[Laust] HJT logg sjekk

Agrostar · 25. januar 2008

Er ikkje sikker på om eg har noko eller ikkje so eg tenkte eg skulle få deg til å hjelpe meg med å ta ein sjekk.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:17:41, on 25.01.2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

E:\Program\Bullguard\BullGuardUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\E_S00RP2.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\WINDOWS\System32\SAgent4.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\StkSrv2K.exe

C:\WINDOWS\System32\UAService7.exe

C:\WINDOWS\System32\PAL\PCS\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\System32\RunDll32.exe

E:\Programfiler\Power DVD\PDVDServ.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE

G:\tools\daemon.exe

C:\Programfiler\Anti-Blaxx 1.18\Anti-Blaxx.exe

G:\Webfile\Java\bin\jusched.exe

E:\Program\G15\LGDCore.exe

E:\Program\G15\LCDMon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\rundll32.exe

E:\Program\Rasar Kopparhove\razerhid.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

E:\Program\Bullguard\bullguard.exe

E:\Program\G15\Applets\LCDPop3\LCDPOP3.exe

E:\Program\G15\Applets\LCDCountdown\LCDCountdown.exe

E:\Program\G15\Applets\LCDMedia.exe

E:\BITWARE\NT\bwprnmon.exe

E:\Program\G15\Applets\LCDClock.exe

E:\Kamera\QuickDCF.exe

E:\Program\Rasar Kopparhove\razertra.exe

C:\WINDOWS\system32\ntvdm.exe

E:\Program\Rasar Kopparhove\razerofa.exe

E:\RamPup.exe

E:\spel\MBM 5\Motherboard Monitor 5\MBM5.exe

G:\Fraps\Fraps\fraps.exe

G:\Program\Everest\everest.exe

G:\Mozilla Firefox\firefox.exe

C:\Documents and Settings\All Users\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.justfuckinggoogleit.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\System32\PAL\PCS\ieguard.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Webfile\Java\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [RemoteControl] "E:\Programfiler\Power DVD\PDVDServ.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"

O4 - HKLM\..\Run: [klp] C:\WINDOWS\System32\PAL\PCS\explorer.exe

O4 - HKLM\..\Run: [iST Service] C:\Programfiler\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [LogonStudio] "G:\Logon Studio\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programfiler\Anti-Blaxx 1.18\Anti-Blaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] G:\Webfile\Java\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Launch LGDCore] E:\Program\G15\LGDCore.exe /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "E:\Program\G15\LCDMon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [razer] E:\Program\Rasar Kopparhove\razerhid.exe

O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /M "Stylus C86" /EF "HKCU"

O4 - HKCU\..\Run: [bullGuard] "E:\Program\Bullguard\bullguard.exe"

O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] dfrgsrv.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BitWare Print Monitor.lnk = E:\BITWARE\NT\bwprnmon.exe

O4 - Global Startup: Exif Launcher.lnk = E:\Kamera\QuickDCF.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Webfile\Java\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Webfile\Java\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9996.dll

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190530662375

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - E:\Program\Bullguard\BullGuardUpdate.exe

O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP2.EXE

O23 - Service: HDD Temperature (HDDTService) - Unknown owner - E:\Skrivar\Diverse3\HDDTsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - G:\demo16\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe (file missing)

O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - G:\demo16\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe (file missing)

O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe

O23 - Service: Syntek DC-112X Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

O23 - Service: Windows LAN Service Manager - Unknown owner - C:\WINDOWS\System32\PAL\PCS\svchost.exe

--

End of file - 9312 bytes

Endret 23. februar 2008 av Stressis

norbat · 25. januar 2008

Du har bla. en keylogger, PAL PC Spy, liggende på PC-en. Er dette et program som du kjenner til?

Kjør gjennom langversjonen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246

Agrostar · 25. januar 2008

So eg hadde litt ja :nei: Jaja, får håpe me klarar å fjerne det da. Skal ta langversjonen no.

Agrostar · 25. januar 2008

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/25/2008 at 09:06 PM

Application Version : 3.9.1008

Core Rules Database Version : 3388

Trace Rules Database Version: 1382

Scan type : Complete Scan

Total Scan Time : 01:10:04

Memory items scanned : 376

Memory threats detected : 0

Registry items scanned : 5643

Registry threats detected : 100

File items scanned : 40784

File threats detected : 11

Trojan.TopInstalls/Guard

HKLM\Software\Classes\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}

HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}

HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\InprocServer32

HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\InprocServer32#ThreadingModel

HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\ProgID

HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\Programmable

HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\TypeLib

HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\VersionIndependentProgID

C:\WINDOWS\SYSTEM32\PAL\PCS\IEGUARD.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B77D30A-81C9-497A-8647-142F7511B1FB}

HKCR\IEGuard.IEWebGuard

HKCR\IEGuard.IEWebGuard\CLSID

HKCR\IEGuard.IEWebGuard\CurVer

HKCR\IEGuard.IEWebGuard.1

HKCR\IEGuard.IEWebGuard.1\CLSID

HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}

HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0

HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\win32

HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\FLAGS

HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\HELPDIR

HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}

HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\ProxyStubClsid

HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\ProxyStubClsid32

HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\TypeLib

HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\TypeLib#Version

HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}

HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\ProxyStubClsid

HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\ProxyStubClsid32

HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\TypeLib

HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\TypeLib#Version

Adware.IST/YourSiteBar

HKLM\Software\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories

HKCR\YSBactivex.Installer

HKCR\YSBactivex.Installer\CLSID

HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}

HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32

HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32#ThreadingModel

HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#.Owner

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}

C:\Programfiler\YourSiteBar\imagemap_normal.bmp

C:\Programfiler\YourSiteBar\imagemap_over.bmp

C:\Programfiler\YourSiteBar\Thumbs.db

C:\Programfiler\YourSiteBar\version.txt

C:\Programfiler\YourSiteBar\yoursitebar.xml

C:\Programfiler\YourSiteBar

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll [ ]

Adware.Tracking Cookie

C:\Documents and Settings\Gisle\Cookies\gisle@tradedoubler[1].txt

Adware.WhenU

HKCR\WUSN.1

HKCR\WUSN.1#WUSN_Id

Adware.IST/ISTBar (Slotch Bar)

HKU\S-1-5-21-839522115-1177238915-725345543-1003\Software\IST

HKLM\Software\ISTsvc

HKLM\Software\ISTsvc#version

HKLM\Software\ISTsvc#app_name

HKLM\Software\ISTsvc#popup_url

HKLM\Software\ISTsvc#update_url

HKLM\Software\ISTsvc#config_url

HKLM\Software\ISTsvc#ui

HKLM\Software\ISTsvc#popup_initial_delay

HKLM\Software\ISTsvc#popup_count

HKLM\Software\ISTsvc#popup_day_count

HKLM\Software\ISTsvc#popup_day_limit

HKLM\Software\ISTsvc#update_count

HKLM\Software\ISTsvc#update_version

HKLM\Software\ISTsvc#config_count

HKLM\Software\ISTsvc#account_id

HKLM\Software\ISTsvc#app_date

HKLM\Software\ISTsvc#popup_interval

HKLM\Software\ISTsvc#popup_last

HKLM\Software\ISTsvc#update_interval

HKLM\Software\ISTsvc#update_last

HKLM\Software\ISTsvc#config_interval

HKLM\Software\ISTsvc#config_last

HKLM\Software\ISTsvc\history

HKLM\Software\ISTsvc\history#127637939287500000

HKLM\Software\ISTsvc\history#127638088907031250

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#NoModify

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\win32

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\FLAGS

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\HELPDIR

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid32

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib#Version

HKU\S-1-5-21-839522115-1177238915-725345543-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Trojan.Unknown Origin

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#SystemComponent

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#Installer

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains\Files

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains\Files#C:\WINDOWS\Downloaded Program Files\YSBactivex.dll

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation#CODEBASE

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion#LastModified

Trojan.Homepage/Puper

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#wininet.dll [ dfrgsrv.exe ]

Adware.180solutions/Search Assistant

C:\PROGRAMFILER\SAAP.EXE

Trojan.Zlob-BY

C:\WINDOWS\SYSTEM32\NCOMPAT.TLB

Trojan.TaskDir

E:\PROGRAM\ZLIB.DLL

ComboFix 08-01-23.1C - Gisle 2008-01-25 21:23:00.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1252.47.1044.18.439 [GMT 1:00]

Running from: G:\Uting\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Gisle\Programdata\mgsnhDemo_32.dll

C:\Programfiler\screensavers.com

C:\Programfiler\screensavers.com\Installer\bin\ScreensaversInst.dll

C:\Programfiler\screensavers.com\Installer\bin\siuninst.exe

C:\Programfiler\screensavers.com\Installer\temp\dm85.tmp

C:\Programfiler\screensavers.com\Wallpaper\swpstart.exe

C:\WINDOWS\system32\sysmwwod.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\nm

((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))

.

2008-01-25 21:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-25 18:46 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-01-25 18:46 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-01-25 18:46 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-01-22 19:04 . 2008-01-23 18:15 356 --a------ C:\WINDOWS\system\CMICNFG3.INI

2008-01-20 11:02 . 2000-12-06 00:00 109,248 --a------ C:\WINDOWS\system32\Mswinsck.ocx

2008-01-20 11:02 . 2001-09-03 07:52 766 --a------ C:\WINDOWS\win98Logo.ico

2008-01-04 18:37 . 2008-01-04 18:40 1,905 --a------ C:\WINDOWS\diagwrn.xml

2008-01-04 18:37 . 2008-01-04 18:40 1,905 --a------ C:\WINDOWS\diagerr.xml

2008-01-01 22:12 . 2008-01-05 15:57 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-01-01 22:12 . 2008-01-02 20:20 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-01-01 22:12 . 2008-01-05 15:57 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-01 13:10 . 2008-01-01 13:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-12-29 16:08 . 2001-10-06 14:02 176,640 --a------ C:\WINDOWS\system32\LXSYSUI.DLL

2007-12-28 11:10 . 2007-12-28 11:10 <DIR> d-------- C:\Programfiler\MSN Messenger

2007-12-28 11:07 . 2007-12-28 18:41 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-25 18:51 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-05 16:50 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-01-05 16:47 7,680 --sha-w C:\Programfiler\Thumbs.db

2007-12-18 19:48 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-18 19:48 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2004-08-02 16:03 0 ----a-w C:\Programfiler\AILog.txt

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-11-15 15:18 1670144]

"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 22:13 13312]

"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 05:00 99840]

"BullGuard"="E:\Program\Bullguard\bullguard.exe" [2007-09-22 20:43 102400]

"SUPERAntiSpyware"="E:\Program\sas\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2002-10-16 11:24 47104 C:\WINDOWS\SOUNDMAN.EXE]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2002-12-27 15:48 159744]

"RemoteControl"="E:\Programfiler\Power DVD\PDVDServ.exe" [2003-10-31 18:42 32768]

"REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]

"EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe" [2003-11-25 05:00 99840]

"klp"="C:\WINDOWS\System32\PAL\PCS\explorer.exe" [ ]

"IST Service"="C:\Programfiler\ISTsvc\istsvc.exe" [ ]

"DAEMON Tools-1033"="G:\tools\daemon.exe" [2004-08-22 16:05 81920]

"LogonStudio"="G:\Logon Studio\LogonStudio\logonstudio.exe" [2002-09-03 17:38 987187]

"Anti-Blaxx Manager"="C:\Programfiler\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 16:35 225280]

"SunJavaUpdateSched"="G:\Webfile\Java\bin\jusched.exe" [2005-11-10 12:03 36975]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-08-12 20:08 282624]

"Launch LGDCore"="E:\Program\G15\LGDCore.exe" [2006-03-06 16:31 1122304]

"Launch LCDMon"="E:\Program\G15\LCDMon.exe" [2006-03-06 16:14 497152]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-09-17 00:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-09-17 00:07 81920]

"razer"="E:\Program\Rasar Kopparhove\razerhid.exe" [2005-10-08 16:27 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 22:13 13312]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Gamma Loader.exe.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2004-09-15 19:32:05 113664]

BitWare Print Monitor.lnk - E:\BITWARE\NT\bwprnmon.exe [2004-07-26 08:47:20 54272]

Exif Launcher.lnk - E:\Kamera\QuickDCF.exe [2002-01-09 21:53:14 200704]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program\sas\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\System32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

E:\Program\sas\SASWINLO.dll 2007-04-19 13:41 294912 E:\Program\sas\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R1 SSHDRV77;SSHDRV77;C:\WINDOWS\System32\drivers\SSHDRV77.sys [2004-08-10 13:35]

R1 SSHDRV79;SSHDRV79;C:\WINDOWS\System32\drivers\SSHDRV79.sys [2004-09-02 06:33]

R1 SSHDRV85;SSHDRV85;C:\WINDOWS\System32\drivers\SSHDRV85.sys [2004-12-24 12:35]

R2 StkSSrv;Syntek DC-112X Service;C:\WINDOWS\System32\StkSrv2K.exe [2005-06-09 20:49]

R2 Windows LAN Service Manager;Windows LAN Service Manager;C:\WINDOWS\System32\PAL\PCS\svchost.exe [2002-12-16 02:01]

R3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-08-12 10:11]

S2 HDDTService;HDD Temperature;E:\Skrivar\Diverse3\HDDTsvc.exe []

S3 A4S2600;A4S2600;C:\WINDOWS\System32\drivers\A4S2600.sys [1998-05-07 11:28]

S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\System32\DRIVERS\Amps2prt.sys [2002-12-31 18:35]

S3 BQS88CDC;BenQ S88 Driver;C:\WINDOWS\System32\DRIVERS\bqs88cdc.sys [2004-12-07 05:52]

S3 cmuda2;C-Media USB Audio Interface;C:\WINDOWS\System32\drivers\cmuda2.sys [2003-06-02 18:13]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;G:\Program\Everest\kerneld.wnt [2006-12-14 23:42]

S3 FileSpy5;BullGuard File Monitor;E:\Program\Bullguard\filespy5.sys [2006-09-09 10:27]

S3 lac97inf;lac97inf;C:\DOCUME~1\Gisle\LOKALE~1\Temp\lac97inf.sys []

S3 PciCon;PciCon;D:\PciCon.sys []

S3 Reconn;BullGuard Email Monitor;E:\Program\Bullguard\reconn.sys [2006-09-09 10:27]

S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ss_bus.sys [2004-09-18 07:04]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2004-09-18 07:05]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2004-09-18 07:05]

S3 StkMini;Syntek DC-112X;C:\WINDOWS\System32\Drivers\StkMini.sys [2005-07-05 14:27]

S3 StkScan;Syntek DC-112X Filter Driver;C:\WINDOWS\System32\Drivers\StkScan.sys [2005-06-10 09:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bg5 REG_MULTI_SZ BGMainSvc BsFileSpy BsMailProxy BsFirewall

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-25 21:52:53

Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDDTService]

"ImagePath"="E:\Skrivar\Diverse3\HDDTsvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]

-> C:\WINDOWS\system32\xfire_lsp_9996.dll

.

Completion time: 2008-01-25 21:54:24 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-25 20:54:08

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:57:54, on 25.01.2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

E:\Program\Bullguard\BullGuardUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\WINDOWS\System32\SAgent4.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\StkSrv2K.exe

C:\WINDOWS\System32\UAService7.exe

C:\WINDOWS\System32\PAL\PCS\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

E:\Programfiler\Power DVD\PDVDServ.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE

G:\tools\daemon.exe

C:\Programfiler\Anti-Blaxx 1.18\Anti-Blaxx.exe

G:\Webfile\Java\bin\jusched.exe

E:\Program\G15\LGDCore.exe

E:\Program\G15\LCDMon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

E:\Program\Rasar Kopparhove\razerhid.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\rundll32.exe

E:\Program\sas\SUPERAntiSpyware.exe

E:\Program\G15\Applets\LCDPop3\LCDPOP3.exe

E:\Program\G15\Applets\LCDCountdown\LCDCountdown.exe

E:\Program\G15\Applets\LCDMedia.exe

E:\Program\G15\Applets\LCDClock.exe

E:\BITWARE\NT\bwprnmon.exe

C:\WINDOWS\system32\ntvdm.exe

E:\Kamera\QuickDCF.exe

E:\Program\Rasar Kopparhove\razertra.exe

E:\Program\Rasar Kopparhove\razerofa.exe

C:\WINDOWS\system32\notepad.exe

G:\Mozilla Firefox\firefox.exe

C:\Documents and Settings\All Users\Skrivebord\test.exe