MSN-virus - Log for hjt & cfix

[nefrig]

God kveld,

 

Fikk igår det berømte MSN-viruset, og lurer nå på om jeg er "clean".

 

Her kommer loggene:

 

ComboFix:

 

 

ComboFix 08-01-11.3 - ****** 2008-01-12 20:46:53.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1267 [GMT 1:00]

Running from: C:\Downloads\Software\ComboFix(1).exe

.

The following files were disabled during the run:

C:\WINDOWS\system32\guard32.dll

 

 

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

 

2008-01-12 20:47 . 2008-01-12 20:47 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-01-12 14:09 . 2008-01-12 14:09 <DIR> d-------- C:\Program Files\PrevxCSI

2008-01-12 14:06 . 2008-01-12 14:07 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\PrevxCSI

2008-01-12 14:06 . 2008-01-12 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-01-12 13:04 . 2008-01-12 13:04 <DIR> d-------- C:\Program Files\COMODO

2008-01-12 13:04 . 2008-01-12 13:04 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\Comodo

2008-01-12 13:04 . 2008-01-12 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo

2008-01-12 13:04 . 2008-01-12 13:04 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir

2008-01-12 13:04 . 2008-01-12 13:04 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys

2008-01-12 13:04 . 2008-01-12 13:04 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-01-12 13:03 . 2008-01-12 13:13 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-01-12 13:03 . 2008-01-12 13:03 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\SUPERAntiSpyware.com

2008-01-12 13:03 . 2008-01-12 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-01-12 12:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 11:01 . 2008-01-12 11:01 <DIR> d-------- C:\Program Files\Windows Defender

2008-01-12 10:56 . 2008-01-12 10:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-01-12 09:40 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-11 22:11 . 2008-01-11 22:30 574,119 --a------ C:\chanrar.rar

2008-01-11 19:24 . 2008-01-11 19:24 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe

2008-01-05 17:07 . 2008-01-05 17:07 <DIR> d-------- C:\NVIDIA

2008-01-05 17:05 . 2008-01-05 17:05 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-01-05 17:05 . 2008-01-05 17:05 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\SystemRequirementsLab

2008-01-05 10:16 . 2008-01-05 10:16 <DIR> d-------- C:\Program Files\Microsoft

2008-01-04 14:26 . 2008-01-04 14:49 <DIR> d-------- C:\Program Files\SpeedFan

2008-01-04 14:26 . 2008-01-04 14:26 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-01-03 20:06 . 2008-01-03 20:06 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared

2008-01-03 20:06 . 2008-01-03 20:06 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\InstallShield

2008-01-03 16:03 . 2008-01-03 16:03 <DIR> d-------- C:\Program Files\KeePass Password Safe

2008-01-03 11:26 . 2008-01-03 11:26 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2008-01-03 11:26 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys

2008-01-03 11:26 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-01-03 11:26 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-01-03 11:26 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-01-03 11:23 . 2008-01-03 11:23 <DIR> d-------- C:\Program Files\Futuremark

2008-01-02 20:40 . 2008-01-02 20:40 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\DAEMON Tools

2008-01-02 19:53 . 2008-01-02 19:53 <DIR> d-------- C:\Program Files\foobar2000

2008-01-02 19:53 . 2008-01-08 20:56 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\foobar2000

2008-01-02 19:38 . 2008-01-02 19:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-02 19:38 . 2008-01-02 19:38 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-02 18:25 . 2008-01-04 14:26 <DIR> d-------- C:\Program Files\Free Download Manager

2008-01-02 18:25 . 2008-01-12 20:51 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\Free Download Manager

2008-01-02 18:25 . 2008-01-02 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG

2008-01-02 18:23 . 2008-01-02 18:23 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-01-02 18:17 . 2008-01-02 18:17 <DIR> d-------- C:\Program Files\DAEMON Tools

2008-01-02 02:30 . 2008-01-12 20:01 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2

2008-01-02 02:23 . 2008-01-02 02:24 <DIR> d-------- C:\Program Files\QuickTime

2008-01-02 02:20 . 2008-01-02 02:20 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-01-02 02:20 . 2008-01-12 16:08 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\skypePM

2008-01-02 02:20 . 2008-01-02 02:20 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-01-02 02:11 . 2008-01-08 20:12 <DIR> d-------- C:\Program Files\Paint.NET

2008-01-02 02:01 . 2008-01-02 02:08 <DIR> d-------- C:\Program Files\Windows Live

2008-01-02 02:01 . 2008-01-02 02:03 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-02 02:01 . 2008-01-02 02:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-02 01:41 . 2008-01-02 02:17 <DIR> d-------- C:\Program Files\DVD Shrink

2008-01-02 01:41 . 2008-01-02 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink

2007-12-27 20:04 . 2007-12-27 21:58 <DIR> d-------- C:\Program Files\MetaCommander

2007-12-27 19:37 . 2007-12-27 19:37 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\MioNet

2007-12-27 18:38 . 2008-01-04 21:07 <DIR> d-------- C:\Program Files\MioNet

2007-12-27 18:38 . 2008-01-04 21:07 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\MioNet

2007-12-27 00:28 . 2007-12-27 00:28 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\AdobeUM

2007-12-23 22:31 . 2007-12-29 21:24 <DIR> d-------- C:\Program Files\Folding@Home

2007-12-23 22:31 . 2002-04-18 23:50 73,728 --a------ C:\WINDOWS\system32\GkSui18.EXE

2007-12-23 22:31 . 2002-01-16 08:27 69,632 --a------ C:\WINDOWS\system32\Copy of GkSui18.EXE

2007-12-23 18:47 . 2007-12-23 18:49 <DIR> d-------- C:\Program Files\Common Files\Nero

2007-12-14 13:17 . 2007-12-14 13:17 <DIR> d-------- C:\Program Files\Your Uninstaller 2008

2007-12-14 13:17 . 2007-12-14 13:17 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\URSoft

2007-12-14 12:18 . 2007-12-14 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies

2007-12-13 19:09 . 2007-12-13 19:09 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe

2007-12-12 15:01 . 2007-12-12 15:01 <DIR> d-------- C:\Program Files\Evariste

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 19:52 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\uTorrent

2008-01-12 19:52 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\Skype

2008-01-12 12:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-01-12 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-12 08:46 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-11 17:31 --------- d-----w C:\Program Files\Steam

2008-01-08 19:21 --------- d-----w C:\Program Files\uTorrent

2008-01-08 19:11 --------- d-----w C:\Program Files\MediaMonkey

2008-01-08 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-01-05 09:09 --------- d-----w C:\Program Files\Safari

2008-01-04 13:20 --------- d-----w C:\Program Files\Java

2008-01-03 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-03 10:06 --------- d-----w C:\Program Files\Bonjour

2008-01-02 17:25 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\Apple Computer

2008-01-02 01:15 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-12-27 17:27 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\LimeWire

2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2007-12-23 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2007-12-17 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-09 18:23 --------- d-----w C:\Program Files\DivX

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll

2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-11-23 21:26 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\dvdcss

2007-11-21 16:31 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys

2007-11-21 16:31 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys

2007-11-20 10:37 --------- d-----w C:\Program Files\GeoGebra

2007-11-19 22:36 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\vlc

2007-11-19 21:09 --------- d-----w C:\Program Files\VideoLAN

2007-11-13 20:50 --------- d-----w C:\Program Files\Swapper

2007-11-13 20:50 --------- d-----w C:\Program Files\Heroes2

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-08 12:04 22,328 ----a-w C:\Documents and Settings\Stefan Sandstad\Application Data\PnkBstrK.sys

2007-11-08 12:04 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-11-08 12:03 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-22 20:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-10-22 20:43 249,856 ------w C:\WINDOWS\Setup1.exe

2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-12_12.45.20,06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-12 12:03:44 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe

+ 2008-01-12 12:03:44 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-01-12 12:03:44 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2008-01-12 12:04:04 75,384 ----a-w C:\WINDOWS\system32\drivers\inspect.sys

+ 2008-01-12 12:54:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7c8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-08-25 11:17 860160]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 20:21 7573504]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-12 13:04 1481472]

"PrevxCSI"="C:\Program Files\PrevxCSI\prevxcsi.exe" [2008-01-12 14:06 92160]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03 221184]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk

backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Stefan Sandstad^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]

path=C:\Documents and Settings\Stefan Sandstad\Start Menu\Programs\Startup\Folding@Home 5.03.lnk

backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Stefan Sandstad^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]

path=C:\Documents and Settings\Stefan Sandstad\Start Menu\Programs\Startup\Microsoft Office Groove.lnk

backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Stefan Sandstad^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper og Launcher.lnk]

path=C:\Documents and Settings\Stefan Sandstad\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper og Launcher.lnk

backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2006-02-15 17:51 88365 C:\WINDOWS\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-12-13 19:10 103720 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonTrayIcon]

--a------ 2005-10-06 17:49 40960 C:\WINDOWS\BisonCam\BisonTrayIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJIMETIPSYNC]

--a------ 2007-03-22 19:17 66400 C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-12-29 10:43 486856 C:\Program Files\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2007-12-29 10:43 486856 C:\Program Files\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

C:\Program Files\DU Meter\DUMeter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FunctionKeyCtrl]

--a------ 2006-05-25 15:49 49152 C:\Program Files\Function Key Controller\FKC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-26 23:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imekrmig7.0]

--a------ 2007-04-19 14:00 25440 C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG9.0]

--a------ 2007-04-19 14:00 125792 C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSCMig]

--a------ 2007-04-02 21:42 17248 C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2004-06-16 05:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2004-06-16 05:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-11-02 18:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_12539250]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_201750]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_3088859]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_3623046]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_3752203]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_75218]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_75375]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_81238140]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_99796]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 21:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]

-ra------ 2007-08-31 20:14 32768 C:\Program Files\MioNet\MioNetLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-05-08 20:21 7573504 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-05-08 20:21 1519616 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIMETIPSYNC]

--a------ 2007-03-22 19:17 98656 C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 14:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2007-11-30 18:52 1266936 C:\Program Files\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2006-02-03 16:36 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-12 13:04]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-12 13:04]

R3 Airgo3P;Airgo Networks AGN300 True MIMO Wireless Driver;C:\WINDOWS\system32\DRIVERS\TMIMO31P.sys [2006-02-07 21:24]

S4 MioNet;MioNet;"C:\Program Files\MioNet\MioNetManager.exe" [2007-08-31 20:10]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-05 09:23:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-01-12 10:04:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-12 20:53:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Program Files\MediaMonkey\DeskPlayer.dll

.

Completion time: 2008-01-12 20:53:24

ComboFix-quarantined-files.txt 2008-01-12 19:53:07

ComboFix2.txt 2008-01-12 11:46:17

.

2008-01-10 02:01:58 --- E O F ---

 

 

 

 

Hijakcthis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:55:28, on 12.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\smax4.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe

C:\Program Files\Microsoft Office\Office12\GROOVE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\FREEDO~1\fdm.exe

C:\WINDOWS\explorer.exe

C:\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apple.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s

O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Nedlasting alle med Free Nedlasting Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Nedlasting med Free Nedlasting Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Nedlasting valgte med Free Nedlasting Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 11568 bytes

 

 

 

MsnFix log:

 

 

MSNFix 1.623

 

C:\Documents and Settings\*****\Desktop\MSNFix

Scan done at 12.01.2008 - 21:14:37,56 By *****

normal mode

 

************************ Checking Files

 

No files found

 

************************ Checking Folders

 

No Folders Found

 

 

************************ Suspect Files

 

No files found

 

 

 

------------------------------------------------------------------------

Author : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

Takk for all bistand

Endret 12. januar 2008 av nefrig

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\chanrar.rar

C:\WINDOWS\ntmngr.exe

 

Post loggen.

[nefrig]

Ny logg:

 

ComboFix 08-01-11.3 - ***** 2008-01-12 22:36:00.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1305 [GMT 1:00]

Running from: C:\Documents and Settings\*****\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\*****\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\chanrar.rar

C:\WINDOWS\ntmngr.exe

.

The following files were disabled during the run:

C:\WINDOWS\system32\guard32.dll

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\chanrar.rar

C:\WINDOWS\ntmngr.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

 

2008-01-12 20:47 . 2008-01-12 20:47 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-01-12 14:09 . 2008-01-12 14:09 <DIR> d-------- C:\Program Files\PrevxCSI

2008-01-12 14:06 . 2008-01-12 14:07 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\PrevxCSI

2008-01-12 14:06 . 2008-01-12 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

2008-01-12 13:04 . 2008-01-12 13:04 <DIR> d-------- C:\Program Files\COMODO

2008-01-12 13:04 . 2008-01-12 13:04 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\Comodo

2008-01-12 13:04 . 2008-01-12 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo

2008-01-12 13:04 . 2008-01-12 13:04 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir

2008-01-12 13:04 . 2008-01-12 13:04 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys

2008-01-12 13:04 . 2008-01-12 13:04 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-01-12 13:03 . 2008-01-12 13:13 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-01-12 13:03 . 2008-01-12 13:03 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\SUPERAntiSpyware.com

2008-01-12 13:03 . 2008-01-12 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-01-12 12:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 11:01 . 2008-01-12 11:01 <DIR> d-------- C:\Program Files\Windows Defender

2008-01-12 10:56 . 2008-01-12 10:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-01-12 09:40 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-05 17:07 . 2008-01-05 17:07 <DIR> d-------- C:\NVIDIA

2008-01-05 17:05 . 2008-01-05 17:05 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-01-05 17:05 . 2008-01-05 17:05 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\SystemRequirementsLab

2008-01-05 10:16 . 2008-01-05 10:16 <DIR> d-------- C:\Program Files\Microsoft

2008-01-04 14:26 . 2008-01-04 14:49 <DIR> d-------- C:\Program Files\SpeedFan

2008-01-04 14:26 . 2008-01-04 14:26 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-01-03 20:06 . 2008-01-03 20:06 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared

2008-01-03 20:06 . 2008-01-03 20:06 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\InstallShield

2008-01-03 16:03 . 2008-01-03 16:03 <DIR> d-------- C:\Program Files\KeePass Password Safe

2008-01-03 11:26 . 2008-01-03 11:26 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2008-01-03 11:26 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys

2008-01-03 11:26 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-01-03 11:26 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-01-03 11:26 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-01-03 11:23 . 2008-01-03 11:23 <DIR> d-------- C:\Program Files\Futuremark

2008-01-02 20:40 . 2008-01-02 20:40 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\DAEMON Tools

2008-01-02 19:53 . 2008-01-02 19:53 <DIR> d-------- C:\Program Files\foobar2000

2008-01-02 19:53 . 2008-01-08 20:56 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\foobar2000

2008-01-02 19:38 . 2008-01-02 19:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-02 19:38 . 2008-01-02 19:38 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-02 18:25 . 2008-01-04 14:26 <DIR> d-------- C:\Program Files\Free Download Manager

2008-01-02 18:25 . 2008-01-12 21:10 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\Free Download Manager

2008-01-02 18:25 . 2008-01-02 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG

2008-01-02 18:23 . 2008-01-02 18:23 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-01-02 18:17 . 2008-01-02 18:17 <DIR> d-------- C:\Program Files\DAEMON Tools

2008-01-02 02:30 . 2008-01-12 22:01 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2

2008-01-02 02:23 . 2008-01-02 02:24 <DIR> d-------- C:\Program Files\QuickTime

2008-01-02 02:20 . 2008-01-02 02:20 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-01-02 02:20 . 2008-01-12 16:08 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\skypePM

2008-01-02 02:20 . 2008-01-02 02:20 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-01-02 02:11 . 2008-01-08 20:12 <DIR> d-------- C:\Program Files\Paint.NET

2008-01-02 02:01 . 2008-01-02 02:08 <DIR> d-------- C:\Program Files\Windows Live

2008-01-02 02:01 . 2008-01-02 02:03 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-02 02:01 . 2008-01-02 02:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-02 01:41 . 2008-01-02 02:17 <DIR> d-------- C:\Program Files\DVD Shrink

2008-01-02 01:41 . 2008-01-02 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink

2007-12-27 20:04 . 2007-12-27 21:58 <DIR> d-------- C:\Program Files\MetaCommander

2007-12-27 19:37 . 2007-12-27 19:37 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\MioNet

2007-12-27 18:38 . 2008-01-04 21:07 <DIR> d-------- C:\Program Files\MioNet

2007-12-27 18:38 . 2008-01-04 21:07 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\MioNet

2007-12-27 00:28 . 2007-12-27 00:28 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\AdobeUM

2007-12-23 22:31 . 2007-12-29 21:24 <DIR> d-------- C:\Program Files\Folding@Home

2007-12-23 22:31 . 2002-04-18 23:50 73,728 --a------ C:\WINDOWS\system32\GkSui18.EXE

2007-12-23 22:31 . 2002-01-16 08:27 69,632 --a------ C:\WINDOWS\system32\Copy of GkSui18.EXE

2007-12-23 18:47 . 2007-12-23 18:49 <DIR> d-------- C:\Program Files\Common Files\Nero

2007-12-14 13:17 . 2007-12-14 13:17 <DIR> d-------- C:\Program Files\Your Uninstaller 2008

2007-12-14 13:17 . 2007-12-14 13:17 <DIR> d-------- C:\Documents and Settings\Stefan Sandstad\Application Data\URSoft

2007-12-14 12:18 . 2007-12-14 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies

2007-12-13 19:09 . 2007-12-13 19:09 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe

2007-12-12 15:01 . 2007-12-12 15:01 <DIR> d-------- C:\Program Files\Evariste

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 21:38 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\uTorrent

2008-01-12 20:48 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\Skype

2008-01-12 12:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-01-12 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-12 08:46 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-11 17:31 --------- d-----w C:\Program Files\Steam

2008-01-08 19:21 --------- d-----w C:\Program Files\uTorrent

2008-01-08 19:11 --------- d-----w C:\Program Files\MediaMonkey

2008-01-08 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-01-05 09:09 --------- d-----w C:\Program Files\Safari

2008-01-04 13:20 --------- d-----w C:\Program Files\Java

2008-01-03 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-03 10:06 --------- d-----w C:\Program Files\Bonjour

2008-01-02 17:25 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\Apple Computer

2008-01-02 01:15 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-12-27 17:27 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\LimeWire

2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2007-12-23 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2007-12-17 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-09 18:23 --------- d-----w C:\Program Files\DivX

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll

2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-11-23 21:26 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\dvdcss

2007-11-21 16:31 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys

2007-11-21 16:31 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys

2007-11-20 10:37 --------- d-----w C:\Program Files\GeoGebra

2007-11-19 22:36 --------- d-----w C:\Documents and Settings\Stefan Sandstad\Application Data\vlc

2007-11-19 21:09 --------- d-----w C:\Program Files\VideoLAN

2007-11-13 20:50 --------- d-----w C:\Program Files\Swapper

2007-11-13 20:50 --------- d-----w C:\Program Files\Heroes2

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-08 12:04 22,328 ----a-w C:\Documents and Settings\Stefan Sandstad\Application Data\PnkBstrK.sys

2007-11-08 12:04 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-11-08 12:03 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-22 20:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-10-22 20:43 249,856 ------w C:\WINDOWS\Setup1.exe

2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-12_12.45.20,06 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-12 11:43:23 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-12 21:35:56 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-12 11:43:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-12 21:35:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-12 11:43:24 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-12 21:35:56 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

- 2008-01-12 11:43:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-12 21:35:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-12 11:43:24 6,598,656 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-12 21:35:56 6,623,232 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

- 2008-01-12 11:43:24 204,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-12 21:35:56 204,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-12 12:03:44 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe

+ 2008-01-12 12:03:44 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-01-12 12:03:44 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2008-01-12 12:04:04 75,384 ----a-w C:\WINDOWS\system32\drivers\inspect.sys

+ 2008-01-12 12:54:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7c8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]

"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-08-25 11:17 860160]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 20:21 7573504]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-12 13:04 1481472]

"PrevxCSI"="C:\Program Files\PrevxCSI\prevxcsi.exe" [2008-01-12 14:06 92160]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03 221184]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk

backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Stefan Sandstad^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]

path=C:\Documents and Settings\Stefan Sandstad\Start Menu\Programs\Startup\Folding@Home 5.03.lnk

backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Stefan Sandstad^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]

path=C:\Documents and Settings\Stefan Sandstad\Start Menu\Programs\Startup\Microsoft Office Groove.lnk

backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Stefan Sandstad^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper og Launcher.lnk]

path=C:\Documents and Settings\Stefan Sandstad\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper og Launcher.lnk

backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2006-02-15 17:51 88365 C:\WINDOWS\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-12-13 19:10 103720 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonTrayIcon]

--a------ 2005-10-06 17:49 40960 C:\WINDOWS\BisonCam\BisonTrayIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJIMETIPSYNC]

--a------ 2007-03-22 19:17 66400 C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-12-29 10:43 486856 C:\Program Files\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2007-12-29 10:43 486856 C:\Program Files\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

C:\Program Files\DU Meter\DUMeter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FunctionKeyCtrl]

--a------ 2006-05-25 15:49 49152 C:\Program Files\Function Key Controller\FKC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-26 23:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imekrmig7.0]

--a------ 2007-04-19 14:00 25440 C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG9.0]

--a------ 2007-04-19 14:00 125792 C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSCMig]

--a------ 2007-04-02 21:42 17248 C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2004-06-16 05:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2004-06-16 05:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-11-02 18:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_12539250]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_201750]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_3088859]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_3623046]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_3752203]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_75218]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_75375]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_81238140]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_99796]

--a------ 2007-05-21 12:00 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 21:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]

-ra------ 2007-08-31 20:14 32768 C:\Program Files\MioNet\MioNetLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-05-08 20:21 7573504 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-05-08 20:21 1519616 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIMETIPSYNC]

--a------ 2007-03-22 19:17 98656 C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 14:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2007-11-30 18:52 1266936 C:\Program Files\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2006-02-03 16:36 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-12 13:04]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-12 13:04]

R3 Airgo3P;Airgo Networks AGN300 True MIMO Wireless Driver;C:\WINDOWS\system32\DRIVERS\TMIMO31P.sys [2006-02-07 21:24]

S4 MioNet;MioNet;"C:\Program Files\MioNet\MioNetManager.exe" [2007-08-31 20:10]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-05 09:23:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-01-12 10:04:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-12 22:38:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Program Files\MediaMonkey\DeskPlayer.dll

.

Completion time: 2008-01-12 22:39:25

ComboFix-quarantined-files.txt 2008-01-12 21:39:22

ComboFix2.txt 2008-01-12 19:53:25

ComboFix3.txt 2008-01-12 11:46:17

.

2008-01-10 02:01:58 --- E O F ---

 

 

Endret 12. januar 2008 av nefrig

[norbat]

Ser greit ut dette

 

Det ligger en fil som jeg tror er renamet, C:\WINDOWS\system32\guard32.dll.vir. Guard32.dll tilhører Comodo. Vil tro at du kan fjerne .vir endelsen slik at fila blir virksom igjen.

[nefrig]

Det stemmer nok det su sier:

 

Detaljer for guard32.dll

"Signer info:

Name: Comodo CA Limited

Signing time: 11. januar 2008 06:29:48

 

Digital signature info is ok"

 

 

Filen har forøvrig ingen .vir-endelse når jeg ser på den i Explorer, men det trenger jeg vel ikke bry meg noe om...

 

Takk for hjelpen norbat, all ære til deg ikveld

[norbat]

Det kan hende at combofix fjerner endelsen selv ved avslutning. Det er vel combofix sin måte å 'slå av' fila på.

 

Du kan fjerne combofix ved å gjøre følgende:

 

Klikk: Start->Kjør

Skriv: ComboFix /u

 

Combofix vil starte opp, deretter avinstallere seg.

 

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

 

Bare hyggelig å være til hjelp. Ble litt travlere en normalt, men det gir bare bedre trening på touch