[LØST] Fjerne popup (og evt andre ulumskheter)

[JoaJoa]

Hei

 

Lurer på om noen kunne tatt seg tid til å se på loggene mine.

Har en popup som kommer hver gang jeg starter internett explorer (ja jeg vet, men jeg er av den typen som tviholder på denne dessverre.

Samt jeg mener å fått en beskjed i NOD32 om at det var noe skummelt med en svshost.exe tidligere.

 

 

 

 

SAS:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/18/2008 at 11:25 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3441

Trace Rules Database Version: 1433

 

Scan type : Complete Scan

Total Scan Time : 00:10:25

 

Memory items scanned : 498

Memory threats detected : 0

Registry items scanned : 5210

Registry threats detected : 0

File items scanned : 16365

File threats detected : 0

 

 

Combofix:

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-04-17.1 - Administrator 2008-04-18 23:38:52.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.524 [GMT 2:00]

Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFixcl.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))

.

 

2008-04-18 23:09 . 2008-04-18 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-04-18 23:09 . 2008-04-18 23:09 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com

2008-04-18 23:08 . 2008-04-18 23:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-04-18 19:55 . 2008-04-18 23:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2008-04-18 19:06 . 2008-04-18 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Insight Software Solutions

2008-04-18 19:06 . 2008-04-18 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Insight Software

2008-04-18 17:10 . 2008-04-18 19:24 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Winamp

2008-04-17 23:47 . 2008-04-18 19:55 664 ---hs---- C:\WINDOWS\system\actualspystart.lnk

2008-04-17 23:39 . 2008-04-17 23:39 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\rkfree

2008-04-17 20:26 . 2008-04-17 20:26 1,426 --a------ C:\WINDOWS\system32\host5.zip

2008-04-16 23:37 . 2008-04-16 23:37 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\X10 Commander

2008-04-16 22:55 . 1999-06-25 09:56 127,184 --a------ C:\WINDOWS\Unwise.exe

2008-04-16 21:47 . 2008-04-16 22:48 49,152 --a------ C:\WINDOWS\IgorDRV.dll

2008-04-16 21:47 . 2008-04-16 22:48 25,040 --a------ C:\WINDOWS\system32\drivers\TVicHW32.sys

2008-04-16 20:16 . 2008-04-16 20:16 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\InterVideo

2008-04-16 20:14 . 2008-04-16 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-04-16 20:13 . 2008-04-16 20:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Ulead

2008-04-16 20:13 . 2008-04-16 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\InstallShield

2008-04-16 20:13 . 2006-05-11 18:41 654 --------- C:\WINDOWS\remove.iss

2008-04-16 20:10 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-04-16 19:10 . 2006-12-12 13:52 36,920 --a------ C:\WINDOWS\vcbar.xml

2008-04-16 19:10 . 2008-04-18 23:14 9,216 --a------ C:\WINDOWS\system32\host.db

2008-04-16 19:10 . 2005-08-02 15:54 484 --a------ C:\WINDOWS\vcbar.inf

2008-04-16 19:09 . 2006-11-29 17:03 209,408 --a------ C:\WINDOWS\system32\svrhost.dll

2008-04-16 17:19 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-04-16 17:19 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2008-04-16 17:19 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-16 17:19 . 2004-08-04 00:57 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-04-16 17:19 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-04-16 17:19 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-04-16 17:15 . 2008-04-16 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\CyberLink

2008-04-16 17:15 . 2008-04-16 17:16 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\CyberLink

2008-04-16 17:15 . 2005-05-23 18:09 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-04-16 17:15 . 2005-05-23 18:09 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll

2008-04-16 17:15 . 2005-05-23 18:09 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-04-16 17:14 . 2008-04-16 17:14 <DIR> d-------- C:\Programfiler\CyberLink

2008-04-16 17:05 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-04-16 17:05 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-04-15 23:06 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-04-15 23:06 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-04-09 19:11 . 2008-04-09 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Design Science

2008-04-05 21:32 . 2008-04-05 21:32 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\ACD Systems

2008-04-05 21:30 . 2008-04-05 21:30 <DIR> d-------- C:\Programfiler\Fellesfiler\ACD Systems

2008-04-05 21:30 . 2008-04-05 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ACD Systems

2008-04-05 21:30 . 2008-04-05 21:30 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys

2008-04-05 21:29 . 2008-04-05 21:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-03-29 18:51 . 2008-03-29 18:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-03-29 13:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-29 13:47 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-29 13:38 . 1998-10-01 16:22 299,520 --a------ C:\WINDOWS\uninst.exe

2008-03-29 13:37 . 2008-03-29 13:37 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS

2008-03-29 01:00 . 2008-03-29 01:00 <DIR> d-------- C:\Programfiler\nLite

2008-03-29 00:43 . 2008-03-29 00:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Atheros

2008-03-28 23:06 . 2007-04-10 11:31 332,672 --a------ C:\WINDOWS\system32\wgatray.exe.bak

2008-03-28 23:06 . 2007-04-10 11:30 200,064 --a------ C:\WINDOWS\system32\wgalogon.dll.bak

2008-03-24 20:33 . 2008-03-24 20:33 <DIR> d-------- C:\WINDOWS\Sun

2008-03-24 20:32 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-24 20:31 . 2008-03-24 20:32 <DIR> d-------- C:\Programfiler\Java

2008-03-24 20:29 . 2008-03-24 20:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-03-23 22:50 . 2008-03-23 22:51 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-03-23 22:49 . 2008-03-23 22:49 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-03-23 22:47 . 2008-03-23 22:47 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-03-23 22:46 . 2008-04-15 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-03-23 22:42 . 2008-03-23 22:42 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2008-03-23 22:40 . 2008-03-23 22:40 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-03-23 22:40 . 2008-03-23 22:40 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6157.sys

2008-03-23 20:50 . 2008-03-23 20:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-03-21 03:23 . 2008-03-29 13:44 38 --a------ C:\WINDOWS\avisplitter.INI

2008-03-21 01:53 . 2008-04-18 21:19 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-21 00:14 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-03-21 00:13 . 2002-12-18 04:41 42,368 --a------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys

2008-03-20 23:10 . 2008-04-16 22:55 <DIR> d-------- C:\Programfiler\Common Files

2008-03-20 23:10 . 2008-03-20 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Webcammax

2008-03-20 23:08 . 2008-03-20 23:10 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Webcammax

2008-03-20 23:08 . 2004-08-04 02:03 16,384 --a------ C:\WINDOWS\system32\ipsink.ax

2008-03-20 23:08 . 2004-08-04 02:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax

2008-03-20 23:08 . 2004-08-04 00:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2008-03-20 23:08 . 2004-08-04 00:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys

2008-03-20 23:08 . 2004-08-04 00:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2008-03-20 23:08 . 2004-08-04 00:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys

2008-03-20 23:08 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2008-03-20 23:08 . 2004-08-04 00:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys

2008-03-20 23:08 . 2004-08-03 23:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2008-03-20 23:08 . 2004-08-03 23:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys

2008-03-20 22:33 . 2008-03-20 22:33 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\vlc

2008-03-20 22:32 . 2008-03-20 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Media Player Classic

2008-03-20 22:29 . 2008-03-20 22:29 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack

2008-03-20 22:29 . 2007-11-30 00:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-03-20 22:21 . 2008-03-23 16:51 46,533 --ahs---- C:\WINDOWS\SysPr.prx

2008-03-20 22:20 . 2008-03-21 11:32 51,733 --a------ C:\WINDOWS\plugin1.dat

2008-03-20 22:20 . 2008-03-20 22:20 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys

2008-03-20 22:02 . 2008-03-20 21:57 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-03-20 22:02 . 2008-03-20 21:57 298,104 --a------ C:\WINDOWS\system32\imon.dll

2008-03-20 22:02 . 2008-03-20 21:57 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2008-03-20 21:39 . 2008-03-20 21:40 <DIR> d-------- C:\Programfiler\MSN Messenger

2008-03-20 21:35 . 2008-03-20 21:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2008-03-20 21:19 . 2008-03-20 21:19 <DIR> d-------- C:\Programfiler\Winamp

2008-03-20 20:42 . 2008-03-20 20:42 <DIR> d-------- C:\Programfiler\uTorrent

2008-03-20 20:42 . 2008-04-16 22:12 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\uTorrent

2008-03-20 20:09 . 2008-03-20 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Hagel Technologies

2008-03-20 20:06 . 2008-03-20 20:06 34 --a------ C:\WINDOWS\cdplayer.ini

2008-03-20 18:26 . 2006-02-22 03:05 139,810 --a------ C:\WINDOWS\system32\atmnorxx.hlp

2008-03-20 18:26 . 2006-02-22 03:05 43,288 --a------ C:\WINDOWS\system32\attnorxx.hlp

2008-03-20 18:26 . 2006-02-22 03:05 24,229 --a------ C:\WINDOWS\system32\atfnorxx.hlp

2008-03-20 18:23 . 2008-03-20 18:23 <DIR> d-------- C:\Programfiler\Notebook Hardware Control

2008-03-20 18:23 . 2008-04-18 19:58 22,528 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys

2008-03-20 18:22 . 2008-03-20 18:22 <DIR> d-------- C:\Programfiler\Synaptics

2008-03-20 18:22 . 2003-07-26 07:28 270,544 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2008-03-20 18:22 . 2003-07-26 07:33 106,496 --a------ C:\WINDOWS\system32\SynCtrl.dll

2008-03-20 18:22 . 2003-07-26 07:32 94,208 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2008-03-20 18:22 . 2003-07-26 07:52 77,824 --a------ C:\WINDOWS\system32\SynTPCoI.dll

2008-03-20 18:22 . 2003-07-26 07:33 77,824 --a------ C:\WINDOWS\system32\SynCOM.dll

2008-03-20 18:22 . 2003-07-26 07:48 65,536 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2008-03-20 18:09 . 2007-09-28 22:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-03-20 18:08 . 2008-03-20 18:08 <DIR> d-------- C:\Programfiler\Radeon Omega Drivers

2008-03-20 18:08 . 2008-03-20 18:08 <DIR> d-------- C:\Programfiler\MultiRes

2008-03-20 13:54 . 2008-03-20 13:54 1,550,336 --a------ C:\WINDOWS\system32\sfcfiles.dll

2008-03-20 13:46 . 2008-03-13 02:47 984,576 --a------ C:\WINDOWS\system32\syssetup.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-17 20:15 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-04-16 18:12 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-03-20 21:49 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-03-20 21:49 21,361 ----a-w C:\WINDOWS\AegisP.sys

2008-03-20 16:08 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

2008-03-20 15:47 --------- d-----w C:\Programfiler\Launch Manager

2008-03-20 15:19 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Programdata\Intel

2008-03-20 15:19 --------- d-----w C:\Documents and Settings\NetworkService\Programdata\Intel

2008-03-20 15:19 --------- d-----w C:\Documents and Settings\LocalService\Programdata\Intel

2008-03-20 15:19 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Intel

2008-03-20 15:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Intel

2008-03-20 15:17 --------- d-----w C:\Programfiler\Intel

2008-03-20 14:58 --------- d-----w C:\Programfiler\microsoft frontpage

2008-03-20 14:56 --------- d-----w C:\Programfiler\MSXML 6.0

2008-03-20 14:55 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-03-20 14:55 --------- d-----w C:\Programfiler\MSXML 4.0

2008-03-20 14:52 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-03-20 11:52 8,192 ----a-w C:\WINDOWS\system32\streamci.dll

2008-03-13 06:20 3,038 ----a-w C:\WINDOWS\system32\presetup.cmd

2008-03-13 06:20 28,672 ----a-w C:\WINDOWS\system32\setupold.exe

2008-03-13 00:47 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll

2008-03-13 00:47 551,936 ----a-w C:\WINDOWS\system32\oleaut32.dll

2008-03-13 00:47 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-03-13 00:47 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2008-03-13 00:47 179,712 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2008-03-13 00:47 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-03-13 00:45 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll

2008-03-13 00:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll

2008-03-13 00:43 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll

2008-03-13 00:42 62,464 ----a-w C:\WINDOWS\system32\authz.dll

2008-03-13 00:42 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll

2008-03-13 00:42 10,752 ----a-w C:\WINDOWS\hh.exe

2008-03-13 00:39 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2008-03-13 00:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2008-03-13 00:39 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-03-13 00:39 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2008-03-13 00:39 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-03-13 00:39 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2008-03-13 00:39 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2008-03-13 00:39 26,112 ----a-w C:\WINDOWS\system32\idndl.dll

2008-03-13 00:39 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll

2008-03-13 00:39 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll

2008-03-13 00:39 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2008-03-13 00:38 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2008-03-13 00:38 17,408 ----a-w C:\WINDOWS\system32\corpol.dll

2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

2008-02-14 22:58 98,816 ----a-w C:\WINDOWS\system32\winscard.dll

2008-02-14 22:57 985,600 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-02-14 22:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll

2008-02-14 22:55 993,280 ----a-w C:\WINDOWS\system32\msgina.dll

2008-02-14 22:54 99,840 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe

2008-02-14 22:53 98,304 ----a-w C:\WINDOWS\system32\cscript.exe

2008-02-14 22:52 98,304 ----a-w C:\WINDOWS\system32\ahui.exe

2008-02-05 21:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll

2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7648AC4A-76F6-4d95-B2C4-F0DBD88E5DD5}]

2006-11-29 17:03 209408 --a------ C:\WINDOWS\system32\svrhost.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-15 00:53 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2008-03-20 21:40 6856704]

"SUPERAntiSpyware"="E:\Progs\SuperAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2003-05-12 15:28 32768]

"HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2003-09-04 16:46 40960]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-08-22 16:08 20480]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSD.exe" [2003-06-25 11:53 204800]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2003-09-08 16:48 65536]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-07-26 07:49 110592]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-07-26 07:47 618496]

"NotebookHardwareControl"="C:\Programfiler\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632]

"DU Meter"="E:\Progs\DU Meter\DUMeter.exe" [2006-11-27 16:18 1582616]

"nod32kui"="E:\Progs\NOD32\nod32kui.exe" [2008-03-20 21:57 949376]

"WebcamMaxMoniter"="E:\Progs\WebcamMax\wcmmon.exe" [2008-02-09 06:58 456024]

"Adobe Reader Speed Launcher"="E:\Progs\Acrobat Reader 8.1.2\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"DAEMON Tools"="E:\Progs\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"ISUSPM"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" [ ]

"PCMService"="E:\Progs\PowerCinema\PCMService.exe" [2006-11-08 12:36 151552]

"WinampAgent"="D:\Winamp Pro 5.51\Winamp\winampa.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2008-03-13 02:40 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Progs\SuperAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

E:\Progs\SuperAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 E:\Progs\SuperAntiSpyware\SASWINLO.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"E:\\Progs\\mIRC 6.21\\mirc.exe"=

"E:\\Progs\\FlashFXP 2.1\\FlashFXP.exe"=

"E:\\Progs\\DC++\\DCPlusPlus.exe"=

"E:\\Progs\\PowerCinema\\PowerCinema.exe"=

"E:\\Progs\\PowerCinema\\PCMService.exe"=

 

R0 rmedia;Ricoh Media Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2002-09-11 07:23]

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 12:27]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-03-20 22:20]

R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-02-09 06:58]

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

 

*Newly Created Service* - CATCHME

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-18 23:39:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-18 23:39:47

ComboFix-quarantined-files.txt 2008-04-18 21:39:43

ComboFix2.txt 2008-04-18 21:36:17

 

Pre-Run: 4,511,019,008 byte ledig

Post-Run: 4,506,566,656 byte ledig

 

 

HiJackThis:

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:42:13, on 18.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

E:\Progs\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

E:\Progs\NOD32\nod32krn.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

E:\Progs\PowerCinema\Kernel\TV\CLSched.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\Programfiler\Launch Manager\OSD.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Notebook Hardware Control\nhc.exe

E:\Progs\DU Meter\DUMeter.exe

E:\Progs\NOD32\nod32kui.exe

E:\Progs\WebcamMax\wcmmon.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

E:\Progs\PowerCinema\PCMService.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

E:\Progs\SuperAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

E:\Progs\hT sp wr\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: PopBlocker Class - {7648AC4A-76F6-4d95-B2C4-F0DBD88E5DD5} - C:\WINDOWS\system32\svrhost.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [LMgrOSD] C:\Programfiler\Launch Manager\OSD.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programfiler\Notebook Hardware Control\nhc.exe" -quiet

O4 - HKLM\..\Run: [DU Meter] E:\Progs\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [nod32kui] "E:\Progs\NOD32\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [WebcamMaxMoniter] "E:\Progs\WebcamMax\wcmmon.exe" /a

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Progs\Acrobat Reader 8.1.2\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "E:\Progs\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe -scheduler

O4 - HKLM\..\Run: [PCMService] "E:\Progs\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [WinampAgent] "D:\Winamp Pro 5.51\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] E:\Progs\SuperAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\Progs\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Progs\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206738785558

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - E:\Progs\SuperAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - E:\Progs\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - E:\Progs\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Progs\NOD32\nod32krn.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 7601 bytes

Endret 19. april 2008 av JoaJoa

[norbat]

Åpne notisblokk, kopier og lim inn det som står i fet skrift under. Lagre fila på skrivebordet som

CFScript.txt

Dra fila over Combofix-iconet. Combofix vil starte igjen. Post loggen

File::

C:\WINDOWS\system\actualspystart.lnk

C:\WINDOWS\system32\host5.zip

C:\WINDOWS\system32\svrhost.dll

 

Folder::

C:\Documents and Settings\All Users\Programdata\rkfree

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7648AC4A-76F6-4d95-B2C4-F0DBD88E5DD5}]

 

 

Sjekk følgende fil på jotti:

C:\WINDOWS\system32\drivers\oreans32.sys

 

(Du laster opp fila - se øverst på nettstedet. Det kan hende at du må 'slå på' Hvis skjulte filer og mapper for å finne fila på systemet ditt (kontrollpanel->mappealt->Vis)

[JoaJoa]

Takker for raskt svar!

Hjelp alle døgnets tider, det får en kalle service!

 

Ny combofix:

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-04-17.1 - Administrator 2008-04-19 2:00:45.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.484 [GMT 2:00]

Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFixcl.exe

Command switches used :: C:\Documents and Settings\Administrator\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system\actualspystart.lnk

C:\WINDOWS\system32\host5.zip

C:\WINDOWS\system32\svrhost.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Programdata\rkfree

C:\Documents and Settings\All Users\Programdata\rkfree\data\Administrator\17042008.rvl

C:\Documents and Settings\All Users\Programdata\rkfree\maps\1044

C:\WINDOWS\system\actualspystart.lnk

C:\WINDOWS\system32\host5.zip

C:\WINDOWS\system32\svrhost.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))

.

 

2008-04-18 23:09 . 2008-04-18 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-04-18 23:09 . 2008-04-18 23:09 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com

2008-04-18 23:08 . 2008-04-18 23:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-04-18 19:55 . 2008-04-19 01:55 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2008-04-18 19:06 . 2008-04-18 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Insight Software Solutions

2008-04-18 19:06 . 2008-04-18 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Insight Software

2008-04-18 17:10 . 2008-04-18 19:24 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Winamp

2008-04-16 23:37 . 2008-04-16 23:37 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\X10 Commander

2008-04-16 22:55 . 1999-06-25 09:56 127,184 --a------ C:\WINDOWS\Unwise.exe

2008-04-16 21:47 . 2008-04-16 22:48 49,152 --a------ C:\WINDOWS\IgorDRV.dll

2008-04-16 21:47 . 2008-04-16 22:48 25,040 --a------ C:\WINDOWS\system32\drivers\TVicHW32.sys

2008-04-16 20:16 . 2008-04-16 20:16 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\InterVideo

2008-04-16 20:14 . 2008-04-16 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-04-16 20:13 . 2008-04-16 20:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Ulead

2008-04-16 20:13 . 2008-04-16 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\InstallShield

2008-04-16 20:13 . 2006-05-11 18:41 654 --------- C:\WINDOWS\remove.iss

2008-04-16 20:10 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-04-16 19:10 . 2006-12-12 13:52 36,920 --a------ C:\WINDOWS\vcbar.xml

2008-04-16 19:10 . 2008-04-19 01:57 9,216 --a------ C:\WINDOWS\system32\host.db

2008-04-16 19:10 . 2005-08-02 15:54 484 --a------ C:\WINDOWS\vcbar.inf

2008-04-16 17:19 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-04-16 17:19 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2008-04-16 17:19 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-16 17:19 . 2004-08-04 00:57 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-04-16 17:19 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-04-16 17:19 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-04-16 17:15 . 2008-04-16 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\CyberLink

2008-04-16 17:15 . 2008-04-16 17:16 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\CyberLink

2008-04-16 17:15 . 2005-05-23 18:09 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-04-16 17:15 . 2005-05-23 18:09 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll

2008-04-16 17:15 . 2005-05-23 18:09 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-04-16 17:14 . 2008-04-16 17:14 <DIR> d-------- C:\Programfiler\CyberLink

2008-04-16 17:05 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-04-16 17:05 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-04-15 23:06 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-04-15 23:06 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-04-09 19:11 . 2008-04-09 19:11 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Design Science

2008-04-05 21:32 . 2008-04-05 21:32 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\ACD Systems

2008-04-05 21:30 . 2008-04-05 21:30 <DIR> d-------- C:\Programfiler\Fellesfiler\ACD Systems

2008-04-05 21:30 . 2008-04-05 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ACD Systems

2008-04-05 21:30 . 2008-04-05 21:30 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys

2008-04-05 21:29 . 2008-04-05 21:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-03-29 18:51 . 2008-03-29 18:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-03-29 13:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-29 13:47 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-29 13:38 . 1998-10-01 16:22 299,520 --a------ C:\WINDOWS\uninst.exe

2008-03-29 13:37 . 2008-03-29 13:37 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS

2008-03-29 01:00 . 2008-03-29 01:00 <DIR> d-------- C:\Programfiler\nLite

2008-03-29 00:43 . 2008-03-29 00:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Atheros

2008-03-28 23:06 . 2007-04-10 11:31 332,672 --a------ C:\WINDOWS\system32\wgatray.exe.bak

2008-03-28 23:06 . 2007-04-10 11:30 200,064 --a------ C:\WINDOWS\system32\wgalogon.dll.bak

2008-03-24 20:33 . 2008-03-24 20:33 <DIR> d-------- C:\WINDOWS\Sun

2008-03-24 20:32 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-24 20:31 . 2008-03-24 20:32 <DIR> d-------- C:\Programfiler\Java

2008-03-24 20:29 . 2008-03-24 20:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-03-23 22:50 . 2008-03-23 22:51 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-03-23 22:49 . 2008-03-23 22:49 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-03-23 22:47 . 2008-03-23 22:47 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-03-23 22:46 . 2008-04-15 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-03-23 22:42 . 2008-03-23 22:42 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2008-03-23 22:40 . 2008-03-23 22:40 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-03-23 22:40 . 2008-03-23 22:40 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6157.sys

2008-03-23 20:50 . 2008-03-23 20:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-03-21 03:23 . 2008-03-29 13:44 38 --a------ C:\WINDOWS\avisplitter.INI

2008-03-21 01:53 . 2008-04-18 21:19 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-21 00:14 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-03-21 00:13 . 2002-12-18 04:41 42,368 --a------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys

2008-03-20 23:10 . 2008-04-16 22:55 <DIR> d-------- C:\Programfiler\Common Files

2008-03-20 23:10 . 2008-03-20 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Webcammax

2008-03-20 23:08 . 2008-03-20 23:10 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Webcammax

2008-03-20 23:08 . 2004-08-04 02:03 16,384 --a------ C:\WINDOWS\system32\ipsink.ax

2008-03-20 23:08 . 2004-08-04 02:03 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax

2008-03-20 23:08 . 2004-08-04 00:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2008-03-20 23:08 . 2004-08-04 00:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys

2008-03-20 23:08 . 2004-08-04 00:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2008-03-20 23:08 . 2004-08-04 00:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys

2008-03-20 23:08 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2008-03-20 23:08 . 2004-08-04 00:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys

2008-03-20 23:08 . 2004-08-03 23:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2008-03-20 23:08 . 2004-08-03 23:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys

2008-03-20 22:33 . 2008-03-20 22:33 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\vlc

2008-03-20 22:32 . 2008-03-20 22:32 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Media Player Classic

2008-03-20 22:29 . 2008-03-20 22:29 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack

2008-03-20 22:29 . 2007-11-30 00:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-03-20 22:21 . 2008-03-23 16:51 46,533 --ahs---- C:\WINDOWS\SysPr.prx

2008-03-20 22:20 . 2008-03-21 11:32 51,733 --a------ C:\WINDOWS\plugin1.dat

2008-03-20 22:20 . 2008-03-20 22:20 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys

2008-03-20 22:02 . 2008-03-20 21:57 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-03-20 22:02 . 2008-03-20 21:57 298,104 --a------ C:\WINDOWS\system32\imon.dll

2008-03-20 22:02 . 2008-03-20 21:57 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2008-03-20 21:39 . 2008-03-20 21:40 <DIR> d-------- C:\Programfiler\MSN Messenger

2008-03-20 21:35 . 2008-03-20 21:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2008-03-20 21:19 . 2008-03-20 21:19 <DIR> d-------- C:\Programfiler\Winamp

2008-03-20 20:42 . 2008-03-20 20:42 <DIR> d-------- C:\Programfiler\uTorrent

2008-03-20 20:42 . 2008-04-16 22:12 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\uTorrent

2008-03-20 20:09 . 2008-03-20 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Hagel Technologies

2008-03-20 20:06 . 2008-03-20 20:06 34 --a------ C:\WINDOWS\cdplayer.ini

2008-03-20 18:26 . 2006-02-22 03:05 139,810 --a------ C:\WINDOWS\system32\atmnorxx.hlp

2008-03-20 18:26 . 2006-02-22 03:05 43,288 --a------ C:\WINDOWS\system32\attnorxx.hlp

2008-03-20 18:26 . 2006-02-22 03:05 24,229 --a------ C:\WINDOWS\system32\atfnorxx.hlp

2008-03-20 18:23 . 2008-03-20 18:23 <DIR> d-------- C:\Programfiler\Notebook Hardware Control

2008-03-20 18:23 . 2008-04-18 19:58 22,528 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys

2008-03-20 18:22 . 2008-03-20 18:22 <DIR> d-------- C:\Programfiler\Synaptics

2008-03-20 18:22 . 2003-07-26 07:28 270,544 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2008-03-20 18:22 . 2003-07-26 07:33 106,496 --a------ C:\WINDOWS\system32\SynCtrl.dll

2008-03-20 18:22 . 2003-07-26 07:32 94,208 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2008-03-20 18:22 . 2003-07-26 07:52 77,824 --a------ C:\WINDOWS\system32\SynTPCoI.dll

2008-03-20 18:22 . 2003-07-26 07:33 77,824 --a------ C:\WINDOWS\system32\SynCOM.dll

2008-03-20 18:22 . 2003-07-26 07:48 65,536 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2008-03-20 18:09 . 2007-09-28 22:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-03-20 18:08 . 2008-03-20 18:08 <DIR> d-------- C:\Programfiler\Radeon Omega Drivers

2008-03-20 18:08 . 2008-03-20 18:08 <DIR> d-------- C:\Programfiler\MultiRes

2008-03-20 13:54 . 2008-03-20 13:54 1,550,336 --a------ C:\WINDOWS\system32\sfcfiles.dll

2008-03-20 13:46 . 2008-03-13 02:47 984,576 --a------ C:\WINDOWS\system32\syssetup.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-17 20:15 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-04-16 18:12 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-03-20 21:49 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-03-20 21:49 21,361 ----a-w C:\WINDOWS\AegisP.sys

2008-03-20 16:08 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

2008-03-20 15:47 --------- d-----w C:\Programfiler\Launch Manager

2008-03-20 15:19 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Programdata\Intel

2008-03-20 15:19 --------- d-----w C:\Documents and Settings\NetworkService\Programdata\Intel

2008-03-20 15:19 --------- d-----w C:\Documents and Settings\LocalService\Programdata\Intel

2008-03-20 15:19 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Intel

2008-03-20 15:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Intel

2008-03-20 15:17 --------- d-----w C:\Programfiler\Intel

2008-03-20 14:58 --------- d-----w C:\Programfiler\microsoft frontpage

2008-03-20 14:56 --------- d-----w C:\Programfiler\MSXML 6.0

2008-03-20 14:55 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-03-20 14:55 --------- d-----w C:\Programfiler\MSXML 4.0

2008-03-20 14:52 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-03-20 11:52 8,192 ----a-w C:\WINDOWS\system32\streamci.dll

2008-03-13 06:20 3,038 ----a-w C:\WINDOWS\system32\presetup.cmd

2008-03-13 06:20 28,672 ----a-w C:\WINDOWS\system32\setupold.exe

2008-03-13 00:47 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll

2008-03-13 00:47 551,936 ----a-w C:\WINDOWS\system32\oleaut32.dll

2008-03-13 00:47 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-03-13 00:47 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2008-03-13 00:47 179,712 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2008-03-13 00:47 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-03-13 00:45 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll

2008-03-13 00:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll

2008-03-13 00:43 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll

2008-03-13 00:42 62,464 ----a-w C:\WINDOWS\system32\authz.dll

2008-03-13 00:42 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll

2008-03-13 00:42 10,752 ----a-w C:\WINDOWS\hh.exe

2008-03-13 00:39 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2008-03-13 00:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2008-03-13 00:39 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-03-13 00:39 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2008-03-13 00:39 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-03-13 00:39 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2008-03-13 00:39 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2008-03-13 00:39 26,112 ----a-w C:\WINDOWS\system32\idndl.dll

2008-03-13 00:39 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll

2008-03-13 00:39 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll

2008-03-13 00:39 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2008-03-13 00:38 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2008-03-13 00:38 17,408 ----a-w C:\WINDOWS\system32\corpol.dll

2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

2008-02-14 22:58 98,816 ----a-w C:\WINDOWS\system32\winscard.dll

2008-02-14 22:57 985,600 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-02-14 22:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll

2008-02-14 22:55 993,280 ----a-w C:\WINDOWS\system32\msgina.dll

2008-02-14 22:54 99,840 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe

2008-02-14 22:53 98,304 ----a-w C:\WINDOWS\system32\cscript.exe

2008-02-14 22:52 98,304 ----a-w C:\WINDOWS\system32\ahui.exe

2008-02-05 21:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll

2008-01-29 01:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-15 00:53 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2008-03-20 21:40 6856704]

"SUPERAntiSpyware"="E:\Progs\SuperAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2003-05-12 15:28 32768]

"HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2003-09-04 16:46 40960]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-08-22 16:08 20480]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSD.exe" [2003-06-25 11:53 204800]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2003-09-08 16:48 65536]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-07-26 07:49 110592]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-07-26 07:47 618496]

"NotebookHardwareControl"="C:\Programfiler\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632]

"DU Meter"="E:\Progs\DU Meter\DUMeter.exe" [2006-11-27 16:18 1582616]

"nod32kui"="E:\Progs\NOD32\nod32kui.exe" [2008-03-20 21:57 949376]

"WebcamMaxMoniter"="E:\Progs\WebcamMax\wcmmon.exe" [2008-02-09 06:58 456024]

"Adobe Reader Speed Launcher"="E:\Progs\Acrobat Reader 8.1.2\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"DAEMON Tools"="E:\Progs\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"ISUSPM"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" [ ]

"PCMService"="E:\Progs\PowerCinema\PCMService.exe" [2006-11-08 12:36 151552]

"WinampAgent"="D:\Winamp Pro 5.51\Winamp\winampa.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2008-03-13 02:40 124928 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Progs\SuperAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

E:\Progs\SuperAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 E:\Progs\SuperAntiSpyware\SASWINLO.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"E:\\Progs\\mIRC 6.21\\mirc.exe"=

"E:\\Progs\\FlashFXP 2.1\\FlashFXP.exe"=

"E:\\Progs\\DC++\\DCPlusPlus.exe"=

"E:\\Progs\\PowerCinema\\PowerCinema.exe"=

"E:\\Progs\\PowerCinema\\PCMService.exe"=

 

R0 rmedia;Ricoh Media Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2002-09-11 07:23]

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 12:27]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-03-20 22:20]

R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-02-09 06:58]

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

 

*Newly Created Service* - CATCHME

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-19 02:01:42

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-19 2:02:05

ComboFix-quarantined-files.txt 2008-04-19 00:02:01

ComboFix2.txt 2008-04-18 21:39:47

ComboFix3.txt 2008-04-18 21:36:17

 

Pre-Run: 4,478,214,144 byte ledig

Post-Run: 4,495,003,648 byte ledig

 

Scannet fila i jotti:

 

Fikk 1 treff, "F-Prot Antivirus Found W32/Sdbot.AEFU"

 

"POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) "

 

Bare å slette fila eller er det dumt?

[norbat]

oreans32.sys fila er i utg.pkt en grei fil. Knyttet til Oreans Technology .

Den brukes gjerne i forbindelse med kopibeskyttelse (mulig den ble installert i forb. med et spill e.l), så jeg tror vi bare lar den få være i fred.

 

Hvordan går det med popups?

[JoaJoa]

Den er grei.

 

Alt er rent og pent, ikke en eneste popup

 

Takker så mye for hjelpa!