ComboFix 08-07-23.2 - My Computer 2008-07-24 15:45:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.524 [GMT 2:00]
Running from: C:\Documents and Settings\My Computer\Dokumenter\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
/wow section - STAGE 40
pv: No matching processes found
Forkert syntaks for kommandoen.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM5395f799.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atmf.dll
C:\WINDOWS\system32\awmnappo.dll
C:\WINDOWS\system32\bielyytk.dll
C:\WINDOWS\system32\bksbajeq.dll
C:\WINDOWS\system32\cnamovcg.dll
C:\WINDOWS\system32\ffyktbht.ini
C:\WINDOWS\system32\gcvomanc.ini
C:\WINDOWS\system32\gdppxkng.dll
C:\WINDOWS\system32\hcucfv.dll
C:\WINDOWS\system32\KTDLonnn.ini
C:\WINDOWS\system32\KTDLonnn.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ozerss.dll
C:\WINDOWS\system32\thbtkyff.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.
2008-07-24 11:24 . 2008-07-24 15:44 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10021102}.BAK
2008-07-24 11:01 . 2008-07-24 15:37 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-07-24 11:01 . 2008-07-24 11:01 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\SUPERAntiSpyware.com
2008-07-24 11:01 . 2008-07-24 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-24 11:00 . <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-23 18:10 . 2008-07-23 18:11 <DIR> d-------- C:\Programmer\CCleaner
2008-07-23 17:46 . 2008-07-23 17:46 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\GlarySoft
2008-07-23 17:28 . 2008-07-23 17:28 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\ChemTable Software
2008-07-23 17:04 . 2008-07-23 17:09 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-23 16:29 . 2008-07-23 16:32 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\HouseCall 6.6
2008-07-23 16:28 . 2008-07-23 16:29 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
2008-07-23 16:16 . 2008-07-23 16:15 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-23 16:15 . 2008-07-23 16:16 <DIR> d-------- C:\Documents and Settings\My Computer\.housecall6.6
2008-07-23 16:14 . 2008-07-23 16:14 <DIR> d-------- C:\WINDOWS\Sun
2008-07-23 14:59 . 2008-07-23 14:59 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-23 13:32 . 2008-07-23 13:35 <DIR> d-------- C:\Programmer\IObit
2008-07-23 07:45 . 2008-07-23 13:35 <DIR> d-------- C:\Programmer\Opera
2008-07-23 07:33 . 2008-07-23 07:33 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\K-Meleon
2008-07-23 07:30 . 2008-07-23 07:30 <DIR> d-------- C:\Programmer\K-Meleon
2008-07-23 07:28 . 2008-07-23 07:28 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\Flock
2008-07-23 07:27 . 2008-07-23 07:28 <DIR> d-------- C:\Programmer\Flock
2008-07-22 23:51 . 2008-07-23 23:52 44,721 ---hs---- C:\WINDOWS\system32\cqpyhdeo.ini
2008-07-22 11:48 . 2008-07-22 23:39 43,701 ---hs---- C:\WINDOWS\system32\chcvrcng.ini
2008-07-22 11:46 . 2008-07-24 12:12 110,419 --a------ C:\WINDOWS\BM5395f799.xml
2008-07-22 03:13 . 2008-07-22 03:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-22 00:59 . 2008-07-22 01:00 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{478433EB-0AFA-4B69-A2DB-9C4DA4A73909}
2008-07-22 00:57 . 2008-07-22 00:57 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\Anonymizer
2008-07-22 00:57 . 2008-07-22 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer
2008-07-21 20:56 . 2008-07-23 02:50 118,784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-07-21 20:56 . 2008-07-23 02:49 118,784 --a------ C:\WINDOWS\GREUninstall.exe
2008-07-21 20:56 . 2008-07-24 00:28 11,477 --a------ C:\WINDOWS\mozver.dat
2008-07-21 20:55 . 2008-07-21 20:55 <DIR> d-------- C:\Programmer\mozilla.org
2008-07-21 20:13 . 2008-07-21 20:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-21 20:13 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-21 20:13 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-21 20:13 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-21 20:13 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-21 20:12 . 2008-07-21 20:12 <DIR> d-------- C:\Programmer\Webroot
2008-07-21 20:12 . 2008-07-21 20:12 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\Webroot
2008-07-21 20:12 . 2008-07-21 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-21 20:12 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-21 20:11 . 2008-07-22 00:59 <DIR> d-------- C:\Programmer\Anonymizer
2008-07-21 19:17 . 2008-07-21 19:17 <DIR> d-------- C:\temp
2008-07-21 19:10 . 2008-07-21 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-21 19:09 . 2008-07-23 16:51 <DIR> d-------- C:\Programmer\%temp&
2008-07-21 19:08 . 2008-07-24 11:26 <DIR> d-------- C:\Program Files
2008-07-21 19:04 . 2008-07-21 19:04 <DIR> d-------- C:\Programmer\Brownie
2008-07-21 19:04 . 2008-07-21 19:04 <DIR> d-------- C:\Programmer\Brother
2008-07-21 19:03 . 2008-07-21 19:03 <DIR> d-------- C:\Documents and Settings\My Computer\WINDOWS
2008-07-21 19:03 . 1998-01-23 12:19 304,128 --a------ C:\WINDOWS\IsUn0406.exe
2008-07-21 18:55 . 2008-07-21 18:55 <DIR> d-------- C:\Programmer\VideoLAN
2008-07-21 18:55 . 2008-07-21 18:55 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\vlc
2008-07-21 18:30 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-21 18:26 . 2008-07-24 15:56 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-10021102}.rfx
2008-07-21 18:01 . 2003-11-11 11:08 77,824 --------- C:\WINDOWS\system32\ctdvda32.dll
2008-07-21 17:36 . 2008-07-21 17:36 <DIR> d-------- C:\Programmer\Secway
2008-07-21 17:34 . 2008-07-21 17:34 <DIR> d-------- C:\Documents and Settings\My Computer\Contacts
2008-07-21 17:32 . 2008-07-21 17:32 <DIR> d-------- C:\Programmer\MSN Messenger
2008-07-21 17:28 . 2008-07-24 15:44 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-10021102}.CDF
2008-07-21 17:27 . 2008-07-24 15:56 30,528 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-10021102}.rfx
2008-07-21 17:27 . 2008-07-21 17:27 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-07-21 17:27 . 2008-07-21 17:27 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-07-21 17:27 . 2008-07-21 17:27 288 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-10021102}.dat
2008-07-21 17:21 . 2008-07-21 17:21 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-07-21 16:09 . <DIR> C:\Programmer\Fælles filer\Creative
2008-07-21 16:09 . 2008-07-21 16:09 <DIR> d--h----- C:\Programmer\Creative Installation Information
2008-07-21 15:34 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-07-21 15:29 . 2008-07-24 15:56 31,056 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-10021102}.rfx
2008-07-21 15:29 . 2008-07-24 15:56 31,056 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000000-00001102-00000004-10021102}.rfx
2008-07-21 15:29 . 2008-07-21 17:27 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10021102}.dat
2008-07-21 15:28 . 2008-07-22 12:24 <DIR> d-------- C:\Programmer\Startup Manager
2008-07-21 15:28 . 2008-07-21 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Startup Manager
2008-07-21 15:24 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-07-21 15:24 . 2008-07-24 15:56 30,528 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-10021102}.rfx
2008-07-21 14:45 . 2008-07-21 17:21 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\Creative
2008-07-21 14:11 . 2008-07-21 17:20 <DIR> d-------- C:\WINDOWS\system32\Data
2008-07-21 14:10 . 2000-12-05 09:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2008-07-21 14:10 . 2002-09-05 16:32 277,200 --a------ C:\WINDOWS\system32\CTAA1.DAT
2008-07-21 14:10 . 2001-05-28 13:47 32,768 --a------ C:\WINDOWS\system32\AudioHQU.cpl
2008-07-21 14:10 . 2001-05-28 13:47 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2008-07-21 14:10 . 2008-07-21 14:10 184 --a------ C:\WINDOWS\system32\e000001.dat
2008-07-21 14:09 . 2008-07-21 14:12 136 --a------ C:\WINDOWS\SBWIN.INI
2008-07-21 14:08 . 2008-07-21 17:21 <DIR> d-------- C:\Programmer\Creative
2008-07-21 14:08 . 2002-02-20 05:00 331,776 --------- C:\WINDOWS\system32\CTMEDENG.DLL
2008-07-21 14:08 . 2001-09-18 03:00 139,264 --a------ C:\WINDOWS\system32\Video.skn
2008-07-21 14:08 . 2001-03-30 02:00 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll
2008-07-21 14:08 . 1999-12-13 03:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-07-21 14:08 . 1999-11-18 03:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-07-21 14:08 . 2000-04-20 01:00 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL
2008-07-21 14:08 . 1998-09-17 01:52 17,350 --a------ C:\WINDOWS\system32\CTDetect.hlp
2008-07-21 14:08 . 1998-09-17 01:52 641 --a------ C:\WINDOWS\system32\CTDetect.cnt
2008-07-21 12:46 . <DIR> C:\Programmer\Fælles filer\Adobe AIR
2008-07-21 12:15 . 2008-07-21 12:15 <DIR> d-------- C:\WINDOWS\system32\da
2008-07-21 12:15 . 2008-07-21 12:15 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-21 12:15 . 2008-07-21 12:15 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-21 12:14 . 2008-07-21 12:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-21 12:09 . 2008-07-21 12:09 <DIR> d-------- C:\WINDOWS\EHome
2008-07-21 12:04 . 2004-08-26 17:48 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-21 10:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-21 10:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-21 02:46 . 2008-07-21 02:46 <DIR> d-------- C:\Programmer\Windows Media Connect 2
2008-07-21 02:46 . 2004-08-27 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-21 02:45 . 2008-07-23 18:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-21 02:45 . 2008-07-21 02:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-21 02:25 . 2008-07-21 19:20 <DIR> d-------- C:\Programmer\Internet Download Manager
2008-07-21 02:25 . 2008-07-21 22:18 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\IDM
2008-07-21 02:25 . 2008-07-24 15:57 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\DMCache
2008-07-21 02:23 . 2008-07-21 02:23 <DIR> d-------- C:\Documents and Settings\My Computer\dwhelper
2008-07-21 01:46 . 2008-07-21 01:46 <DIR> d-------- C:\Documents and Settings\My Computer\.rssowl2
2008-07-21 01:44 . 2008-07-21 01:44 <DIR> d-------- C:\Programmer\Java
2008-07-21 01:44 . <DIR> C:\Programmer\Fælles filer\Java
2008-07-21 01:44 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-21 01:41 . 2008-07-21 01:41 <DIR> d-------- C:\Programmer\7-Zip
2008-07-21 01:36 . 2008-07-21 01:36 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-21 00:58 . <DIR> C:\Programmer\Fælles filer\Adobe
2008-07-21 00:36 . 2008-07-21 00:36 <DIR> d-------- C:\Programmer\iTunes
2008-07-21 00:36 . 2008-07-21 00:36 <DIR> d-------- C:\Programmer\iPod
2008-07-21 00:35 . 2008-07-21 17:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-21 00:35 . <DIR> C:\Programmer\Fælles filer\Apple
2008-07-21 00:29 . 2008-07-21 00:29 <DIR> d-------- C:\Programmer\QuickTime
2008-07-21 00:29 . 2008-07-21 00:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-21 00:28 . 2008-07-21 20:01 9,084 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-21 00:22 . 2008-07-21 00:36 <DIR> d-------- C:\Documents and Settings\My Computer\Application Data\Apple Computer
2008-07-21 00:21 . 2008-07-21 00:22 <DIR> d-------- C:\Programmer\Safari
2008-07-21 00:21 . 2008-07-21 00:21 <DIR> d-------- C:\Programmer\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 12:59 --------- d-----w C:\Programmer\Onlinetjenester
2008-07-20 12:59 --------- d-----w C:\Programmer\Fælles filer\Tjenester
2008-06-27 15:24 9,216 ----a-w C:\WINDOWS\CTPRES.DLL
2008-06-27 15:24 10,240 ----a-w C:\WINDOWS\CTDCRES.DLL
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:05 15360]
"Eraser"="C:\Programmer\Eraser\eraser.exe" [2007-12-23 01:03 916240]
"IDMan"="C:\Programmer\Internet Download Manager\IDMan.exe" [2008-07-14 16:42 2606512]
"RemoteCenter"="C:\Programmer\Creative\MediaSource\RemoteControl\RcMan.exe" [2004-08-17 15:07 143360]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"Simp"="C:\Programmer\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe" [2007-08-28 19:29 2150400]
"Creative Detector"="C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"Creative MediaSource Go"="C:\Programmer\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 11:00 135168]
"Anonymizer"="C:\Programmer\Anonymizer\Anonymizer Software\Anonymizer.exe" [2008-07-22 01:00 1557176]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-24 15:37 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"CTSysVol"="C:\Programmer\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"CTDVDDET"="C:\Programmer\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"SpySweeper"="C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 17:24 19456 C:\WINDOWS\system32\CtHelper.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:05 15360]
C:\Documents and Settings\My Computer\Menuen Start\Programmer\Start\
Anonymizer Total Net Shield.lnk - C:\Programmer\Anonymizer TNS\AnonTns.exe [2008-07-20 15:18:42 1630944]
K-Meleon Loader.lnk - C:\Programmer\K-Meleon\loader.exe [2007-04-16 02:41:00 32768]
TrayIt!.lnk - C:\Documents and Settings\My Computer\Dokumenter\Downloads\Compressed\trayit_4_6_5_5\TrayIt!.exe [2008-07-21 23:03:27 204800]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-07-24 15:37 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
R2 AnonAswSvc;Anonymizer Anti-Spyware Service;C:\Programmer\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe [2007-10-22 11:14]
R2 AnonMgmtSvc;Anonymizer Management Service;C:\Programmer\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [2007-10-22 11:14]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 19:21]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 19:21]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2008-07-07 10:32]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 19:21]
S3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 19:21]
S3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 19:21]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 19:21]
S3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 19:21]
S3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 19:21]
*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2008-07-24 05:00:02 C:\WINDOWS\Tasks\Anonymizer scan for spyware.job"
- C:\Programmer\Anonymizer\Anonymizer Software\Anonymizer.exe
"2008-07-23 16:20:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-07-24 07:00:09 C:\WINDOWS\Tasks\wrSpySweeper_LA096D5D7C9AE4F7D8AEB9209A151C4ED.job"
- C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_LA096D5D7C9AE4F7D8AEB9209A151C4ED
- C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-AppleSyncNotifier - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
Notify-vtUkifcA - vtUkifcA.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.dkR0 -: HKCU-Main,Search Page =
hxxp://www.google.comR0 -: HKCU-Main,Search Bar =
hxxp://www.google.noR0 -: HKLM-Main,Default_Page_URL =
hxxp://www.gioogle.co.ukR1 -: HKCU-Internet Settings,ProxyServer = 127.0.0.1:80
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Download all links with IDM - C:\Programmer\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video content with IDM - C:\Programmer\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Programmer\Internet Download Manager\IEExt.htm
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} -
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cabC:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabC:\WINDOWS\Downloaded Program Files\hcImpl.inf
O16 -: {6C269571-C6D7-4818-BCA4-32A035E8C884} -
hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cabC:\WINDOWS\Downloaded Program Files\CTSUEng.inf
C:\WINDOWS\Downloaded Program Files\CTSUEng.ocx
C:\WINDOWS\Downloaded Program Files\CTSUEngn.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-24 15:57:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\BRSS01A.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Internet Download Manager\IEMonitor.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\K-Meleon\k-meleon.exe
C:\Programmer\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-07-24 16:01:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-24 14:00:50
Pre-Run: 10,845,806,592 byte ledig
Post-Run: 10,779,779,072 byte ledig
292 --- E O F --- 2008-07-20 20:28:08
