MSN virus : sender photo.zip til alle på lista

[AnaXyd]

Heisann!

 

Oppdaget forleden at PC-en min hadde stått og spammet folk for harde livet etter at jeg hadde vært borte. Jeg fant fort ut at det var et slags MSN virus som dreiv og herjet, og jeg fikk fort avsluttet MSN så jeg ikke plagde de på listen min.

 

Kjørte en full scan av systemet og hele pakka. (Har Trend Micro 2008 generelt, og brukte MS's Defender mot spyware.)

 

Dagen etter skjedde det samme. Altså idag, for ca 10 minutter siden. Merket at det poppet opp mange vinduer, og de ble borte igjen. Viruset spammer folk med "Whos that girl:o" og prøver iherdig og sende en fil "photo.zip".

 

Har akkurat scannet en tur til, men er ikke helt trygg på om jeg er kvitt det.

 

 

Her er en HJT logg:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:10:23, on 06.08.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\ASUS\AASP\1.00.46\aaCenter.exe

C:\Program Files\ASUS\AI Suite\CpuLevelUpHookLaunch.exe

C:\Program Files\ASUS\AI Suite\CpuLevelUpHook32.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe

C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe

C:\Program Files\D-50\D-50\Bin\D-50.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\Internet Security\UfNavi.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Vegard Brenden\Desktop\HiJackThis\lold.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{57A2CAFB-370B-489D-812B-8196277D77AF}: NameServer = 194.19.2.11 194.19.3.11

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

 

--

End of file - 8394 bytes

 

Er det noe mistenkelig, eller har jeg fått fjernet alt?

[norbat]

Loggen ser grei ut, men vi kan godt kjøre en annen scan som gir en litt mer detaljert logg:

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

 

Post loggfilen fra combofix (c:\combofix.txt)

[AnaXyd]

Ser ikke ut som Combofix vil fungere med Vista.. Det kommer opp et vindu og sier at det ikke er kompitabelt med mitt operativsystem..

[snippsat]

Combofix skal virke i vista utenom 64bit versjoner.

 

Last ned på nytt,disable Trend Micro.

Går det ikke tar du denne.

 

Hent Deckard legg på skrivebord.

Kjør dss.exe og følge veiledningen.

Når scanningen er ferdig, åpnes det en logg (main.txt). Den kopierer du og poster

[AnaXyd]

Her er logg fra Deckard:

 

Klikk for å se/fjerne innholdet nedenfor

Deckard's System Scanner v20071014.68

Run by Brukernavn on 2008-08-08 17:20:44

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

16: 2008-08-07 16:41:21 UTC - RP87 - Windows Update

15: 2008-08-07 16:39:28 UTC - RP86 - Windows Update

14: 2008-08-07 16:00:31 UTC - RP85 - Gjenopprettingsoperasjon

13: 2008-08-07 15:52:39 UTC - RP84 - Gjenopprettingsoperasjon

12: 2008-08-07 15:39:22 UTC - RP83 - Windows Update

 

 

-- First Restore Point --

1: 2008-07-29 21:53:01 UTC - RP72 - Installed Adobe Reader 7.1.0

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Brukernavn.exe) --------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:21:56, on 08.08.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\ASUS\AASP\1.00.46\aaCenter.exe

C:\Program Files\ASUS\AI Suite\CpuLevelUpHookLaunch.exe

C:\Program Files\ASUS\AI Suite\CpuLevelUpHook32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe

C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe

C:\Program Files\D-50\D-50\Bin\D-50.EXE

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Users\Brukernavn\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\Users\Brukernavn~1\Desktop\HIJACK~1\Brukernavn.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{57A2CAFB-370B-489D-812B-8196277D77AF}: NameServer = 194.19.2.11 194.19.3.11

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

 

--

End of file - 8203 bytes

 

-- File Associations -----------------------------------------------------------

 

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7

.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

All drivers whitelisted.

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

 

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

 

2008-08-07 18:26:41 0 d-------- C:\Program Files\CCleaner

2008-08-06 23:04:06 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-08-06 23:03:28 0 d-------- C:\Program Files\SUPERAntiSpyware

2008-08-03 14:21:27 0 d-------- C:\Program Files\LimeWire

2008-08-02 13:02:36 0 d-------- C:\Users\All Users\CanonBJ

2008-07-26 22:46:53 0 d-------- C:\Program Files\Guitar Pro 5

2008-07-26 20:37:43 0 d-------- C:\Program Files\Zombie Cow Studios

2008-07-26 16:25:25 0 d-------- C:\Program Files\iPod

2008-07-26 16:25:19 0 d-------- C:\Program Files\iTunes

2008-07-26 16:24:12 0 d-------- C:\Program Files\QuickTime

2008-07-26 16:24:11 0 d-------- C:\Users\All Users\Apple Computer

2008-07-26 16:23:34 0 d-------- C:\Program Files\Apple Software Update

2008-07-26 16:22:35 0 d-------- C:\Users\All Users\Apple

2008-07-26 16:22:35 0 d-------- C:\Program Files\Common Files\Apple

2008-07-22 23:05:54 0 d-------- C:\Program Files\MyPhoneExplorer

2008-07-16 00:10:49 0 d-------- C:\Program Files\Electronic Arts

2008-07-14 16:01:15 0 d-------- C:\Users\All Users\FLEXnet

2008-07-14 02:02:57 0 d-------- C:\Windows\system32\AGEIA

2008-07-14 02:02:57 0 d-------- C:\Program Files\AGEIA Technologies

2008-07-14 02:02:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-07-14 01:25:31 0 d-------- C:\Program Files\Microsoft Works

2008-07-14 01:24:42 0 d-------- C:\Program Files\Microsoft.NET

2008-07-14 01:15:18 0 d-------- C:\Program Files\Bonjour

2008-07-14 01:09:14 0 d-------- C:\Program Files\Common Files\Macrovision Shared

2008-07-14 01:07:24 0 d-------- C:\Users\All Users\Microsoft Help

2008-07-14 01:05:14 0 dr-h----- C:\MSOCache

2008-07-14 00:51:50 669184 --a------ C:\Windows\system32\pbsvc.exe

2008-07-14 00:51:11 0 d-------- C:\Users\All Users\Media Center Programs

2008-07-14 00:50:22 10752 --a------ C:\Windows\DCEBoot.exe

2008-07-14 00:43:05 0 d-------- C:\Program Files\Alcohol Soft

2008-07-13 02:16:27 0 d-------- C:\Users\All Users\NOS

2008-07-13 02:16:27 0 d-------- C:\Program Files\NOS

2008-07-11 22:43:42 716272 --a------ C:\Windows\system32\drivers\sptd.sys

2008-07-10 19:51:01 0 d-------- C:\Windows\PCHEALTH

2008-07-10 19:26:09 0 d-------- C:\Program Files\Microsoft Silverlight

2008-07-10 19:08:19 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

2008-07-10 19:08:03 0 d-------- C:\Program Files\Windows Live

2008-07-10 19:07:09 0 d-------- C:\Users\All Users\WLInstaller

2008-07-10 00:48:31 0 d-------- C:\Program Files\Java

2008-07-10 00:46:27 0 d-------- C:\Program Files\Common Files\Java

2008-07-09 20:55:20 0 d-------- C:\Windows\LocalSSL

2008-07-09 20:53:05 0 d-------- C:\Users\All Users\Trend Micro

2008-07-09 20:52:26 0 d-------- C:\Program Files\Trend Micro

2008-07-09 19:35:47 0 d-------- C:\Downloads

2008-07-09 19:34:14 0 d-------- C:\Program Files\BitComet

2008-07-09 19:17:04 0 d-------- C:\Users\All Users\NVIDIA

2008-07-09 18:56:34 0 d-------- C:\NVIDIA

2008-07-09 18:46:39 0 d-------- C:\Windows\system32\Macromed

2008-07-09 18:46:36 262144 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>

2008-07-09 18:46:36 86016 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library>

2008-07-09 18:45:10 0 d-------- C:\Windows\system32\Futuremark

2008-07-09 18:45:10 3972 --a------ C:\Windows\system32\drivers\PciBus.sys

2008-07-09 18:45:10 5632 --a------ C:\Windows\system32\drivers\Entech64.sys <Not Verified; EnTech Taiwan; EnTech.sys>

2008-07-09 18:45:10 21664 --a------ C:\Windows\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>

2008-07-09 18:44:13 0 d-------- C:\Program Files\Futuremark

2008-07-09 18:40:14 0 d-------- C:\Program Files\Common Files\Adobe

2008-07-09 18:40:13 0 d-------- C:\Users\All Users\Adobe

2008-07-09 18:26:27 0 d-------- C:\Program Files\Marvell

2008-07-09 18:25:46 24576 -ra------ C:\Windows\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>

2008-07-09 18:25:41 0 d-------- C:\Program Files\ASUS

2008-07-09 18:25:40 0 d--hs---- C:\Windows\Installer

2008-07-09 18:24:45 0 d-------- C:\Program Files\Intel

2008-07-09 18:24:35 0 d-------- C:\Intel

2008-07-09 18:24:12 10288 --a------ C:\Windows\system32\drivers\ASUSHWIO.SYS

2008-07-09 18:22:50 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-07-09 18:22:50 0 d-------- C:\Program Files\D-50

2008-07-09 18:22:32 315392 --a------ C:\Windows\PINSTALLPROCESS.DLL <Not Verified; C-motech; PInstallProcess DLL>

2008-07-09 18:22:31 0 d-------- C:\Program Files\Common Files\InstallShield

2008-07-09 18:01:23 0 d--hs---- C:\Users\Default\Start-meny

2008-07-09 18:01:23 0 d--hs---- C:\Users\Default\Skrivere

2008-07-09 18:01:23 0 d--hs---- C:\Users\Default\Programdata

2008-07-09 18:01:23 0 d--hs---- C:\Users\Default\Mine dokumenter

2008-07-09 18:01:23 0 d--hs---- C:\Users\Default\Maler

2008-07-09 18:01:23 0 d--hs---- C:\Users\Default\Lokale innstillinger

2008-07-09 18:01:23 0 d--hs---- C:\Users\Default\AndrMask

2008-07-09 18:01:23 0 d--hs---- C:\Users\All Users\Start-meny

2008-07-09 18:01:23 0 d--hs---- C:\Users\All Users\Skrivebord

2008-07-09 18:01:23 0 d--hs---- C:\Users\All Users\Programdata

2008-07-09 18:01:23 0 d--hs---- C:\Users\All Users\Maler

2008-07-09 18:01:23 0 d--hs---- C:\Users\All Users\Favoritter

2008-07-09 18:01:23 0 d--hs---- C:\Users\All Users\Dokumenter

2008-07-09 18:01:23 0 d--hs---- C:\Programfiler

2008-07-09 18:01:23 0 d--hs---- C:\Program Files\Fellesfiler

2008-07-09 00:54:01 0 d-------- C:\Windows\Panther

2008-07-09 00:53:48 0 d--hs---- C:\Boot

2008-07-08 23:57:29 0 d-------- C:\Windows\SoftwareDistribution

2008-07-08 23:56:19 0 d-------- C:\Windows\system32\catroot2

2008-07-08 23:56:10 0 d-------- C:\Windows\Debug

2008-07-08 23:55:17 0 d-------- C:\Windows\Prefetch

2008-07-08 23:55:06 0 d--hs---- C:\System Volume Information

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-08-07 18:14:32 476620 --a------ C:\Windows\system32\perfh014.dat

2008-08-07 18:14:32 79202 --a------ C:\Windows\system32\perfc014.dat

2008-08-06 23:03:27 0 d-------- C:\Users\Brukernavn\AppData\Roaming\SUPERAntiSpyware.com

2008-08-05 23:02:22 0 d-------- C:\Users\Brukernavn\AppData\Roaming\Adobe

2008-08-03 15:29:57 0 d-------- C:\Users\Brukernavn\AppData\Roaming\LimeWire

2008-07-26 16:25:40 0 d-------- C:\Users\Brukernavn\AppData\Roaming\Apple Computer

2008-07-26 16:22:35 0 d-------- C:\Program Files\Common Files

2008-07-26 16:09:24 0 d-------- C:\Users\Brukernavn\AppData\Roaming\AdobeUM

2008-07-22 23:06:29 0 d-------- C:\Users\Brukernavn\AppData\Roaming\MyPhoneExplorer

2008-07-14 02:17:59 0 d-------- C:\Users\Brukernavn\AppData\Roaming\Leadertech

2008-07-11 12:16:00 174 --ahs---- C:\Program Files\desktop.ini

2008-07-10 19:25:51 0 d-------- C:\Program Files\Windows Mail

2008-07-09 20:47:07 0 d-------- C:\Program Files\Windows Calendar

2008-07-09 20:47:05 0 d-------- C:\Program Files\Windows Defender

2008-07-09 20:47:01 0 d-------- C:\Program Files\Windows Sidebar

2008-07-09 19:34:17 0 d-------- C:\Users\Brukernavn\AppData\Roaming\WinRAR

2008-07-09 18:49:29 0 d-------- C:\Users\Brukernavn\AppData\Roaming\Mozilla

2008-07-09 18:46:40 0 d-------- C:\Users\Brukernavn\AppData\Roaming\Macromedia

2008-07-09 18:25:31 0 d-------- C:\Users\Brukernavn\AppData\Roaming\TMP

2008-07-09 18:02:47 0 d-------- C:\Users\Brukernavn\AppData\Roaming\Identities

2008-07-09 18:01:23 0 d-------- C:\Program Files\Windows NT

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]

06.03.2008 02:35 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09.07.2008 20:01]

"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [06.09.2007 11:19]

"CPU Power Monitor"="C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [16.10.2007 11:35]

"Cpu Level Up help"="C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" [11.09.2007 10:32]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [16.05.2008 14:01]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [16.05.2008 14:01]

"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [17.03.2008 15:58]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11.12.2007 10:56]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11.12.2007 12:10]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09.07.2008 19:49]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [14.07.2008 00:44]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [22.11.2004 08:18]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 14:36]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"TSC"="C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14.12.2004 04:44:06]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b7914f-4d39-11dd-97dd-001fc66a348f}]

AutoRun\command- J:\Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b7915f-4d39-11dd-97dd-001fc66a348f}]

AutoRun\command- J:\Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83c5224d-4d38-11dd-9161-806e6f6e6963}]

AutoRun\command- G:\AutoRunCD.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9505477b-50c0-11dd-afe1-001fc66a348f}]

AutoRun\command- K:\Autoplay.exe -auto

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- End of Deckard's System Scanner: finished at 2008-08-08 17:23:42 ------------

Endret 8. august 2008 av AnaXyd