[LØST] Windows hevder jeg har 2 antivirus program på

RastaXP · 30. januar 2008

Hei.

Windows Security Center hevder jeg har 2 antivirus program på pcen. Den forteller: Windows has found more than one antivirus program on your computer and atleast one reports its up to date". Problemet er bare at jeg har bare ett antivirus program, og det er Avira AV Premium. Har før hatt Norton AV 2007, Kaspersky 6/7, og Nod 32, og prøvde engang F-secure der installasjonen klikket, men brukte et removal program for å fjerne restene av det. Men alle disse er slettet og fjernet for lengst, og har også brukt det beryktede norton removal tool, men den finner ingenting rester.

Hvordan kan jeg få slutt på dette?

Endret 1. februar 2008 av RastaXP

r2d290 · 30. januar 2008

du er sikker på at windows sin innebygde sikkerhetsfunksjon er deaktivert?

RastaXP · 30. januar 2008

Har Windows Xp, så har verken One Livecare, eller windows defender.

r2d290 · 30. januar 2008

tenkte mer på sikkerhetssenteret som du finner i kontrollpanel jeg...

snippsat · 30. januar 2008

Det er nok noe som ligger igjen i registert eller en tjeneste som trigger dette.

Nå kan du bare disable Security Center

Start->kjør-Services.msc

Finn Security Center og sett det til disable.

Eller fra registert.

Start->kjør->regedit

HKEY_CURRENT_USER\Software\Microsoft\Security Center

Lage et par entries

DWORD Value: FirewallDisableNotify

Value Data: 1

DWORD Value: UpdatesDisableNotify

Value Data: 1

Eller kan du poste en hjt-logg så kan vi se om det ligger noe vi kan fjerne.

http://www.trendsecure.com/portal/en-US/to...ckthis/download

Regcleaner som denne kan fixe det CCleaner

Endret 30. januar 2008 av SNIPPSAT

RastaXP · 30. januar 2008

Har kjørt CCleaner mange ganger.

Her er hijackthis logg:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:01:13, on 30.01.2008

Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 7950 bytes

snippsat · 30. januar 2008

Start hjt og merk disse så fixed.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx

Her har du rester fra norton som starter.

Start->kjør->Services.msc

Finn Sym LC Service sett til disable

Må nok en restart til for og slette.

Da sletter du alt som har med norton under

c:\Program Files\Common Files\Symantec Shared

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Det er noe mere som bør fjernes så gjør dette.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Kjør en runde med SAS free som du har.

Og etter dette post en ny hjt-logg.

Endret 30. januar 2008 av SNIPPSAT

RastaXP · 30. januar 2008

Combofix logg:

ComboFix 08-01-30.6 - Henning 2008-01-30 16:59:04.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.656 [GMT 1:00]

Running from: C:\Documents and Settings\Henning\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))

.

2008-01-30 16:52 . 2008-01-30 16:52 3,373,917 --a------ C:\WINDOWS\{00000006-00000000-00000006-00001102-00000002-80271102}.BAK

2008-01-30 15:59 . 2008-01-30 15:59 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-27 22:39 . 2008-01-27 22:39 <DIR> d-------- C:\Program Files\Google

2008-01-17 14:22 . 2008-01-17 14:22 <DIR> d-------- C:\Program Files\VS Revo Group

2008-01-14 17:35 . 2008-01-14 17:35 <DIR> d-------- C:\Documents and Settings\Henning\Application Data\AntiVir PersonalEdition Premium

2008-01-11 16:30 . 2008-01-11 16:30 <DIR> d-------- C:\Program Files\Hotspot Shield

2008-01-08 12:47 . 2008-01-08 12:47 <DIR> d-------- C:\Program Files\iTunes

2008-01-08 12:47 . 2008-01-08 12:47 <DIR> d-------- C:\Program Files\iPod

2008-01-08 12:47 . 2008-01-30 16:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-08 12:47 . 2008-01-08 12:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-08 12:46 . 2008-01-08 12:47 <DIR> d-------- C:\Program Files\QuickTime

2008-01-08 12:46 . 2008-01-08 12:46 <DIR> d-------- C:\Program Files\Apple Software Update

2008-01-08 12:46 . 2008-01-08 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-07 18:29 . 2008-01-07 18:29 <DIR> d-------- C:\Documents and Settings\Henning\Application Data\TuneUp Software

2008-01-06 22:57 . 2008-01-14 17:31 <DIR> d-------- C:\Program Files\Avira

2008-01-05 18:49 . 2008-01-05 18:49 <DIR> d-------- C:\Program Files\Quick Batch File Compiler

2008-01-03 01:05 . 2008-01-03 01:05 <DIR> d-------- C:\Temp

2008-01-03 00:59 . 2008-01-03 00:59 <DIR> d-------- C:\Program Files\Kaspersky Lab

2008-01-03 00:59 . 2008-01-06 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-12-29 00:20 . 2007-12-29 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2007-12-28 00:24 . 2007-12-28 01:11 <DIR> d-------- C:\Program Files\PeerGuardian2

2007-12-27 18:17 . 2007-12-27 18:18 <DIR> d-------- C:\Program Files\nLite

2007-12-23 16:05 . 2007-12-23 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI

2007-12-23 16:01 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2007-12-23 16:00 . 2007-12-23 16:02 <DIR> d-------- C:\Program Files\ATI Technologies

2007-12-23 15:45 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-12-23 15:41 . 2007-12-01 00:23 101,888 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll

2007-12-23 15:41 . 2007-11-30 17:31 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys

2007-12-23 15:41 . 2007-12-01 00:25 10,752 --------- C:\WINDOWS\system32\smtpapi.dll

2007-12-23 15:41 . 2007-12-01 00:25 9,728 --------- C:\WINDOWS\system32\rwnh.dll

2007-12-23 15:41 . 2007-11-30 17:27 9,728 --------- C:\WINDOWS\system32\comsdupd.exe

2007-12-23 15:38 . 2007-12-23 15:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2007-12-23 14:55 . 2007-12-23 14:56 <DIR> d-------- C:\Documents and Settings\Henning\Application Data\Media Player Classic

2007-12-21 17:50 . 2007-12-21 17:50 <DIR> d-------- C:\Program Files\Tunatic

2007-12-21 17:18 . 2007-12-21 17:18 <DIR> d-------- C:\Program Files\Audacity

2007-12-21 15:02 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-12-20 12:03 . 2007-12-20 12:45 <DIR> d-------- C:\Documents and Settings\Henning\.housecall6.6

2007-12-13 20:12 . 2008-01-16 18:10 <DIR> d-------- C:\DOS

2007-12-13 20:09 . 2008-01-20 16:34 <DIR> d-------- C:\Program Files\DOSBox-0.72

2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2007-12-07 19:26 . 2007-12-07 19:26 <DIR> d-------- C:\Program Files\Real Alternative

2007-12-06 15:42 . 2007-12-06 15:42 <DIR> d-------- C:\WINDOWS\Sun

2007-12-05 04:05 . 2007-12-05 04:05 368,640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll

2007-12-05 03:56 . 2007-12-05 03:56 147,456 --a------ C:\WINDOWS\system32\atipdlxx.dll

2007-12-05 03:55 . 2007-12-05 03:55 122,880 --a------ C:\WINDOWS\system32\Oemdspif.dll

2007-12-05 03:55 . 2007-12-05 03:55 122,880 --a------ C:\WINDOWS\system32\ati2evxx.dll

2007-12-05 03:55 . 2007-12-05 03:55 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll

2007-12-05 03:55 . 2007-12-05 03:55 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe

2007-12-05 03:54 . 2007-12-05 03:54 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll

2007-12-05 03:53 . 2007-12-05 03:53 495,616 --a------ C:\WINDOWS\system32\ati2evxx.exe

2007-12-05 03:53 . 2007-12-05 03:53 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL

2007-12-05 03:48 . 2007-12-05 03:48 9,535,488 --a------ C:\WINDOWS\system32\atioglx2.dll

2007-12-05 03:33 . 2007-12-05 03:33 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat

2007-12-05 03:33 . 2007-12-05 03:33 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat

2007-12-05 03:33 . 2007-12-05 03:33 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat

2007-12-05 03:19 . 2007-12-05 03:19 5,435,392 --a------ C:\WINDOWS\system32\atioglxx.dll

2007-12-05 03:19 . 2007-12-05 03:19 385,024 --a------ C:\WINDOWS\system32\atikvmag.dll

2007-12-05 03:17 . 2007-12-05 03:17 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll

2007-12-05 03:16 . 2007-12-05 03:16 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll

2007-12-05 03:14 . 2007-12-05 03:14 180,224 --a------ C:\WINDOWS\system32\atiok3x2.dll

2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll

2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

2007-12-01 00:26 . 2007-12-01 00:26 20,992 --------- C:\WINDOWS\system32\spupdwxp.exe

2007-12-01 00:26 . 2007-12-01 00:26 20,992 --------- C:\WINDOWS\system32\faxpatch.exe

2007-12-01 00:26 . 2007-12-01 00:26 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe

2007-12-01 00:22 . 2007-12-01 00:22 24,064 -----c--- C:\WINDOWS\system32\dllcache\pidgen.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-30 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-26 21:52 --------- d-----w C:\Documents and Settings\Henning\Application Data\uTorrent

2008-01-25 15:44 --------- d-----w C:\Program Files\Steam

2008-01-24 19:35 --------- d-----w C:\Documents and Settings\Henning\Application Data\mIRC

2008-01-24 19:33 --------- d-----w C:\Program Files\mIRC

2008-01-23 11:53 --------- d-----w C:\Program Files\Winamp

2008-01-14 17:33 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-01-14 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira

2008-01-13 16:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-01-10 19:47 --------- d-----w C:\Program Files\MediaMonkey

2008-01-09 18:07 --------- d-----w C:\Program Files\CCleaner

2008-01-08 11:47 --------- d-----w C:\Documents and Settings\Henning\Application Data\Apple Computer

2007-12-24 20:17 --------- d-----w C:\Program Files\TrackMania Nations ESWC

2007-12-24 15:23 --------- d-----w C:\Program Files\Electronic Arts

2007-12-24 14:47 --------- d-----w C:\Program Files\Opera

2007-12-23 22:42 --------- d-----w C:\Documents and Settings\Henning\Application Data\OpenOffice.org2

2007-12-23 15:58 --------- d-----w C:\Documents and Settings\Henning\Application Data\UpdateStar

2007-12-22 18:11 --------- d-----w C:\Program Files\Cube

2007-12-13 13:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-12-13 13:52 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-12-12 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2007-12-05 21:37 --------- d-----w C:\Program Files\DivX

2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-11-30 23:31 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe

2007-11-30 23:27 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2007-11-30 23:27 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr

2007-11-30 23:27 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2007-11-30 23:27 704,512 ----a-w C:\WINDOWS\system32\ss3dfo.scr

2007-11-30 23:27 679,936 ----a-w C:\WINDOWS\system32\sstext3d.scr

2007-11-30 23:27 610,304 ----a-w C:\WINDOWS\system32\sspipes.scr

2007-11-30 23:27 47,104 ----a-w C:\WINDOWS\system32\ssmypics.scr

2007-11-30 23:27 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2007-11-30 23:27 393,216 ----a-w C:\WINDOWS\system32\ssflwbox.scr

2007-11-30 23:27 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe

2007-11-30 23:27 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe

2007-11-30 23:27 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2007-11-30 23:27 29,696 ----a-w C:\WINDOWS\system32\format.com

2007-11-30 23:27 220,672 ----a-w C:\WINDOWS\system32\logon.scr

2007-11-30 23:27 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2007-11-30 23:27 20,992 ----a-w C:\WINDOWS\system32\ssmarque.scr

2007-11-30 23:27 19,968 ----a-w C:\WINDOWS\system32\ssbezier.scr

2007-11-30 23:27 18,944 ----a-w C:\WINDOWS\system32\ssmyst.scr

2007-11-30 23:27 16,896 ----a-w C:\WINDOWS\system32\more.com

2007-11-30 23:27 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2007-11-30 23:27 14,336 ----a-w C:\WINDOWS\system32\ssstars.scr

2007-11-30 23:27 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2007-11-30 23:27 13,824 ----a-w C:\WINDOWS\system32\wscntfy.exe

2007-11-30 23:27 12,800 ----a-w C:\WINDOWS\system32\tree.com

2007-11-30 23:27 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2007-11-30 23:27 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2007-11-30 23:27 11,264 ----a-w C:\WINDOWS\system32\wpnpinst.exe

2007-11-30 23:26 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll

2007-11-30 23:26 99,328 ----a-w C:\WINDOWS\system32\winscard.dll

2007-11-30 23:26 98,304 ----a-w C:\WINDOWS\system32\ahui.exe

2007-11-30 23:26 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll

2007-11-30 23:26 95,744 ----a-w C:\WINDOWS\system32\scardsvr.exe

2007-11-30 23:26 93,696 ----a-w C:\WINDOWS\system32\tscfgwmi.dll

2007-11-30 23:26 92,672 ----a-w C:\WINDOWS\system32\wlnotify.dll

2007-11-30 23:26 91,648 ----a-w C:\WINDOWS\system32\xactsrv.dll

2007-11-30 23:26 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2007-11-30 23:26 90,112 ----a-w C:\WINDOWS\system32\trkwks.dll

2007-11-30 23:26 9,216 ----a-w C:\WINDOWS\system32\proxycfg.exe

2007-11-30 23:26 89,600 ----a-w C:\WINDOWS\system32\smlogsvc.exe

2007-11-30 23:26 87,040 ----a-w C:\WINDOWS\system32\diantz.exe

2007-11-30 23:26 86,016 ----a-w C:\WINDOWS\system32\netsh.exe

2007-11-30 23:26 858,624 ----a-w C:\WINDOWS\system32\tapi3.dll

2007-11-30 23:26 83,456 ----a-w C:\WINDOWS\system32\dpvsetup.exe

2007-11-30 23:26 82,944 ----a-w C:\WINDOWS\system32\eventtriggers.exe

2007-11-30 23:26 82,944 ----a-w C:\WINDOWS\system32\dfrgfat.exe

2007-11-30 23:26 82,432 ----a-w C:\WINDOWS\system32\ws2_32.dll

2007-11-30 23:26 80,896 ----a-w C:\WINDOWS\system32\wscsvc.dll

2007-11-30 23:26 8,192 ----a-w C:\WINDOWS\system32\smbinst.exe

2007-11-30 23:26 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe

2007-11-30 23:26 78,336 ----a-w C:\WINDOWS\system32\tlntsess.exe

2007-11-30 23:26 77,824 ----a-w C:\WINDOWS\system32\tasklist.exe

2007-11-30 23:26 77,824 ----a-w C:\WINDOWS\system32\shrpubw.exe

2007-11-30 23:26 77,312 ----a-w C:\WINDOWS\system32\sdbinst.exe

2007-11-30 23:26 77,312 ----a-w C:\WINDOWS\system32\rtcshare.exe

2007-11-30 23:26 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

2007-11-30 23:26 76,800 ----a-w C:\WINDOWS\system32\nslookup.exe

2007-11-30 23:26 76,288 ----a-w C:\WINDOWS\system32\taskkill.exe

2007-11-30 23:26 75,776 ----a-w C:\WINDOWS\system32\wiascr.dll

2007-11-30 23:26 75,776 ----a-w C:\WINDOWS\system32\telnet.exe

2007-11-30 23:26 75,776 ----a-w C:\WINDOWS\system32\strmfilt.dll

2007-11-30 23:26 75,264 ----a-w C:\WINDOWS\system32\locator.exe

2007-11-30 23:26 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

2007-11-30 23:26 74,752 ----a-w C:\WINDOWS\system32\storprop.dll

2007-11-30 23:26 74,240 ----a-w C:\WINDOWS\system32\usbui.dll

2007-11-30 23:26 74,240 ----a-w C:\WINDOWS\system32\unimdmat.dll

2007-11-30 23:26 73,796 ------w C:\WINDOWS\system32\slserv.exe

2007-11-30 23:26 73,216 ----a-w C:\WINDOWS\system32\tlntsvr.exe

2007-11-30 23:26 727,040 ----a-w C:\WINDOWS\system32\userenv.dll

2007-11-30 23:26 726,078 ----a-w C:\WINDOWS\srchasst\srchui.dll

2007-11-30 23:26 72,704 ----a-w C:\WINDOWS\system32\magnify.exe

2007-11-30 23:26 713,216 ----a-w C:\WINDOWS\system32\sxs.dll

2007-11-30 23:26 712,704 ------w C:\WINDOWS\system32\windowscodecs.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 00:26 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTHelper"="CTHELPER.EXE" [2002-07-02 16:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]

"AsioReg"="REGSVR32.exe" [2007-12-01 00:26 11776 C:\WINDOWS\system32\regsvr32.exe]

"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-01-14 17:34 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-01 00:26 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2007-12-05 16:26 1266936 C:\Program Files\Steam\Steam.exe

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-01-14 17:34]

R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-01-14 17:34]

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 08:27]

R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 07:52]

S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 07:04]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 07:05]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 07:05]

.

Contents of the 'Scheduled Tasks' folder

"2008-01-25 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClick.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-30 17:00:37

Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-30 17:00:59

.

2008-01-08 22:31:01 --- E O F ---

Hijackthis logg 2:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:28:40, on 30.01.2008

Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe