Virus på pcen. har logger

[kentove91]

ComboFix 09-01-13.04 - 19020KEBA 2009-01-14 23:19:04.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1919.1103 [GMT 1:00]

Kjører fra: c:\documents and settings\19020KEBA\Skrivebord\ComboFix.exe

AV: AVG *On-access scanning disabled* (Outdated)

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\install.exe

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-14 til 2009-01-14 )))))))))))))))))))))))))))))))))

.

 

2009-01-13 23:53 . 2009-01-14 00:55 <DIR> d--h----- C:\$AVG8.VAULT$

2009-01-13 22:50 . 2009-01-13 22:50 74,376 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-01-13 22:50 . 2009-01-13 22:50 12,424 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-01-13 22:50 . 2009-01-13 22:50 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-01-13 22:49 . 2009-01-13 23:21 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-01-13 22:49 . 2009-01-13 22:49 96,520 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-01-11 20:26 . 2009-01-11 20:26 <DIR> d-------- c:\windows\Peggle Nights Deluxe

2009-01-11 20:26 . 2009-01-13 21:20 <DIR> d-------- c:\programfiler\Peggle Nights Deluxe

2009-01-11 18:46 . 2009-01-11 18:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Software

2009-01-11 18:44 . 2009-01-11 18:44 27,136 --a------ c:\windows\system32\drivers\nchssvad.sys

2009-01-11 18:43 . 2009-01-11 18:46 <DIR> d-------- c:\programfiler\NCH Software

2009-01-11 18:42 . 2009-01-11 18:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Swift Sound

2009-01-11 18:42 . 2009-01-11 18:44 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\NCH Swift Sound

2009-01-11 18:41 . 2009-01-14 20:40 <DIR> d-------- c:\programfiler\NCH Swift Sound

2009-01-10 16:43 . 2009-01-14 22:35 <DIR> d-------- c:\documents and settings\All Users\Programdata\SearchIn1Step

2009-01-10 16:42 . 2009-01-10 16:42 <DIR> d-------- c:\programfiler\USARadioNow

2009-01-10 16:41 . 2009-01-11 18:13 <DIR> d-------- c:\programfiler\speedapps

2009-01-10 16:41 . 2009-01-14 23:08 <DIR> d-------- c:\programfiler\SearchIn1Step

2009-01-10 16:41 . 2009-01-10 16:42 <DIR> d-------- c:\programfiler\Free Audio CD Creator

2009-01-10 16:41 . 2009-01-10 16:41 <DIR> d-------- c:\programfiler\Conduit

2009-01-10 16:41 . 2009-01-11 18:40 <DIR> d-------- c:\programfiler\AskBarDis

2009-01-10 16:19 . 2009-01-10 16:19 <DIR> d-------- c:\documents and settings\NetworkService\Skrivebord

2009-01-04 21:30 . 2009-01-04 21:30 268 --ah----- C:\sqmdata03.sqm

2009-01-04 21:30 . 2009-01-04 21:30 244 --ah----- C:\sqmnoopt03.sqm

2008-12-30 02:25 . 2008-12-30 02:27 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\SecondLife

2008-12-29 21:29 . 2008-12-29 21:29 <DIR> d-------- C:\Westwood

2008-12-29 21:25 . 2008-12-29 21:25 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\DAEMON Tools Pro

2008-12-29 21:25 . 2008-12-29 21:25 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\DAEMON Tools

2008-12-29 21:24 . 2008-12-29 21:24 <DIR> d-------- c:\programfiler\DAEMON Tools Lite

2008-12-29 21:24 . 2008-12-29 21:24 <DIR> d-------- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite

2008-12-29 21:16 . 2008-12-29 21:25 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\DAEMON Tools Lite

2008-12-29 21:16 . 2008-12-29 21:16 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-12-29 20:11 . 2008-12-29 20:59 <DIR> d-------- c:\programfiler\Guild Wars

2008-12-22 01:26 . 2008-12-22 01:26 <DIR> d-------- c:\programfiler\Game Cam V2

2008-12-22 00:56 . 2008-12-22 00:56 <DIR> d-------- C:\Fraps

2008-12-22 00:56 . 2008-12-22 01:23 <DIR> d-a------ c:\documents and settings\All Users\Programdata\TEMP

2008-12-21 20:01 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll

2008-12-21 20:00 . 2008-12-21 20:00 317 --a------ c:\windows\game.ini

2008-12-21 19:40 . 2008-12-21 19:40 <DIR> d-------- c:\programfiler\Activision

2008-12-21 19:38 . 2008-12-21 19:38 <DIR> d--hs---- c:\windows\ftpcache

2008-12-21 17:17 . 2008-12-21 17:17 <DIR> dr-h----- c:\documents and settings\19020KEBA\Programdata\SecuROM

2008-12-21 17:17 . 2008-12-21 17:17 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2008-12-21 17:12 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll

2008-12-21 17:12 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll

2008-12-21 17:12 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll

2008-12-21 17:12 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll

2008-12-21 17:12 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll

2008-12-21 17:00 . 2008-12-21 17:00 <DIR> d-------- c:\programfiler\Sierra Entertainment

2008-12-20 15:21 . 2008-12-20 15:21 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-18 09:13 . 2009-01-13 21:20 61 --a------ c:\windows\popcinfot.dat

2008-12-14 21:33 . 2008-12-20 15:13 <DIR> d-------- C:\Games

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 22:11 --------- d-----w c:\programfiler\Steam

2009-01-14 22:07 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2009-01-14 20:08 --------- d-----w c:\programfiler\u-he

2009-01-13 21:49 --------- d-----w c:\documents and settings\All Users\Programdata\avg8

2009-01-12 19:10 --------- d-----w c:\documents and settings\19020KEBA\Programdata\LimeWire

2009-01-11 17:54 --------- d-----w c:\documents and settings\19020KEBA\Programdata\uTorrent

2008-12-22 00:04 --------- d-----w c:\documents and settings\All Users\Programdata\TrackMania

2008-12-21 19:00 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-12-21 15:54 --------- d-----w c:\programfiler\Counter-Strike 1.6

2008-12-20 14:21 --------- d-----w c:\programfiler\Java

2008-12-16 12:59 --------- d-----w c:\programfiler\StepMania

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-01 09:52 --------- d-----w c:\documents and settings\19020KEBA\Programdata\Unity

2008-12-01 08:50 --------- d-----w c:\programfiler\Unity

2008-11-30 22:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-11-30 15:14 --------- d-----w c:\programfiler\PowerISO

2008-11-29 17:09 --------- d-----w c:\programfiler\LimeWire

2008-11-28 22:35 21,840 ----atw c:\windows\system32\SIntfNT.dll

2008-11-28 22:35 17,212 ----atw c:\windows\system32\SIntf32.dll

2008-11-28 22:35 12,067 ----atw c:\windows\system32\SIntf16.dll

2008-11-24 09:28 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet

2008-11-24 07:54 --------- d-----w c:\programfiler\Bonjour

2008-11-24 07:44 --------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared

2008-11-23 16:09 --------- d-----w c:\documents and settings\19020KEBA\Programdata\Hamachi

2008-11-21 18:21 --------- d-----w c:\programfiler\Left4Dead

2008-11-21 02:07 --------- d-----w c:\documents and settings\19020KEBA\Programdata\vlc

2008-11-21 00:45 --------- d-----w c:\documents and settings\19020KEBA\Programdata\dvdcss

2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-09-01 12:47 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-09-01 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat

2008-09-01 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008090120080902\index.dat

2008-09-01 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"= "c:\programfiler\speedapps\tbspee.dll" [2008-08-20 1780248]

"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\programfiler\USARadioNow\tbUSAR.dll" [2009-01-07 1880600]

 

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

 

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-10-30 16:18 333192 --a------ c:\programfiler\AskBarDis\bar\bin\askBar1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

2009-01-07 13:51 1880600 --a------ c:\programfiler\USARadioNow\tbUSAR.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

2008-08-20 23:03 1780248 --a------ c:\programfiler\speedapps\tbspee.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"= "c:\programfiler\speedapps\tbspee.dll" [2008-08-20 1780248]

"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\programfiler\USARadioNow\tbUSAR.dll" [2009-01-07 1880600]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programfiler\AskBarDis\bar\bin\askBar1.dll" [2008-10-30 333192]

 

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

 

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}"= "c:\programfiler\speedapps\tbspee.dll" [2008-08-20 1780248]

"{669163C1-C4B9-46DE-AD62-A0271D3A0A75}"= "c:\programfiler\USARadioNow\tbUSAR.dll" [2009-01-07 1880600]

 

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

 

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Steam"="c:\programfiler\steam\steam.exe" [2008-10-08 1410296]

"Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="c:\programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]

"QlbCtrl"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]

"SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-20 136600]

"OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 356352]

"StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"PWRISOVM.EXE"="c:\programfiler\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-13 1171712]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]

Microsoft Firewall Client Management.lnk - c:\programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 117568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\]

"Script"=Startup.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-51603\Scripts\Logon\]

"Script"=PushPrinterConnections.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\Programfiler\\Steam\\steamapps\\kenten911\\counter-strike\\hl.exe"=

"c:\\Westwood\\RA2\\game.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-13 12424]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-13 96520]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-01-23 44800]

R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-13 282904]

R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-13 74376]

R4 FwcAgent;Firewall Client Agent;c:\programfiler\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]

R4 SearchIn1Step Service;SearchIn1Step Service;c:\documents and settings\All Users\Programdata\SearchIn1Step\searchin1172.exe [2009-01-14 4608]

R4 SWIHPWMI;SWIHPWMI;c:\programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]

R4 TmFilter;Trend Micro Filter;c:\programfiler\Trend Micro\OfficeScan Client\TmXPFlt.sys [2007-09-17 202768]

R4 TmPreFilter;Trend Micro PreFilter;c:\programfiler\Trend Micro\OfficeScan Client\tmpreflt.sys [2007-09-17 35856]

S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-10-13 33024]

S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [2008-10-30 90408]

S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [2008-10-30 15016]

S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [2008-10-30 122024]

S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [2008-10-30 115368]

S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [2008-10-30 25768]

S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [2008-10-30 111784]

S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [2008-10-30 117544]

S4 Ascdritame;Ascdritame; [x]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.speedapps.com/search.htm

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 10.8.1.2:8080

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

LSP: c:\programfiler\Microsoft Firewall Client 2004\FwcWsp.dll

 

c:\windows\Downloaded Program Files\AtxEnc.dll - O16 -: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4}

hxxps://sjvgs-fs2:4343/officescan/console/html/AtxEnc.cab

FF - ProfilePath - c:\documents and settings\19020KEBA\Programdata\Mozilla\Firefox\Profiles\rncgrdmz.default\

FF - component: c:\documents and settings\19020KEBA\Programdata\Mozilla\Firefox\Profiles\rncgrdmz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\programfiler\Unity\WebPlayer\loader\npUnity3D32.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-14 23:21:57

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(1076)

c:\windows\system32\Ati2evxx.dll

.

Tidspunkt ferdig: 2009-01-14 23:26:06

ComboFix-quarantined-files.txt 2009-01-14 22:24:48

ComboFix2.txt 2008-09-30 20:28:24

 

Pre-Run: 13,615,697,920 byte ledig

Post-Run: 14,791,352,320 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

252 --- E O F --- 2009-01-14 22:07:08

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:32, on 2009-01-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Programfiler\CDBurnerXP\NMSAccessU.exe

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Documents and Settings\All Users\Programdata\SearchIn1Step\searchin1168.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINDOWS\TEMP\ZU57BA.EXE

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\SearchIn1Step\searchin1.exe

C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\19020K~1\LOKALE~1\TempImages\IEPR.exe

C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Programfiler\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programfiler\Steam\Steam.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\19020KEBA\Skrivebord\adobe.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speedapps.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speedapps.com/search.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.8.1.2:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Programfiler\speedapps\tbspee.dll

R3 - URLSearchHook: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Programfiler\USARadioNow\tbUSAR.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar1.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Programfiler\USARadioNow\tbUSAR.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Programfiler\speedapps\tbspee.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Programfiler\speedapps\tbspee.dll

O3 - Toolbar: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Programfiler\USARadioNow\tbUSAR.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar1.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [iEPR] C:\DOCUME~1\19020K~1\LOKALE~1\TempImages\IEPR.exe

O4 - HKCU\..\Run: [iOmem] C:\DOCUME~1\19020K~1\LOKALE~1\TempImages\iOmem101.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sjvgs-fs2:4343/officescan/console/C...ll/WinNTChk.cab

O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sjvgs-fs2:4343/officescan/console/C...ll/setupini.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sjvgs-fs2:4343/officescan/console/C...stall/setup.cab

O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://sjvgs-fs2:4343/officescan/console/html/AtxEnc.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sjvgs-fs2:4343/officescan/console/C.../RemoveCtrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1192283903578

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O17 - HKLM\Software\..\Telephony: DomainName = skole.troms.vgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Programfiler\CDBurnerXP\NMSAccessU.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: SearchIn1Step Service - Unknown owner - C:\Documents and Settings\All Users\Programdata\SearchIn1Step\searchin1168.exe

O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

 

--

End of file - 11198 bytes

 

 

Malwarebytes' Anti-Malware 1.28

Database versjon: 1225

Windows 5.1.2600 Service Pack 3

 

2009-01-14 22:25:09

mbam-log-2009-01-14 (22-25-09).txt

 

Skanntype: Rask Skann

Objekter skannet: 56929

Tid tilbakelagt: 56 minute(s), 34 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

[norbat]

Oppdater MBAM og kjør en ny rask skann.

Deretter kjører du combofix på nytt.

 

Post begge loggene.

[kentove91]

Oppdater MBAM og kjør en ny rask skann.

Deretter kjører du combofix på nytt.

 

Post begge loggene.

 

ComboFix 09-01-16.02 - 19020KEBA 2009-01-16 23:00:39.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1919.870 [GMT 1:00]

Kjører fra: c:\documents and settings\19020KEBA\Skrivebord\ComboFix.exe

AV: AVG *On-access scanning disabled* (Outdated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-16 til 2009-01-16 )))))))))))))))))))))))))))))))))

.

 

2009-01-15 16:55 . 2009-01-15 20:02 <DIR> d-------- c:\programfiler\Full Tilt Poker

2009-01-15 16:26 . 2009-01-16 19:21 <DIR> d-------- c:\programfiler\PKR

2009-01-13 23:53 . 2009-01-14 00:55 <DIR> d--h----- C:\$AVG8.VAULT$

2009-01-13 22:50 . 2009-01-16 17:39 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-01-13 22:50 . 2009-01-16 17:39 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-01-13 22:50 . 2009-01-13 22:50 10,520 --a------ c:\windows\system32\avgrsstx.dll.old

2009-01-13 22:50 . 2009-01-16 17:39 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-01-13 22:49 . 2009-01-16 15:56 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-01-13 22:49 . 2009-01-16 17:39 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-01-11 20:26 . 2009-01-11 20:26 <DIR> d-------- c:\windows\Peggle Nights Deluxe

2009-01-11 20:26 . 2009-01-16 10:37 <DIR> d-------- c:\programfiler\Peggle Nights Deluxe

2009-01-11 18:46 . 2009-01-11 18:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Software

2009-01-11 18:44 . 2009-01-11 18:44 27,136 --a------ c:\windows\system32\drivers\nchssvad.sys

2009-01-11 18:43 . 2009-01-11 18:46 <DIR> d-------- c:\programfiler\NCH Software

2009-01-11 18:42 . 2009-01-11 18:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Swift Sound

2009-01-11 18:42 . 2009-01-11 18:44 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\NCH Swift Sound

2009-01-11 18:41 . 2009-01-14 20:40 <DIR> d-------- c:\programfiler\NCH Swift Sound

2009-01-10 16:43 . 2009-01-14 22:35 <DIR> d-------- c:\documents and settings\All Users\Programdata\SearchIn1Step

2009-01-10 16:42 . 2009-01-10 16:42 <DIR> d-------- c:\programfiler\USARadioNow

2009-01-10 16:41 . 2009-01-11 18:13 <DIR> d-------- c:\programfiler\speedapps

2009-01-10 16:41 . 2009-01-14 23:08 <DIR> d-------- c:\programfiler\SearchIn1Step

2009-01-10 16:41 . 2009-01-10 16:42 <DIR> d-------- c:\programfiler\Free Audio CD Creator

2009-01-10 16:41 . 2009-01-10 16:41 <DIR> d-------- c:\programfiler\Conduit

2009-01-10 16:41 . 2009-01-11 18:40 <DIR> d-------- c:\programfiler\AskBarDis

2009-01-10 16:19 . 2009-01-10 16:19 <DIR> d-------- c:\documents and settings\NetworkService\Skrivebord

2009-01-04 21:30 . 2009-01-04 21:30 268 --ah----- C:\sqmdata03.sqm

2009-01-04 21:30 . 2009-01-04 21:30 244 --ah----- C:\sqmnoopt03.sqm

2008-12-30 02:25 . 2008-12-30 02:27 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\SecondLife

2008-12-29 21:29 . 2008-12-29 21:29 <DIR> d-------- C:\Westwood

2008-12-29 21:25 . 2008-12-29 21:25 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\DAEMON Tools Pro

2008-12-29 21:25 . 2008-12-29 21:25 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\DAEMON Tools

2008-12-29 21:24 . 2008-12-29 21:24 <DIR> d-------- c:\programfiler\DAEMON Tools Lite

2008-12-29 21:24 . 2008-12-29 21:24 <DIR> d-------- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite

2008-12-29 21:16 . 2008-12-29 21:25 <DIR> d-------- c:\documents and settings\19020KEBA\Programdata\DAEMON Tools Lite

2008-12-29 21:16 . 2008-12-29 21:16 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-12-29 20:11 . 2008-12-29 20:59 <DIR> d-------- c:\programfiler\Guild Wars

2008-12-22 01:26 . 2008-12-22 01:26 <DIR> d-------- c:\programfiler\Game Cam V2

2008-12-22 00:56 . 2008-12-22 00:56 <DIR> d-------- C:\Fraps

2008-12-22 00:56 . 2008-12-22 01:23 <DIR> d-a------ c:\documents and settings\All Users\Programdata\TEMP

2008-12-21 20:01 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll

2008-12-21 20:00 . 2008-12-21 20:00 317 --a------ c:\windows\game.ini

2008-12-21 19:40 . 2008-12-21 19:40 <DIR> d-------- c:\programfiler\Activision

2008-12-21 19:38 . 2008-12-21 19:38 <DIR> d--hs---- c:\windows\ftpcache

2008-12-21 17:17 . 2008-12-21 17:17 <DIR> dr-h----- c:\documents and settings\19020KEBA\Programdata\SecuROM

2008-12-21 17:17 . 2008-12-21 17:17 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2008-12-21 17:12 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll

2008-12-21 17:12 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll

2008-12-21 17:12 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll

2008-12-21 17:12 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll

2008-12-21 17:12 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll

2008-12-21 17:00 . 2008-12-21 17:00 <DIR> d-------- c:\programfiler\Sierra Entertainment

2008-12-20 15:21 . 2008-12-20 15:21 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-18 09:13 . 2009-01-16 13:49 61 --a------ c:\windows\popcinfot.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-16 21:18 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware

2009-01-16 16:39 --------- d-----w c:\documents and settings\All Users\Programdata\avg8

2009-01-16 16:33 --------- d-----w c:\programfiler\Steam

2009-01-16 01:26 --------- d-----w c:\documents and settings\19020KEBA\Programdata\uTorrent

2009-01-15 15:55 --------- d--h--w c:\programfiler\InstallShield Installation Information

2009-01-14 22:07 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2009-01-14 20:08 --------- d-----w c:\programfiler\u-he

2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-12 19:10 --------- d-----w c:\documents and settings\19020KEBA\Programdata\LimeWire

2008-12-22 00:04 --------- d-----w c:\documents and settings\All Users\Programdata\TrackMania

2008-12-21 15:54 --------- d-----w c:\programfiler\Counter-Strike 1.6

2008-12-20 14:21 --------- d-----w c:\programfiler\Java

2008-12-16 12:59 --------- d-----w c:\programfiler\StepMania

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-01 09:52 --------- d-----w c:\documents and settings\19020KEBA\Programdata\Unity

2008-12-01 08:50 --------- d-----w c:\programfiler\Unity

2008-11-30 22:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-11-30 15:14 --------- d-----w c:\programfiler\PowerISO

2008-11-29 17:09 --------- d-----w c:\programfiler\LimeWire

2008-11-28 22:35 21,840 ----atw c:\windows\system32\SIntfNT.dll

2008-11-28 22:35 17,212 ----atw c:\windows\system32\SIntf32.dll

2008-11-28 22:35 12,067 ----atw c:\windows\system32\SIntf16.dll

2008-11-24 09:28 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet

2008-11-24 07:54 --------- d-----w c:\programfiler\Bonjour

2008-11-24 07:44 --------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared

2008-11-23 16:09 --------- d-----w c:\documents and settings\19020KEBA\Programdata\Hamachi

2008-11-21 18:21 --------- d-----w c:\programfiler\Left4Dead

2008-11-21 02:07 --------- d-----w c:\documents and settings\19020KEBA\Programdata\vlc

2008-11-21 00:45 --------- d-----w c:\documents and settings\19020KEBA\Programdata\dvdcss

2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-09-01 12:47 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-09-01 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat

2008-09-01 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008090120080902\index.dat

2008-09-01 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-14_23.23.14.01 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-13 21:49:46 26,184 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-01-16 16:39:42 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-01-16 15:02:54 16,384 ----atw c:\windows\temp\Perflib_Perfdata_770.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"= "c:\programfiler\speedapps\tbspee.dll" [2008-08-20 1780248]

"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\programfiler\USARadioNow\tbUSAR.dll" [2009-01-07 1880600]

 

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

 

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-10-30 16:18 333192 --a------ c:\programfiler\AskBarDis\bar\bin\askBar1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

2009-01-07 13:51 1880600 --a------ c:\programfiler\USARadioNow\tbUSAR.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

2008-08-20 23:03 1780248 --a------ c:\programfiler\speedapps\tbspee.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"= "c:\programfiler\speedapps\tbspee.dll" [2008-08-20 1780248]

"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\programfiler\USARadioNow\tbUSAR.dll" [2009-01-07 1880600]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programfiler\AskBarDis\bar\bin\askBar1.dll" [2008-10-30 333192]

 

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

 

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}"= "c:\programfiler\speedapps\tbspee.dll" [2008-08-20 1780248]

"{669163C1-C4B9-46DE-AD62-A0271D3A0A75}"= "c:\programfiler\USARadioNow\tbUSAR.dll" [2009-01-07 1880600]

 

[HKEY_CLASSES_ROOT\clsid\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]

 

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Steam"="c:\programfiler\steam\steam.exe" [2008-10-08 1410296]

"Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="c:\programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]

"QlbCtrl"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]

"SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-20 136600]

"OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 356352]

"StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"PWRISOVM.EXE"="c:\programfiler\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-13 1171712]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]

Microsoft Firewall Client Management.lnk - c:\programfiler\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 117568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-01-16 17:39 10520 c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=Startup.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-51603\Scripts\Logon\0\0]

"Script"=PushPrinterConnections.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\Programfiler\\Steam\\steamapps\\kenten911\\counter-strike\\hl.exe"=

"c:\\Westwood\\RA2\\game.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-13 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-13 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-13 107272]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-01-23 44800]

R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-13 282904]

R4 FwcAgent;Firewall Client Agent;c:\programfiler\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]

R4 SearchIn1Step Service;SearchIn1Step Service;c:\documents and settings\All Users\Programdata\SearchIn1Step\searchin1172.exe [2009-01-14 4608]

R4 SWIHPWMI;SWIHPWMI;c:\programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]

R4 TmFilter;Trend Micro Filter;c:\programfiler\Trend Micro\OfficeScan Client\TmXPFlt.sys [2007-09-17 202768]

R4 TmPreFilter;Trend Micro PreFilter;c:\programfiler\Trend Micro\OfficeScan Client\tmpreflt.sys [2007-09-17 35856]

S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-10-13 33024]

S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [2008-10-30 90408]

S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [2008-10-30 15016]

S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [2008-10-30 122024]

S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [2008-10-30 115368]

S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [2008-10-30 25768]

S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [2008-10-30 111784]

S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [2008-10-30 117544]

S4 Ascdritame;Ascdritame; [x]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.speedapps.com/search.htm

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 10.8.1.2:8080

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

LSP: c:\programfiler\Microsoft Firewall Client 2004\FwcWsp.dll

 

c:\windows\Downloaded Program Files\AtxEnc.dll - O16 -: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4}

hxxps://sjvgs-fs2:4343/officescan/console/html/AtxEnc.cab

FF - ProfilePath - c:\documents and settings\19020KEBA\Programdata\Mozilla\Firefox\Profiles\rncgrdmz.default\

FF - component: c:\documents and settings\19020KEBA\Programdata\Mozilla\Firefox\Profiles\rncgrdmz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\programfiler\Unity\WebPlayer\loader\npUnity3D32.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-16 23:06:44

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(1108)

c:\windows\system32\avgrsstx.dll

c:\windows\system32\Ati2evxx.dll

.

Tidspunkt ferdig: 2009-01-16 23:10:46

ComboFix-quarantined-files.txt 2009-01-16 22:09:28

ComboFix2.txt 2009-01-14 22:26:08

ComboFix3.txt 2008-09-30 20:28:24

 

Pre-Run: 13,552,779,264 byte ledig

Post-Run: 13,545,988,096 byte ledig

 

255 --- E O F --- 2009-01-14 22:07:08

 

 

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1659

Windows 5.1.2600 Service Pack 3

 

2009-01-16 22:43:59

mbam-log-2009-01-16 (22-43-59).txt

 

Skanntype: Rask Skann

Objekter skannet: 57136

Tid tilbakelagt: 20 minute(s), 23 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Trenger ikke å se noen ny logg

 

 

Folder::

c:\documents and settings\All Users\Programdata\SearchIn1Step

c:\programfiler\SearchIn1Step

 

Driver::

SearchIn1Step Service

 

 

Er følgende toolbars noe du trenger - hvis ikke, avinstaller dem fra legg til/fjern programmer

speedapps Toolbar

Ask Toolbar

USARadioNow Toolbar

 

Hvordan kjører pc'n og opplever du fortsatt noe som tilsier at du har 'virus'?