[LØST] Antivirus programmet : ANTIVIRUSASKELADD!-VIRUS!

[norbat]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O21 - SSODL: tdomgafw - {E1D74D90-8788-46A1-935F-427291C6425F} - C:\WINDOWS\tdomgafw.dll (file missing)

O21 - SSODL: wetkadmr - {74FE2CB6-3D4B-4152-A404-520396DC163C} - C:\WINDOWS\wetkadmr.dll (file missing)

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

 

Restart PC-en

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\svorbmke.exe

C:\WINDOWS\knxsrgte.exe

 

Post loggen.

[snippsat]

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt.

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

File::

C:\WINDOWS\svorbmke.exe

C:\WINDOWS\knxsrgte.exe

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WhenUSave"=-

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"tdomgafw"=-

"wetkadmr"=-

 

Restart og ny hijackthis-logg.

Endret 6. mai 2008 av SNIPPSAT

[r2d290]

edit: glem det

Endret 6. mai 2008 av r2d290

[snippsat]

Ja det ble litt dobbelt,ta norbat sin.

Gjør det samme bare at jeg tar registeroppføringer med combofix.

[Kimelimm]

Ser ut til og greie seg nå ja, virus er noe crap! har du vært inne på litt p0rn0 eller ? Så på SaS loggen, kom ned MASSE porno sider xD jaja ikke noe negativt om det da Norbat og de er VELDIG hjelpsomme !

[Trulsz]

Har seriøst ikke vært på noen porno sider

 

Det eneste jeg kan tenke meg er en WoW addon som jeg nylig lastet ned....

[Trulsz]

Skal gjøre det som du har skrevet "norbat"... må bare få litt søvn:P....

Har masse skit som jeg egentlig skulle ha gjort, men i stedenfor har jeg sitti på www.diskusjon.no

 

Er så fryktelig glad for at folk er så hjelpsomme!

[r2d290]

har du vært inne på litt p0rn0 eller ? Så på SaS loggen, kom ned MASSE porno sider xD jaja ikke noe negativt om det da Norbat og de er VELDIG hjelpsomme !

 

synes ikke du skal utnytte loggene til snoking Porno-cookies uansett ting som ofte kommer inn på pc-en i forbindelse med virus.

[norbat]

Det er ikke så mye igjen nå

Kjør bare gjennom tidligere gitte veiledning, så skulle de infiserte filene være borte (se post nr. 21).

Loggen du skal poste er bare for å ta en dobbeltsjekk om alt er borte.

[Kimelimm]

har du vært inne på litt p0rn0 eller ? Så på SaS loggen, kom ned MASSE porno sider xD jaja ikke noe negativt om det da Norbat og de er VELDIG hjelpsomme !

 

synes ikke du skal utnytte loggene til snoking Porno-cookies uansett ting som ofte kommer inn på pc-en i forbindelse med virus.

Jeg bare så igjennom kjapt jo Jeg vet at det kommer inn med virus, men jeg kjeda meg sånn, så tenkte jeg kunne dra en spøk Beklager da

[Trulsz]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O21 - SSODL: tdomgafw - {E1D74D90-8788-46A1-935F-427291C6425F} - C:\WINDOWS\tdomgafw.dll (file missing)

O21 - SSODL: wetkadmr - {74FE2CB6-3D4B-4152-A404-520396DC163C} - C:\WINDOWS\wetkadmr.dll (file missing)

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

 

Restart PC-en

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\svorbmke.exe

C:\WINDOWS\knxsrgte.exe

 

Post loggen.

 

Beklager at jeg er litt sent ute, men her er loggen :

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-05-01.3 - Fredrik 2008-05-07 22:52:01.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1536 [GMT 2:00]

Running from: C:\Documents and Settings\Fredrik\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Fredrik\Desktop\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\knxsrgte.exe

C:\WINDOWS\svorbmke.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\knxsrgte.exe

C:\WINDOWS\svorbmke.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))

.

 

2008-05-06 20:07 . 2008-05-06 20:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-05-06 20:07 . 2008-05-06 20:07 <DIR> d-------- C:\Documents and Settings\Fredrik\Application Data\SUPERAntiSpyware.com

2008-05-06 20:07 . 2008-05-06 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-05-05 15:02 . 2008-05-05 22:22 <DIR> d-------- C:\Documents and Settings\Fredrik\Application Data\TmpRecentIcons

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-07 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-05-06 18:46 --------- d-----w C:\Program Files\DAEMON Tools

2008-05-06 18:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-05 13:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-25 20:20 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Azureus

2008-04-19 05:29 --------- d-----w C:\Program Files\World of Warcraft

2008-04-09 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-22 16:16 --------- d-----w C:\Program Files\MSBuild

2008-03-22 16:16 --------- d-----w C:\Program Files\Microsoft Works

2008-03-22 16:15 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-22 16:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-03-22 16:00 --------- d-----w C:\Program Files\Reference Assemblies

2008-03-22 15:59 --------- d-----w C:\Program Files\MSXML 6.0

2008-03-22 15:27 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\AdobeUM

2008-03-21 13:12 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Lavasoft

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys

2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys

2008-03-01 16:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll

2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe

2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll

2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll

2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll

2007-03-14 15:01 52,264 ----a-w C:\Documents and Settings\Fredrik\Application Data\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-05_20.47.45,45 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-05 15:52:44 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT

+ 2008-05-07 12:50:49 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Steam"="c:\valve\steam\steam.exe" [2008-03-28 08:30 1271032]

"ares"="C:\Program Files\Ares\Ares.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]

"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 13:23 135168]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]

"CTHelper"="CTHELPER.EXE" [2003-02-21 00:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]

"AsioReg"="REGSVR32.exe" [2004-08-04 07:00 11776 C:\WINDOWS\SYSTEM32\REGSVR32.EXE]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19 57344]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 04:10 409600]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2005-08-15 11:25:47 917611]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\Steam.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\magnu_3k\\counter-strike\\hl.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\warcraft\\war3.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\fredrikpet\\counter-strike\\hl.exe"=

"C:\\Program Files\\MultiHubSearch\\Multi-Hub-Search.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\fredrikpet\\condition zero\\hl.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enGB-downloader.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\WoW-1.8.3.4807-to-0.9.0-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enGB-downloader.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\Arathi_Basin_new_EG-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enGB-downloader.exe"=

"C:\\Valve\\Steam\\SteamApps\\aafk\\counter-strike\\hl.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enGB-downloader.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"=

"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-12-04 15:49]

R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2002-12-09 13:06]

R2 DiPort;Eicon Port Driver;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2004-01-20 12:27]

R2 IAANTMon;IAA Event Monitor;C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 13:22]

S3 BM;Novell Virtual Private Network Miniport;C:\WINDOWS\system32\DRIVERS\vptunnel.sys [2004-01-23 12:16]

S3 DiWan;Eicon Driver for all Diva Client cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2004-02-27 16:05]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]

S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2004-10-04 14:12]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-05-07 13:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-07 22:54:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"

.

Completion time: 2008-05-07 22:55:38

ComboFix-quarantined-files.txt 2008-05-07 20:55:32

ComboFix2.txt 2008-05-06 19:08:17

ComboFix3.txt 2008-05-06 13:28:25

ComboFix4.txt 2008-05-05 20:50:53

ComboFix5.txt 2008-05-05 19:02:28

 

Pre-Run: 162,333,671,424 bytes free

Post-Run: 162,554,830,848 bytes free

 

177 --- E O F --- 2008-04-12 16:45:39

[norbat]

Da ser dette fint ut.

Hvordan kjører PC-en?

[Trulsz]

PC-en virker helt fri og frank!

 

-venter 2 dager og ser om den fortsatt går fint.- Hvis den gjør det skal jeg sette [LØST]ved posten

 

Igjen. TAKK til ALLE som har svart

[Trulsz]

Da ser dette fint ut.

Hvordan kjører PC-en?

 

Jo, forresten. Helt siden jeg tok ComboFix første gang har jeg ikke Explorer oppe når jeg skrur på PC-en.

Det er lissom helt blankt bare - når jeg skrur den på.

Det er ikke noe problem egentlig siden jeg kan ta opp task manager å skrive Explorer i "new task", men jeg lurer på om det er noe man kan gjøre for å fikse det?

Endret 8. mai 2008 av Trulsz

[Kimelimm]

Hmm... Da kan det hende at det har gått noe galt mens combofix kjører? For Combofix kjører vel uten explorer.exe aktivert gjør dne ikke det da? Vel, vet ikke om dette går, men bare prøv: Gå til C:/Windows/ og finn explorer.exe. Dermed, åpne Start Menu, og finn "Oppstart". Kopier explorer.exe over i Oppstart mappen... Er det eneste jeg kan komme på nå, eller ta system restore, men Norbat og de kan nok mer om boot.ini filen enn meg

[norbat]

Du kan i kjør-feltet skrive sfc /scannow for å se om ikke noen systemfiler trengs å rettes opp.

[snippsat]

Se litt i registert viss scannow ikke virker kan ha blitt noe surr.

 

Start->kjør->regedit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion\Winlogon

Shell->explorer.exe(loader explorer.exe når win booter)

AutoRestartShell->1(starter expolere.exe igjen ved feil)

Endret 8. mai 2008 av SNIPPSAT

[*EPA*]

Yo, folkens! Jeg hadde også denne artige lille "Askeladd" -greia pluss en del andre idiotiske popups.. Jeg fulgte råd fra denne tråden og nå tror jeg det skal være greit

Men dere virker som en gjeng med peiling så for sikkerhetskyld poster jeg loggene mine her jeg også..

Kjørte både NOD32, SpySweeper og en del andre program først, men de fikk ikke fjerna det verste.. Så kjørte jeg SUPERAntiSpyware

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/16/2008 at 01:16 AM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3461

Trace Rules Database Version: 1452

 

Scan type : Complete Scan

Total Scan Time : 01:05:59

 

Memory items scanned : 540

Memory threats detected : 2

Registry items scanned : 7095

Registry threats detected : 14

File items scanned : 25334

File threats detected : 20

 

Adware.Vundo Variant/Resident

C:\WINDOWS\SYSTEM32\CBXOMNGG.DLL

C:\WINDOWS\SYSTEM32\CBXOMNGG.DLL

 

Trojan.Downloader-NewJuan/VM

C:\WINDOWS\SYSTEM32\ROSMGFKM.DLL

C:\WINDOWS\SYSTEM32\ROSMGFKM.DLL

 

Trojan.Media-Codec/V4

HKLM\Software\Classes\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}

HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}

HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}

HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}\Implemented Categories

HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}\InprocServer32

HKCR\CLSID\{F2BADA0D-FD61-45EF-A994-64A073FD6613}\InprocServer32#ThreadingModel

C:\PROGRAMFILER\ONLINE ADD-ON\ICTMDL.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{F2BADA0D-FD61-45EF-A994-64A073FD6613}

 

Trojan.Vundo-Variant/Small

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E8DBEC7-7ACE-47F6-89F8-755981DF51ED}

HKCR\CLSID\{5E8DBEC7-7ACE-47F6-89F8-755981DF51ED}

HKCR\CLSID\{5E8DBEC7-7ACE-47F6-89F8-755981DF51ED}\InprocServer32

HKCR\CLSID\{5E8DBEC7-7ACE-47F6-89F8-755981DF51ED}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\DDCCVNLJ.DLL

C:\WINDOWS\SYSTEM32\IIFDTQKC.DLL

C:\WINDOWS\SYSTEM32\QOMCDATU.DLL

 

Adware.Vundo Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E707216F-6AFF-4BD4-962D-EC5CDBA812A1}

 

Adware.Tracking Cookie

C:\Documents and Settings\Hei\Cookies\hei@tradedoubler[1].txt

C:\Documents and Settings\Hei\Cookies\[email protected][2].txt

C:\Documents and Settings\Hei\Cookies\[email protected][1].txt

C:\Documents and Settings\Hei\Cookies\[email protected][2].txt

C:\Documents and Settings\Hei\Cookies\[email protected][1].txt

C:\Documents and Settings\Hei\Cookies\[email protected][2].txt

C:\Documents and Settings\Hei\Cookies\hei@adnetserver[1].txt

C:\Documents and Settings\Hei\Cookies\hei@atdmt[2].txt

C:\Documents and Settings\Hei\Cookies\hei@adtech[1].txt

C:\Documents and Settings\Hei\Cookies\hei@mediaonenetwork[1].txt

C:\Documents and Settings\Hei\Cookies\hei@directtrack[1].txt

C:\Documents and Settings\Hei\Cookies\[email protected][1].txt

 

Trojan.Error Safe Free

HKLM\Software\Error Safe Free

 

Trojan.Vundo-Variant/F

C:\WINDOWS\SYSTEM32\CBXRHWXX.DLL

C:\WINDOWS\SYSTEM32\MLJCRLLL.DLL

 

Deretter ComboFix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-05-15.2 - Hei 2008-05-16 1:37:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.217 [GMT 2:00]

Running from: C:\Documents and Settings\Hei\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\ggNmoXbc.ini

C:\WINDOWS\system32\ggNmoXbc.ini2

C:\WINDOWS\system32\knitqcaw.ini

C:\WINDOWS\system32\rlqwyqdl.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))

.

 

2008-05-15 23:54 . 2008-05-15 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-15 23:53 . 2008-05-16 00:09 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-15 23:53 . 2008-05-15 23:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-15 23:53 . 2008-05-15 23:53 <DIR> d-------- C:\Documents and Settings\Hei\Programdata\SUPERAntiSpyware.com

2008-05-15 23:47 . 2008-05-15 23:45 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-05-15 23:45 . 2008-05-16 00:03 <DIR> d-------- C:\Documents and Settings\Hei\.housecall6.6

2008-05-15 23:43 . 2008-05-15 23:43 <DIR> d-------- C:\Programfiler\Trend Micro

2008-05-15 20:26 . 2008-05-15 20:30 <DIR> d-------- C:\Programfiler\Browser Hijack Recover

2008-05-15 20:26 . 2008-05-15 20:26 0 --a------ C:\WINDOWS\system32\8104297.jun

2008-05-15 17:27 . 2008-05-15 17:27 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Webroot

2008-05-15 15:58 . 2008-05-15 15:58 <DIR> d-------- C:\!KillBox

2008-05-15 12:17 . 2008-05-15 12:17 <DIR> d-------- C:\Programfiler\Winamp

2008-05-15 12:09 . 2008-05-15 12:10 <DIR> d-------- C:\Programfiler\iPod

2008-05-15 11:44 . 2008-05-15 11:44 115,200 --a------ C:\WINDOWS\system32\wacqtink.dll

2008-05-15 11:41 . 2008-05-15 11:41 125,440 --a------ C:\WINDOWS\system32\kabreeug.dll

2008-05-15 11:41 . 2008-05-15 21:32 109,885 --a------ C:\WINDOWS\BM03786c19.xml

2008-05-15 01:04 . 2008-05-15 01:04 <DIR> d-------- C:\Programfiler\Advanced System Optimizer

2008-05-14 05:19 . 2008-05-14 05:19 1,122,304 ---h----- C:\WINDOWS\system32\wodfamop.dll

2008-05-14 05:18 . 2008-05-14 05:18 <DIR> d-------- C:\Programfiler\Abrosoft

2008-05-13 20:46 . 2008-05-13 20:46 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-05-13 20:46 . 2008-05-13 20:46 <DIR> d-------- C:\Programfiler\microsoft frontpage

2008-05-13 19:01 . 2008-05-13 19:01 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-13 19:01 . 2008-05-13 19:01 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-13 19:01 . 2008-05-13 19:01 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-13 18:55 . 2008-05-13 19:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-13 17:44 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

2008-05-09 13:36 . 2008-05-15 20:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-09 13:36 . 2008-05-15 12:10 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-08 18:21 . 2008-05-08 18:21 <DIR> d-------- C:\Documents and Settings\Hei\Programdata\Creative

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-15 23:31 --------- d-----w C:\Programfiler\Mozilla Firefox 3 Beta 3

2008-05-15 10:24 --------- d-----w C:\Programfiler\Creative

2008-05-15 10:17 --------- d-----w C:\Programfiler\Last.fm

2008-05-15 10:08 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-05-15 09:43 --------- d-----w C:\Documents and Settings\Hei\Programdata\uTorrent

2008-05-14 22:48 --------- d-----w C:\Programfiler\Windows Live

2008-05-14 22:46 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-14 22:15 --------- d-----w C:\Programfiler\Sony Ericsson

2008-05-14 22:11 --------- d-----w C:\Programfiler\mIRC

2008-05-14 19:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-05-12 11:49 --------- d-----w C:\Documents and Settings\Hei\Programdata\LimeWire

2008-05-09 23:30 --------- d-----w C:\Programfiler\Opera

2008-04-19 15:16 --------- d-----w C:\Programfiler\Apple Software Update

2008-04-14 16:23 69,120 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 16:23 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 16:23 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 16:23 283,648 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 16:23 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 16:23 147,456 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 16:23 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 16:23 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 16:22 50,688 ----a-w C:\WINDOWS\twain_32.dll

2008-04-14 16:22 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll

2008-04-14 16:22 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll

2008-04-14 16:22 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 16:22 1,033,728 ----a-w C:\WINDOWS\explorer.exe

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5f6460be-7022-4664-9c8f-acd8e83c0133}]

C:\WINDOWS\system32\rosmgfkm.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2008-03-18 20:01 3739672]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072]

"NodLogin"="C:\Programfiler\ESET\ESET NOD32 Antivirus\nodlogin.exe" [ ]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"SpySweeper"="C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 21:56 5367664]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^D-Link AirPlus G+ Wireless Adapter Utility.lnk]

backup=C:\WINDOWS\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Arthur^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUsbAudio]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 18:22 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2008-02-14 01:09 486856 C:\Programfiler\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2006-11-09 16:07 49263 C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]

c:\programfiler\zango\zango.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=2 (0x2)

"usnjsvc"=3 (0x3)

"NVCScheduler"=3 (0x3)

"Norman ZANDA"=2 (0x2)

"Norman NJeeves"=3 (0x3)

"MDM"=2 (0x2)

"iPod Service"=3 (0x3)

"IDriverT"=3 (0x3)

"Creative Service for CDROM Access"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Adobe LM Service"=3 (0x3)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Last.fm\\LastFM.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Programfiler\\Hamachi\\hamachi.exe"=

"C:\\Programfiler\\Warcraft III\\Frozen Throne.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\Thomson Speedtouch\\ST510v4_R4.3.2.6 upgrade wizard\\UpgradeWizard\\upgradeST.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Programfiler\\Mozilla Firefox 3 Beta 3\\firefox.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6666:TCP"= 6666:TCP:mirc

"33333:TCP"= 33333:TCP:azureus

"33333:UDP"= 33333:UDP:Azureus

"57034:UDP"= 57034:UDP:uTorrent

"57034:TCP"= 57034:TCP:utorrenta

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11]

R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-20 19:09]

R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 17:59]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"F:\Roxio Easy Media Creator 10\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 16:53]

S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 16:52]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 16:52]

S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Hei\LOKALE~1\Temp\DX9\SessionLauncher.exe []

S3 cmuda2;C-Media USB Audio Interface;C:\WINDOWS\system32\drivers\cmuda2.sys []

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 09:03]

S3 DL2X;D-Link Gigabit (DL2X) Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\dl2xd50.sys [2002-10-28 14:00]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-01 01:36]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"F:\Roxio Easy Media Creator 10\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 16:53]

S3 RoxMediaDB10;RoxMediaDB10;"C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 16:52]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-05-15 21:45:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-05-09 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Programfiler\Norton Security Scan\Nss.exe

"2008-05-15 21:42:01 C:\WINDOWS\Tasks\wrSpySweeper_LC4992035F4F84E8DBB10A5FF508E2312.job"

- C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_LC4992035F4F84E8DBB10A5FF508E2312

- C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.ex

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 01:45:02

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\scardsvr.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

C:\Programfiler\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

.

**************************************************************************

.

Completion time: 2008-05-16 2:01:34 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-16 00:01:15

 

Pre-Run: 5,175,324,672 byte ledig

Post-Run: 5,194,825,728 byte ledig

 

306 --- E O F --- 2008-05-15 23:29:38

 

Så til slutt HJT

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:13:47, on 16.05.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Mozilla Firefox 3 Beta 3\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: {3310c38e-8dca-f8c9-4664-2207eb0646f5} - {5f6460be-7022-4664-9c8f-acd8e83c0133} - C:\WINDOWS\system32\rosmgfkm.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NodLogin] "C:\Programfiler\ESET\ESET NOD32 Antivirus\nodlogin.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [spySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152644859703

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C23BF58E-6F88-4E86-9BAD-011EB53870C4}: NameServer = 130.67.60.68,193.213.112.4

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - F:\Roxio Easy Media Creator 10\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - F:\Roxio Easy Media Creator 10\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Hei\LOKALE~1\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

 

--

End of file - 9339 bytes

 

Håper virkelig jeg nå er kvitt all denne dritten! Et av "malvarene" deaktiverte forresten M$ Update..

Om noen gidder å se gjennom alt dette: på forhånd takk!!

[snippsat]

Husk lag en egen post neste gang.

Du poster nå i en tråd hvor det står løst.

 

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt.

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

File::

C:\WINDOWS\system32\wacqtink.dll

C:\WINDOWS\system32\kabreeug.dll

C:\WINDOWS\BM03786c19.xml

C:\WINDOWS\system32\wodfamop.dll

C:\WINDOWS\Tasks\Norton Security Scan.job

C:\Programfiler\Norton Security Scan\Nss.exe

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5f6460be-7022-4664-9c8f-acd8e83c0133}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

 

Si litt om pcen kjører greit.

[*EPA*]

Huff, ja jeg la merke til dette akkurat idet jeg postet

Uansett, takk for hjelpen! Kanskje tråden forblir løst nå..?

Her er min ComboFix-logg

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-05-15.2 - Hei 2008-05-16 10:42:59.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.263 [GMT 2:00]

Running from: C:\Documents and Settings\Hei\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Hei\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Programfiler\Norton Security Scan\Nss.exe

C:\WINDOWS\BM03786c19.xml

C:\WINDOWS\system32\kabreeug.dll

C:\WINDOWS\system32\wacqtink.dll

C:\WINDOWS\system32\wodfamop.dll

C:\WINDOWS\Tasks\Norton Security Scan.job

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\BM03786c19.xml

C:\WINDOWS\system32\kabreeug.dll

C:\WINDOWS\system32\wacqtink.dll

C:\WINDOWS\system32\wodfamop.dll

C:\WINDOWS\Tasks\Norton Security Scan.job

 

.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))

.

 

2008-05-16 04:12 . 2008-05-16 04:12 <DIR> d-------- C:\Programfiler\VS Revo Group

2008-05-16 02:52 . 2008-05-16 02:54 <DIR> d--h-c--- C:\WINDOWS\ie8

2008-05-15 23:54 . 2008-05-15 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-15 23:53 . 2008-05-16 00:09 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-15 23:53 . 2008-05-15 23:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-15 23:53 . 2008-05-15 23:53 <DIR> d-------- C:\Documents and Settings\Hei\Programdata\SUPERAntiSpyware.com

2008-05-15 23:47 . 2008-05-15 23:45 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-05-15 23:45 . 2008-05-16 00:03 <DIR> d-------- C:\Documents and Settings\Hei\.housecall6.6

2008-05-15 23:43 . 2008-05-15 23:43 <DIR> d-------- C:\Programfiler\Trend Micro

2008-05-15 20:26 . 2008-05-16 02:44 <DIR> d-------- C:\Programfiler\Browser Hijack Recover

2008-05-15 20:26 . 2008-05-15 20:26 0 --a------ C:\WINDOWS\system32\8104297.jun

2008-05-15 15:58 . 2008-05-15 15:58 <DIR> d-------- C:\!KillBox

2008-05-15 12:17 . 2008-05-15 12:17 <DIR> d-------- C:\Programfiler\Winamp

2008-05-15 12:09 . 2008-05-15 12:10 <DIR> d-------- C:\Programfiler\iPod

2008-05-15 01:04 . 2008-05-15 01:04 <DIR> d-------- C:\Programfiler\Advanced System Optimizer

2008-05-14 05:18 . 2008-05-14 05:18 <DIR> d-------- C:\Programfiler\Abrosoft

2008-05-13 20:46 . 2008-05-13 20:46 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-05-13 20:46 . 2008-05-13 20:46 <DIR> d-------- C:\Programfiler\microsoft frontpage

2008-05-13 19:01 . 2008-05-13 19:01 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-13 19:01 . 2008-05-13 19:01 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-13 19:01 . 2008-05-13 19:01 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-13 18:55 . 2008-05-13 19:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-13 17:44 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

2008-05-09 13:36 . 2008-05-15 20:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-09 13:36 . 2008-05-15 12:10 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-08 18:21 . 2008-05-08 18:21 <DIR> d-------- C:\Documents and Settings\Hei\Programdata\Creative

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-16 08:28 --------- d-----w C:\Programfiler\Mozilla Firefox 3 Beta 3

2008-05-16 08:27 --------- d-----w C:\Documents and Settings\Hei\Programdata\uTorrent

2008-05-16 01:24 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-05-16 01:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-05-16 00:59 --------- d-----w C:\Programfiler\Windows Live

2008-05-15 10:24 --------- d-----w C:\Programfiler\Creative

2008-05-15 10:17 --------- d-----w C:\Programfiler\Last.fm

2008-05-15 10:08 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-05-14 22:46 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-14 22:15 --------- d-----w C:\Programfiler\Sony Ericsson

2008-05-14 22:11 --------- d-----w C:\Programfiler\mIRC

2008-05-14 19:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-05-12 11:49 --------- d-----w C:\Documents and Settings\Hei\Programdata\LimeWire

2008-05-09 23:30 --------- d-----w C:\Programfiler\Opera

2008-04-19 15:16 --------- d-----w C:\Programfiler\Apple Software Update

2008-04-14 16:23 69,120 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 16:23 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 16:23 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 16:23 283,648 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 16:23 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 16:23 147,456 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 16:23 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 16:23 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 16:22 50,688 ----a-w C:\WINDOWS\twain_32.dll

2008-04-14 16:22 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll

2008-04-14 16:22 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll

2008-04-14 16:22 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 16:22 1,033,728 ----a-w C:\WINDOWS\explorer.exe

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072]

"NodLogin"="C:\Programfiler\ESET\ESET NOD32 Antivirus\nodlogin.exe" [ ]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^D-Link AirPlus G+ Wireless Adapter Utility.lnk]

backup=C:\WINDOWS\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Arthur^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUsbAudio]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 18:22 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2008-02-14 01:09 486856 C:\Programfiler\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-03-01 16:22 577536 C:\WINDOWS\soundman.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2006-11-09 16:07 49263 C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=2 (0x2)

"usnjsvc"=3 (0x3)

"NVCScheduler"=3 (0x3)

"Norman ZANDA"=2 (0x2)

"Norman NJeeves"=3 (0x3)

"MDM"=2 (0x2)

"iPod Service"=3 (0x3)

"IDriverT"=3 (0x3)

"Creative Service for CDROM Access"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Adobe LM Service"=3 (0x3)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Last.fm\\LastFM.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Programfiler\\Hamachi\\hamachi.exe"=

"C:\\Programfiler\\Warcraft III\\Frozen Throne.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\Thomson Speedtouch\\ST510v4_R4.3.2.6 upgrade wizard\\UpgradeWizard\\upgradeST.exe"=

"C:\\Programfiler\\Mozilla Firefox 3 Beta 3\\firefox.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6666:TCP"= 6666:TCP:mirc

"33333:TCP"= 33333:TCP:azureus

"33333:UDP"= 33333:UDP:Azureus

"57034:UDP"= 57034:UDP:uTorrent

"57034:TCP"= 57034:TCP:utorrenta

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11]

R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-20 19:09]

R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 17:59]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"F:\Roxio Easy Media Creator 10\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 16:53]

S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 16:52]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 16:52]

S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Hei\LOKALE~1\Temp\DX9\SessionLauncher.exe []

S3 cmuda2;C-Media USB Audio Interface;C:\WINDOWS\system32\drivers\cmuda2.sys []

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 09:03]

S3 DL2X;D-Link Gigabit (DL2X) Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\dl2xd50.sys [2002-10-28 14:00]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-01 01:36]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"F:\Roxio Easy Media Creator 10\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 16:53]

S3 RoxMediaDB10;RoxMediaDB10;"C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 16:52]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-05-15 21:45:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 10:55:06

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\scardsvr.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Programfiler\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\ati2evxx.exe

.

**************************************************************************

.

Completion time: 2008-05-16 11:10:36 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-16 09:10:19

ComboFix2.txt 2008-05-16 00:01:35

 

Pre-Run: 5,164,666,880 byte ledig

Post-Run: 5,120,106,496 byte ledig

 

299 --- E O F --- 2008-05-15 23:29:38

Kjørte CCleaner som du sa, men vet ikke om noen logg for den...den fant iallefall en del feil i reggae'n..