Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25: VIRUS ALERT!, on 11-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Programmer\Launch Manager\QtZgAcer.EXE
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Creative\Shared Files\CamTray.exe
C:\Programmer\acer\eRecovery\Monitor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Java\jre1.6.0_05\bin\jucheck.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Magdalena Zawadzka\Skrivebord\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://internetsearchservice.comR1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://internetsearchservice.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://internetsearchservice.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://internetsearchservice.com/ie6.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://internetsearchservice.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://internetsearchservice.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://internetsearchservice.com/ie6.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://internetsearchservice.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.sweetim.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://internetsearchservice.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://internetsearchservice.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://global.acer.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17C24E63-9A2C-4C50-BF01-86212B497BC7} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {65742936-8079-408B-9F3C-874B78030A72} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programmer\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmer\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Magdalena Zawadzka\Menuen Start\Programmer\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) -
https://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://magdalenazawadzka.spaces.live.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: tfnslopk - {E5B3003A-E09E-4476-B1AE-9ECD2628FB1A} - (no file)
O22 - SharedTaskScheduler: enation - {629340b5-8df6-4211-9245-a86563a35792} - (no file)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: Privacy Protection -
file:///C:\WINDOWS\privacy_danger\index.htm--
End of file - 13815 bytes
ComboFix 08-08-10.01 - Magdalena Zawadzka 2008-08-11 16:37:46.1 -
FAT32x86
Running from: C:\Documents and Settings\Magdalena Zawadzka\Skrivebord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Magdalena Zawadzka\Dokumenter\My Documents.url
C:\WINDOWS\system32\actskn43.ocx
.
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.
2008-08-10 23:28 . 2008-08-10 23:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-08-10 23:19 . 2005-03-14 13:40 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-08-10 23:19 . 2005-03-14 13:40 <DIR> d--h----- C:\Documents and Settings\Administrator\Skabeloner
2008-08-10 23:19 . 2005-03-14 13:40 <DIR> d--h----- C:\Documents and Settings\Administrator\Printere
2008-08-10 23:19 . 2005-03-14 13:40 <DIR> dr------- C:\Documents and Settings\Administrator\Menuen Start
2008-08-10 23:19 . 2005-03-14 13:40 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger
2008-08-10 23:19 . 2006-06-13 10:30 <DIR> dr------- C:\Documents and Settings\Administrator\Foretrukne
2008-08-10 23:19 . 2006-06-13 10:30 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenter
2008-08-10 23:19 . 2005-03-14 13:40 <DIR> d--h----- C:\Documents and Settings\Administrator\Andre computere
2008-08-10 23:19 . 2008-08-10 23:19 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-10 23:19 . 2006-12-07 20:59 0 --ah----- C:\Documents and Settings\Administrator\hpothb07.dat
2008-08-10 23:06 . 2008-08-10 23:06 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-08-10 23:06 . 2008-08-10 23:06 <DIR> d-------- C:\Documents and Settings\Magdalena Zawadzka\Application Data\SUPERAntiSpyware.com
2008-08-10 23:06 . 2008-08-10 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-10 23:05 . 2008-08-10 23:05 <DIR> d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2008-08-10 22:52 . 2008-08-10 22:52 <DIR> d-------- C:\Programmer\CCleaner
2008-08-10 12:27 . 2008-08-10 12:27 <DIR> d--hs---- C:\FOUND.008
2008-08-07 00:46 . 2008-08-07 00:46 <DIR> d-------- C:\Programmer\Spyware Doctor
2008-08-07 00:46 . 2008-08-07 00:46 <DIR> d-------- C:\Documents and Settings\Magdalena Zawadzka\Application Data\PC Tools
2008-08-07 00:46 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-07 00:46 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-07 00:46 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-07 00:46 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-06 17:21 . 2008-08-06 17:21 <DIR> d-------- C:\Programmer\FreeRandomPasswordGenerator
2008-08-06 15:58 . 2008-08-06 15:58 <DIR> d-------- C:\Programmer\Enigma Software Group
2008-08-05 14:55 . 2008-08-05 14:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-05 14:33 . 2008-08-05 14:33 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-05 14:33 . 2008-08-05 14:33 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-05 14:33 . 2008-08-05 14:33 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-05 14:33 . 2008-08-05 14:33 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-05 14:33 . 2008-08-05 14:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-05 14:30 . 2008-08-05 14:30 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-08-05 14:30 . 2008-08-05 14:30 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-08-05 14:10 . 2008-08-05 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-02 10:31 . 2008-08-02 10:31 <DIR> d-------- C:\Programmer\Lemonade Tycoon 2
2008-08-02 10:16 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-08-02 10:16 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-08-02 10:15 . 2008-08-02 10:15 <DIR> d-------- C:\Programmer\Alcohol Soft
2008-07-30 22:06 . 2008-07-30 22:06 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-30 22:06 . 2008-07-30 22:06 <DIR> d-------- C:\Programmer\Norton Security Scan
2008-07-29 13:20 . 2008-08-11 12:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-29 13:20 . 2008-07-29 13:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-12 22:56 . 2008-07-12 22:56 <DIR> d-------- C:\Programmer\AVG
2008-07-12 22:41 . 2008-07-12 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 22:40 . 2008-07-12 22:40 <DIR> d-------- C:\WINDOWS\system32\750623
2008-07-12 22:40 . 2008-07-12 22:40 <DIR> d-------- C:\Programmer\ASC 2.1
2008-07-12 19:34 . 2008-07-12 19:34 <DIR> d-------- C:\Programmer\ReflexiveArcade
2008-07-12 19:24 . 2008-07-12 19:24 <DIR> d-------- C:\Programmer\BitLord
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 22:48 --------- d-----w C:\Programmer\DivX
2008-06-22 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-24 21:24 0 ---ha-w C:\Documents and Settings\Jerry Smolarz\hpothb07.dat
2007-09-24 21:23 0 ---ha-w C:\Documents and Settings\Magdalena Zawadzka\hpothb07.dat
2007-09-24 21:23 0 ---ha-w C:\Documents and Settings\Magdalena Zawadzka\Application Data\hpothb07.dat
2007-09-24 21:23 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2007-09-24 21:23 0 ---ha-w C:\Documents and Settings\Jerry Smolarz\Application Data\hpothb07.dat
2006-12-07 18:59 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Gadu-Gadu"="C:\Programmer\Gadu-Gadu\gg.exe" [2006-02-17 15:03 2396160]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Creative WebCam Tray"="C:\Programmer\Creative\Shared Files\CamTray.exe" [2005-10-27 18:00 299008]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00 15360]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:20 360448]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"PCMService"="C:\Programmer\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-27 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 05:00 455168]
"LManager"="C:\Programmer\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30 315392]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01 245760]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-07-21 09:09 50256]
"SweetIM"="C:\Programmer\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
"LogitechQuickCamRibbon"="C:\Programmer\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-05 14:32 1235736]
"ISTray"="C:\Programmer\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 05:00 15360]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-14 14:08:40 331776]
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]
hp psc 1000 series.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Gadu-Gadu\\GG.EXE"=
"C:\\Programmer\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Programmer\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-05 14:33]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-05 14:33]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-05 14:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-05 14:32]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-05 14:32]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-05 14:33]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-05 14:30]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 00:18]
R3 int15.sys;int15.sys;C:\Programmer\acer\eRecovery\int15.sys [2005-01-13 14:46]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-05 14:30]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-11 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 12:23]
2008-08-08 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Programmer\F []
2008-08-08 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe [2001-07-21 09:14]
2008-08-08 C:\WINDOWS\Tasks\WebReg 20080808210923.job
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 18:06]
2008-08-09 C:\WINDOWS\Tasks\WebReg 20080809091246.job
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 18:06]
2008-08-05 C:\WINDOWS\Tasks\WebReg 20080805233214.job
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-09 18:06]
2008-08-10 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Programmer\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-02-04 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1164211964.job
- C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
2008-08-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
SharedTaskScheduler-{629340b5-8df6-4211-9245-a86563a35792} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Magdalena Zawadzka\Application Data\Mozilla\Firefox\Profiles\ursf6yaw.default\
FF -: plugin - C:\Programmer\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-11 16:53:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-08-11 16:56:10
ComboFix-quarantined-files.txt 2008-08-11 14:55:52
Pre-Run: 1,840,316,416 byte ledig
Post-Run: 1,870,954,496 byte ledig
210 --- E O F --- 2008-07-22 16:37:41