16 replies to this topic

[Azulen]

I ran the Malwarebytes Anti-malware and it found this: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmnvwkonqb (Rootkit.TDSS)

Some days ago it completely messed up my computer and i had to use the "go back in time" function from my windows cd, because the virus wouldnt let me run any exe programs at all, it changed my background to somthing like "WARNING YOUR COMPUTER IS INFECTED WITH SPYWARE" and stuffs like that and windows was popping up, but that went away when i used the "go back in time" function.
Anyway, my pc keeps crashing sometimes, and i can feel somthing is wrong. I tryed to delete the virus, but it still coming back.


Malwarebytes Anti-malware log:
Registry keys infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmnvwkonqb (Rootkit.TDSS) -> Quarantined and deleted successfully.



Gmer Log:
GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-09-06 21:46:11
Windows 6.0.6001 Service Pack 3


---- System - GMER 1.0.15 ----

INT 0x51 ? 855AABF8
INT 0x51 ? 855AABF8
INT 0x51 ? 855AABF8
INT 0x51 ? 855AABF8
INT 0x51 ? 86C23BF8
INT 0x51 ? 855AABF8
INT 0x72 ? 86C23BF8
INT 0x82 ? 86C23BF8
INT 0x92 ? 86C23BF8
INT 0xB2 ? 855A9D98
INT 0xB2 ? 86C23BF8
INT 0xB2 ? 86C23BF8
INT 0xB2 ? 855A9D98

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spkw.sys Systemet finner ikke angitt bane. !
.text USBPORT.SYS!DllUnload 90A0846F 5 Bytes JMP 86C231D8
.text afgeacww.SYS 8B313000 22 Bytes [26, 32, 3B, 82, 10, 31, 3B, ...]
.text afgeacww.SYS 8B313017 135 Bytes [00, 32, 07, B4, 82, 3D, 05, ...]
.text afgeacww.SYS 8B31309F 45 Bytes [82, E0, BC, 06, 82, 48, 73, ...]
.text afgeacww.SYS 8B3130CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text afgeacww.SYS 8B3130DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 855A9478
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [82A67C4C] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [82A67CA0] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A376D2] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A37040] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A377FC] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A370BE] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A3713C] \SystemRoot\System32\Drivers\spkw.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 855AA2D8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86C232D8
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
IAT \SystemRoot\System32\Drivers\afgeacww.SYS[NTOSKRNL.exe!KeTickCount] FFFFF104
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 86C222D8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[640] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00710002
IAT C:\Windows\system32\services.exe[640] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00710000
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74047BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740898C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7404D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7403F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74047599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7403E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7407B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7404D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7404012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74040095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740371F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [740CD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740675E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7403DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7403668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740366BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2896] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74041E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e
c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855B21F8
Device \Driver\volmgr \Device\VolMgrControl 855AC1F8
Device \Driver\usbuhci \Device\USBPDO-0 86A6D1F8
Device \Driver\usbuhci \Device\USBPDO-1 86A6D1F8
Device \Driver\usbehci \Device\USBPDO-2 869021F8
Device \Driver\usbuhci \Device\USBPDO-3 86A6D1F8
Device \Driver\PCI_PNP3924 \Device\00000055 spkw.sys
Device \Driver\usbuhci \Device\USBPDO-4 86A6D1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 86A6D1F8
Device \Driver\usbuhci \Device\USBPDO-6 86A6D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 855AC1F8
Device \Driver\usbehci \Device\USBPDO-7 869021F8
Device \Driver\USBSTOR \Device\00000071 8811A500
Device \Driver\volmgr \Device\HarddiskVolume2 855AC1F8
Device \Driver\cdrom \Device\CdRom0 86AF31F8
Device \Driver\USBSTOR \Device\00000072 8811A500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 855AE1F8
Device \Driver\atapi \Device\Ide\IdePort0 855AE1F8
Device \Driver\atapi \Device\Ide\IdePort1 855AE1F8
Device \Driver\atapi \Device\Ide\IdePort2 855AE1F8
Device \Driver\atapi \Device\Ide\IdePort3 855AE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 855AE1F8
Device \Driver\cdrom \Device\CdRom1 86AF31F8
Device \Driver\netbt \Device\NetBt_Wins_Export 873F9500
Device \Driver\Smb \Device\NetbiosSmb 86AFA500
Device \Driver\sptd \Device\128066424 spkw.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86C281F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\netbt \Device\NetBT_Tcpip_{F0757D4A-1B87-465E-AFE8-58995F2E921B} 873F9500
Device \Driver\usbuhci \Device\USBFDO-0 86A6D1F8
Device \Driver\usbuhci \Device\USBFDO-1 86A6D1F8
Device \Driver\usbehci \Device\USBFDO-2 869021F8
Device \Driver\usbuhci \Device\USBFDO-3 86A6D1F8
Device \Driver\usbuhci \Device\USBFDO-4 86A6D1F8
Device \Driver\usbuhci \Device\USBFDO-5 86A6D1F8
Device \Driver\usbuhci \Device\USBFDO-6 86A6D1F8
Device \Driver\usbehci \Device\USBFDO-7 869021F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 855AF1F8
Device \Driver\afgeacww \Device\Scsi\afgeacww1Port6Path0Target0Lun0 86BB11F8
Device \Driver\afgeacww \Device\Scsi\afgeacww1 86BB11F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target19Lun0 855AF1F8
Device \FileSystem\cdfs \Cdfs 850621F8

---- Services - GMER 1.0.15 ----

Service system32\drivers\kbiwkmhprixrfi.sys (*** hidden *** ) [SYSTEM] kbiwkmnvwkonqb <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb@imagepath \systemroot\system32\drivers\kbiwkmhprixrfi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main@aid 10003
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmhprixrfi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmyxpnerbi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmvbwcuyog.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmspdxsrtm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmnvwkonqb\modules@kbiwkm.dat \systemroot\system32\kbiwkmjkqcptry.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x1B 0xAB 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xC4 0x54 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0x75 0x61 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb@imagepath \systemroot\system32\drivers\kbiwkmhprixrfi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main@aid 10003
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmhprixrfi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmyxpnerbi.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmvbwcuyog.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmspdxsrtm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmnvwkonqb\modules@kbiwkm.dat \systemroot\system32\kbiwkmjkqcptry.dat
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x1B 0xAB 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA1 0xC4 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0x75 0x61 0xE1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.uyvy msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yuy2 msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvyu msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iyuv iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.i420 iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvu9 tsbyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm C:\Windows\System32\l3codeca.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.siren sirenacm.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.HFYU huffyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.VIFP VFCodec.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.dvsd mcdvd_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.DIVX DivX.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yv12 DivX.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.VP60 C:\Windows\system32\vp6vfw.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.VP61 C:\Windows\system32\vp6vfw.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\EA GAMES\The Sims 2 IKEA\xae INTERIØRPAKKE Stæsj\Sims2SP8_Uninst.exe 1

---- EOF - GMER 1.0.15 ----





HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:10, on 09.09.2009
Platform: Windows Vista SP3 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AceGain\LiveUpdate\aceagent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Komplett
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Hypersight] C:\Program Files\Hypersight\hypersight.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 (User 'Default user')
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Alexander\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: HP Smart valgmetode - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: YUDJLAF - Sysinternals - www.sysinternals.com - C:\Users\ALEXAN~1\AppData\Local\Temp\YUDJLAF.exe

--
End of file - 11032 bytes




Im begging you guys to help me, since this problem is way out of my "league"
I really hope there is one out there, that can help me to delete this virus, i would really appreciate it.

Best regards

Alex

[Azulen]

I dont know if it's the virus, or my modem, but my internet disconnects every 5 minute now

[screen317]

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

[Azulen]

Ok, thx ALOT for fast reply, and here is the combofix log! =)


ComboFix 09-09-09.07 - Alexander 10.09.2009 15:42.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.3.1252.47.1044.18.3327.2349 [GMT 2:00]
Kjører fra: c:\users\Alexander\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1953868048-1540438804-883480362-500
c:\$recycle.bin\S-1-5-21-3137186466-1246008624-3695993793-1006
c:\$recycle.bin\S-1-5-21-3137186466-1246008624-3695993793-500
c:\users\Alexander\AppData\Roaming\inst.exe
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmnvwkonqb
-------\Service_kbiwkmnvwkonqb
-------\Service_NPF


((((((((((((((((((((((((((( Filer Opprettet Fra 2009-08-10 til 2009-09-10 )))))))))))))))))))))))))))))))))
.

2009-09-10 13:49 . 2009-09-10 14:02 -------- d-----w- c:\users\Alexander\AppData\Local\temp
2009-09-10 13:49 . 2009-09-10 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-10 13:19 . 2009-09-10 13:31 -------- d-----w- C:\DVD_MSHK
2009-09-09 23:08 . 2009-09-09 23:08 -------- d-----w- c:\windows\system32\EventProviders
2009-09-09 23:05 . 2009-09-09 23:05 -------- d-----w- c:\programdata\McAfee Security Scan
2009-09-09 23:05 . 2009-09-09 23:05 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-09 14:44 . 2009-09-09 14:44 -------- d-----w- c:\program files\Trend Micro
2009-09-07 12:41 . 2009-09-07 12:41 -------- d-----w- c:\program files\CCleaner
2009-09-07 00:05 . 2009-09-07 00:05 -------- d-----w- c:\program files\Sophos
2009-09-06 23:55 . 2009-09-06 23:55 -------- d-----w- c:\users\Alexander\Pavark
2009-09-06 23:33 . 2009-09-06 23:33 -------- d-----w- c:\program files\Hypersight
2009-09-06 23:33 . 2008-06-28 18:48 70656 ----a-w- c:\windows\system32\drivers\kernel.sys
2009-09-06 20:14 . 2009-09-06 20:14 -------- d-----w- c:\program files\Malware Removal Tool
2009-09-06 20:08 . 2009-09-09 23:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-06 20:08 . 2009-09-06 20:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-06 19:05 . 2009-09-06 19:05 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-06 18:53 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-06 18:46 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-09-06 18:20 . 2009-09-06 18:20 -------- d-----w- c:\users\Alexander\AppData\Local\Microsoft Help
2009-09-06 18:09 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-09-06 18:09 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-06 18:09 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-09-06 18:09 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-09-06 18:09 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-09-06 18:08 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-09-06 18:08 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-09-06 18:02 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-09-06 18:02 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-09-06 18:02 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-09-06 18:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-09-06 18:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-09-06 16:58 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-09-06 16:58 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-06 16:58 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-06 16:58 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-06 16:56 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-06 16:56 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-06 16:56 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-06 16:56 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-06 16:56 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 16:56 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-06 16:56 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-06 16:56 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-06 16:56 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-06 16:56 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-09-06 16:56 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-09-06 16:56 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-06 16:56 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-06 16:50 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-06 16:50 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-06 16:49 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-09-06 16:49 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-09-06 15:59 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-06 15:59 . 2009-09-06 15:59 -------- d-----w- c:\program files\Alwil Software
2009-09-06 13:32 . 2009-09-06 13:32 -------- d-----w- c:\users\Alexander\AppData\Roaming\Malwarebytes
2009-09-06 13:31 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 13:31 . 2009-09-06 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 13:31 . 2009-09-06 13:31 -------- d-----w- c:\programdata\Malwarebytes
2009-09-06 13:31 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 13:30 . 2009-09-06 13:30 -------- d-----w- c:\program files\ERUNT
2009-08-30 23:22 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-30 23:06 . 2009-08-30 23:06 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-30 23:06 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-30 23:03 . 2009-08-30 23:03 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-30 23:02 . 2009-08-30 23:02 -------- d-----w- c:\program files\Lavasoft
2009-08-30 22:19 . 2009-08-30 22:19 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-30 22:19 . 2009-08-30 22:21 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-30 22:16 . 2009-08-30 22:16 -------- d-----w- C:\NVIDIA
2009-08-30 17:24 . 2009-08-31 08:42 -------- d-----w- c:\users\Alexander\AppData\Local\Panda Software
2009-08-30 17:24 . 2009-08-30 17:24 -------- d-----w- c:\programdata\sentinel
2009-08-30 17:21 . 2009-08-30 17:21 -------- d-----w- c:\programdata\Backup
2009-08-30 17:20 . 2009-09-06 17:52 -------- d-----w- c:\program files\Panda Security
2009-08-30 12:23 . 2008-02-22 11:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-30 12:23 . 2009-08-30 12:23 -------- d-----w- C:\Drivers
2009-08-30 12:05 . 2009-08-30 12:05 -------- dc-h--w- c:\programdata\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-08-30 12:04 . 2009-08-30 12:04 -------- dc----w- c:\programdata\{F19A02B4-1684-448C-B152-43B554F2E722}
2009-08-30 12:00 . 2009-08-30 12:00 -------- d-----r- C:\AHCache
2009-08-30 12:00 . 2009-09-04 16:59 -------- d-----w- c:\users\Alexander\AppData\Roaming\Uniblue
2009-08-30 12:00 . 2009-09-04 16:59 -------- d-----w- c:\programdata\DriverScanner
2009-08-30 12:00 . 2009-09-04 16:59 -------- d-----w- c:\program files\Uniblue
2009-08-30 11:58 . 2009-08-30 11:59 -------- d-----w- c:\programdata\Lavasoft
2009-08-24 21:01 . 2009-08-24 21:01 -------- d-----w- c:\program files\P2P Tv Plugin
2009-08-22 18:44 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-08-22 18:44 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-08-22 18:44 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-08-22 18:44 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-08-22 18:44 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-08-22 18:44 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-08-22 18:44 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-08-22 18:44 . 2009-08-22 18:44 -------- d-----w- c:\program files\VSO
2009-08-21 20:09 . 2009-08-22 18:49 -------- d-----r- C:\The.Boy.In.The.Striped.Pyjamas[2008]DvDrip-aXXo
2009-08-20 02:24 . 2009-08-20 02:24 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-17 00:42 . 2009-08-17 00:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 00:42 . 2009-08-17 00:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-08-17 00:41 . 2009-08-17 00:41 3176992 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 00:41 . 2009-08-17 00:41 4033056 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 00:41 . 2009-08-17 00:41 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 00:41 . 2009-08-17 00:41 1292832 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 00:41 . 2009-08-17 00:41 3553824 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 00:41 . 2009-08-17 00:41 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 00:41 . 2009-08-17 00:41 764448 ----a-w- c:\windows\system32\nvsvc.dll
2009-08-17 00:41 . 2009-08-17 00:41 4930080 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 00:41 . 2009-08-17 00:41 215584 ----a-w- c:\windows\system32\nvvsvc.exe
2009-08-17 00:41 . 2009-08-17 00:41 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-08-17 00:41 . 2009-08-17 00:41 13904416 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-16 22:57 . 2009-08-16 22:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-16 22:57 . 2009-08-16 22:57 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 22:57 . 2009-08-16 22:57 3298304 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-16 22:57 . 2009-08-16 22:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 22:57 . 2009-08-16 22:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 22:57 . 2009-08-16 22:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 14:02 . 2009-08-30 22:24 62895 ----a-w- c:\programdata\nvModes.dat
2009-09-10 13:51 . 2008-06-13 08:30 -------- d-----w- c:\programdata\NVIDIA
2009-09-10 13:17 . 2008-09-12 16:35 -------- d-----w- c:\programdata\DVD Shrink
2009-09-10 13:13 . 2009-04-26 23:57 -------- d-----w- c:\users\Alexander\AppData\Roaming\dvdcss
2009-09-09 23:52 . 2008-06-12 22:18 -------- d-----w- c:\programdata\Creative
2009-09-09 23:23 . 2008-06-29 15:18 -------- d-----w- c:\program files\Java
2009-09-09 14:28 . 2009-04-03 20:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 13:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 13:53 . 2008-04-17 06:15 -------- d-----w- c:\programdata\Microsoft Help
2009-09-08 17:18 . 2008-07-05 12:06 -------- d-----w- c:\program files\Common Files\Steam
2009-09-07 12:44 . 2008-07-14 14:30 -------- d-----w- c:\users\Alexander\AppData\Roaming\LimeWire
2009-09-06 19:06 . 2008-06-17 17:11 101816 ----a-w- c:\users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-06 19:03 . 2008-01-21 06:14 535968 ----a-w- c:\windows\system32\perfh014.dat
2009-09-06 19:03 . 2008-01-21 06:14 111410 ----a-w- c:\windows\system32\perfc014.dat
2009-09-06 18:19 . 2008-04-17 06:16 -------- d-----w- c:\program files\Microsoft Works
2009-09-06 17:52 . 2008-06-17 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 11:56 . 2008-06-22 16:59 -------- d-----w- c:\users\Alexander\AppData\Roaming\uTorrent
2009-09-04 17:47 . 2009-05-08 19:19 -------- d-----w- c:\programdata\HP Product Assistant
2009-09-04 17:47 . 2008-06-18 20:00 -------- d-----w- c:\users\Alexander\AppData\Roaming\Ventrilo
2009-08-30 23:02 . 2008-06-18 19:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-30 22:33 . 2008-10-24 18:59 -------- d-----w- c:\program files\Amazon
2009-08-30 22:18 . 2008-06-29 04:59 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-22 19:33 . 2008-09-21 10:20 -------- d-----w- c:\users\Alexander\AppData\Roaming\Vso
2009-08-22 19:21 . 2008-09-21 18:32 -------- d-----w- c:\programdata\vsosdk
2009-08-17 00:20 . 2008-07-14 14:30 -------- d-----w- c:\program files\LimeWire
2009-08-16 22:57 . 2009-08-16 22:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-08-16 22:57 . 2008-05-15 11:22 7569920 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-16 22:57 . 2008-05-15 11:22 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-08-15 23:22 . 2008-06-29 04:01 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-15 23:22 . 2008-06-29 04:01 139152 ----a-w- c:\users\Alexander\AppData\Roaming\PnkBstrK.sys
2009-08-15 23:22 . 2008-06-29 04:01 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-15 23:22 . 2008-06-29 04:01 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-15 23:16 . 2008-11-15 16:06 -------- d-----w- c:\program files\EA GAMES
2009-08-14 17:07 . 2009-09-09 08:18 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 08:18 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 08:18 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 08:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 08:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 08:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 08:18 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 08:18 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 08:18 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 08:18 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-11 10:35 . 2008-06-12 22:20 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-08-09 17:56 . 2008-10-07 14:12 7592 ----a-w- c:\users\Alexander\AppData\Local\d3d9caps.dat
2009-08-07 19:33 . 2008-11-15 16:07 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-07 19:33 . 2009-04-09 15:11 -------- d-----w- c:\users\Alexander\AppData\Roaming\GameTracker
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-03 12:16 . 2009-05-15 21:08 -------- d-----w- c:\users\Alexander\AppData\Roaming\mIRC
2009-07-31 13:23 . 2009-01-31 16:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-09-06 18:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-06 18:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-06 18:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-06 18:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 16:15 . 2009-07-17 16:15 -------- d-----w- c:\program files\A4Tech
2009-07-17 14:35 . 2009-09-06 16:57 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-09-06 16:57 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-09-06 16:57 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-09-06 16:57 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-09-06 16:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 19:32 . 2009-09-09 08:18 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-09 08:18 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-09 08:18 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29 . 2009-09-09 08:18 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-06-24 09:16 . 2009-06-24 09:16 114304 ----a-w- c:\windows\system32\drivers\cxbu0wdm.sys
.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-06-11 1217784]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AceGain LiveUpdate"="c:\program files\AceGain\LiveUpdate\LiveUpdate.exe" [2004-01-01 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"iKeyWorks"="c:\program files\A4Tech\Keyboard\Ikeymain.exe" [2007-06-25 65536]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-12-25 241664]
"Hypersight"="c:\program files\Hypersight\hypersight.exe" [2008-06-28 499712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CtHelper.exe [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-02-20 19968]
"CTXFIREG"="CTxfiReg.exe" - c:\windows\System32\Ctxfireg.exe [2008-02-20 43520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\readreg" [X]
"CtxfiReg"="Ctxfireg.exe" - c:\windows\System32\Ctxfireg.exe [2008-02-20 43520]

c:\users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Anapod Manager.lnk - c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe [2008-6-8 1076276]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2008-6-17 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-6-17 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D12ACF9A-9A34-4A9D-BC7E-359A81CA0044}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1138176B-CF8D-4E19-9ECC-24EACC3B65ED}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1542AE60-AB44-47AD-AA87-621358F662EA}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6B181AD6-B6B2-435A-804E-E7ED04E4E7F8}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{EB05BDED-3622-4091-A2B6-D877EAE49705}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{80E9E9A3-B4D7-4185-A39B-28107EC6EB67}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{7AFFF3BF-259B-47F1-B477-6A9736D23E23}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{169BC04E-5949-44E5-A085-012E443062E9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8FA3A492-B7D7-470B-98C7-F6339AE80D32}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E723917A-03BF-4DA7-A17F-2980AA30618C}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EA1B291C-AB9D-47B5-8C08-BA07020BDD7D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F1C3083B-684A-4092-B738-C4F54857AD62}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D90D3B8A-3701-4A08-B5D8-DC7614A5F74A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DAF79EEB-1654-483B-9683-AE7238AB00B6}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{639CF15A-AE78-47A8-A95C-CAD38A66A7F4}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{55DEC4D2-369F-4176-9650-6ECBA94E142B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{93B88AEE-EF8D-48CE-B7C8-634E2FC486A1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F848EEDB-4799-472D-9C0F-8B91E9988338}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{129618BC-099E-4940-9259-9A64EEE670AC}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{87D410FD-BECE-4948-84F2-1AD91DD7189C}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{D498400F-60B1-4B93-8039-E67AECBFE037}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{14A7F1B8-DEBC-4315-AEA3-24C09FD83012}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{B87A1EF0-5D6B-4919-852D-98D0300A3EDD}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B9CD13AE-DE82-41E9-83E0-2C1FF5E42395}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{37E96185-649E-4370-AB0F-1BE2D84CEC9B}"= UDP:990:LocalSubnet:LocalSubnet|IF={A607F8F4-D9F6-4E0C-9333-80DA47EC30B7}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{07844CFE-7AA2-4576-803B-04E7926EE22C}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{0230DD17-D8EE-4ECD-B6F3-B387C89559BD}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{50D107E1-4587-4531-A4C3-E299D30D4D1E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{8097AEE5-9074-4CA5-AB17-30999F5C473A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{90548E86-20AC-4FD2-A50C-B607D8052C41}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{9E10C46D-521F-4619-813A-63B940E6C9BE}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{EAE16E27-0F2C-4CBD-878F-C5012E84AA57}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{F80C918B-8DE6-4F94-B40E-D583F3C53088}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{4705574D-F805-47A3-B0DE-FBD3004AADD9}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{3D37928A-984D-472E-96B3-AC8641AE8D05}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{C55A2B51-DDE7-4374-AB9E-45A7B3BB7836}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{9D0B4B58-629B-49E2-8D06-B65142B4B495}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{12AF19A1-281D-43BB-AAFC-1512FF0E26D4}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{A72B7CDB-02BD-4D78-BFAF-42DCBDFA424C}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{45884275-B2C0-4B43-914A-F139BB9DC7C5}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{005939F6-FBCE-4DCC-91A6-537DCA7430A9}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{3228A81B-9D8F-43B5-B007-326B46497994}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"{AA8EE0A7-C7EB-4D53-BF79-07B581CB9172}"= UDP:c:\program files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{76E7153F-86FC-4720-93D1-5FA215F3A8F1}"= TCP:c:\program files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{9E7A12A5-8394-4D2F-9B17-C9BF0B97E521}c:\\users\\alexander\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader.exe"= UDP:c:\users\alexander\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe:wow-3.0.1.8874-ptr-eu-installer-downloader.exe
"UDP Query User{B8F578E9-62AF-4475-AB76-255ECF17A3BE}c:\\users\\alexander\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader.exe"= TCP:c:\users\alexander\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe:wow-3.0.1.8874-ptr-eu-installer-downloader.exe
"{936B24EC-30F8-4C94-80B8-9D1C05F7EB79}"= UDP:c:\program files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{11CAD296-9A08-4615-A5C6-4A1AF842AEDE}"= TCP:c:\program files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DFCDA05B-052B-418F-9A70-F4BF488B6261}"= UDP:c:\users\Public\Games\World of Warcraft\Wow.exe:Wow
"{9C60047E-2F28-4F51-8A26-0DFC54C91F31}"= TCP:c:\users\Public\Games\World of Warcraft\Wow.exe:Wow
"{1C0AE245-ED21-4024-A61A-C203EE52060F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{750311BE-EAAE-4F1E-ACFA-5281002EDB07}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6CD167AB-C3CD-4701-BE24-2A478F91A363}"= Disabled:UDP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{543DB10F-DFA9-4291-88F3-8D39B3F6B919}"= Disabled:TCP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{EADD5AEF-F14E-491F-8EEC-C8731570F5EB}"= Disabled:UDP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{FC06D33A-B984-46B8-AEF9-75BE63A067B2}"= Disabled:TCP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 kernel;Hypersight Kernel;c:\windows\System32\drivers\kernel.sys [07.09.2009 01:33 70656]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [31.08.2009 01:06 64160]
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [13.06.2008 10:11 143256]
R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16.01.2008 11:21 30312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 16:49 1029456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06.09.2009 22:08 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17.08.2009 01:32 239648]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [17.06.2008 19:57 79360]
S3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [24.06.2009 11:16 114304]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712]
S3 YUDJLAF;YUDJLAF;c:\users\ALEXAN~1\AppData\Local\Temp\YUDJLAF.exe --> c:\users\ALEXAN~1\AppData\Local\Temp\YUDJLAF.exe [?]
S4 UGURU;UGURU;c:\windows\System32\drivers\uGuru.sys [13.06.2008 10:11 21048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-09-09 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-09 c:\windows\Tasks\NeroLiveEpgUpdate-Alexander-PC_Alexander.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Compare Prices with &Dealio - c:\users\Alexander\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\4phspls7.default\
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 16:02
Windows 6.0.6001 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A540.tmp"
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-3137186466-1246008624-3695993793-1003\Software\SecuROM\License information*]
"datasecu"=hex:04,40,87,bf,2f,c7,75,1e,1e,96,c8,c8,63,ae,a2,21,c1,f2,5c,82,45,
ba,8f,22,9d,71,f0,b5,3c,05,b1,2f,f7,3e,a1,b8,05,7c,94,83,72,80,fa,8c,9b,bf,\
"rkeysecu"=hex:c2,a7,2c,b3,c9,b7,c9,ae,a1,12,51,8c,e2,00,b9,02
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\System32\nvvsvc.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\CTxfispi.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2009-09-10 16:05 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2009-09-10 14:04

Pre-Run: 95 612 690 432 byte ledig
Post-Run: 95 121 952 768 byte ledig

418 --- E O F --- 2009-09-09 23:08

[screen317]

Hi,

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into Notepad:

Quote

Driver::
MEMSWEEP2
YUDJLAF
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
File::
c:\users\ALEXAN~1\AppData\Local\Temp\YUDJLAF.exe
c:\windows\system32\A540.tmp

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.


-screen317

[Azulen]

ComboFix 09-09-10.03 - Alexander 11.09.2009 12:56.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.3.1252.47.1044.18.3327.2352 [GMT 2:00]
Kjører fra: c:\users\Alexander\Desktop\ComboFix.exe
Command switches brukt :: c:\users\Alexander\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\ALEXAN~1\AppData\Local\Temp\YUDJLAF.exe"
"c:\windows\system32\A540.tmp"
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_YUDJLAF


((((((((((((((((((((((((((( Filer Opprettet Fra 2009-08-11 til 2009-09-11 )))))))))))))))))))))))))))))))))
.

2009-09-11 11:02 . 2009-09-11 11:06 -------- d-----w- c:\users\Alexander\AppData\Local\temp
2009-09-11 11:02 . 2009-09-11 11:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-11 11:02 . 2009-09-11 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-10 13:19 . 2009-09-10 13:31 -------- d-----w- C:\DVD_MSHK
2009-09-09 23:08 . 2009-09-09 23:08 -------- d-----w- c:\windows\system32\EventProviders
2009-09-09 23:05 . 2009-09-09 23:05 -------- d-----w- c:\programdata\McAfee Security Scan
2009-09-09 23:05 . 2009-09-09 23:05 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-09 14:44 . 2009-09-09 14:44 -------- d-----w- c:\program files\Trend Micro
2009-09-07 12:41 . 2009-09-07 12:41 -------- d-----w- c:\program files\CCleaner
2009-09-07 00:05 . 2009-09-07 00:05 -------- d-----w- c:\program files\Sophos
2009-09-06 23:55 . 2009-09-06 23:55 -------- d-----w- c:\users\Alexander\Pavark
2009-09-06 23:33 . 2009-09-06 23:33 -------- d-----w- c:\program files\Hypersight
2009-09-06 23:33 . 2008-06-28 18:48 70656 ----a-w- c:\windows\system32\drivers\kernel.sys
2009-09-06 20:14 . 2009-09-06 20:14 -------- d-----w- c:\program files\Malware Removal Tool
2009-09-06 20:08 . 2009-09-09 23:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-06 20:08 . 2009-09-06 20:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-06 19:05 . 2009-09-06 19:05 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-06 18:53 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-06 18:46 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-09-06 18:20 . 2009-09-06 18:20 -------- d-----w- c:\users\Alexander\AppData\Local\Microsoft Help
2009-09-06 18:09 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-09-06 18:09 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-06 18:09 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-09-06 18:09 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-09-06 18:09 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-09-06 18:08 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-09-06 18:08 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-09-06 18:02 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-09-06 18:02 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-09-06 18:02 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-09-06 18:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-09-06 18:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-09-06 16:58 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-09-06 16:58 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-06 16:58 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-06 16:58 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-06 16:56 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-06 16:56 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-06 16:56 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-06 16:56 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-06 16:56 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 16:56 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-06 16:56 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-06 16:56 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-06 16:56 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-06 16:56 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-09-06 16:56 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-09-06 16:56 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-06 16:56 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-06 16:50 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-06 16:50 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-06 16:49 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-09-06 16:49 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-09-06 15:59 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-06 15:59 . 2009-09-06 15:59 -------- d-----w- c:\program files\Alwil Software
2009-09-06 13:32 . 2009-09-06 13:32 -------- d-----w- c:\users\Alexander\AppData\Roaming\Malwarebytes
2009-09-06 13:31 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 13:31 . 2009-09-06 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 13:31 . 2009-09-06 13:31 -------- d-----w- c:\programdata\Malwarebytes
2009-09-06 13:31 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 13:30 . 2009-09-06 13:30 -------- d-----w- c:\program files\ERUNT
2009-08-30 23:22 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-30 23:06 . 2009-08-30 23:06 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-30 23:06 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-30 23:03 . 2009-08-30 23:03 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-30 23:02 . 2009-08-30 23:02 -------- d-----w- c:\program files\Lavasoft
2009-08-30 22:19 . 2009-08-30 22:19 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-30 22:19 . 2009-08-30 22:21 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-30 22:16 . 2009-08-30 22:16 -------- d-----w- C:\NVIDIA
2009-08-30 17:24 . 2009-08-31 08:42 -------- d-----w- c:\users\Alexander\AppData\Local\Panda Software
2009-08-30 17:24 . 2009-08-30 17:24 -------- d-----w- c:\programdata\sentinel
2009-08-30 17:21 . 2009-08-30 17:21 -------- d-----w- c:\programdata\Backup
2009-08-30 17:20 . 2009-09-06 17:52 -------- d-----w- c:\program files\Panda Security
2009-08-30 12:23 . 2008-02-22 11:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-30 12:23 . 2009-08-30 12:23 -------- d-----w- C:\Drivers
2009-08-30 12:05 . 2009-08-30 12:05 -------- dc-h--w- c:\programdata\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-08-30 12:04 . 2009-08-30 12:04 -------- dc----w- c:\programdata\{F19A02B4-1684-448C-B152-43B554F2E722}
2009-08-30 12:00 . 2009-08-30 12:00 -------- d-----r- C:\AHCache
2009-08-30 12:00 . 2009-09-04 16:59 -------- d-----w- c:\users\Alexander\AppData\Roaming\Uniblue
2009-08-30 12:00 . 2009-09-04 16:59 -------- d-----w- c:\programdata\DriverScanner
2009-08-30 12:00 . 2009-09-04 16:59 -------- d-----w- c:\program files\Uniblue
2009-08-30 11:58 . 2009-08-30 11:59 -------- d-----w- c:\programdata\Lavasoft
2009-08-24 21:01 . 2009-08-24 21:01 -------- d-----w- c:\program files\P2P Tv Plugin
2009-08-22 18:44 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-08-22 18:44 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-08-22 18:44 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-08-22 18:44 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-08-22 18:44 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-08-22 18:44 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-08-22 18:44 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-08-22 18:44 . 2009-08-22 18:44 -------- d-----w- c:\program files\VSO
2009-08-21 20:09 . 2009-08-22 18:49 -------- d-----r- C:\The.Boy.In.The.Striped.Pyjamas[2008]DvDrip-aXXo
2009-08-20 02:24 . 2009-08-20 02:24 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-17 00:42 . 2009-08-17 00:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 00:42 . 2009-08-17 00:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-08-17 00:41 . 2009-08-17 00:41 3176992 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 00:41 . 2009-08-17 00:41 4033056 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 00:41 . 2009-08-17 00:41 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 00:41 . 2009-08-17 00:41 1292832 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 00:41 . 2009-08-17 00:41 3553824 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 00:41 . 2009-08-17 00:41 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 00:41 . 2009-08-17 00:41 764448 ----a-w- c:\windows\system32\nvsvc.dll
2009-08-17 00:41 . 2009-08-17 00:41 4930080 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 00:41 . 2009-08-17 00:41 215584 ----a-w- c:\windows\system32\nvvsvc.exe
2009-08-17 00:41 . 2009-08-17 00:41 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-08-17 00:41 . 2009-08-17 00:41 13904416 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-16 22:57 . 2009-08-16 22:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-16 22:57 . 2009-08-16 22:57 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 22:57 . 2009-08-16 22:57 3298304 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-16 22:57 . 2009-08-16 22:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 22:57 . 2009-08-16 22:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 22:57 . 2009-08-16 22:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 11:05 . 2009-08-30 22:24 62895 ----a-w- c:\programdata\nvModes.dat
2009-09-11 11:04 . 2008-06-13 08:30 -------- d-----w- c:\programdata\NVIDIA
2009-09-10 13:17 . 2008-09-12 16:35 -------- d-----w- c:\programdata\DVD Shrink
2009-09-10 13:13 . 2009-04-26 23:57 -------- d-----w- c:\users\Alexander\AppData\Roaming\dvdcss
2009-09-09 23:52 . 2008-06-12 22:18 -------- d-----w- c:\programdata\Creative
2009-09-09 23:23 . 2008-06-29 15:18 -------- d-----w- c:\program files\Java
2009-09-09 14:28 . 2009-04-03 20:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 13:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 13:53 . 2008-04-17 06:15 -------- d-----w- c:\programdata\Microsoft Help
2009-09-08 17:18 . 2008-07-05 12:06 -------- d-----w- c:\program files\Common Files\Steam
2009-09-07 12:44 . 2008-07-14 14:30 -------- d-----w- c:\users\Alexander\AppData\Roaming\LimeWire
2009-09-06 19:06 . 2008-06-17 17:11 101816 ----a-w- c:\users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-06 19:03 . 2008-01-21 06:14 535968 ----a-w- c:\windows\system32\perfh014.dat
2009-09-06 19:03 . 2008-01-21 06:14 111410 ----a-w- c:\windows\system32\perfc014.dat
2009-09-06 18:19 . 2008-04-17 06:16 -------- d-----w- c:\program files\Microsoft Works
2009-09-06 17:52 . 2008-06-17 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 11:56 . 2008-06-22 16:59 -------- d-----w- c:\users\Alexander\AppData\Roaming\uTorrent
2009-09-04 17:47 . 2009-05-08 19:19 -------- d-----w- c:\programdata\HP Product Assistant
2009-09-04 17:47 . 2008-06-18 20:00 -------- d-----w- c:\users\Alexander\AppData\Roaming\Ventrilo
2009-08-30 23:02 . 2008-06-18 19:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-30 22:33 . 2008-10-24 18:59 -------- d-----w- c:\program files\Amazon
2009-08-30 22:18 . 2008-06-29 04:59 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-22 19:33 . 2008-09-21 10:20 -------- d-----w- c:\users\Alexander\AppData\Roaming\Vso
2009-08-22 19:21 . 2008-09-21 18:32 -------- d-----w- c:\programdata\vsosdk
2009-08-17 00:20 . 2008-07-14 14:30 -------- d-----w- c:\program files\LimeWire
2009-08-16 22:57 . 2009-08-16 22:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-08-16 22:57 . 2008-05-15 11:22 7569920 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-16 22:57 . 2008-05-15 11:22 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-08-15 23:22 . 2008-06-29 04:01 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-15 23:22 . 2008-06-29 04:01 139152 ----a-w- c:\users\Alexander\AppData\Roaming\PnkBstrK.sys
2009-08-15 23:22 . 2008-06-29 04:01 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-15 23:22 . 2008-06-29 04:01 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-15 23:16 . 2008-11-15 16:06 -------- d-----w- c:\program files\EA GAMES
2009-08-14 17:07 . 2009-09-09 08:18 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 08:18 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 08:18 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 08:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 08:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 08:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 08:18 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 08:18 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 08:18 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 08:18 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-11 10:35 . 2008-06-12 22:20 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-08-09 17:56 . 2008-10-07 14:12 7592 ----a-w- c:\users\Alexander\AppData\Local\d3d9caps.dat
2009-08-07 19:33 . 2008-11-15 16:07 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-07 19:33 . 2009-04-09 15:11 -------- d-----w- c:\users\Alexander\AppData\Roaming\GameTracker
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-03 12:16 . 2009-05-15 21:08 -------- d-----w- c:\users\Alexander\AppData\Roaming\mIRC
2009-07-31 13:23 . 2009-01-31 16:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-09-06 18:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-06 18:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-06 18:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-06 18:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 16:15 . 2009-07-17 16:15 -------- d-----w- c:\program files\A4Tech
2009-07-17 14:35 . 2009-09-06 16:57 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-09-06 16:57 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-09-06 16:57 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-09-06 16:57 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-09-06 16:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 19:32 . 2009-09-09 08:18 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-09 08:18 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-09 08:18 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29 . 2009-09-09 08:18 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-06-24 09:16 . 2009-06-24 09:16 114304 ----a-w- c:\windows\system32\drivers\cxbu0wdm.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_14.02.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-09-11 10:37 64874 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-17 17:11 . 2009-09-10 18:17 10672 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3137186466-1246008624-3695993793-1003_UserData.bin
- 2008-06-17 17:11 . 2009-09-09 22:41 10672 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3137186466-1246008624-3695993793-1003_UserData.bin
+ 2008-06-12 22:24 . 2009-09-11 11:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-12 22:24 . 2009-09-10 13:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-12 22:24 . 2009-09-11 11:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-12 22:24 . 2009-09-10 13:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-11 11:04 . 2009-09-11 11:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-10 13:51 . 2009-09-10 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-10 13:51 . 2009-09-10 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-11 11:04 . 2009-09-11 11:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-09-10 18:17 103678 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-12 22:24 . 2009-09-10 13:51 507904 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-12 22:24 . 2009-09-11 11:06 507904 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-06 19:09 . 2009-09-10 18:35 180923245 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-06-11 1217784]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AceGain LiveUpdate"="c:\program files\AceGain\LiveUpdate\LiveUpdate.exe" [2004-01-01 417792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"iKeyWorks"="c:\program files\A4Tech\Keyboard\Ikeymain.exe" [2007-06-25 65536]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-12-25 241664]
"Hypersight"="c:\program files\Hypersight\hypersight.exe" [2008-06-28 499712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CtHelper.exe [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-02-20 19968]
"CTXFIREG"="CTxfiReg.exe" - c:\windows\System32\Ctxfireg.exe [2008-02-20 43520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\readreg" [X]
"CtxfiReg"="Ctxfireg.exe" - c:\windows\System32\Ctxfireg.exe [2008-02-20 43520]

c:\users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Anapod Manager.lnk - c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe [2008-6-8 1076276]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2008-6-17 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-6-17 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D12ACF9A-9A34-4A9D-BC7E-359A81CA0044}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1138176B-CF8D-4E19-9ECC-24EACC3B65ED}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1542AE60-AB44-47AD-AA87-621358F662EA}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6B181AD6-B6B2-435A-804E-E7ED04E4E7F8}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{EB05BDED-3622-4091-A2B6-D877EAE49705}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{80E9E9A3-B4D7-4185-A39B-28107EC6EB67}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{7AFFF3BF-259B-47F1-B477-6A9736D23E23}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{169BC04E-5949-44E5-A085-012E443062E9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8FA3A492-B7D7-470B-98C7-F6339AE80D32}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E723917A-03BF-4DA7-A17F-2980AA30618C}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EA1B291C-AB9D-47B5-8C08-BA07020BDD7D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F1C3083B-684A-4092-B738-C4F54857AD62}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D90D3B8A-3701-4A08-B5D8-DC7614A5F74A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DAF79EEB-1654-483B-9683-AE7238AB00B6}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{639CF15A-AE78-47A8-A95C-CAD38A66A7F4}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{55DEC4D2-369F-4176-9650-6ECBA94E142B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{93B88AEE-EF8D-48CE-B7C8-634E2FC486A1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F848EEDB-4799-472D-9C0F-8B91E9988338}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{129618BC-099E-4940-9259-9A64EEE670AC}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{87D410FD-BECE-4948-84F2-1AD91DD7189C}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{D498400F-60B1-4B93-8039-E67AECBFE037}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{14A7F1B8-DEBC-4315-AEA3-24C09FD83012}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{B87A1EF0-5D6B-4919-852D-98D0300A3EDD}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B9CD13AE-DE82-41E9-83E0-2C1FF5E42395}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{37E96185-649E-4370-AB0F-1BE2D84CEC9B}"= UDP:990:LocalSubnet:LocalSubnet|IF={A607F8F4-D9F6-4E0C-9333-80DA47EC30B7}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{07844CFE-7AA2-4576-803B-04E7926EE22C}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{0230DD17-D8EE-4ECD-B6F3-B387C89559BD}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{50D107E1-4587-4531-A4C3-E299D30D4D1E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{8097AEE5-9074-4CA5-AB17-30999F5C473A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{90548E86-20AC-4FD2-A50C-B607D8052C41}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{9E10C46D-521F-4619-813A-63B940E6C9BE}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{EAE16E27-0F2C-4CBD-878F-C5012E84AA57}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{F80C918B-8DE6-4F94-B40E-D583F3C53088}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{4705574D-F805-47A3-B0DE-FBD3004AADD9}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{3D37928A-984D-472E-96B3-AC8641AE8D05}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{C55A2B51-DDE7-4374-AB9E-45A7B3BB7836}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{9D0B4B58-629B-49E2-8D06-B65142B4B495}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{12AF19A1-281D-43BB-AAFC-1512FF0E26D4}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{A72B7CDB-02BD-4D78-BFAF-42DCBDFA424C}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{45884275-B2C0-4B43-914A-F139BB9DC7C5}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{005939F6-FBCE-4DCC-91A6-537DCA7430A9}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{3228A81B-9D8F-43B5-B007-326B46497994}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"{AA8EE0A7-C7EB-4D53-BF79-07B581CB9172}"= UDP:c:\program files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{76E7153F-86FC-4720-93D1-5FA215F3A8F1}"= TCP:c:\program files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{9E7A12A5-8394-4D2F-9B17-C9BF0B97E521}c:\\users\\alexander\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader.exe"= UDP:c:\users\alexander\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe:wow-3.0.1.8874-ptr-eu-installer-downloader.exe
"UDP Query User{B8F578E9-62AF-4475-AB76-255ECF17A3BE}c:\\users\\alexander\\downloads\\wow-3.0.1.8874-ptr-eu-installer-downloader.exe"= TCP:c:\users\alexander\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe:wow-3.0.1.8874-ptr-eu-installer-downloader.exe
"{936B24EC-30F8-4C94-80B8-9D1C05F7EB79}"= UDP:c:\program files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{11CAD296-9A08-4615-A5C6-4A1AF842AEDE}"= TCP:c:\program files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DFCDA05B-052B-418F-9A70-F4BF488B6261}"= UDP:c:\users\Public\Games\World of Warcraft\Wow.exe:Wow
"{9C60047E-2F28-4F51-8A26-0DFC54C91F31}"= TCP:c:\users\Public\Games\World of Warcraft\Wow.exe:Wow
"{1C0AE245-ED21-4024-A61A-C203EE52060F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{750311BE-EAAE-4F1E-ACFA-5281002EDB07}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6CD167AB-C3CD-4701-BE24-2A478F91A363}"= Disabled:UDP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{543DB10F-DFA9-4291-88F3-8D39B3F6B919}"= Disabled:TCP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{67C02EC7-93FB-4F6E-B3DD-ECA8A7D8DF8F}"= Disabled:UDP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer
"{5CC70A79-7695-4702-BB47-C9687140E072}"= Disabled:TCP:c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe:Anapod Xtreamer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 kernel;Hypersight Kernel;c:\windows\System32\drivers\kernel.sys [07.09.2009 01:33 70656]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [31.08.2009 01:06 64160]
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [13.06.2008 10:11 143256]
R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16.01.2008 11:21 30312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06.09.2009 22:08 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17.08.2009 01:32 239648]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [17.06.2008 19:57 79360]
S3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [24.06.2009 11:16 114304]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 16:49 1029456]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712]
S4 UGURU;UGURU;c:\windows\System32\drivers\uGuru.sys [13.06.2008 10:11 21048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-09-10 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-10 c:\windows\Tasks\NeroLiveEpgUpdate-Alexander-PC_Alexander.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Compare Prices with &Dealio - c:\users\Alexander\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\4phspls7.default\
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 13:06
Windows 6.0.6001 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-3137186466-1246008624-3695993793-1003\Software\SecuROM\License information*]
"datasecu"=hex:04,40,87,bf,2f,c7,75,1e,1e,96,c8,c8,63,ae,a2,21,c1,f2,5c,82,45,
ba,8f,22,9d,71,f0,b5,3c,05,b1,2f,f7,3e,a1,b8,05,7c,94,83,72,80,fa,8c,9b,bf,\
"rkeysecu"=hex:c2,a7,2c,b3,c9,b7,c9,ae,a1,12,51,8c,e2,00,b9,02
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\System32\nvvsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\CTxfispi.exe
c:\windows\ehome\ehmsas.exe
c:\program files\AceGain\LiveUpdate\aceagent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2009-09-11 13:10 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2009-09-11 11:10
ComboFix2.txt 2009-09-10 14:05

Pre-Run: 91 458 527 232 byte ledig
Post-Run: 91 038 085 120 byte ledig

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
427 --- E O F --- 2009-09-11 10:25

[Azulen]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:02, on 11.09.2009
Platform: Windows Vista SP3 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AceGain\LiveUpdate\aceagent.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Hypersight] C:\Program Files\Hypersight\hypersight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] Ctxfireg.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 (User 'Default user')
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Alexander\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: HP Smart valgmetode - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 9354 bytes

[screen317]

Hi,

According to the logs, you are running Windows Vista Service Pack 3. How did you obtain it?

[Azulen]

screen317, on Sep 12 2009, 08:08 AM, said:

Hi,

According to the logs, you are running Windows Vista Service Pack 3. How did you obtain it?

Hello mate some days ago i enabled the automatic updates, and i think thats the way that i got it.

The problem with my pc now, is that it keeps crashing all the time, suddently the processor usage wents from like 2-8% to 50 or 100 and i cant do anything. this happends many times each day, and its so confusing

[screen317]

Quote

The problem with my pc now, is that it keeps crashing all the time, suddently the processor usage wents from like 2-8% to 50 or 100 and i cant do anything. this happends many times each day, and its so confusing

Download Process Explorer, run it, sort the list by CPU usage, and see which process is hogging the CPU.

Quote

some days ago i enabled the automatic updates, and i think thats the way that i got it.

The thing is-- Service Pack 3 hasn't come out yet; only Service Pack 2 is out.

Let's see which one you actually have, then correct it.


Click Start, type in Windows Update, and click Windows Update.

Click Update History, and take a screenshot of the window that comes up. Post it here for me.

-screen317

[Azulen]

Since the log of the windows update is so long it takes many screenshots, do u still want me to upload them? here is the cpu log =)

Attached Files

•  vpu.jpg   237.03K   7 downloads

[screen317]

Quote

do u still want me to upload them

Just the recent ones are important. Fit as many as you can into one picture and upload it.


Also, in Process Explorer, double-click lsass.exe, click the Threads tab, and post a screenshot of the window that comes up.

-screen317

[Azulen]

there u go

Attached Files

•  Uten_navn.jpg   170.43K   8 downloads

[screen317]

What about the Windows Update picture?

Also, the Process Explorer picture doesn't show any CPU usage. Take a picture when lsass.exe uses 100% CPU.

[Azulen]

Here is the whole windows update log, in 5 pictures and btw, it says i got updates to download, but im failing to download them i cant download the newest updates

1 http://img5.imagesha...07/52442244.jpg
2 http://img183.images...82/65102013.jpg
3 http://img17.imagesh...60/54247537.jpg
4 http://img186.images...40/39922852.jpg
5 http://img14.imagesh...01/99369577.jpg

[screen317]

Hi,

It looks like the only failed update was Service Pack 2? If that's the case, hold off on installing it; it means your hardware isn't compatible with it. In time, Microsoft will adjust it and you will be able to download it.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!