Argusblikk Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 (endret) Hei. Har hatt store problemer med vundo/virtumonde, og diverse ad-ware, i det siste, men har gjort mitt ypperste for å bli kvitt skiten. Har en HiJackThis-logg, om det hjelper? Noen som kan tyde den? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:22:44, on 05.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\vsnp2uvc.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Elantech\ktp.exe C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe C:\Program Files\Compal\Wireless Select Switch\WLSS.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\Krusty.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: {2b9bb2a9-9333-6e39-bc04-2e7f40574058} - {85047504-f7e2-40cb-93e6-33399a2bb9b2} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [sMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [5464a52d] rundll32.exe "C:\WINDOWS\system32\cjdinsip.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8833 bytes Edit: Oh noes! Er dette vundo? :S (har kamuflert seg med idiotiske filnavn før...): O4 - HKLM\..\Run: [5464a52d] rundll32.exe "C:\WINDOWS\system32\cjdinsip.dll",b Endret 5. juli 2008 av mks1001 Lenke til kommentar
snippsat Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Argusblikk Skrevet 5. juli 2008 Forfatter Del Skrevet 5. juli 2008 (endret) Here goes!: ComboFix 08-07-04.2 - Michaels 2008-07-05 2:40:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2484 [GMT 2:00] Running from: C:\Documents and Settings\Michaels\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\bsxehbbm.dll C:\WINDOWS\system32\cjdinsip.dll C:\WINDOWS\system32\cyacgbvy.dll C:\WINDOWS\system32\dxnhqqqb.ini C:\WINDOWS\system32\IPVEdfii.ini C:\WINDOWS\system32\IPVEdfii.ini2 C:\WINDOWS\system32\jgitohpc.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\pwzauu.dll C:\WINDOWS\system32\trvutshu.ini C:\WINDOWS\system32\yucxrkys.dll . ((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))) . 2008-07-05 02:34 . 2008-07-05 02:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-05 02:34 . 2008-07-05 02:34 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Malwarebytes 2008-07-05 02:34 . 2008-07-05 02:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-05 02:34 . 2008-06-28 14:21 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-05 02:34 . 2008-06-28 14:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-04 13:23 . 2008-07-05 02:19 <DIR> d-------- C:\Program Files\Orbitdownloader 2008-07-04 13:23 . 2008-07-04 13:35 <DIR> d-------- C:\downloads 2008-07-04 13:23 . 2008-07-05 02:43 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Orbit 2008-07-04 13:23 . 2008-07-04 13:23 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\GrabPro 2008-07-04 02:44 . 2008-07-04 02:44 138 --a------ C:\WINDOWS\wininit.ini 2008-07-04 01:45 . 2008-07-04 01:45 <DIR> d-------- C:\VundoFix Backups 2008-07-04 01:33 . 2008-07-04 01:33 <DIR> d-------- C:\Documents and Settings\Administrator 2008-07-04 01:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-07-04 01:28 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-07-04 01:28 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-07-04 01:28 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-07-04 01:28 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-07-04 01:28 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-07-04 01:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-07-04 01:28 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-04 01:28 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-04 01:28 . 2008-07-04 01:35 3,386 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-04 00:39 . 2008-07-04 00:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-04 00:39 . 2008-07-04 01:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-04 00:34 . 2008-07-04 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-04 00:33 . 2008-07-04 00:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-07-04 00:33 . 2008-07-04 00:33 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\SUPERAntiSpyware.com 2008-07-04 00:31 . 2008-07-04 00:31 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-03 14:33 . 2008-07-04 00:37 <DIR> d-------- C:\Documents and Settings\Michaels\.housecall6.6 2008-07-01 23:34 . 2008-07-05 01:04 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-07-01 15:17 . 2008-04-14 05:42 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-07-01 15:17 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-01 15:17 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-01 15:17 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-06-30 08:48 . 2008-06-30 08:48 <DIR> d-------- C:\Program Files\Lavasoft 2008-06-30 08:48 . 2008-06-30 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-30 08:47 . 2008-07-04 00:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-28 01:14 . 2008-06-28 01:14 <DIR> d---s---- C:\Documents and Settings\Michaels\UserData 2008-06-28 01:07 . 2008-06-28 01:10 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\albumart 2008-06-28 01:06 . 2008-06-28 01:06 <DIR> d-------- C:\Program Files\DivX 2008-06-27 19:52 . 2008-06-27 19:52 <DIR> d-------- C:\Program Files\QuickTime 2008-06-27 19:52 . 2008-06-27 19:52 <DIR> d-------- C:\Program Files\iTunes 2008-06-27 19:52 . 2008-06-27 19:52 <DIR> d-------- C:\Program Files\iPod 2008-06-27 19:51 . 2008-06-27 19:51 <DIR> d-------- C:\Program Files\Apple Software Update 2008-06-27 19:46 . 2008-06-30 14:16 <DIR> d-------- C:\Documents and Settings\Michaels\Shared 2008-06-27 19:46 . 2008-07-01 22:27 <DIR> d-------- C:\Documents and Settings\Michaels\Incomplete 2008-06-27 18:46 . 2008-06-27 18:46 <DIR> d-------- C:\Program Files\Bonjour 2008-06-27 18:46 . 2008-06-27 18:46 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Apple Computer 2008-06-27 18:45 . 2008-06-27 18:45 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-06-27 18:45 . 2008-06-27 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-27 18:45 . 2008-06-27 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-27 17:39 . 2008-06-27 18:50 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\DiskAid 2008-06-27 16:58 . 2008-06-27 16:58 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Nokia Multimedia Player 2008-06-27 16:46 . 2008-06-27 16:49 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\PC Suite 2008-06-27 16:46 . 2008-06-27 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-06-27 16:45 . 2008-06-27 16:45 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-06-27 16:45 . 2008-06-27 16:45 <DIR> d-------- C:\Program Files\Nokia 2008-06-27 16:45 . 2008-06-27 16:45 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-06-27 16:45 . 2008-06-27 16:45 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-06-27 16:45 . 2008-06-27 16:47 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Nokia 2008-06-27 16:45 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-06-27 16:45 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-06-27 16:44 . 2008-06-27 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-06-25 19:23 . 2008-06-25 19:23 638 --a------ C:\WINDOWS\CDPlayer.ini 2008-06-24 23:58 . 2008-06-24 23:58 <DIR> d-------- C:\Program Files\Real 2008-06-24 23:54 . 2008-06-24 23:54 <DIR> d-------- C:\Program Files\Hotspot Shield 2008-06-24 21:34 . 2008-06-24 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MediaMonkey 2008-06-24 17:49 . 2008-06-27 19:50 <DIR> d-------- C:\Program Files\MediaMonkey 2008-06-20 20:58 . 2008-06-20 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-06-19 20:30 . 2007-11-29 12:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2008-06-19 20:30 . 2007-12-24 13:47 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-06-19 20:30 . 2007-12-03 16:34 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm 2008-06-19 20:30 . 2007-11-29 12:52 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-06-19 20:25 . 2008-06-19 20:30 <DIR> d-------- C:\Program Files\ffdshow 2008-06-19 20:22 . 2008-04-14 00:16 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys 2008-06-19 20:22 . 2008-04-14 00:16 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys 2008-06-19 20:22 . 2008-04-14 00:16 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2008-06-19 20:22 . 2008-04-14 00:16 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys 2008-06-19 20:22 . 2008-04-14 00:16 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2008-06-19 20:22 . 2008-04-14 00:16 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys 2008-06-19 20:22 . 2008-04-14 00:16 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys 2008-06-19 20:22 . 2008-04-14 00:16 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys 2008-06-19 19:38 . 2008-06-19 19:40 <DIR> d-------- C:\Program Files\Rivatuner 2008-06-19 18:13 . 2008-06-19 18:13 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-06-19 18:08 . 2008-06-19 18:08 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-06-19 18:06 . 2008-06-19 18:06 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\DAEMON Tools 2008-06-19 18:06 . 2008-06-19 18:06 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-06-15 19:39 . 2008-06-15 19:39 <DIR> d-------- C:\WINDOWS\Sun 2008-06-15 19:39 . 2008-06-15 19:40 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-06-15 19:39 . 2008-06-15 19:39 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\SystemRequirementsLab 2008-06-15 19:00 . 2008-06-15 19:00 <DIR> d-------- C:\WINDOWS\Logs 2008-06-15 18:11 . 2008-06-15 18:27 <DIR> d-------- C:\BMW M3 Challenge 2008-06-15 15:49 . 2008-06-15 15:49 0 -ra------ C:\logwmemory.bin 2008-06-15 15:46 . 2008-06-15 15:58 <DIR> d-------- C:\Program Files\Soldat 2008-06-15 07:51 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-15 07:50 . 2008-06-15 07:51 <DIR> d-------- C:\Program Files\Java 2008-06-15 07:50 . 2008-06-15 07:50 <DIR> d-------- C:\Program Files\Common Files\Java 2008-06-15 07:43 . 2008-06-15 07:43 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-06-14 20:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-14 20:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-14 20:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-14 14:48 . 2008-06-14 14:48 <DIR> d-------- C:\Program Files\Midway Home Entertainment 2008-06-14 14:41 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-06-14 14:41 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-06-14 14:41 . 2008-06-14 14:41 0 --ah----- C:\WINDOWS\SwSys2.bmp 2008-06-14 14:41 . 2008-06-14 14:41 0 --ah----- C:\WINDOWS\SwSys1.bmp 2008-06-14 14:30 . 2008-06-19 15:24 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\vlc 2008-06-14 13:49 . 2008-06-14 13:49 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-06-14 13:48 . 2008-06-14 13:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-06-14 13:48 . 2008-06-27 16:48 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-06-14 13:42 . 2008-06-14 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-06-14 11:53 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 11:53 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-14 11:52 . 2008-06-21 14:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-06-14 00:57 . 2008-06-14 00:57 268 --ah----- C:\sqmdata00.sqm 2008-06-14 00:57 . 2008-06-14 00:57 244 --ah----- C:\sqmnoopt00.sqm 2008-06-14 00:43 . 2008-06-14 00:43 <DIR> d-------- C:\Program Files\Alwil Software 2008-06-14 00:43 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-06-14 00:43 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-06-14 00:43 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2008-06-14 00:38 . 2008-06-14 22:35 <DIR> d-------- C:\Documents and Settings\Michaels\Contacts 2008-06-14 00:35 . 2008-06-14 00:39 <DIR> d-------- C:\Program Files\Windows Live 2008-06-14 00:35 . 2008-06-14 00:36 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-14 00:34 . 2008-06-14 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-14 00:31 . 2008-07-03 10:17 <DIR> d-------- C:\Program Files\Unlocker . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-27 14:45 --------- d-----w C:\Program Files\DIFX 2008-06-19 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-15 17:01 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-06-13 19:58 --------- d-----w C:\Program Files\Compal 2008-06-13 19:55 --------- d-----w C:\Program Files\Elantech 2008-06-13 19:54 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-06-13 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\XP32 2008-06-13 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vista64 2008-06-13 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vista32 2008-06-13 19:53 --------- d-----w C:\Program Files\Motorola 2008-06-13 19:53 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-13 19:51 --------- d-----w C:\Program Files\Broadcom 2008-06-13 19:44 --------- d-----w C:\Program Files\Intel 2008-06-13 19:43 --------- d-----w C:\Program Files\WIDCOMM 2008-06-13 19:39 --------- d-----w C:\Program Files\Common Files\snp2uvc 2008-06-13 19:39 --------- d-----w C:\Documents and Settings\Michaels\Application Data\InstallShield 2008-06-13 19:36 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-06-13 19:36 --------- d-----w C:\Program Files\Realtek 2008-06-13 19:27 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-13 19:11 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-06-13 19:11 1,614,848 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2008-06-13 15:31 684,032 ----a-w C:\WINDOWS\system32\NETw4c32.dll 2008-06-13 15:31 2,772,992 ----a-w C:\WINDOWS\system32\NETw4r32.dll 2008-06-13 15:31 2,530,176 ----a-w C:\WINDOWS\system32\drivers\NETw4x32.sys 2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll 2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll 2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll 2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll 2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll 2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll 2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-14 05:42 74,752 ----a-w C:\WINDOWS\system32\storprop.dll 2008-04-14 05:42 53,760 ----a-w C:\WINDOWS\system32\vfwwdm32.dll 2008-04-14 05:42 29,184 ----a-w C:\WINDOWS\system32\sdhcinst.dll 2008-04-14 05:41 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll 2008-04-14 05:41 30,208 ----a-w C:\WINDOWS\system32\bthserv.dll 2008-04-14 05:41 20,992 ----a-w C:\WINDOWS\system32\bthci.dll 2008-04-14 05:40 1,296,669 ----a-r C:\WINDOWS\SET3.tmp 2008-04-14 05:34 16,535 ----a-r C:\WINDOWS\SET8.tmp 2008-04-14 05:34 1,088,840 ----a-r C:\WINDOWS\SET4.tmp 2008-04-14 03:55 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin 2008-04-14 03:51 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll 2008-04-14 03:51 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll 2008-04-14 03:51 483,840 ----a-w C:\WINDOWS\system32\wzcsvc.dll 2008-04-14 03:51 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll 2008-04-14 03:51 47,104 ----a-w C:\WINDOWS\system32\cnbjmon.dll 2008-04-14 03:51 35,328 ----a-w C:\WINDOWS\system32\pid.dll 2008-04-14 03:51 20,992 ----a-w C:\WINDOWS\system32\hid.dll 2008-04-14 03:51 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 03:51 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll 2008-04-14 03:51 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll 2008-04-14 03:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 03:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 03:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 03:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll 2008-04-14 03:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 03:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 03:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 03:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 03:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 03:40 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 23:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 22:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe 2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 21:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll 2008-04-13 21:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 21:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 21:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 21:08 306,176 ----a-w C:\WINDOWS\system32\slbcsp.dll 2008-04-13 21:08 169,984 ----a-w C:\WINDOWS\system32\sccbase.dll 2008-04-13 21:08 101,888 ----a-w C:\WINDOWS\system32\gpkcsp.dll 2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 20:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-13 20:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dLL 2008-04-13 20:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll 2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 20:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-13 20:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-13 20:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-13 20:24 68,768 ----a-w C:\WINDOWS\system32\mmsystem.dll 2008-04-13 20:24 53,840 ----a-w C:\WINDOWS\system32\dosx.exe 2008-04-13 20:24 5,120 ----a-w C:\WINDOWS\system32\winnls.dll 2008-04-13 20:23 92,224 ----a-w C:\WINDOWS\system32\krnl386.exe 2008-04-13 20:22 3,338 ----a-w C:\WINDOWS\system32\redir.exe 2008-04-13 20:20 42,537 ----a-w C:\WINDOWS\system32\keyboard.sys 2008-04-13 20:19 35,648 ----a-w C:\WINDOWS\system32\ntio411.sys 2008-04-13 20:19 35,424 ----a-w C:\WINDOWS\system32\ntio412.sys 2008-04-13 20:19 34,560 ----a-w C:\WINDOWS\system32\ntio804.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 11:48 569344] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880] "SMBTray"="C:\Program Files\Compal\Smart Battery\SMBTray.exe" [2007-06-04 17:22 521776] "KTPWare"="C:\Program Files\Elantech\ktp.exe" [2007-02-13 13:11 647168] "Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 17:51 951856] "WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 18:55 190000] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 19:51 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 19:51 81920] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner\RivaTuner.exe" [2008-04-28 20:25 2707456] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048] "RTHDCPL"="RTHDCPL.EXE" [2007-06-12 23:49 16377344 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-11-11 19:51 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/11/2006 4:35:34 PM 561213] Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [7/4/2008 1:23:20 PM 1690824] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Watch Dog] -C:\Program Files\Compal Electronics [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R3 CamFilter;CamFilter;C:\WINDOWS\system32\Drivers\CamFilter.sys [2007-05-11 15:56] R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-17 18:55] R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25] . - - - - ORPHANS REMOVED - - - - BHO-{85047504-f7e2-40cb-93e6-33399a2bb9b2} - (no file) WebBrowser-{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file) ShellExecuteHooks-{EB173FB4-E20A-43B4-8BC0-20D3A4CA48E5} - (no file) Notify-WgaLogon - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 02:43:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe . ************************************************************************** . Completion time: 2008-07-05 2:45:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-05 00:45:05 Pre-Run: 20,741,591,040 bytes free Post-Run: 20,678,520,832 bytes free 363 --- E O F --- 2008-06-21 12:01:13 Edit: Foretok et søk med MBAM (så du anbefalte det i en annen tråd..), og i følge det programmet er jeg REN! Er det sant? Malwarebytes' Anti-Malware 1.19 Database versjon: 922 Windows 5.1.2600 Service Pack 3 03:06:22 05.07.2008 mbam-log-7-5-2008 (03-06-22).txt Skanntype: Rask Skann Objekter skannet: 41724 Tid tilbakelagt: 2 minute(s), 38 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Endret 5. juli 2008 av mks1001 Lenke til kommentar
snippsat Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 (endret) Status. Combofix slettet 11 filer. Loggen ser fin ut. --- Opprydding. Slett mappe. C:\VundoFix Backups slett filer. C:\WINDOWS\SET3.tmp C:\WINDOWS\SET8.tmp C:\WINDOWS\SET4.tmp --- Fjern antispyware-software du har mange nå. Du kan beholde MBAM eller SAS(eventult begge) Bruk denne når du fjerner Revo --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt --- Endret 5. juli 2008 av SNIPPSAT Lenke til kommentar
Argusblikk Skrevet 5. juli 2008 Forfatter Del Skrevet 5. juli 2008 Tror jeg fikk fjernet overflødige antispyware-programmer, men er ikke helt sikker. Her er loggfilen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:51:23, on 05.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\vsnp2uvc.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Compal\Smart Battery\SMBTray.exe C:\Program Files\Elantech\ktp.exe C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe C:\Program Files\Compal\Wireless Select Switch\WLSS.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\Krusty.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: {2b9bb2a9-9333-6e39-bc04-2e7f40574058} - {85047504-f7e2-40cb-93e6-33399a2bb9b2} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [sMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8651 bytes Lenke til kommentar
snippsat Skrevet 5. juli 2008 Del Skrevet 5. juli 2008 Start HijackThis "scan" finn denne linjen merk den,så trykk fix checked. O2 - BHO: {2b9bb2a9-9333-6e39-bc04-2e7f40574058} - {85047504-f7e2-40cb-93e6- 33399a2bb9b2} - (no file) Da er det bra Bruk pcen litt kjører den greit gjør du dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
Argusblikk Skrevet 5. juli 2008 Forfatter Del Skrevet 5. juli 2008 Tusen takk! Du har vært til stor hjelp, og hadde det vært mulig å gi deg poeng (som på f.eks ITpro og mopedportalen) så hadde jeg gitt deg det glatt Setter løst på denne jeg, og skal prøve å surfe trygt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå