hjt og sas logg hjelp?

[matskjorum]

SAS LOGG:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/09/2008 at 05:44 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3416

Trace Rules Database Version: 1408

 

Scan type : Complete Scan

Total Scan Time : 00:24:10

 

Memory items scanned : 842

Memory threats detected : 0

Registry items scanned : 6868

Registry threats detected : 0

File items scanned : 20122

File threats detected : 20

 

Adware.Tracking Cookie

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@tribalfusion[1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@adtech[1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@atdmt[1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@doubleclick[1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@hitbox[1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@imrworldwide[2].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@mediaplex[1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@tradedoubler[2].txt

C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@xiti[1].txt

 

 

 

HJT LOGG:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:22:39, on 09.03.2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\McAfee\MSK\mskagent.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Users\mats\Desktop\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=5080218

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [coalmfcd] "C:\ProgramData\license seek seek.2d31mc"

O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\Seek Style Pure.8le1p"

O4 - HKCU\..\Run: [bitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: McAfee Application Installer Cleanup (0139851205060757) (0139851205060757mcinstcleanup) - Unknown owner - C:\Windows\TEMP13985~1.EXE (file missing)

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[norbat]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O4 - HKCU\..\Run: [coalmfcd] "C:\ProgramData\license seek seek.2d31mc"

O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\Seek Style Pure.8le1p"

 

Bruk utforsker til å slette følgende to filer (i fet):

C:\ProgramData\license seek seek.2d31mc

C:\ProgramData\Seek Style Pure.8le1p

 

(Mulig du må fjerne filene fra sikker modus evt. se om prosessene fortsatt kjører i prosesslista, hvis så stopper du dem før du prøver å slette filene)

 

Gjør deretter følgende:

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

 

Post loggfilen fra combofix (c:\combofix.txt), så ser vi om det ligger noe mer igjen som bør fjernes.

[matskjorum]

takk for svar..

men nå trur jeg jeg har fått det til. har ikke kommi opp noen pop-ups på leenge nå

[norbat]

- og hva gjorde du?

[matskjorum]

- og hva gjorde du?

gjorde egentlig ikkeno. bare sluttet å poppe opp. Helt til nå. for godt til å være sant... heh

her er combofix logg:

 

ComboFix 08-03-09.1 - mats 2008-03-09 23:39:39.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.824 [GMT 1:00]

Running from: C:\Users\mats\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1URX5G88\ComboFix[1].exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))

.

 

2008-03-09 16:38 . 2008-03-09 16:38 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-03-09 16:38 . 2008-03-09 16:38 <DIR> d-------- C:\ProgramData\Apple Computer

2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\Users\All Users\Apple

2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\ProgramData\Apple

2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\Program Files\Apple Software Update

2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Users\mats\AppData\Roaming\SUPERAntiSpyware.com

2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-03-09 16:12 . 2008-03-09 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-08 23:39 . 2008-03-08 23:43 <DIR> d-------- C:\Users\mats\AppData\Roaming\BitDownload

2008-03-08 23:39 . 2008-03-08 23:39 <DIR> d-------- C:\Users\All Users\way rdr ford mpeg

2008-03-08 23:39 . 2008-03-08 23:39 <DIR> d-------- C:\Users\All Users\Flawsizecomp

2008-03-08 23:39 . 2008-03-08 23:39 <DIR> d-------- C:\ProgramData\way rdr ford mpeg

2008-03-08 23:39 . 2008-03-08 23:39 <DIR> d-------- C:\ProgramData\Flawsizecomp

2008-03-08 23:10 . 2008-03-08 23:11 <DIR> d-------- C:\Program Files\BitLord2

2008-03-05 15:54 . 2008-03-05 15:54 <DIR> d-------- C:\Program Files\Hunting Unlimited 2

2008-03-02 17:59 . 2008-03-07 15:31 <DIR> d-------- C:\Users\mats\AppData\Roaming\dvdcss

2008-02-29 19:15 . 2008-02-29 19:15 <DIR> d-------- C:\Users\mats\AppData\Roaming\Leadertech

2008-02-29 19:11 . 2008-02-29 19:11 <DIR> d-------- C:\Program Files\NovaLogic

2008-02-29 19:10 . 1998-10-29 15:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-02-27 19:24 . 2008-02-27 19:24 <DIR> d-------- C:\Users\mats\AppData\Roaming\Publish Providers

2008-02-27 19:23 . 2008-02-27 19:23 <DIR> d-------- C:\Users\mats\AppData\Roaming\Sony

2008-02-27 19:23 . 2008-02-29 16:03 <DIR> d-a------ C:\Users\All Users\TEMP

2008-02-27 19:23 . 2008-02-29 16:03 <DIR> d-a------ C:\ProgramData\TEMP

2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Users\All Users\Sony

2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\ProgramData\Sony

2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Program Files\Vstplugins

2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Program Files\Sony

2008-02-27 19:17 . 2008-02-27 19:17 <DIR> d-------- C:\Program Files\Sony Vegas Pro 8a

2008-02-27 16:10 . 2008-03-09 16:39 <DIR> d-------- C:\Program Files\QuickTime

2008-02-26 15:09 . 2008-02-26 15:09 <DIR> d-------- C:\Users\mats\AppData\Roaming\vlc

2008-02-26 15:08 . 2008-02-26 15:08 <DIR> d-------- C:\Program Files\VideoLAN

2008-02-25 15:57 . 2008-03-09 17:48 27,240 --a------ C:\Users\mats\AppData\Roaming\nvModes.dat

2008-02-25 14:58 . 2008-02-25 14:58 <DIR> d-------- C:\Users\mats\AppData\Roaming\Intel

2008-02-24 22:29 . 2008-02-24 22:29 <DIR> d-------- C:\Users\mats\AppData\Roaming\Creative

2008-02-24 22:10 . 2008-03-08 23:37 <DIR> d-------- C:\Users\mats\AppData\Roaming\LimeWire

2008-02-24 22:09 . 2008-02-24 22:09 <DIR> d-------- C:\Program Files\LimeWire

2008-02-24 20:23 . 2008-02-24 20:23 194,560 --a------ C:\Windows\System32\WebClnt.dll

2008-02-24 20:23 . 2008-02-24 20:23 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys

2008-02-24 20:19 . 2008-02-24 20:19 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-02-24 20:18 . 2008-02-24 20:18 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-24 20:18 . 2008-02-24 20:18 1,686,528 --a------ C:\Windows\System32\gameux.dll

2008-02-24 20:18 . 2008-02-24 20:18 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-02-24 20:17 . 2008-02-24 20:17 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-02-24 20:14 . 2008-02-24 20:14 1,244,672 --a------ C:\Windows\System32\mcmde.dll

2008-02-24 19:51 . 2008-02-24 19:51 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2008-02-24 19:51 . 2008-02-24 19:51 1,524,224 --a------ C:\Windows\System32\wucltux.dll

2008-02-24 19:51 . 2008-02-24 19:51 53,080 --a------ C:\Windows\System32\wuauclt.exe

2008-02-24 19:51 . 2008-02-24 19:51 43,352 --a------ C:\Windows\System32\wups2.dll

2008-02-24 19:50 . 2008-02-24 19:50 549,720 --a------ C:\Windows\System32\wuapi.dll

2008-02-24 19:50 . 2008-02-24 19:50 80,896 --a------ C:\Windows\System32\wudriver.dll

2008-02-24 19:50 . 2008-02-24 19:50 33,624 --a------ C:\Windows\System32\wups.dll

2008-02-24 19:49 . 2008-02-24 19:49 163,000 --a------ C:\Windows\System32\wuwebv.dll

2008-02-24 19:49 . 2008-02-24 19:49 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-02-24 19:32 . 2008-02-24 19:32 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-02-24 19:32 . 2008-02-24 19:32 <DIR> d-------- C:\ProgramData\WLInstaller

2008-02-24 19:32 . 2008-02-24 19:47 <DIR> d-------- C:\Program Files\Windows Live

2008-02-24 19:32 . 2008-02-24 19:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-02-24 19:20 . 2008-02-24 19:20 <DIR> d-------- C:\Users\mats\AppData\Roaming\Roxio

2008-02-24 19:19 . 2008-02-24 19:19 <DIR> d-------- C:\Users\mats\Bluetooth Software

2008-02-24 19:18 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Searches

2008-02-24 19:18 . 2008-03-05 23:05 <DIR> dr------- C:\Users\mats\Contacts

2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Videos

2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Saved Games

2008-02-24 19:17 . 2008-02-17 19:00 <DIR> d-------- C:\Users\mats\Roaming

2008-02-24 19:17 . 2008-03-09 15:46 <DIR> dr------- C:\Users\mats\Pictures

2008-02-24 19:17 . 2008-02-28 16:24 <DIR> dr------- C:\Users\mats\Music

2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Links

2008-02-24 19:17 . 2008-03-09 00:03 <DIR> dr------- C:\Users\mats\Downloads

2008-02-24 19:17 . 2008-03-08 23:39 <DIR> dr------- C:\Users\mats\Documents

2008-02-24 19:17 . 2006-11-02 13:37 <DIR> d-------- C:\Users\mats\AppData\Roaming\Media Center Programs

2008-02-24 19:17 . 2008-02-24 19:18 <DIR> d--h----- C:\Users\mats\AppData

2008-02-24 19:12 . 2008-02-24 19:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

2008-02-24 19:12 . 2008-03-09 23:42 9,044 --a------ C:\Windows\System32\Config.MPF

2008-02-18 02:37 . 2008-02-18 02:37 <DIR> d-------- C:\Program Files\DellTPad

2008-02-18 02:35 . 2008-02-18 02:35 1,335,296 --a------ C:\Windows\System32\msxml6.dll

2008-02-18 02:35 . 2008-02-18 02:35 229,888 --a------ C:\Windows\System32\msshsq.dll

2008-02-18 02:35 . 2008-02-18 02:35 205,824 --a------ C:\Windows\System32\msoeacct.dll

2008-02-18 02:35 . 2008-02-18 02:35 87,040 --a------ C:\Windows\System32\msoert2.dll

2008-02-18 02:35 . 2008-02-18 02:35 39,424 --a------ C:\Windows\System32\ACCTRES.dll

2008-02-18 02:35 . 2008-02-18 02:35 2,048 --a------ C:\Windows\System32\msxml6r.dll

2008-02-18 02:34 . 2008-02-18 02:34 750,080 --a------ C:\Windows\System32\qmgr.dll

2008-02-18 02:32 . 2008-02-18 02:32 8,147,968 --a------ C:\Windows\System32\wmploc.DLL

2008-02-18 02:32 . 2008-02-18 02:32 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-02-18 02:32 . 2008-02-18 02:32 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll

2008-02-18 02:32 . 2008-02-18 02:32 7,680 --a------ C:\Windows\System32\spwmp.dll

2008-02-18 02:32 . 2008-02-18 02:32 4,096 --a------ C:\Windows\System32\msdxm.ocx

2008-02-18 02:32 . 2008-02-18 02:32 4,096 --a------ C:\Windows\System32\dxmasf.dll

2008-02-18 02:30 . 2008-02-18 02:30 633,856 --a------ C:\Windows\System32\user32.dll

2008-02-18 02:30 . 2008-02-18 02:30 223,232 --a------ C:\Windows\System32\WMASF.DLL

2008-02-18 02:30 . 2008-02-18 02:30 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2008-02-18 02:30 . 2008-02-18 02:30 2,048 --a------ C:\Windows\System32\asferror.dll

2008-02-18 02:28 . 2008-02-18 02:28 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys

2008-02-18 02:27 . 2008-02-18 02:27 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2008-02-18 02:27 . 2008-02-18 02:27 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2008-02-18 02:27 . 2008-02-18 02:27 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2008-02-18 02:27 . 2008-02-18 02:27 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2008-02-18 02:27 . 2008-02-18 02:27 2,048 --a------ C:\Windows\System32\tzres.dll

2008-02-18 02:25 . 2008-02-18 02:25 1,191,936 --a------ C:\Windows\System32\msxml3.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-24 19:56 --------- d-----w C:\Program Files\Windows Sidebar

2008-02-24 19:56 --------- d-----w C:\Program Files\Windows Mail

2008-02-24 19:19 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-24 19:19 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-24 19:19 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-24 19:19 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-24 19:19 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-24 19:19 217,144 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-24 19:19 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-02-24 19:19 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-24 19:19 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-24 19:19 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-24 19:19 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-24 19:19 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-24 19:19 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-02-24 19:18 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-24 19:18 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-24 19:18 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-24 19:18 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-24 19:15 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-24 19:15 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-24 19:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-24 19:15 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Start-meny

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Skrivebord

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Programdata

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Maler

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Favoritter

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Dokumenter

2008-02-24 18:13 --------- d-sh--w C:\Program Files\Fellesfiler

2008-02-18 01:36 25,784 ------w C:\Windows\system32\drivers\msahci.sys

2008-02-18 01:36 20,152 ------w C:\Windows\system32\drivers\viaide.sys

2008-02-18 01:36 19,128 ------w C:\Windows\system32\drivers\cmdide.sys

2008-02-18 01:36 18,104 ------w C:\Windows\system32\drivers\amdide.sys

2008-02-18 01:36 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-18 01:36 17,592 ------w C:\Windows\system32\drivers\aliide.sys

2008-02-18 01:31 974,336 ----a-w C:\Windows\System32\crypt32.dll

2008-02-18 01:29 8,192 ----a-w C:\Windows\System32\riched32.dll

2008-02-18 01:28 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys

2008-02-18 01:28 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys

2008-02-18 01:28 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys

2008-02-18 01:25 --------- d-----w C:\Program Files\Windows Defender

2008-02-18 01:21 72,192 ----a-w C:\Windows\System32\dot3msm.dll

2008-02-18 01:20 98,304 ----a-w C:\Windows\System32\mssitlb.dll

2008-02-18 01:19 74,752 ----a-w C:\Windows\system32\drivers\rasl2tp.sys

2008-02-18 01:14 4,802 ----a-w C:\Windows\system32\drivers\1028_Dell_INS_I1720.mrk

2008-02-17 17:45 174 --sha-w C:\Program Files\desktop.ini

2008-01-02 04:37 595,456 ----a-w C:\Windows\System32\stapo.dll

2008-01-02 04:37 492,544 ----a-w C:\Windows\System32\ctapo32.dll

2008-01-02 04:37 45,568 ----a-w C:\Windows\System32\ctppld.dll

2008-01-02 04:37 328,704 ----a-w C:\Windows\System32\stcplx.dll

2008-01-02 04:37 299,520 ----a-w C:\Windows\System32\stapi32.dll

2008-01-02 04:37 146,944 ----a-w C:\Windows\System32\st325614.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

"coalmfcd"="C:\ProgramData\license seek seek.2d31mc" [2008-03-08 23:39 4112]

"Ford mpeg road draw"="C:\ProgramData\Seek Style Pure.8le1p" [2008-03-08 23:39 213008]

"BitDownload"="C:\Program Files\BitDownload\BitDownload.exe" [ ]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-18 02:25 1006264]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 06:58 36864]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 05:37 405504]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 10:13 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 10:13 8433664]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 10:13 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 10:13 67584]

"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-17 18:56 77824]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]

"@"="" []

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-17 19:16 1838592]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-27 16:10 385024]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-17 18:59:37 50688]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-02-17 18:58:36 45056]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

"LoadAppInit_DLLs"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8BF1F8AB-EFF8-44FD-ACB7-1958BEE3E0FE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{6A12A936-4B39-4B63-B837-AA598A4F9BCD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{B20AD5AA-C68C-4258-B552-EFA8341D3E61}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{84B05050-70C4-4E7B-BDEC-D7C7C39F29F5}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect

"{23964B9B-FD4F-49F6-AD62-4B02B654769C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program

"{52B527F2-62B1-45FC-A368-7C7F0DCE1EDE}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine

"{E4D63630-C5A8-49CD-A6FE-7F1AF06228B4}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server

"{F51BD284-F77E-469C-8CBF-43164A87AD00}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 05:37]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]

R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]

R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 10:44]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59]

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-17 18:21:22 C:\Windows\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2008-02-17 18:21:22 C:\Windows\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-09 23:42:41

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-09 23:43:32

.

2008-02-26 13:45:51 --- E O F ---

[matskjorum]

ingen?

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Folder::

C:\Users\All Users\way rdr ford mpeg

C:\Users\All Users\Flawsizecomp

C:\ProgramData\way rdr ford mpeg

C:\ProgramData\Flawsizecomp

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"coalmfcd"=-

"Ford mpeg road draw"=-

 

Post ny combofix-logg.

Endret 10. mars 2008 av norbat

[matskjorum]

tusen takk:P

 

 

her er combofix logg:

 

ComboFix 08-03-10.1 - mats 2008-03-10 22:40:21.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.833 [GMT 1:00]

Running from: C:\Users\mats\Desktop\ComboFix.exe

Command switches used :: C:\Users\mats\Desktop\CFScript.txt..txt

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ProgramData\Flawsizecomp

C:\ProgramData\Flawsizecomp\Dart Grey Boob.exe

C:\ProgramData\Flawsizecomp\peoweqil.exe

C:\ProgramData\way rdr ford mpeg

C:\ProgramData\way rdr ford mpeg\title 64.exe

C:\Users\All Users\Flawsizecomp\Dart Grey Boob.exe

C:\Users\All Users\Flawsizecomp\peoweqil.exe

C:\Users\All Users\way rdr ford mpeg\title 64.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))

.

 

2008-03-09 16:38 . 2008-03-09 16:38 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-03-09 16:38 . 2008-03-09 16:38 <DIR> d-------- C:\ProgramData\Apple Computer

2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\Users\All Users\Apple

2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\ProgramData\Apple

2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\Program Files\Apple Software Update

2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Users\mats\AppData\Roaming\SUPERAntiSpyware.com

2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-03-09 16:12 . 2008-03-09 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-08 23:39 . 2008-03-08 23:43 <DIR> d-------- C:\Users\mats\AppData\Roaming\BitDownload

2008-03-08 23:10 . 2008-03-08 23:11 <DIR> d-------- C:\Program Files\BitLord2

2008-03-05 15:54 . 2008-03-05 15:54 <DIR> d-------- C:\Program Files\Hunting Unlimited 2

2008-03-02 17:59 . 2008-03-07 15:31 <DIR> d-------- C:\Users\mats\AppData\Roaming\dvdcss

2008-02-29 19:15 . 2008-02-29 19:15 <DIR> d-------- C:\Users\mats\AppData\Roaming\Leadertech

2008-02-29 19:11 . 2008-02-29 19:11 <DIR> d-------- C:\Program Files\NovaLogic

2008-02-29 19:10 . 1998-10-29 15:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-02-27 19:24 . 2008-02-27 19:24 <DIR> d-------- C:\Users\mats\AppData\Roaming\Publish Providers

2008-02-27 19:23 . 2008-02-27 19:23 <DIR> d-------- C:\Users\mats\AppData\Roaming\Sony

2008-02-27 19:23 . 2008-02-29 16:03 <DIR> d-a------ C:\Users\All Users\TEMP

2008-02-27 19:23 . 2008-02-29 16:03 <DIR> d-a------ C:\ProgramData\TEMP

2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Users\All Users\Sony

2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\ProgramData\Sony

2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Program Files\Vstplugins

2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Program Files\Sony

2008-02-27 19:17 . 2008-02-27 19:17 <DIR> d-------- C:\Program Files\Sony Vegas Pro 8a

2008-02-27 16:10 . 2008-03-09 16:39 <DIR> d-------- C:\Program Files\QuickTime

2008-02-26 15:09 . 2008-02-26 15:09 <DIR> d-------- C:\Users\mats\AppData\Roaming\vlc

2008-02-26 15:08 . 2008-02-26 15:08 <DIR> d-------- C:\Program Files\VideoLAN

2008-02-25 15:57 . 2008-03-10 14:47 27,240 --a------ C:\Users\mats\AppData\Roaming\nvModes.dat

2008-02-25 14:58 . 2008-02-25 14:58 <DIR> d-------- C:\Users\mats\AppData\Roaming\Intel

2008-02-24 22:29 . 2008-02-24 22:29 <DIR> d-------- C:\Users\mats\AppData\Roaming\Creative

2008-02-24 22:10 . 2008-03-08 23:37 <DIR> d-------- C:\Users\mats\AppData\Roaming\LimeWire

2008-02-24 22:09 . 2008-02-24 22:09 <DIR> d-------- C:\Program Files\LimeWire

2008-02-24 20:23 . 2008-02-24 20:23 194,560 --a------ C:\Windows\System32\WebClnt.dll

2008-02-24 20:23 . 2008-02-24 20:23 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys

2008-02-24 20:19 . 2008-02-24 20:19 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-02-24 20:18 . 2008-02-24 20:18 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-24 20:18 . 2008-02-24 20:18 1,686,528 --a------ C:\Windows\System32\gameux.dll

2008-02-24 20:18 . 2008-02-24 20:18 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-02-24 20:17 . 2008-02-24 20:17 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-02-24 20:14 . 2008-02-24 20:14 1,244,672 --a------ C:\Windows\System32\mcmde.dll

2008-02-24 19:51 . 2008-02-24 19:51 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2008-02-24 19:51 . 2008-02-24 19:51 1,524,224 --a------ C:\Windows\System32\wucltux.dll

2008-02-24 19:51 . 2008-02-24 19:51 53,080 --a------ C:\Windows\System32\wuauclt.exe

2008-02-24 19:51 . 2008-02-24 19:51 43,352 --a------ C:\Windows\System32\wups2.dll

2008-02-24 19:50 . 2008-02-24 19:50 549,720 --a------ C:\Windows\System32\wuapi.dll

2008-02-24 19:50 . 2008-02-24 19:50 80,896 --a------ C:\Windows\System32\wudriver.dll

2008-02-24 19:50 . 2008-02-24 19:50 33,624 --a------ C:\Windows\System32\wups.dll

2008-02-24 19:49 . 2008-02-24 19:49 163,000 --a------ C:\Windows\System32\wuwebv.dll

2008-02-24 19:49 . 2008-02-24 19:49 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-02-24 19:32 . 2008-02-24 19:32 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-02-24 19:32 . 2008-02-24 19:32 <DIR> d-------- C:\ProgramData\WLInstaller

2008-02-24 19:32 . 2008-02-24 19:47 <DIR> d-------- C:\Program Files\Windows Live

2008-02-24 19:32 . 2008-02-24 19:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-02-24 19:20 . 2008-02-24 19:20 <DIR> d-------- C:\Users\mats\AppData\Roaming\Roxio

2008-02-24 19:19 . 2008-02-24 19:19 <DIR> d-------- C:\Users\mats\Bluetooth Software

2008-02-24 19:18 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Searches

2008-02-24 19:18 . 2008-03-05 23:05 <DIR> dr------- C:\Users\mats\Contacts

2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Videos

2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Saved Games

2008-02-24 19:17 . 2008-02-17 19:00 <DIR> d-------- C:\Users\mats\Roaming

2008-02-24 19:17 . 2008-03-09 15:46 <DIR> dr------- C:\Users\mats\Pictures

2008-02-24 19:17 . 2008-02-28 16:24 <DIR> dr------- C:\Users\mats\Music

2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Links

2008-02-24 19:17 . 2008-03-09 00:03 <DIR> dr------- C:\Users\mats\Downloads

2008-02-24 19:17 . 2008-03-08 23:39 <DIR> dr------- C:\Users\mats\Documents

2008-02-24 19:17 . 2006-11-02 13:37 <DIR> d-------- C:\Users\mats\AppData\Roaming\Media Center Programs

2008-02-24 19:17 . 2008-02-24 19:18 <DIR> d--h----- C:\Users\mats\AppData

2008-02-24 19:12 . 2008-02-24 19:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

2008-02-24 19:12 . 2008-03-10 22:45 9,162 --a------ C:\Windows\System32\Config.MPF

2008-02-18 02:37 . 2008-02-18 02:37 <DIR> d-------- C:\Program Files\DellTPad

2008-02-18 02:35 . 2008-02-18 02:35 1,335,296 --a------ C:\Windows\System32\msxml6.dll

2008-02-18 02:35 . 2008-02-18 02:35 229,888 --a------ C:\Windows\System32\msshsq.dll

2008-02-18 02:35 . 2008-02-18 02:35 205,824 --a------ C:\Windows\System32\msoeacct.dll

2008-02-18 02:35 . 2008-02-18 02:35 87,040 --a------ C:\Windows\System32\msoert2.dll

2008-02-18 02:35 . 2008-02-18 02:35 39,424 --a------ C:\Windows\System32\ACCTRES.dll

2008-02-18 02:35 . 2008-02-18 02:35 2,048 --a------ C:\Windows\System32\msxml6r.dll

2008-02-18 02:34 . 2008-02-18 02:34 750,080 --a------ C:\Windows\System32\qmgr.dll

2008-02-18 02:32 . 2008-02-18 02:32 8,147,968 --a------ C:\Windows\System32\wmploc.DLL

2008-02-18 02:32 . 2008-02-18 02:32 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-02-18 02:32 . 2008-02-18 02:32 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll

2008-02-18 02:32 . 2008-02-18 02:32 7,680 --a------ C:\Windows\System32\spwmp.dll

2008-02-18 02:32 . 2008-02-18 02:32 4,096 --a------ C:\Windows\System32\msdxm.ocx

2008-02-18 02:32 . 2008-02-18 02:32 4,096 --a------ C:\Windows\System32\dxmasf.dll

2008-02-18 02:30 . 2008-02-18 02:30 633,856 --a------ C:\Windows\System32\user32.dll

2008-02-18 02:30 . 2008-02-18 02:30 223,232 --a------ C:\Windows\System32\WMASF.DLL

2008-02-18 02:30 . 2008-02-18 02:30 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2008-02-18 02:30 . 2008-02-18 02:30 2,048 --a------ C:\Windows\System32\asferror.dll

2008-02-18 02:28 . 2008-02-18 02:28 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys

2008-02-18 02:27 . 2008-02-18 02:27 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2008-02-18 02:27 . 2008-02-18 02:27 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2008-02-18 02:27 . 2008-02-18 02:27 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2008-02-18 02:27 . 2008-02-18 02:27 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2008-02-18 02:27 . 2008-02-18 02:27 2,048 --a------ C:\Windows\System32\tzres.dll

2008-02-18 02:25 . 2008-02-18 02:25 1,191,936 --a------ C:\Windows\System32\msxml3.dll

2008-02-18 02:25 . 2008-02-18 02:25 737,792 --a------ C:\Windows\System32\inetcomm.dll

2008-02-18 02:25 . 2008-02-18 02:25 376,320 --a------ C:\Windows\System32\winsrv.dll

2008-02-18 02:25 . 2008-02-18 02:25 84,480 --a------ C:\Windows\System32\INETRES.dll

2008-02-18 02:25 . 2008-02-18 02:25 49,664 --a------ C:\Windows\System32\csrsrv.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-24 19:56 --------- d-----w C:\Program Files\Windows Sidebar

2008-02-24 19:56 --------- d-----w C:\Program Files\Windows Mail

2008-02-24 19:19 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-24 19:19 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-24 19:19 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-24 19:19 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-24 19:19 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-24 19:19 217,144 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-24 19:19 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-02-24 19:19 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-24 19:19 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-24 19:19 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-24 19:19 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-24 19:19 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-24 19:19 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-02-24 19:18 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-24 19:18 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-24 19:18 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-24 19:18 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-24 19:15 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-24 19:15 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-24 19:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-24 19:15 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Start-meny

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Skrivebord

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Programdata

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Maler

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Favoritter

2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Dokumenter

2008-02-24 18:13 --------- d-sh--w C:\Program Files\Fellesfiler

2008-02-18 01:36 25,784 ------w C:\Windows\system32\drivers\msahci.sys

2008-02-18 01:36 20,152 ------w C:\Windows\system32\drivers\viaide.sys

2008-02-18 01:36 19,128 ------w C:\Windows\system32\drivers\cmdide.sys

2008-02-18 01:36 18,104 ------w C:\Windows\system32\drivers\amdide.sys

2008-02-18 01:36 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-18 01:36 17,592 ------w C:\Windows\system32\drivers\aliide.sys

2008-02-18 01:31 974,336 ----a-w C:\Windows\System32\crypt32.dll

2008-02-18 01:29 8,192 ----a-w C:\Windows\System32\riched32.dll

2008-02-18 01:28 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys

2008-02-18 01:28 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys

2008-02-18 01:28 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys

2008-02-18 01:25 --------- d-----w C:\Program Files\Windows Defender

2008-02-18 01:21 72,192 ----a-w C:\Windows\System32\dot3msm.dll

2008-02-18 01:20 98,304 ----a-w C:\Windows\System32\mssitlb.dll

2008-02-18 01:19 74,752 ----a-w C:\Windows\system32\drivers\rasl2tp.sys

2008-02-18 01:14 4,802 ----a-w C:\Windows\system32\drivers\1028_Dell_INS_I1720.mrk

2008-02-17 17:45 174 --sha-w C:\Program Files\desktop.ini

2008-01-02 04:37 595,456 ----a-w C:\Windows\System32\stapo.dll

2008-01-02 04:37 492,544 ----a-w C:\Windows\System32\ctapo32.dll

2008-01-02 04:37 45,568 ----a-w C:\Windows\System32\ctppld.dll

2008-01-02 04:37 328,704 ----a-w C:\Windows\System32\stcplx.dll

2008-01-02 04:37 299,520 ----a-w C:\Windows\System32\stapi32.dll

2008-01-02 04:37 146,944 ----a-w C:\Windows\System32\st325614.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-09_23.43.08,33 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-09 21:05:29 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-03-10 21:44:24 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-03-09 16:49:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-03-10 21:45:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-03-10 21:45:44 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-03-09 16:49:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-03-10 21:45:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-03-10 21:45:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-03-09 19:42:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-03-10 18:05:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-03-09 19:42:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-03-10 18:05:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-03-09 19:42:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-03-10 18:05:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-03-09 22:39:35 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-03-10 21:40:16 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2008-03-09 21:07:20 103,924 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-03-10 19:37:47 103,924 ----a-w C:\Windows\System32\perfc009.dat

- 2008-03-09 21:07:20 79,408 ----a-w C:\Windows\System32\perfc014.dat

+ 2008-03-10 19:37:47 79,408 ----a-w C:\Windows\System32\perfc014.dat

- 2008-03-09 21:07:20 610,142 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-03-10 19:37:47 610,142 ----a-w C:\Windows\System32\perfh009.dat

- 2008-03-09 21:07:20 476,858 ----a-w C:\Windows\System32\perfh014.dat

+ 2008-03-10 19:37:47 476,858 ----a-w C:\Windows\System32\perfh014.dat

- 2008-03-09 16:49:45 3,698 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1082007917-3614400394-4259456713-1000_UserData.bin

+ 2008-03-10 13:48:35 3,798 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1082007917-3614400394-4259456713-1000_UserData.bin

- 2008-03-09 16:49:45 56,734 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-03-10 13:48:35 57,026 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-03-09 16:49:42 32,746 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-03-10 13:48:33 32,932 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

"BitDownload"="C:\Program Files\BitDownload\BitDownload.exe" [ ]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

"coalmfcd"="C:\ProgramData\license seek seek.4auys" [2008-03-09 23:49 90128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-18 02:25 1006264]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 06:58 36864]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 05:37 405504]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 10:13 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 10:13 8433664]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 10:13 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 10:13 67584]

"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-17 18:56 77824]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-17 19:16 1838592]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-27 16:10 385024]

"combofix"="C:\Windows\system32\CF27053.exe" [2006-11-02 10:44 320000]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-17 18:59:37 50688]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-02-17 18:58:36 45056]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8BF1F8AB-EFF8-44FD-ACB7-1958BEE3E0FE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{6A12A936-4B39-4B63-B837-AA598A4F9BCD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{B20AD5AA-C68C-4258-B552-EFA8341D3E61}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{84B05050-70C4-4E7B-BDEC-D7C7C39F29F5}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect

"{23964B9B-FD4F-49F6-AD62-4B02B654769C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program

"{52B527F2-62B1-45FC-A368-7C7F0DCE1EDE}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine

"{E4D63630-C5A8-49CD-A6FE-7F1AF06228B4}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server

"{F51BD284-F77E-469C-8CBF-43164A87AD00}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]

R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 10:44]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-17 18:21:22 C:\Windows\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2008-02-17 18:21:22 C:\Windows\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-10 22:46:41

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\aestsrv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

.

**************************************************************************

.

Completion time: 2008-03-10 22:48:24 - machine was rebooted [mats]

ComboFix-quarantined-files.txt 2008-03-10 21:48:20

ComboFix2.txt 2008-03-09 22:43:33

.

2008-02-26 13:45:51 --- E O F ---

[norbat]

Start hjt, velg "Do a system scan only", sett merke framfor følgnedel linje (hvis tilstede) og klikk Fix checked:

O4 - HKCU\..\Run: [coalmfcd] "C:\ProgramData\license seek seek.2d31mc"

 

Hvordan går det med 'problemet'?

[matskjorum]

trur det er borte nå.

for se om et kvarter...

Tusen Takk for all hjelp...

[matskjorum]

ingen popups:P

takk takk:P

[norbat]

Fint.

Du kan avinstallere combofix ved å skrive combofix /u i kjør/søk-feltet

 

Surf trygt