Tech Support Forum - View Single Post

emergencylight · 01-18-2009, 08:03 AM

Hello,

Thank you Iain for helping me. I have performed Combofix and the requested log is given below:

ComboFix 09-01-17.04 - fahad 2009-01-18 17:34:58.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.446.155 [GMT 3:00]
Kِrs frهn: c:\documents and settings\pc4\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090117-0] *On-access scanning enabled* (Updated)
* Skapade en ny هterstنllningspunkt
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
(((((((((((((((((((((((( Filer Skapade frهn 2008-12-18 till 2009-01-18 ))))))))))))))))))))))))))))))
.

2009-01-13 19:03 . 2007-04-13 05:48 391,984 --a------ c:\windows\system32\vnetlib.dll
2009-01-13 19:03 . 2007-04-13 05:48 142,128 --a------ c:\windows\system32\vmnat.exe
2009-01-13 19:03 . 2007-04-13 05:48 113,456 --a------ c:\windows\system32\vmnetdhcp.exe
2009-01-13 19:03 . 2007-04-13 05:49 22,576 --a------ c:\windows\system32\drivers\vmnetuserif.sys
2009-01-13 18:57 . 2009-01-13 18:57 <DIR> d-------- c:\program files\Common Files\VMware
2009-01-13 18:16 . 2009-01-13 18:16 <DIR> d-------- c:\program files\MSN Messenger
2009-01-13 18:10 . 2009-01-13 18:11 436 --a------ c:\windows\{00466B67-7C72-478A-A2DE-6D0A96A55F58}_WiseFW.ini
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Skype
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-10 20:45 . 2009-01-13 02:25 250 --a------ c:\windows\gmer.ini
2009-01-10 02:15 . 2008-04-14 03:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-10 02:15 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\dllcache\apphelp.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\apphelp.dll
2009-01-05 15:11 . 2009-01-05 15:11 <DIR> d-------- c:\program files\Apple Software Update
2008-12-29 00:43 . 2008-12-29 00:43 181,760 --a------ c:\program files\Common Files\Ndm361a2rL.exe
2008-12-29 00:43 . 2008-12-29 00:43 176,128 --a------ c:\windows\system32\xsl93180.dll
2008-12-29 00:43 . 2008-12-29 00:43 176,128 --a------ c:\windows\system32\sl93180.dll
2008-12-21 01:13 . 2008-12-21 01:13 50 --a------ c:\windows\winzipme.ini
2008-12-21 01:12 . 2008-12-21 01:12 <DIR> d-------- c:\program files\DSL Speed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-07 13:45 2,174,976 ------w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-03-01 21:16 144 ----a-w c:\program files\song-10452.ram
2007-09-20 17:03 486 ----a-w c:\program files\recover.arr
2007-09-20 17:02 486 ----a-w c:\program files\~arpr.arr
2007-09-20 16:09 6,502,752 ----a-w c:\program files\new.rpc
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85CAE368-E5CD-305E-A63D-477B433653A8}]
2008-12-29 00:43 176128 --a------ c:\windows\system32\xsl93180.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-04 01:14 204248 --a------ d:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-03 3945620]
"Google Update"="c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 52168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pc4\Start Menu\Programs\Startup\
NetPerSec.lnk - c:\program files\NetPerSec\NetPerSec.exe [2007-04-21 192512]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-07-02 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\ropfnqz.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-01-08 19:38 4363504 d:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TpadSoftPhone3\\TpadSoftphone.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"10000:UDP"= 10000:UDP:Tpad RTP
"5060:UDP"= 5060:UDP:Tpad SIP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-20 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-20 20560]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-01-27 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-01-27 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-01-27 60816]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-10-30 157696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d23bf74-76fb-11db-9d62-0040cadbf51d}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4468579e-28d8-11dd-a4e7-005056c00008}]
\Shell\Auto\command - oxbvpen.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oxbvpen.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b2c3e5e-f5b7-11dc-a3e2-005056c00008}]
\Shell\AutoRun\command - G:\RavMon.exe
\Shell\explore\Command - G:\RavMon.exe -e
\Shell\open\Command - G:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7456a580-7166-11db-9d4b-0040cadbf51d}]
\Shell\Auto\command - OSO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8508c5dc-9d4e-11dd-a688-005056c00008}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9d60ed-5a8a-11dd-a593-005056c00008}]
\Shell\AutoRun\command - I:\f0.cmd
\Shell\explore\Command - I:\f0.cmd
\Shell\open\Command - I:\f0.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d262192a-a225-11dc-a2db-005056c00008}]
\Shell\AutoRun\command - G:\cfdflx.com
\Shell\explore\Command - G:\cfdflx.com
\Shell\open\Command - G:\cfdflx.com
.
Innehهllet i mappen 'Schemalagda aktiviteter'

2009-01-17 c:\windows\Tasks\MyPicsVids.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-17 c:\windows\Tasks\MyDocuments.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1417001333-725345543-1004.job
- c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-14 10:24]

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - FضRؤLDRALضSA POSTER SOM TAGITS BORT - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-SpyEmergency - d:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-XdriveTray - c:\program files\xdrive\xdrive desktop\xdrive.exe
MSConfigStartUp-XdriveTrayIcon - c:\program files\Xdrive\Xdrive Desktop\XdriveTray.exe
MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.3.37.0\ZangoSA.exe

.
------- Extra genomsِkning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pc4\Application Data\Mozilla\Firefox\Profiles\tqim454j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\component.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\components\xpinstal.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 17:36:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

genomsِkningen avslutades lyckosamt
dolda filer: 0

**************************************************************************
.
Sluttid: 2009-01-18 17:37:40
ComboFix-quarantined-files.txt 2009-01-18 14:37:38

Fِre genomsِkningen: 813,760,512 bytes free
Efter genomsِkningen: 1,200,955,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

202 --- E O F --- 2009-01-18 14:10:34

01-18-2009, 08:03 AM	#3 (permalink)
emergencylight Registered User Join Date: Jan 2009 Posts: 8 OS: Windows XP SP3	Re: IE 7 not working Hello, Thank you Iain for helping me. I have performed Combofix and the requested log is given below: ComboFix 09-01-17.04 - fahad 2009-01-18 17:34:58.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.446.155 [GMT 3:00] Kِrs frهn: c:\documents and settings\pc4\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090117-0] On-access scanning enabled (Updated) * Skapade en ny هterstنllningspunkt . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AutoRun.inf . (((((((((((((((((((((((( Filer Skapade frهn 2008-12-18 till 2009-01-18 )))))))))))))))))))))))))))))) . 2009-01-13 19:03 . 2007-04-13 05:48 391,984 --a------ c:\windows\system32\vnetlib.dll 2009-01-13 19:03 . 2007-04-13 05:48 142,128 --a------ c:\windows\system32\vmnat.exe 2009-01-13 19:03 . 2007-04-13 05:48 113,456 --a------ c:\windows\system32\vmnetdhcp.exe 2009-01-13 19:03 . 2007-04-13 05:49 22,576 --a------ c:\windows\system32\drivers\vmnetuserif.sys 2009-01-13 18:57 . 2009-01-13 18:57 <DIR> d-------- c:\program files\Common Files\VMware 2009-01-13 18:16 . 2009-01-13 18:16 <DIR> d-------- c:\program files\MSN Messenger 2009-01-13 18:10 . 2009-01-13 18:11 436 --a------ c:\windows\{00466B67-7C72-478A-A2DE-6D0A96A55F58}_WiseFW.ini 2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Skype 2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Common Files\Skype 2009-01-10 20:45 . 2009-01-13 02:25 250 --a------ c:\windows\gmer.ini 2009-01-10 02:15 . 2008-04-14 03:11 81,920 --a------ c:\windows\system32\ieencode.dll 2009-01-10 02:15 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll 2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\dllcache\apphelp.dll 2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\apphelp.dll 2009-01-05 15:11 . 2009-01-05 15:11 <DIR> d-------- c:\program files\Apple Software Update 2008-12-29 00:43 . 2008-12-29 00:43 181,760 --a------ c:\program files\Common Files\Ndm361a2rL.exe 2008-12-29 00:43 . 2008-12-29 00:43 176,128 --a------ c:\windows\system32\xsl93180.dll 2008-12-29 00:43 . 2008-12-29 00:43 176,128 --a------ c:\windows\system32\sl93180.dll 2008-12-21 01:13 . 2008-12-21 01:13 50 --a------ c:\windows\winzipme.ini 2008-12-21 01:12 . 2008-12-21 01:12 <DIR> d-------- c:\program files\DSL Speed . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-11-07 13:45 2,174,976 ------w c:\windows\system32\dllcache\WMVCore.dll 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-03-01 21:16 144 ----a-w c:\program files\song-10452.ram 2007-09-20 17:03 486 ----a-w c:\program files\recover.arr 2007-09-20 17:02 486 ----a-w c:\program files\~arpr.arr 2007-09-20 16:09 6,502,752 ----a-w c:\program files\new.rpc . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . Not tomma poster & legitima standardposter visas inte REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85CAE368-E5CD-305E-A63D-477B433653A8}] 2008-12-29 00:43 176128 --a------ c:\windows\system32\xsl93180.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-01-04 01:14 204248 --a------ d:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-03 3945620] "Google Update"="c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-14 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 52168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\pc4\Start Menu\Programs\Startup\ NetPerSec.lnk - c:\program files\NetPerSec\NetPerSec.exe [2007-04-21 192512] Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-07-02 157000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"=c:\windows\system32\ropfnqz.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0sprestrt\0sprestrt\0sprestrt\0lsdelete [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] --a------ 2009-01-08 19:38 4363504 d:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\TpadSoftPhone3\\TpadSoftphone.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "10000:UDP"= 10000:UDP:Tpad RTP "5060:UDP"= 5060:UDP:Tpad SIP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-20 111184] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-20 20560] S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-01-27 43024] S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-01-27 77104] S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-01-27 60816] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624] S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-10-30 157696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d23bf74-76fb-11db-9d62-0040cadbf51d}] \Shell\Auto\command - setup.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4468579e-28d8-11dd-a4e7-005056c00008}] \Shell\Auto\command - oxbvpen.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oxbvpen.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b2c3e5e-f5b7-11dc-a3e2-005056c00008}] \Shell\AutoRun\command - G:\RavMon.exe \Shell\explore\Command - G:\RavMon.exe -e \Shell\open\Command - G:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7456a580-7166-11db-9d4b-0040cadbf51d}] \Shell\Auto\command - OSO.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8508c5dc-9d4e-11dd-a688-005056c00008}] \Shell\AutoRun\command - fooool.exe \Shell\explore\Command - fooool.exe \Shell\open\Command - fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9d60ed-5a8a-11dd-a593-005056c00008}] \Shell\AutoRun\command - I:\f0.cmd \Shell\explore\Command - I:\f0.cmd \Shell\open\Command - I:\f0.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d262192a-a225-11dc-a2db-005056c00008}] \Shell\AutoRun\command - G:\cfdflx.com \Shell\explore\Command - G:\cfdflx.com \Shell\open\Command - G:\cfdflx.com . Innehهllet i mappen 'Schemalagda aktiviteter' 2009-01-17 c:\windows\Tasks\MyPicsVids.job - c:\windows\system32\ntbackup.exe [2008-04-14 03:12] 2009-01-17 c:\windows\Tasks\MyDocuments.job - c:\windows\system32\ntbackup.exe [2008-04-14 03:12] 2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1417001333-725345543-1004.job - c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-14 10:24] 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . - - - - FضRؤLDRALضSA POSTER SOM TAGITS BORT - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe HKCU-Run-SpyEmergency - d:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-XdriveTray - c:\program files\xdrive\xdrive desktop\xdrive.exe MSConfigStartUp-XdriveTrayIcon - c:\program files\Xdrive\Xdrive Desktop\XdriveTray.exe MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.3.37.0\ZangoSA.exe . ------- Extra genomsِkning ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = <local>;.local IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\pc4\Application Data\Mozilla\Firefox\Profiles\tqim454j.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\component.dll FF - component: d:\program files\Mozilla Firefox 2 Beta 2\components\xpinstal.dll FF - component: d:\program files\Mozilla Firefox 2 Beta 2\extensions\talkback@mozilla.org\components\qfaservices.dll FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nppdf32.dll FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nprjplug.dll FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 17:36:19 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... genomsِkningen avslutades lyckosamt dolda filer: 0 ************************************************************************ . Sluttid: 2009-01-18 17:37:40 ComboFix-quarantined-files.txt 2009-01-18 14:37:38 Fِre genomsِkningen: 813,760,512 bytes free Efter genomsِkningen: 1,200,955,392 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 202 --- E O F --- 2009-01-18 14:10:34