Trenger hjelp til å fjerne Virtumonde / Vundu

[iminf]

Heisann!

 

Scannet min pc i dag med SpyBot - Search and Destroy og fant flere treff med Virtumonde / Vundu som jeg ikke fikk fjerne.

SUPERAntiSpyware Free Edition fikk fjernet en del tror jeg, men nå finner ikke pcn min to to .dll filer

- C:\WINDOWS\system32\xdprsbbq.dll (der ligger en fil som nå heter C:\WINDOWS\system32\xdprsbbq.dll_old)

- C:\WINDOWS\system32\fnogsans.dll

 

Kan noen lese loggene mine og fortelle meg hvordan tilstanden til pcn min er, og hva jeg skal gjøre videre.

 

Har ikke brukt HJT til annet enn å lage logg.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:33:38, on 19.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=5080330

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.no/hws/sb/dell-row/en/side.html?channel=no

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.no/hws/sb/dell-row/en/side.html?channel=no

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.no/hws/sb/dell-row/en/side.html?channel=no

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=5080330

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=ZK...9ms5P3Bk_NGoubg

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: (no name) - {F1AF6B27-962D-441A-9DB6-5F09BE7AD063} - C:\WINDOWS\system32\byXRkiii.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bMa3158e87] Rundll32.exe "C:\WINDOWS\system32\fnogsans.dll",s

O4 - HKLM\..\Run: [a026bd1b] rundll32.exe "C:\WINDOWS\system32\xdprsbbq.dll",b

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: McAfee Application Installer Cleanup (0126321208441922) (0126321208441922mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP12632~1.EXE (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 12571 bytes

 

 

 

 

 

 

 

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/19/2008 at 04:31 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3442

Trace Rules Database Version: 1434

 

Scan type : Complete Scan

Total Scan Time : 00:20:26

 

Memory items scanned : 648

Memory threats detected : 2

Registry items scanned : 5695

Registry threats detected : 8

File items scanned : 13803

File threats detected : 13

 

Trojan.Vundo-Variant/F

C:\WINDOWS\SYSTEM32\MLJAPHBQ.DLL

C:\WINDOWS\SYSTEM32\MLJAPHBQ.DLL

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mlJAPHBq

C:\WINDOWS\SYSTEM32\MLJAPOIC.DLL

C:\WINDOWS\SYSTEM32\QOMFCAPP.DLL

C:\WINDOWS\SYSTEM32\TUVTLCRJ.DLL

C:\WINDOWS\SYSTEM32\XXYXWOFD.DLL

 

Adware.Vundo Variant/Resident

C:\WINDOWS\SYSTEM32\BYXRKIII.DLL

C:\WINDOWS\SYSTEM32\BYXRKIII.DLL

 

Adware.Vundo Variant

HKLM\Software\Classes\CLSID\{24E9519B-3F70-429B-99BC-4B2B49B96F66}

HKCR\CLSID\{24E9519B-3F70-429B-99BC-4B2B49B96F66}

HKCR\CLSID\{24E9519B-3F70-429B-99BC-4B2B49B96F66}\InprocServer32

HKCR\CLSID\{24E9519B-3F70-429B-99BC-4B2B49B96F66}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{24E9519B-3F70-429B-99BC-4B2B49B96F66}

HKCR\CLSID\{24E9519B-3F70-429B-99BC-4B2B49B96F66}

 

 

Adware.Vundo-Variant

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP31\A0004477.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP36\A0004798.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP37\A0006066.DLL

 

Adware.Vundo-Variant/Small-A

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP36\A0004795.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP36\A0004797.DLL

 

Adware.Vundo-Variant/H

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP37\A0006042.DLL

 

 

 

x2

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/19/2008 at 05:15 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3442

Trace Rules Database Version: 1434

 

Scan type : Complete Scan

Total Scan Time : 00:18:33

 

Memory items scanned : 592

Memory threats detected : 0

Registry items scanned : 5671

Registry threats detected : 0

File items scanned : 13766

File threats detected : 9

 

 

 

Adware.Vundo-Variant/H

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP38\A0006097.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP38\A0006098.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP38\A0006099.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP38\A0006100.DLL

[snippsat]

Hei!

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

[iminf]

Hei!

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

 

 

 

 

Combo Log:

 

 

ComboFix 08-04-18.3 - xxx 2008-04-19 18:20:06.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2765 [GMT 2:00]

Running from: C:\Documents and Settings\xxx\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\AutoRun.inf

C:\WINDOWS\system32\iiikRXyb.ini

C:\WINDOWS\system32\iiikRXyb.ini2

C:\WINDOWS\system32\xELRqBeg.ini2

 

.

((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))

.

 

2008-04-19 17:33 . 2008-04-19 17:33 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-19 16:07 . 2008-04-19 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-19 16:06 . 2008-04-19 16:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-04-19 15:42 . 2008-04-19 16:04 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-19 13:58 . 2008-04-19 15:20 1,540,617 --ahs---- C:\WINDOWS\system32\qbbsrpdx.ini

2008-04-19 13:46 . 2008-04-19 13:46 <DIR> d-------- C:\Pics

2008-04-18 20:16 . 2008-04-19 13:54 109,738 --a------ C:\WINDOWS\BMa3158e87.xml

2008-04-18 17:33 . 2008-04-19 13:47 <DIR> d-------- C:\Program Files\FLV Player

2008-04-17 19:45 . 2008-04-17 19:45 <DIR> d-------- C:\Rot

2008-04-17 19:42 . 2008-04-17 19:42 <DIR> d-------- C:\Bilder

2008-04-17 18:36 . 2008-04-17 18:38 <DIR> d-------- C:\Musikk

2008-04-17 17:41 . 2008-04-17 17:41 <DIR> d-------- C:\Temp\Gammal Blues! Blind Lemon Jefferson

2008-04-14 21:52 . 2008-04-14 21:52 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-04-14 15:22 . 2008-04-14 15:22 28 --a------ C:\WINDOWS\pdf995.ini

2008-04-14 15:19 . 2008-04-17 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pdf995

2008-04-14 15:19 . 2008-04-17 18:15 60 --a------ C:\WINDOWS\wpd99.drv

2008-04-14 15:18 . 2008-04-14 15:18 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll

2008-04-14 15:18 . 2008-04-14 15:18 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll

2008-04-14 15:15 . 2008-04-14 15:18 <DIR> d-------- C:\Program Files\pdf995

2008-04-14 15:07 . 2008-04-14 15:07 <DIR> d-------- C:\Program Files\GPLGS

2008-04-13 10:37 . 2008-04-13 10:37 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-13 10:37 . 2008-04-13 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-13 10:36 . 2008-04-19 16:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-12 21:59 . 2008-04-19 01:17 <DIR> d-------- C:\Temp\eMule

2008-04-12 21:52 . 2008-04-12 21:52 <DIR> d-------- C:\Program Files\eMule

2008-04-12 21:39 . 2008-04-12 21:39 <DIR> d-------- C:\Program Files\Real Alternative

2008-04-12 17:16 . 2008-04-12 17:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-04-12 17:16 . 2008-04-13 01:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-04-12 17:16 . 2008-04-13 01:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-04-12 17:16 . 2008-04-13 01:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-12 17:16 . 2008-04-12 17:16 319 --a------ C:\WINDOWS\game.ini

2008-04-12 17:09 . 2008-04-12 17:09 <DIR> d-------- C:\Program Files\Activision

2008-04-12 17:06 . 2008-04-12 17:06 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-04-12 12:11 . 2008-04-12 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-04-11 20:16 . 2008-04-19 01:15 <DIR> d-------- C:\Temp\Opera Torrent

2008-04-11 13:03 . 2008-02-22 05:46 2,674,688 --a------ C:\WINDOWS\system32\nvwssr.dll

2008-04-11 13:03 . 2008-02-22 05:46 2,621,440 --a------ C:\WINDOWS\system32\nvwss.dll

2008-04-11 13:03 . 2008-02-22 05:46 1,126,400 --a------ C:\WINDOWS\system32\nvcuda.dll

2008-04-11 13:03 . 2008-02-22 07:06 360,448 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-04-11 13:03 . 2008-02-22 05:46 327,680 --a------ C:\WINDOWS\system32\nvwrsesm.dll

2008-04-11 13:03 . 2008-02-22 05:46 294,912 --a------ C:\WINDOWS\system32\nvwrspl.dll

2008-04-11 13:03 . 2008-02-22 05:46 274,432 --a------ C:\WINDOWS\system32\nvrsesm.dll

2008-04-11 13:03 . 2008-02-22 05:46 258,048 --a------ C:\WINDOWS\system32\nvrspl.dll

2008-04-11 13:03 . 2008-02-22 05:46 169,773 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-04-11 13:03 . 2008-02-22 05:46 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe

2008-04-11 12:31 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-04-11 12:31 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-04-11 12:31 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-11 12:31 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-04-10 21:32 . 2008-04-19 12:20 <DIR> d-------- C:\Temp\uTorrent Downloads

2008-04-09 23:20 . 2008-03-01 15:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-09 23:20 . 2007-07-01 05:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-09 23:20 . 2007-07-01 05:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-09 23:20 . 2008-03-01 15:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-09 23:20 . 2008-03-01 15:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-09 23:20 . 2008-03-01 15:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-09 23:20 . 2008-03-01 15:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-09 23:20 . 2008-03-01 15:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-09 23:20 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-09 23:16 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

2008-04-09 19:20 . 2008-04-09 19:20 <DIR> d-------- C:\Program Files\CCleaner

2008-04-08 21:41 . 2008-04-08 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG

2008-04-08 21:40 . 2008-04-08 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

2008-04-08 21:40 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll

2008-04-08 21:39 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-04-08 21:39 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2008-04-08 21:38 . 2008-04-08 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY

2008-04-08 21:37 . 2008-04-08 21:37 <DIR> d-------- C:\Program Files\Common Files\HP

2008-04-08 21:37 . 2008-04-08 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

2008-04-08 21:37 . 2008-04-08 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

2008-04-08 21:36 . 2008-04-08 21:38 <DIR> d-------- C:\Program Files\HP

2008-04-08 21:36 . 2008-04-08 21:36 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-04-08 21:36 . 2008-04-08 21:36 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2008-04-08 21:35 . 2008-04-08 21:41 151,797 --a------ C:\WINDOWS\hpoins14.dat

2008-04-08 21:35 . 2007-09-20 18:18 2,000 --------- C:\WINDOWS\hpomdl14.dat

2008-04-08 19:56 . 2008-04-08 19:57 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2008-04-08 19:51 . 2008-04-08 19:51 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-04-08 17:32 . 2008-04-08 17:34 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-04-08 16:02 . 2008-04-08 16:02 <DIR> d--h----- C:\Program Files\Zero G Registry

2008-04-08 15:55 . 2008-04-08 16:00 <DIR> d-------- C:\Temp\FM2008

2008-04-08 15:54 . 2008-04-19 01:16 <DIR> d-------- C:\Temp

2008-04-08 15:53 . 2008-04-08 15:53 <DIR> d-------- C:\Program Files\MagicISO

2008-04-08 15:29 . 2004-11-30 10:51 84,636 --a------ C:\WINDOWS\system32\drivers\aksifdh.sys

2008-04-08 15:29 . 2004-11-30 10:51 32,472 --a------ C:\WINDOWS\system32\drivers\aksup.sys

2008-04-08 15:16 . 2008-01-31 17:04 64,184 --a------ C:\opera6.adr

2008-04-08 15:01 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-04-08 15:01 . 2008-04-08 15:01 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-04-08 15:01 . 2008-04-08 15:01 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-04-08 14:58 . 2008-04-19 13:47 <DIR> d-------- C:\Program Files\Spill

2008-04-08 13:43 . 2008-04-17 19:46 <DIR> d-------- C:\Div Fra Gamle PC

2008-04-08 13:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-08 13:42 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-08 13:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-08 13:40 . 2008-04-08 13:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-04-08 13:37 . 2008-04-08 13:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-08 13:25 . 2008-04-08 13:25 <DIR> d-------- C:\Program Files\NetLimiter

2008-04-08 13:10 . 2008-04-08 13:11 <DIR> d-------- C:\Video

2008-04-08 13:08 . 2008-04-08 13:08 <DIR> d-------- C:\Dokument

2008-04-08 12:41 . 2008-04-08 12:42 <DIR> d-------- C:\Program Files\Winamp

2008-04-08 12:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-08 12:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-08 12:39 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-08 12:38 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-04-08 12:38 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

2008-04-08 12:38 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-04-08 12:38 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2008-04-08 12:35 . 2008-04-08 12:35 <DIR> d-------- C:\Program Files\VideoLAN

2008-04-08 12:31 . 2008-04-08 12:31 <DIR> d-------- C:\Program Files\uTorrent

2008-04-08 12:22 . 2008-04-08 12:22 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-08 12:22 . 2008-04-08 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-07 21:58 . 2008-04-08 12:08 21,393 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-04-07 21:58 . 2008-04-08 12:08 21,393 --a------ C:\WINDOWS\AegisP.sys

2008-04-07 21:58 . 2008-04-08 12:08 13,864 --a------ C:\WINDOWS\AegisP.inf

2008-04-07 21:58 . 2008-04-08 12:08 10,640 --a------ C:\WINDOWS\AegisP.cat

2008-04-07 21:58 . 2008-04-07 21:58 4,128 --a------ C:\INFCACHE.1

2008-04-07 21:57 . 2008-04-07 21:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel

2008-04-07 21:57 . 2008-04-07 21:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel

2008-04-07 21:57 . 2008-04-07 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel

2008-04-07 21:57 . 2007-08-08 15:29 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll

2008-04-07 21:57 . 2007-08-08 08:17 2,211,456 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys

2008-04-07 21:57 . 2007-08-08 15:28 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll

2008-04-07 21:56 . 2008-04-07 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel

2008-04-07 20:20 . 2008-04-07 20:20 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-04-07 20:10 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys

2008-04-07 20:10 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 12:10 7,258 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_M1710.mrk

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-16 08:59 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2008-02-16 08:59 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2008-02-16 08:59 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2008-02-16 08:59 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll

2008-02-16 08:59 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1AF6B27-962D-441A-9DB6-5F09BE7AD063}]

C:\WINDOWS\system32\byXRkiii.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 05:46 13508608]

"nwiz"="nwiz.exe" [2008-02-22 05:46 1626112 C:\WINDOWS\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2008-02-22 05:46 86016 C:\WINDOWS\system32\nvhotkey.dll]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-09-08 16:43 1036288]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-17 21:40 17920]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 20:21 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 19:16 184320]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 16:32 823296]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 16:30 974848]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-22 05:46 86016]

"BMa3158e87"="C:\WINDOWS\system32\fnogsans.dll" [ ]

"a026bd1b"="C:\WINDOWS\system32\xdprsbbq.dll" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-30 14:35:55 24576]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-03-30 14:41 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

--a------ 2006-08-17 10:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Spill\\Anno 1701\\Anno1701.exe"=

"C:\\Program Files\\Spill\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

 

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-13 20:21]

S2 0126321208441922mcinstcleanup;McAfee Application Installer Cleanup (0126321208441922);C:\WINDOWS\TEMP\012632~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-30 12:41:52 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-03-30 12:41:51 C:\WINDOWS\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-19 18:23:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\NetLimiter\nl_lsp.dll

-> C:\WINDOWS\system32\nl_msgc.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\scardsvr.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Program Files\McAfee\MSK\msksrver.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

.

**************************************************************************

.

Completion time: 2008-04-19 18:26:07 - machine was rebooted [xxx]

ComboFix-quarantined-files.txt 2008-04-19 16:26:03

 

Pre-Run: 128,835,137,536 bytes free

Post-Run: 128,769,798,144 bytes free

 

301 --- E O F --- 2008-04-10 16:00:45

[snippsat]

Kopiere fet tekst->lim inn i notisblokk.

Lagre på skrivebordet som CFScript.txt.

Gjør som på bildet,Post logg c:\combofix.txt

 

File::

C:\WINDOWS\system32\qbbsrpdx.ini

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1AF6B27-962D-441A-9DB6-5F09BE7AD063}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BMa3158e87"=-

"a026bd1b"=-

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

 

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

 

Restart og en ny HijackThis logg.

[iminf]

Kopiere fet tekst->lim inn i notisblokk.

Lagre på skrivebordet som CFScript.txt.

Gjør som på bildet,Post logg c:\combofix.txt

 

File::

C:\WINDOWS\system32\qbbsrpdx.ini

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1AF6B27-962D-441A-9DB6-5F09BE7AD063}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BMa3158e87"=-

"a026bd1b"=-

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

 

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

 

Restart og en ny HijackThis logg.

 

 

 

Feilmeldingen ang. .dll filene er borte.

 

Etter den nye ComboFix operasjonen frøs pcn seg mens loggen viste på skjermen. Fungerte fint etter restart.

 

nye logger:

 

 

 

Ny HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:44:11, on 19.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=5080330

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=ZK...9ms5P3Bk_NGoubg

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: McAfee Application Installer Cleanup (0126321208441922) (0126321208441922mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP12632~1.EXE (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 11660 bytes

 

 

 

 

 

Ny SAS log:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/19/2008 at 07:38 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3442

Trace Rules Database Version: 1434

 

Scan type : Complete Scan

Total Scan Time : 00:18:27

 

Memory items scanned : 573

Memory threats detected : 0

Registry items scanned : 5645

Registry threats detected : 0

File items scanned : 13928

File threats detected : 0

 

 

 

Ny Combo log:

 

ComboFix 08-04-18.3 - xxx 2008-04-19 19:04:14.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2754 [GMT 2:00]

Running from: C:\Documents and Settings\xxx\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\xxx\Desktop\CFScript.txt

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\qbbsrpdx.ini

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\qbbsrpdx.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))

.

 

2008-04-19 18:26 . 2008-04-19 18:26 <DIR> d-------- C:\Documents and Settings\xxx

2008-04-19 17:33 . 2008-04-19 17:33 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-19 16:07 . 2008-04-19 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-19 16:06 . 2008-04-19 16:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-04-19 16:06 . 2008-04-19 16:06 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\SUPERAntiSpyware.com

2008-04-19 15:42 . 2008-04-19 16:04 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-19 13:46 . 2008-04-19 13:46 <DIR> d-------- C:\Pics

2008-04-18 20:16 . 2008-04-19 13:54 109,738 --a------ C:\WINDOWS\BMa3158e87.xml

2008-04-18 17:33 . 2008-04-19 13:47 <DIR> d-------- C:\Program Files\FLV Player

2008-04-17 19:45 . 2008-04-17 19:45 <DIR> d-------- C:\Rot

2008-04-17 19:42 . 2008-04-17 19:42 <DIR> d-------- C:\Bilder

2008-04-17 18:36 . 2008-04-17 18:38 <DIR> d-------- C:\Musikk

2008-04-17 17:41 . 2008-04-17 17:41 <DIR> d-------- C:\Temp\Gammal Blues! Blind Lemon Jefferson

2008-04-14 21:52 . 2008-04-14 21:52 <DIR> dr-h----- C:\Documents and Settings\xxx\Application Data\SecuROM

2008-04-14 21:52 . 2008-04-14 21:52 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-04-14 15:22 . 2008-04-14 15:22 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\pdf995

2008-04-14 15:22 . 2008-04-14 15:22 28 --a------ C:\WINDOWS\pdf995.ini

2008-04-14 15:19 . 2008-04-17 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pdf995

2008-04-14 15:19 . 2008-04-17 18:15 60 --a------ C:\WINDOWS\wpd99.drv

2008-04-14 15:18 . 2008-04-14 15:18 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll

2008-04-14 15:18 . 2008-04-14 15:18 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll

2008-04-14 15:15 . 2008-04-14 15:18 <DIR> d-------- C:\Program Files\pdf995

2008-04-14 15:07 . 2008-04-14 15:07 <DIR> d-------- C:\Program Files\GPLGS

2008-04-13 10:37 . 2008-04-13 10:37 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-13 10:37 . 2008-04-13 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-13 10:36 . 2008-04-19 16:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-13 01:04 . 2008-04-13 01:04 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\Media Player Classic

2008-04-12 21:59 . 2008-04-19 01:17 <DIR> d-------- C:\Temp\eMule

2008-04-12 21:52 . 2008-04-12 21:52 <DIR> d-------- C:\Program Files\eMule

2008-04-12 21:52 . 2008-04-12 21:52 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\eMule

2008-04-12 21:39 . 2008-04-12 21:39 <DIR> d-------- C:\Program Files\Real Alternative

2008-04-12 17:16 . 2008-04-12 17:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-04-12 17:16 . 2008-04-13 01:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-04-12 17:16 . 2008-04-13 01:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-04-12 17:16 . 2008-04-13 01:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-12 17:16 . 2008-04-12 17:16 22,328 --a------ C:\Documents and Settings\xxx\Application Data\PnkBstrK.sys

2008-04-12 17:16 . 2008-04-12 17:16 319 --a------ C:\WINDOWS\game.ini

2008-04-12 17:09 . 2008-04-12 17:09 <DIR> d-------- C:\Program Files\Activision

2008-04-12 17:06 . 2008-04-12 17:06 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-04-12 12:11 . 2008-04-12 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-04-11 20:16 . 2008-04-19 01:15 <DIR> d-------- C:\Temp\Opera Torrent

2008-04-11 13:03 . 2008-02-22 05:46 2,674,688 --a------ C:\WINDOWS\system32\nvwssr.dll

2008-04-11 13:03 . 2008-02-22 05:46 2,621,440 --a------ C:\WINDOWS\system32\nvwss.dll

2008-04-11 13:03 . 2008-02-22 05:46 1,126,400 --a------ C:\WINDOWS\system32\nvcuda.dll

2008-04-11 13:03 . 2008-02-22 07:06 360,448 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-04-11 13:03 . 2008-02-22 05:46 327,680 --a------ C:\WINDOWS\system32\nvwrsesm.dll

2008-04-11 13:03 . 2008-02-22 05:46 294,912 --a------ C:\WINDOWS\system32\nvwrspl.dll

2008-04-11 13:03 . 2008-02-22 05:46 274,432 --a------ C:\WINDOWS\system32\nvrsesm.dll

2008-04-11 13:03 . 2008-02-22 05:46 258,048 --a------ C:\WINDOWS\system32\nvrspl.dll

2008-04-11 13:03 . 2008-02-22 05:46 169,773 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-04-11 13:03 . 2008-02-22 05:46 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe

2008-04-11 12:31 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-04-11 12:31 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-04-11 12:31 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-11 12:31 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-04-10 21:32 . 2008-04-19 12:20 <DIR> d-------- C:\Temp\uTorrent Downloads

2008-04-09 23:20 . 2008-03-01 15:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-09 23:20 . 2007-07-01 05:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-09 23:20 . 2007-07-01 05:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-09 23:20 . 2008-03-01 15:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-09 23:20 . 2008-03-01 15:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-09 23:20 . 2008-03-01 15:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-09 23:20 . 2008-03-01 15:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-09 23:20 . 2008-03-01 15:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-09 23:20 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-09 23:16 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

2008-04-09 21:37 . 2008-04-09 21:37 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\CyberLink

2008-04-09 19:20 . 2008-04-09 19:20 <DIR> d-------- C:\Program Files\CCleaner

2008-04-08 23:13 . 2008-04-08 23:13 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\HP

2008-04-08 21:41 . 2008-04-08 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG

2008-04-08 21:40 . 2008-04-08 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

2008-04-08 21:40 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll

2008-04-08 21:39 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-04-08 21:39 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2008-04-08 21:38 . 2008-04-08 21:38 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\HPAppData

2008-04-08 21:38 . 2008-04-08 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY

2008-04-08 21:37 . 2008-04-08 21:37 <DIR> d-------- C:\Program Files\Common Files\HP

2008-04-08 21:37 . 2008-04-08 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

2008-04-08 21:37 . 2008-04-08 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

2008-04-08 21:36 . 2008-04-08 21:38 <DIR> d-------- C:\Program Files\HP

2008-04-08 21:36 . 2008-04-08 21:36 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-04-08 21:36 . 2008-04-08 21:36 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2008-04-08 21:35 . 2008-04-08 21:41 151,797 --a------ C:\WINDOWS\hpoins14.dat

2008-04-08 21:35 . 2007-09-20 18:18 2,000 --------- C:\WINDOWS\hpomdl14.dat

2008-04-08 19:56 . 2008-04-08 19:57 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2008-04-08 19:51 . 2008-04-08 19:51 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-04-08 17:32 . 2008-04-08 17:34 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-04-08 16:02 . 2008-04-08 16:02 <DIR> d--h----- C:\Program Files\Zero G Registry

2008-04-08 16:01 . 2008-04-08 16:01 <DIR> d--h----- C:\Documents and Settings\xxx\InstallAnywhere

2008-04-08 16:01 . 2008-04-08 16:01 <DIR> d--h----- C:\Documents and Settings\xxx\InstallAnywhere

2008-04-08 16:01 . 2008-04-08 16:01 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\Sports Interactive

2008-04-08 15:55 . 2008-04-08 16:00 <DIR> d-------- C:\Temp\FM2008

2008-04-08 15:54 . 2008-04-19 01:16 <DIR> d-------- C:\Temp

2008-04-08 15:53 . 2008-04-08 15:53 <DIR> d-------- C:\Program Files\MagicISO

2008-04-08 15:29 . 2004-11-30 10:51 84,636 --a------ C:\WINDOWS\system32\drivers\aksifdh.sys

2008-04-08 15:29 . 2004-11-30 10:51 32,472 --a------ C:\WINDOWS\system32\drivers\aksup.sys

2008-04-08 15:16 . 2008-01-31 17:04 64,184 --a------ C:\opera6.adr

2008-04-08 15:01 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-04-08 15:01 . 2008-04-08 15:01 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-04-08 15:01 . 2008-04-08 15:01 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-04-08 14:58 . 2008-04-19 13:47 <DIR> d-------- C:\Program Files\Spill

2008-04-08 14:16 . 2008-04-08 14:16 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\Template

2008-04-08 14:16 . 2008-04-17 18:44 2,974 --a------ C:\Documents and Settings\xxx\Application Data\wklnhst.dat

2008-04-08 13:43 . 2008-04-17 19:46 <DIR> d-------- C:\Div Fra Gamle PC

2008-04-08 13:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-08 13:42 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-08 13:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-08 13:40 . 2008-04-08 13:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-04-08 13:37 . 2008-04-08 13:37 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\DAEMON Tools

2008-04-08 13:37 . 2008-04-08 13:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-08 13:25 . 2008-04-08 13:25 <DIR> d-------- C:\Program Files\NetLimiter

2008-04-08 13:25 . 2008-04-08 13:25 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\LockTime

2008-04-08 13:10 . 2008-04-08 13:11 <DIR> d-------- C:\Video

2008-04-08 13:08 . 2008-04-08 13:08 <DIR> d-------- C:\Dokument

2008-04-08 12:41 . 2008-04-08 12:42 <DIR> d-------- C:\Program Files\Winamp

2008-04-08 12:41 . 2008-04-08 12:42 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\Winamp

2008-04-08 12:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-08 12:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-08 12:39 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-08 12:38 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-04-08 12:38 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

2008-04-08 12:38 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-04-08 12:38 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2008-04-08 12:37 . 2008-04-08 12:37 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\vlc

2008-04-08 12:35 . 2008-04-08 12:35 <DIR> d-------- C:\Program Files\VideoLAN

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 12:10 7,258 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_M1710.mrk

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-16 08:59 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2008-02-16 08:59 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2008-02-16 08:59 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2008-02-16 08:59 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll

2008-02-16 08:59 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-19_18.25.49.68 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-19 11:54:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-04-19 16:37:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-04-19 11:54:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-04-19 16:37:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-04-19 11:54:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-19 16:37:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-19 15:30:18 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-04-19 16:27:19 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-04-19 15:30:18 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-04-19 16:27:19 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1AF6B27-962D-441A-9DB6-5F09BE7AD063}]

C:\WINDOWS\system32\byXRkiii.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 05:46 13508608]

"nwiz"="nwiz.exe" [2008-02-22 05:46 1626112 C:\WINDOWS\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2008-02-22 05:46 86016 C:\WINDOWS\system32\nvhotkey.dll]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-09-08 16:43 1036288]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-17 21:40 17920]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 20:21 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 19:16 184320]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 16:32 823296]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 16:30 974848]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-22 05:46 86016]

"BMa3158e87"="C:\WINDOWS\system32\fnogsans.dll" [ ]

"a026bd1b"="C:\WINDOWS\system32\xdprsbbq.dll" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-30 14:35:55 24576]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-03-30 14:41 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

--a------ 2006-08-17 10:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Spill\\Anno 1701\\Anno1701.exe"=

"C:\\Program Files\\Spill\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

 

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-13 20:21]

S2 0126321208441922mcinstcleanup;McAfee Application Installer Cleanup (0126321208441922);C:\WINDOWS\TEMP\012632~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-30 12:41:52 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-03-30 12:41:51 C:\WINDOWS\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-19 19:05:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\NetLimiter\nl_lsp.dll

-> C:\WINDOWS\system32\nl_msgc.dll

.

Completion time: 2008-04-19 19:05:54

ComboFix-quarantined-files.txt 2008-04-19 17:05:50

ComboFix2.txt 2008-04-19 16:26:08

 

Pre-Run: 128,754,757,632 bytes free

Post-Run: 128,739,618,816 bytes free

 

285 --- E O F --- 2008-04-10 16:00:45

[snippsat]

Slett denne filen.

C:\WINDOWS\BMa3158e87.xml

 

Combofix slettet ikke registeroverføringer,må prøve igjen.

 

Høyere klikk på denne,"lagre mål som"->legg den på skrivebordet.

http://dump.no/files/71543a7f90c1/CFScript.txt

Da gjør du som før drar den til combofix.

Post logg c:\combofix.txt

Endret 19. april 2008 av SNIPPSAT

[iminf]

Slett denne filen.

C:\WINDOWS\BMa3158e87.xml

 

Combofix slettet ikke registeroverføringer,må prøve igjen.

 

Høyere klikk på denne,"lagre mål som"->legg den på skrivebordet.

http://dump.no/files/71543a7f90c1/CFScript.txt

Da gjør du som før drar den til combofix.

Post logg c:\combofix.txt

 

 

 

ny combo log:

 

ComboFix 08-04-18.3 - xxx 2008-04-19 21:31:07.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2771 [GMT 2:00]

Running from: C:\Documents and Settings\xxx\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\xxx\Desktop\CFScript.txt

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))

.

 

2008-04-19 18:26 . 2008-04-19 18:26 <DIR> d-------- C:\Documents and Settings\xxx

2008-04-19 17:33 . 2008-04-19 17:33 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-19 16:07 . 2008-04-19 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-19 16:06 . 2008-04-19 16:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-04-19 16:06 . 2008-04-19 16:06 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\SUPERAntiSpyware.com

2008-04-19 15:42 . 2008-04-19 16:04 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-19 13:46 . 2008-04-19 13:46 <DIR> d-------- C:\Pics

2008-04-18 17:33 . 2008-04-19 13:47 <DIR> d-------- C:\Program Files\FLV Player

2008-04-17 19:45 . 2008-04-17 19:45 <DIR> d-------- C:\Rot

2008-04-17 19:42 . 2008-04-17 19:42 <DIR> d-------- C:\Bilder

2008-04-17 18:36 . 2008-04-17 18:38 <DIR> d-------- C:\Musikk

2008-04-17 17:41 . 2008-04-17 17:41 <DIR> d-------- C:\Temp\Gammal Blues! Blind Lemon Jefferson

2008-04-14 21:52 . 2008-04-14 21:52 <DIR> dr-h----- C:\Documents and Settings\xxx\Application Data\SecuROM

2008-04-14 21:52 . 2008-04-14 21:52 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-04-14 15:22 . 2008-04-14 15:22 <DIR> d-------- C:\Documents and Settings\Ole Vebjørn\Application Data\pdf995

2008-04-14 15:22 . 2008-04-14 15:22 28 --a------ C:\WINDOWS\pdf995.ini

2008-04-14 15:19 . 2008-04-17 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pdf995

2008-04-14 15:19 . 2008-04-17 18:15 60 --a------ C:\WINDOWS\wpd99.drv

2008-04-14 15:18 . 2008-04-14 15:18 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll

2008-04-14 15:18 . 2008-04-14 15:18 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll

2008-04-14 15:15 . 2008-04-14 15:18 <DIR> d-------- C:\Program Files\pdf995

2008-04-14 15:07 . 2008-04-14 15:07 <DIR> d-------- C:\Program Files\GPLGS

2008-04-13 10:37 . 2008-04-13 10:37 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-13 10:37 . 2008-04-13 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-13 10:36 . 2008-04-19 16:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-13 01:04 . 2008-04-13 01:04 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\Media Player Classic

2008-04-12 21:59 . 2008-04-19 01:17 <DIR> d-------- C:\Temp\eMule

2008-04-12 21:52 . 2008-04-12 21:52 <DIR> d-------- C:\Program Files\eMule

2008-04-12 21:52 . 2008-04-12 21:52 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\eMule

2008-04-12 21:39 . 2008-04-12 21:39 <DIR> d-------- C:\Program Files\Real Alternative

2008-04-12 17:16 . 2008-04-12 17:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-04-12 17:16 . 2008-04-13 01:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-04-12 17:16 . 2008-04-13 01:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-04-12 17:16 . 2008-04-13 01:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-12 17:16 . 2008-04-12 17:16 22,328 --a------ C:\Documents and Settings\xxx\Application Data\PnkBstrK.sys

2008-04-12 17:16 . 2008-04-12 17:16 319 --a------ C:\WINDOWS\game.ini

2008-04-12 17:09 . 2008-04-12 17:09 <DIR> d-------- C:\Program Files\Activision

2008-04-12 17:06 . 2008-04-12 17:06 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-04-12 12:11 . 2008-04-12 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-04-11 20:16 . 2008-04-19 01:15 <DIR> d-------- C:\Temp\Opera Torrent

2008-04-11 13:03 . 2008-02-22 05:46 2,674,688 --a------ C:\WINDOWS\system32\nvwssr.dll

2008-04-11 13:03 . 2008-02-22 05:46 2,621,440 --a------ C:\WINDOWS\system32\nvwss.dll

2008-04-11 13:03 . 2008-02-22 05:46 1,126,400 --a------ C:\WINDOWS\system32\nvcuda.dll

2008-04-11 13:03 . 2008-02-22 07:06 360,448 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-04-11 13:03 . 2008-02-22 05:46 327,680 --a------ C:\WINDOWS\system32\nvwrsesm.dll

2008-04-11 13:03 . 2008-02-22 05:46 294,912 --a------ C:\WINDOWS\system32\nvwrspl.dll

2008-04-11 13:03 . 2008-02-22 05:46 274,432 --a------ C:\WINDOWS\system32\nvrsesm.dll

2008-04-11 13:03 . 2008-02-22 05:46 258,048 --a------ C:\WINDOWS\system32\nvrspl.dll

2008-04-11 13:03 . 2008-02-22 05:46 169,773 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-04-11 13:03 . 2008-02-22 05:46 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe

2008-04-11 12:31 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-04-11 12:31 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-04-11 12:31 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-11 12:31 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-04-10 21:32 . 2008-04-19 20:33 <DIR> d-------- C:\Temp\uTorrent Downloads

2008-04-09 23:20 . 2008-03-01 15:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-09 23:20 . 2007-07-01 05:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-09 23:20 . 2007-07-01 05:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-09 23:20 . 2008-03-01 15:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-09 23:20 . 2008-03-01 15:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-09 23:20 . 2008-03-01 15:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-09 23:20 . 2008-03-01 15:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-09 23:20 . 2008-03-01 15:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-09 23:20 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-09 23:16 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

2008-04-09 21:37 . 2008-04-09 21:37 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\CyberLink

2008-04-09 19:20 . 2008-04-09 19:20 <DIR> d-------- C:\Program Files\CCleaner

2008-04-08 23:13 . 2008-04-08 23:13 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\HP

2008-04-08 21:41 . 2008-04-08 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG

2008-04-08 21:40 . 2008-04-08 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

2008-04-08 21:40 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll

2008-04-08 21:39 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-04-08 21:39 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2008-04-08 21:38 . 2008-04-08 21:38 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\HPAppData

2008-04-08 21:38 . 2008-04-08 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY

2008-04-08 21:37 . 2008-04-08 21:37 <DIR> d-------- C:\Program Files\Common Files\HP

2008-04-08 21:37 . 2008-04-08 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

2008-04-08 21:37 . 2008-04-08 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

2008-04-08 21:36 . 2008-04-08 21:38 <DIR> d-------- C:\Program Files\HP

2008-04-08 21:36 . 2008-04-08 21:36 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-04-08 21:36 . 2008-04-08 21:36 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2008-04-08 21:35 . 2008-04-08 21:41 151,797 --a------ C:\WINDOWS\hpoins14.dat

2008-04-08 21:35 . 2007-09-20 18:18 2,000 --------- C:\WINDOWS\hpomdl14.dat

2008-04-08 19:56 . 2008-04-08 19:57 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2008-04-08 19:51 . 2008-04-08 19:51 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-04-08 17:32 . 2008-04-08 17:34 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-04-08 16:02 . 2008-04-08 16:02 <DIR> d--h----- C:\Program Files\Zero G Registry

2008-04-08 16:01 . 2008-04-08 16:01 <DIR> d--h----- C:\Documents and Settings\xxx\InstallAnywhere

2008-04-08 16:01 . 2008-04-08 16:01 <DIR> d--h----- C:\Documents and Settings\xxx\InstallAnywhere

2008-04-08 16:01 . 2008-04-08 16:01 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\Sports Interactive

2008-04-08 15:55 . 2008-04-08 16:00 <DIR> d-------- C:\Temp\FM2008

2008-04-08 15:54 . 2008-04-19 01:16 <DIR> d-------- C:\Temp

2008-04-08 15:53 . 2008-04-08 15:53 <DIR> d-------- C:\Program Files\MagicISO

2008-04-08 15:29 . 2004-11-30 10:51 84,636 --a------ C:\WINDOWS\system32\drivers\aksifdh.sys

2008-04-08 15:29 . 2004-11-30 10:51 32,472 --a------ C:\WINDOWS\system32\drivers\aksup.sys

2008-04-08 15:16 . 2008-01-31 17:04 64,184 --a------ C:\opera6.adr

2008-04-08 15:01 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-04-08 15:01 . 2008-04-08 15:01 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-04-08 15:01 . 2008-04-08 15:01 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-04-08 14:58 . 2008-04-19 13:47 <DIR> d-------- C:\Program Files\Spill

2008-04-08 14:16 . 2008-04-08 14:16 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\Template

2008-04-08 14:16 . 2008-04-17 18:44 2,974 --a------ C:\Documents and Settings\xxx\Application Data\wklnhst.dat

2008-04-08 13:43 . 2008-04-17 19:46 <DIR> d-------- C:\Div Fra Gamle PC

2008-04-08 13:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-08 13:42 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-08 13:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-08 13:40 . 2008-04-08 13:40 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-04-08 13:37 . 2008-04-08 13:37 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\DAEMON Tools

2008-04-08 13:37 . 2008-04-08 13:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-08 13:25 . 2008-04-08 13:25 <DIR> d-------- C:\Program Files\NetLimiter

2008-04-08 13:25 . 2008-04-08 13:25 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\LockTime

2008-04-08 13:10 . 2008-04-08 13:11 <DIR> d-------- C:\Video

2008-04-08 13:08 . 2008-04-08 13:08 <DIR> d-------- C:\Dokument

2008-04-08 12:41 . 2008-04-08 12:42 <DIR> d-------- C:\Program Files\Winamp

2008-04-08 12:41 . 2008-04-08 12:42 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\Winamp

2008-04-08 12:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-08 12:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-08 12:39 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-08 12:38 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-04-08 12:38 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

2008-04-08 12:38 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-04-08 12:38 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2008-04-08 12:37 . 2008-04-08 12:37 <DIR> d-------- C:\Documents and Settings\xxx\Application Data\vlc

2008-04-08 12:35 . 2008-04-08 12:35 <DIR> d-------- C:\Program Files\VideoLAN

2008-04-08 12:31 . 2008-04-08 12:31 <DIR> d-------- C:\Program Files\uTorrent

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 12:10 7,258 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_M1710.mrk

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-16 08:59 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2008-02-16 08:59 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2008-02-16 08:59 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2008-02-16 08:59 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll

2008-02-16 08:59 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-19_18.25.49.68 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-19 16:22:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-19 17:41:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-04-19 11:54:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-04-19 16:37:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-04-19 11:54:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-04-19 16:37:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-04-19 11:54:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-19 16:37:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-18 17:02:57 98,829 ----a-w C:\WINDOWS\system32\nvModes.dat

+ 2008-04-19 18:38:08 98,829 ----a-w C:\WINDOWS\system32\nvModes.dat

- 2008-04-19 15:30:18 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-04-19 17:45:40 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-04-19 15:30:18 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-04-19 17:45:40 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 05:46 13508608]

"nwiz"="nwiz.exe" [2008-02-22 05:46 1626112 C:\WINDOWS\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2008-02-22 05:46 86016 C:\WINDOWS\system32\nvhotkey.dll]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-09-08 16:43 1036288]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-17 21:40 17920]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 20:21 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 19:16 184320]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 16:32 823296]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 16:30 974848]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-22 05:46 86016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-30 14:35:55 24576]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-03-30 14:41 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

--a------ 2006-08-17 10:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Spill\\Anno 1701\\Anno1701.exe"=

"C:\\Program Files\\Spill\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

 

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-13 20:21]

S2 0126321208441922mcinstcleanup;McAfee Application Installer Cleanup (0126321208441922);C:\WINDOWS\TEMP\012632~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-03-30 12:41:52 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-03-30 12:41:51 C:\WINDOWS\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-19 21:32:30

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\NetLimiter\nl_lsp.dll

-> C:\WINDOWS\system32\nl_msgc.dll

.

Completion time: 2008-04-19 21:33:02

ComboFix-quarantined-files.txt 2008-04-19 19:32:57

ComboFix2.txt 2008-04-19 17:05:55

ComboFix3.txt 2008-04-19 16:26:08

 

Pre-Run: 128,721,305,600 bytes free

Post-Run: 128,708,112,384 bytes free

 

281 --- E O F --- 2008-04-10 16:00:45

[snippsat]

Da er det bra

 

Bruk pcen litt kjører den greit kan du gjøre dette.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf Trygt.

Endret 21. april 2008 av SNIPPSAT

[iminf]

Da er det bra

 

Bruk pcen litt kjører den greit kan du gjøre dette.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surt Trygt.

 

 

Tusen takk for hjelpen!!

 

ser at flere andre her sliter med dette "Virtumonde" problemet.

kan det fortsatt ligge i en .zip fil eller lignende på hardisken min eller har jeg fått dette ved vanlig surfing?

forstår dette kan være et vanskelig spørsmål, men kan du se sånt i de loggene jeg har postet?

[snippsat]

Klart det kan ligge en innaktiv fil på systemet"zip-rar-exe"

Når du starter den så er du infesert.

 

Er det filer du er i tvil om kan du kjøre dem igjennom en av disse.

Jotti eller Virustotal

Endret 19. april 2008 av SNIPPSAT

[iminf]

Klart det kan ligge en innaktiv fil på systemet"zip-rar-exe"

Når du starter den så er du infesert.

 

Er det fil du er i tvil om kan du kjøre den igjennom en av disse.

Jotti eller Virustotal

 

 

 

 

det skal jeg gøre

 

igjen takk for hjelpen!

[norbat]

For å si det slik: med bruk av de verktøy som her brukes (bla. combofix), så skal det svært mye til for at infiserte filer fortsatt ligger på PC-en hvis man får god veiledning i hva som skal fjernes. Dette gjelder 'inaktive' som 'aktive'. Trådstarter kan derfor berolige seg med at når loggene ser fine ut (les: rene), så er PC-en fri for filer som inneholder infeksjoner (zip, exe, dll m.fl)

[Petterla]

Hei.

 

dette ser ut til å være et voldsomt problem for tiden, og jeg har og klart å få dette svineriet inn på maskinen (vel, det var egentlig samboeren som driter i alt man forteller om datasikkerhet så lenge hun kan gå amok på piratebay (vi har ikke hatt den hyggeligste helgen)).

 

Det virker som om disse triksene har virket for meg og, med et unntak, hos meg er det c:\WINDOWS\system32\Uqkssdki.dll og C:\WINDOWS\system32\gmuycddl.dll som kommer som feilmelding når jeg starter opp maskinen. Er det noen som kan fortelle noe om dette?

 

på forhånd takk

 

petter

Endret 21. april 2008 av Petterla

[snippsat]

Hei petterla.

Kan du lage en ny post.

I den post logger fra hijackthis og combofix.

 

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Endret 21. april 2008 av SNIPPSAT

[Petterla]

Hijakthis:

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:17:30, on 21.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\basfipm.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\Apoint\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\Programfiler\Apoint\Apntex.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\CMMON32.EXE

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tp...01&ttid=104

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4525F16E-EB69-489A-9701-9D8F024A0F75} - (no file)

O2 - BHO: (no name) - {4B29DAE8-722E-4F2B-9485-8FE5A68CE58C} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {6C501EEB-910C-43C7-8DC4-BAB6C6FC307C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} - (no file)

O2 - BHO: InternetExplorer Class - {D1E45498-D865-4E91-A579-D0AAD8D3B5A4} - C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll

O2 - BHO: (no name) - {f40f0486-862c-4d6f-9244-f9601173621c} - (no file)

O2 - BHO: (no name) - {FC7E7091-B0E5-4C94-A03F-BE5862063618} - C:\WINDOWS\system32\wvUoMeDW.dll (file missing)

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [2c0bd32f] rundll32.exe "C:\WINDOWS\system32\gmuycddl.dll",b

O4 - HKLM\..\Run: [bM2f38e0b3] Rundll32.exe "C:\WINDOWS\system32\uqkssdqi.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA0201C-9D93-461E-8826-24AA4C90CCD1}: NameServer = 129.177.12.31 129.177.30.12

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: khfCuRlJ - C:\WINDOWS\

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

--

End of file - 8286 bytes

 

combofix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-04-20.2 - Mette 2008-04-21 14:21:24.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.469 [GMT 2:00]

Running from: C:\Documents and Settings\Mette\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))

.

 

2008-04-21 14:14 . 2008-04-21 14:14 <DIR> d-------- C:\Programfiler\Trend Micro

2008-04-21 11:40 . 2008-04-21 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-04-21 11:39 . 2008-04-21 11:39 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-04-21 11:39 . 2008-04-21 11:39 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\SUPERAntiSpyware.com

2008-04-21 11:34 . 2008-04-21 12:29 1,540,789 ---hs---- C:\WINDOWS\system32\lddcyumg.ini

2008-04-21 00:25 . 2008-04-21 12:05 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\Pro Cycling Manager 2007

2008-04-20 23:25 . 2008-04-20 23:56 1,540,789 ---hs---- C:\WINDOWS\system32\oqlfybfq.ini

2008-04-20 23:21 . 2008-04-20 23:21 94,272 --------- C:\WINDOWS\system32\ydnwauvp.dll_old

2008-04-20 19:35 . 2008-04-20 19:35 <DIR> dr-h----- C:\Documents and Settings\kristin\Siste

2008-04-20 19:28 . 2008-04-20 19:28 <DIR> dr-h----- C:\Documents and Settings\Mette\Siste

2008-04-20 13:44 . 2008-04-20 13:44 <DIR> d-------- C:\Programfiler\Lavasoft

2008-04-20 13:44 . 2008-04-20 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-04-19 23:22 . 2008-04-20 17:54 1,542,059 ---hs---- C:\WINDOWS\system32\sdvonmea.ini

2008-04-18 23:20 . 2008-04-19 17:44 1,541,517 ---hs---- C:\WINDOWS\system32\obxhlwwb.ini

2008-04-18 23:17 . 2008-04-21 12:57 109,824 --a------ C:\WINDOWS\BM2f38e0b3.xml

2008-04-18 22:18 . 2008-04-18 22:18 <DIR> d-------- C:\games

2008-04-18 11:05 . 2008-04-18 20:12 1,529,757 ---hs---- C:\WINDOWS\system32\acvlyhue.ini

2008-04-17 23:16 . 2008-04-18 10:59 1,529,533 ---hs---- C:\WINDOWS\system32\aaecxqkn.ini

2008-04-17 17:31 . 2008-04-17 21:33 <DIR> d-------- C:\Programfiler\Paradox Interactive

2008-04-17 12:12 . 2008-04-17 12:12 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite

2008-04-17 11:50 . 2008-04-17 11:50 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\DAEMON Tools

2008-04-16 22:52 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-04-16 22:47 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2008-04-16 22:47 . 2008-04-17 00:19 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-04-16 22:47 . 2008-04-16 22:47 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-04-08 17:25 . 2008-04-08 17:25 <DIR> d-------- C:\ATI

2008-04-07 15:57 . 2008-04-07 15:57 <DIR> d-------- C:\Programfiler\LIUtilities

2008-03-28 18:06 . 2008-03-28 18:07 <DIR> d-------- C:\Programfiler\MagicISO

2008-03-28 15:23 . 2008-03-28 15:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Beyond 2020

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-21 10:27 --------- d-----w C:\Documents and Settings\Mette\Programdata\uTorrent

2008-04-21 09:53 --------- d-----w C:\Programfiler\Clue

2008-04-21 09:38 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-04-20 22:21 --------- d-----w C:\Documents and Settings\Mette\Programdata\Sports Interactive

2008-04-20 17:43 --------- d-----w C:\Programfiler\Hannes Converter

2008-04-20 16:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-04-20 15:03 --------- d-----w C:\Programfiler\Spybot - Search & Destroy

2008-04-20 11:40 --------- d-----w C:\Documents and Settings\Mette\Programdata\Lavasoft

2008-04-20 07:43 --------- d-----w C:\Documents and Settings\kristin\Programdata\uTorrent

2008-04-17 09:50 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-04-16 23:21 --------- d-----w C:\Programfiler\Sports Interactive

2008-04-16 23:00 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-04-16 22:53 --------- d-----w C:\Programfiler\Cyanide

2008-04-16 22:51 --------- d-----w C:\Programfiler\Anti-Blaxx

2008-04-08 15:59 --------- d-----w C:\Programfiler\ATI Technologies

2008-04-08 12:24 --------- d-----w C:\Programfiler\Uniblue

2008-04-08 12:24 --------- d-----w C:\Documents and Settings\Mette\Programdata\Uniblue

2008-04-07 14:28 --------- d-----w C:\Programfiler\SpeedFan

2008-04-07 12:32 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-04-07 12:32 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-03-29 19:29 --------- d-----w C:\Programfiler\Java

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-15 22:13 --------- d-----w C:\Documents and Settings\kristin\Programdata\Ahead

2008-03-15 22:07 --------- d-----w C:\Documents and Settings\kristin\Programdata\CyberLink

2008-03-11 21:39 --------- d-----w C:\Programfiler\Nokia

2008-03-11 21:39 --------- d-----w C:\Programfiler\Fellesfiler\PCSuite

2008-03-11 21:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Downloaded Installations

2008-03-11 19:01 --------- d-----w C:\Documents and Settings\kristin\Programdata\Uniblue

2008-03-10 21:00 --------- d-----w C:\Programfiler\Octoshape Streaming Services

2008-03-03 18:03 --------- d-----w C:\Documents and Settings\kristin\Programdata\PC Suite

2008-03-03 13:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\PC Suite

2008-03-03 13:45 --------- d-----w C:\Programfiler\DIFX

2008-03-01 19:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-03-01 19:20 --------- d-----w C:\Programfiler\VideoLAN

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-03-01 15:28 --------- d-----w C:\Programfiler\Google

2008-03-01 13:12 --------- d-----w C:\Programfiler\MSN Messenger

2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-28 20:21 --------- d-----w C:\Programfiler\Microsoft Works

2008-02-28 15:15 --------- d-----w C:\Programfiler\Microsoft.NET

2008-02-27 10:23 --------- d-----w C:\Documents and Settings\Mette\Programdata\InstallShield

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:39 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:39 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4525F16E-EB69-489A-9701-9D8F024A0F75}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B29DAE8-722E-4F2B-9485-8FE5A68CE58C}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C501EEB-910C-43C7-8DC4-BAB6C6FC307C}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1E45498-D865-4E91-A579-D0AAD8D3B5A4}]

2007-01-08 05:17 155648 --a------ C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f40f0486-862c-4d6f-9244-f9601173621c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7E7091-B0E5-4C94-A03F-BE5862063618}]

C:\WINDOWS\system32\wvUoMeDW.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]

"Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 17:33 155648]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 21:00 344064]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"CaAvTray"="C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2007-10-16 19:46 230512]

"CAVRID"="C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-10-16 19:46 185456]

"2c0bd32f"="C:\WINDOWS\system32\gmuycddl.dll" [ ]

"BM2f38e0b3"="C:\WINDOWS\system32\uqkssdqi.dll" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCuRlJ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= ir41_32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-11-15 14:11 267048 C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Programfiler\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--a------ 2004-01-07 02:01 110592 C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--------- 2006-11-15 11:46 204288 C:\Programfiler\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe"

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=

"C:\\WINDOWS\\system32\\javaw.exe"=

"C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Programfiler\\utorrent\\utorrent.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\Programfiler\\SopCast\\SopCast.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\PPMate\\ppmate.exe"=

"C:\\Programfiler\\PPMate\\ppmnet.exe"=

"C:\\Programfiler\\TVAnts\\Tvants.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=

"C:\\Programfiler\\Real\\RealPlayer\\realplay.exe"=

"C:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\SopCast\\sopvod.exe"=

"C:\\Programfiler\\Cyanide\\Pro Cycling Manager 2007\\PCM.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15254:TCP"= 15254:TCP:BitComet 15254 TCP

"15254:UDP"= 15254:UDP:BitComet 15254 UDP

 

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 22:26]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{088b6a6a-5c66-11da-9e3a-806d6172696f}]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ebd9ff2-4bb8-11da-941f-0014a50d62dc}]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40ac9936-6a48-11da-9e51-0014a50d62dc}]

\Shell\AutoRun\command - F:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ba46e1-2510-11da-8f8e-806d6172696f}]

\shell\play\Command - "C:\Programfiler\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

 

.

Contents of the 'Scheduled Tasks' folder

"2008-04-07 12:21:42 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-04-07 12:07:17 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-21 14:27:38

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"CaAvTray"="\"C:\\Programfiler\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""

.

Completion time: 2008-04-21 14:31:31

ComboFix-quarantined-files.txt 2008-04-21 12:29:57

ComboFix2.txt 2008-04-21 11:35:24

 

Pre-Run: 19,248,504,832 byte ledig

Post-Run: 19,234,439,168 byte ledig

 

210 --- E O F --- 2008-04-19 13:24:58

 

da skulle det være gjort. Jeg takker forøvrig veldig mye for kjapt svar.

[snippsat]

Kopiere fet tekst->lim inn i notisblokk.

Lagre på skrivebordet som CFScript.txt.

Gjør som på bildet,Post logg c:\combofix.txt

 

File::

C:\WINDOWS\system32\lddcyumg.ini

C:\WINDOWS\system32\oqlfybfq.ini

C:\WINDOWS\system32\ydnwauvp.dll_old

C:\WINDOWS\system32\sdvonmea.ini

C:\WINDOWS\system32\obxhlwwb.ini

C:\WINDOWS\BM2f38e0b3.xml

C:\WINDOWS\system32\acvlyhue.ini

C:\WINDOWS\system32\aaecxqkn.ini

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4525F16E-EB69-489A-9701-9D8F024A0F75}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B29DAE8-722E-4F2B-9485-8FE5A68CE58C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C501EEB-910C-43C7-8DC4-BAB6C6FC307C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f40f0486-862c-4d6f-9244-f9601173621c}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7E7091-B0E5-4C94-A03F-BE5862063618}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"2c0bd32f"=-

"BM2f38e0b3"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCuRlJ]

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

 

Restart og en ny HijackThis logg.

Endret 21. april 2008 av SNIPPSAT

[Petterla]

Det kan virke som om dette hjalp veldig godt. Det er i hvertfall ingen problemer med feilmeldinger lengre.

 

Her er hijackthis loggen:

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:00:25, on 21.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\netdde.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\basfipm.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\Apoint\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Programfiler\Apoint\Apntex.exe

C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\CMMON32.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tp...01&ttid=104

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.140.160.26:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4525F16E-EB69-489A-9701-9D8F024A0F75} - (no file)

O2 - BHO: (no name) - {4B29DAE8-722E-4F2B-9485-8FE5A68CE58C} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: InternetExplorer Class - {D1E45498-D865-4E91-A579-D0AAD8D3B5A4} - C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll

O2 - BHO: (no name) - {f40f0486-862c-4d6f-9244-f9601173621c} - (no file)

O2 - BHO: (no name) - {FC7E7091-B0E5-4C94-A03F-BE5862063618} - (no file)

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA0201C-9D93-461E-8826-24AA4C90CCD1}: NameServer = 129.177.12.31 129.177.30.12

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

--

End of file - 7712 bytes

 

Er dette ett helt nytt virus / en ny trojaner? Jeg har ikke hørt noe om den før, og det virket å være mange som slet med dette nå.

 

Nok en gang, tusen hjertlig takk.

 

-petter

[snippsat]

Kjør kun hjt.

 

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: (no name) - {4525F16E-EB69-489A-9701-9D8F024A0F75} - (no file)

O2 - BHO: (no name) - {4B29DAE8-722E-4F2B-9485-8FE5A68CE58C} - (no file)

O2 - BHO: (no name) - {f40f0486-862c-4d6f-9244-f9601173621c} - (no file)

O2 - BHO: (no name) - {FC7E7091-B0E5-4C94-A03F-BE5862063618} - (no file)

 

Kunne du ha postet den siste loggen til combofix.

 

Restart og en ny HijackThis logg.

[Petterla]

først litt fra combofix:

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-04-20.2 - Mette 2008-04-21 15:38:14.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.549 [GMT 2:00]

Running from: C:\Documents and Settings\Mette\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Mette\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\BM2f38e0b3.xml

C:\WINDOWS\system32\acvlyhue.ini

C:\WINDOWS\system32\lddcyumg.ini

C:\WINDOWS\system32\obxhlwwb.ini

C:\WINDOWS\system32\oqlfybfq.ini

C:\WINDOWS\system32\sdvonmea.ini

C:\WINDOWS\system32\ydnwauvp.dll_old

C:\WINDOWS\system32\aaecxqkn.ini

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BM2f38e0b3.xml

C:\WINDOWS\system32\acvlyhue.ini

C:\WINDOWS\system32\lddcyumg.ini

C:\WINDOWS\system32\obxhlwwb.ini

C:\WINDOWS\system32\oqlfybfq.ini

C:\WINDOWS\system32\sdvonmea.ini

C:\WINDOWS\system32\ydnwauvp.dll_old

C:\WINDOWS\system32\aaecxqkn.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))

.

 

2008-04-21 14:14 . 2008-04-21 14:14 <DIR> d-------- C:\Programfiler\Trend Micro

2008-04-21 11:40 . 2008-04-21 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-04-21 11:39 . 2008-04-21 11:39 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-04-21 11:39 . 2008-04-21 11:39 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\SUPERAntiSpyware.com

2008-04-21 00:25 . 2008-04-21 12:05 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\Pro Cycling Manager 2007

2008-04-20 19:35 . 2008-04-20 19:35 <DIR> dr-h----- C:\Documents and Settings\kristin\Siste

2008-04-20 19:28 . 2008-04-21 15:35 <DIR> dr-h----- C:\Documents and Settings\Mette\Siste

2008-04-20 13:44 . 2008-04-20 13:44 <DIR> d-------- C:\Programfiler\Lavasoft

2008-04-20 13:44 . 2008-04-20 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-04-18 22:18 . 2008-04-18 22:18 <DIR> d-------- C:\games

2008-04-17 17:31 . 2008-04-17 21:33 <DIR> d-------- C:\Programfiler\Paradox Interactive

2008-04-17 12:12 . 2008-04-17 12:12 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite

2008-04-17 11:50 . 2008-04-17 11:50 <DIR> d-------- C:\Documents and Settings\Mette\Programdata\DAEMON Tools

2008-04-16 22:52 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-04-16 22:47 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2008-04-16 22:47 . 2008-04-17 00:19 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-04-16 22:47 . 2008-04-16 22:47 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-04-08 17:25 . 2008-04-08 17:25 <DIR> d-------- C:\ATI

2008-04-07 15:57 . 2008-04-07 15:57 <DIR> d-------- C:\Programfiler\LIUtilities

2008-03-28 18:06 . 2008-03-28 18:07 <DIR> d-------- C:\Programfiler\MagicISO

2008-03-28 15:23 . 2008-03-28 15:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Beyond 2020

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-21 13:36 --------- d-----w C:\Programfiler\Clue

2008-04-21 10:27 --------- d-----w C:\Documents and Settings\Mette\Programdata\uTorrent

2008-04-21 09:38 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-04-20 22:21 --------- d-----w C:\Documents and Settings\Mette\Programdata\Sports Interactive

2008-04-20 17:43 --------- d-----w C:\Programfiler\Hannes Converter

2008-04-20 16:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-04-20 15:03 --------- d-----w C:\Programfiler\Spybot - Search & Destroy

2008-04-20 11:40 --------- d-----w C:\Documents and Settings\Mette\Programdata\Lavasoft

2008-04-20 07:43 --------- d-----w C:\Documents and Settings\kristin\Programdata\uTorrent

2008-04-17 09:50 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-04-16 23:21 --------- d-----w C:\Programfiler\Sports Interactive

2008-04-16 23:00 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-04-16 22:53 --------- d-----w C:\Programfiler\Cyanide

2008-04-16 22:51 --------- d-----w C:\Programfiler\Anti-Blaxx

2008-04-08 15:59 --------- d-----w C:\Programfiler\ATI Technologies

2008-04-08 12:24 --------- d-----w C:\Programfiler\Uniblue

2008-04-08 12:24 --------- d-----w C:\Documents and Settings\Mette\Programdata\Uniblue

2008-04-07 14:28 --------- d-----w C:\Programfiler\SpeedFan

2008-04-07 12:32 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-04-07 12:32 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-03-29 19:29 --------- d-----w C:\Programfiler\Java

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-15 22:13 --------- d-----w C:\Documents and Settings\kristin\Programdata\Ahead

2008-03-15 22:07 --------- d-----w C:\Documents and Settings\kristin\Programdata\CyberLink

2008-03-11 21:39 --------- d-----w C:\Programfiler\Nokia

2008-03-11 21:39 --------- d-----w C:\Programfiler\Fellesfiler\PCSuite

2008-03-11 21:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Downloaded Installations

2008-03-11 19:01 --------- d-----w C:\Documents and Settings\kristin\Programdata\Uniblue

2008-03-10 21:00 --------- d-----w C:\Programfiler\Octoshape Streaming Services

2008-03-03 18:03 --------- d-----w C:\Documents and Settings\kristin\Programdata\PC Suite

2008-03-03 13:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\PC Suite

2008-03-03 13:45 --------- d-----w C:\Programfiler\DIFX

2008-03-01 19:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-03-01 19:20 --------- d-----w C:\Programfiler\VideoLAN

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-03-01 15:28 --------- d-----w C:\Programfiler\Google

2008-03-01 13:12 --------- d-----w C:\Programfiler\MSN Messenger

2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-28 20:21 --------- d-----w C:\Programfiler\Microsoft Works

2008-02-28 15:15 --------- d-----w C:\Programfiler\Microsoft.NET

2008-02-27 10:23 --------- d-----w C:\Documents and Settings\Mette\Programdata\InstallShield

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:39 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:39 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1E45498-D865-4E91-A579-D0AAD8D3B5A4}]

2007-01-08 05:17 155648 --a------ C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]

"Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 17:33 155648]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 21:00 344064]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"CaAvTray"="C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2007-10-16 19:46 230512]

"CAVRID"="C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-10-16 19:46 185456]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= ir41_32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-11-15 14:11 267048 C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Programfiler\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--a------ 2004-01-07 02:01 110592 C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--------- 2006-11-15 11:46 204288 C:\Programfiler\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe"

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=

"C:\\WINDOWS\\system32\\javaw.exe"=

"C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Programfiler\\utorrent\\utorrent.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\Programfiler\\SopCast\\SopCast.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\PPMate\\ppmate.exe"=

"C:\\Programfiler\\PPMate\\ppmnet.exe"=

"C:\\Programfiler\\TVAnts\\Tvants.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=

"C:\\Programfiler\\Real\\RealPlayer\\realplay.exe"=

"C:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\SopCast\\sopvod.exe"=

"C:\\Programfiler\\Cyanide\\Pro Cycling Manager 2007\\PCM.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15254:TCP"= 15254:TCP:BitComet 15254 TCP

"15254:UDP"= 15254:UDP:BitComet 15254 UDP

 

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 22:26]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{088b6a6a-5c66-11da-9e3a-806d6172696f}]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ebd9ff2-4bb8-11da-941f-0014a50d62dc}]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40ac9936-6a48-11da-9e51-0014a50d62dc}]

\Shell\AutoRun\command - F:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ba46e1-2510-11da-8f8e-806d6172696f}]

\shell\play\Command - "C:\Programfiler\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

 

.

Contents of the 'Scheduled Tasks' folder

"2008-04-07 12:21:42 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-04-07 12:07:17 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-21 15:42:37

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"CaAvTray"="\"C:\\Programfiler\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""

.

Completion time: 2008-04-21 15:45:27

ComboFix-quarantined-files.txt 2008-04-21 13:44:23

ComboFix2.txt 2008-04-21 12:31:35

ComboFix3.txt 2008-04-21 11:35:24

 

Pre-Run: 19,173,867,520 byte ledig

Post-Run: 19,151,949,824 byte ledig

 

215 --- E O F --- 2008-04-19 13:24:58

 

og så, etter en restart, Hijackthis

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:41:48, on 21.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\netdde.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\basfipm.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\Apoint\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Apoint\Apntex.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ws1.appswebservice.com/index.php?tp...01&ttid=104

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.140.160.26:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: InternetExplorer Class - {D1E45498-D865-4E91-A579-D0AAD8D3B5A4} - C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

--

End of file - 7294 bytes

Endret 21. april 2008 av Petterla

[snippsat]

Ja da ser det bra ut

 

Bruk pcen litt kjører den greit må du gjøre dette.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf Trygt.