookies\index.dat

+ 2008-09-25 16:00:14 16,384 --sha-w D:\WINDOWS\Temp\Cookies\index.dat

- 2008-09-24 14:45:50 32,768 --sha-w D:\WINDOWS\Temp\History\History.IE5\index.dat

+ 2008-09-25 16:00:14 32,768 --sha-w D:\WINDOWS\Temp\History\History.IE5\index.dat

+ 2008-09-25 16:01:23 32,768 --sha-w D:\WINDOWS\Temp\History\History.IE5\MSHist012008092520080926\index.dat

- 2008-09-24 14:45:50 32,768 --sha-w D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-25 16:00:14 32,768 --sha-w D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2008-02-15 15360]

"DAEMON Tools"="D:\Programfiler\DAEMON Tools\daemon.exe" [2007-11-17 171464]

"Core Temp"="C:\progs\coretemp\Core Temp.exe" [2008-07-10 260624]

"StatBar"="C:\progs\StatBar\StatBar.exe" [2005-01-22 335872]

"MsnMsgr"="D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-08-31 5724184]

"PMCRemote"="D:\Programfiler\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-06-12 214288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]

"HControl"="D:\WINDOWS\ATK0100\HControl.exe" [2005-11-10 102400]

"SynTPEnh"="D:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]

"Wireless Console 2"="D:\Programfiler\Wireless Console 2\wcourier.exe" [2005-10-17 987136]

"IntelZeroConfig"="D:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]

"IntelWireless"="D:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]

"EOUApp"="D:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]

"Power_Gear"="D:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016]

"ASUS Live Update"="D:\Programfiler\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224]

"Acrobat Assistant 8.0"="D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

"AppleSyncNotifier"="D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="D:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="D:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"AtiPTA"="atiptaxx.exe" [2006-02-22 D:\WINDOWS\system32\atiptaxx.exe]

"Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 D:\WINDOWS\system32\HdAShCut.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-05-27 D:\WINDOWS\sm56hlpr.exe]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 D:\WINDOWS\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-06-23 D:\WINDOWS\system32\advpack.dll]

 

D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Bluetooth Manager.lnk - D:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152]

Pinnacle Streaming Server.lnk - D:\Programfiler\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2008-03-25 603408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "D:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk]

path=D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk

backup=D:\WINDOWS\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"D:\\Programfiler\\uTorrent\\uTorrent.exe"=

"D:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"D:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"D:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"D:\\Programfiler\\iTunes\\iTunes.exe"=

"D:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"D:\\Programfiler\\Fellesfiler\\AOL\\Loader\\aolload.exe"=

"D:\\Programfiler\\AIM6\\aim6.exe"=

 

R1 nltdi;nltdi;D:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 82200]

R2 Viewpoint Manager Service;Viewpoint Manager Service;D:\Programfiler\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

R3 ALSysIO;ALSysIO;D:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\ALSysIO.sys [ ]

S3 USB28xxBGA;PCTV 330e/8x0e Device;D:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-08 476288]

S3 USB28xxOEM;USB 28xx OEM Filter;D:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-08 38656]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - D:\Documents and Settings\Administrator\Programdata\Mozilla\Firefox\Profiles\n406five.default\

FF -: plugin - D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll

FF -: plugin - D:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - D:\Programfiler\Mozilla Firefox\plugins\npViewpoint.dll

FF -: plugin - D:\Programfiler\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-25 18:48:16

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-09-25 18:51:27

ComboFix-quarantined-files.txt 2008-09-25 16:50:28

ComboFix2.txt 2008-09-24 19:58:00

 

Pre-Run: 27 577 856 000 byte ledig

Post-Run: 27,562,045,440 byte ledig

 

283

 

 

 

HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:52:59, on 25.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20861)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

D:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Programfiler\Bonjour\mDNSResponder.exe

D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe

D:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

D:\WINDOWS\system32\svchost.exe

D:\Programfiler\Viewpoint\Common\ViewpointService.exe

D:\WINDOWS\system32\SearchIndexer.exe

D:\Programfiler\NetLimiter 2 Pro\NLClient.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\ATK0100\HControl.exe

D:\WINDOWS\sm56hlpr.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

D:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

D:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

D:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe

D:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe

D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

D:\Programfiler\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Programfiler\DAEMON Tools\daemon.exe

C:\progs\coretemp\Core Temp.exe

D:\Programfiler\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

D:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

D:\Programfiler\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe

D:\WINDOWS\ATK0100\ATKOSD.exe

D:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

D:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

D:\Programfiler\iPod\bin\iPodService.exe

D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

D:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

D:\WINDOWS\System32\svchost.exe

D:\Programfiler\Windows Live\Messenger\usnsvc.exe

D:\Programfiler\iTunes\iTunes.exe

D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe

D:\WINDOWS\system32\SearchProtocolHost.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\WINDOWS\explorer.exe

D:\WINDOWS\system32\notepad.exe

D:\Programfiler\Mozilla Firefox\firefox.exe

D:\Documents and Settings\Administrator\Skrivebord\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [HControl] D:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [synTPEnh] D:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Wireless Console 2] D:\Programfiler\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [intelZeroConfig] "D:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "D:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "D:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [Power_Gear] D:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [ASUS Live Update] D:\Programfiler\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Core Temp] C:\progs\coretemp\Core Temp.exe

O4 - HKCU\..\Run: [statBar] C:\progs\StatBar\StatBar.exe

O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PMCRemote] D:\Programfiler\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Pinnacle Streaming Server.lnk = D:\Programfiler\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe

O8 - Extra context menu item: Append to existing PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - D:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Programfiler\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 10144 bytes