ComboFix logg

8 mars, 2008

Kan någon kolla denna ComboFix loggen:

ComboFix 08-03-05.1 - Göran 2008-03-05 23:23:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.490 [GMT 1:00]
Running from: C:\Documents and Settings\Göran\Mina dokument\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\fvkwdrt.exe

----- BITS: Possible infected sites -----

hxxp://77.91.228.184
.
(((((((((((((((((((((((((   Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-02-22 01:13 . 2008-02-22 01:13    21,840    --a------    C:\Documents and Settings\Göran\pgkiogbz.exe
2008-02-22 01:13 . 2008-02-22 01:13    21,840    --a------    C:\Documents and Settings\Göran\pgkiogbz.exe
2008-02-22 01:12 . 2008-02-22 01:12    21,840    --a------    C:\Documents and Settings\Göran\jllqnqad.exe
2008-02-22 01:12 . 2008-02-22 01:12    21,840    --a------    C:\Documents and Settings\Göran\jllqnqad.exe
2008-02-22 01:05 . 2008-02-22 01:05    21,840    --a------    C:\Documents and Settings\Göran\iedkgzbk.exe
2008-02-22 01:05 . 2008-02-22 01:05    21,840    --a------    C:\Documents and Settings\Göran\iedkgzbk.exe
2008-02-22 01:03 . 2008-02-22 01:03    21,840    --a------    C:\Documents and Settings\Göran\fpnufxak.exe
2008-02-22 01:03 . 2008-02-22 01:03    21,840    --a------    C:\Documents and Settings\Göran\fpnufxak.exe
2008-02-22 01:01 . 2008-02-22 01:01    21,840    --a------    C:\Documents and Settings\Göran\eaxzjsxe.exe
2008-02-22 01:01 . 2008-02-22 01:01    21,840    --a------    C:\Documents and Settings\Göran\eaxzjsxe.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\wxsvqexq.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\wxsvqexq.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\lsqxexsg.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\lsqxexsg.exe
2008-02-22 00:59 . 2008-02-22 00:59    21,840    --a------    C:\Documents and Settings\Göran\wgxvpdkb.exe
2008-02-22 00:59 . 2008-02-22 00:59    21,840    --a------    C:\Documents and Settings\Göran\wgxvpdkb.exe
2008-02-22 00:35 . 2008-02-22 00:35    21,840    --a------    C:\Documents and Settings\Göran\fvykptka.exe
2008-02-22 00:35 . 2008-02-22 00:35    21,840    --a------    C:\Documents and Settings\Göran\fvykptka.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\tlzxmxly.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\tlzxmxly.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\rinuijju.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\rinuijju.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\psycrbqc.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\psycrbqc.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\flzgophs.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\flzgophs.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\lircirnd.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\lircirnd.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\grsjswiu.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\grsjswiu.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\aqizcqkv.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\aqizcqkv.exe
2008-02-22 00:32 . 2008-02-22 00:32    21,840    --a------    C:\Documents and Settings\Göran\bgwblbvr.exe
2008-02-22 00:32 . 2008-02-22 00:32    21,840    --a------    C:\Documents and Settings\Göran\bgwblbvr.exe
2008-02-22 00:29 . 2008-02-22 00:29    21,840    --a------    C:\Documents and Settings\Göran\mshucqmq.exe
2008-02-22 00:29 . 2008-02-22 00:29    21,840    --a------    C:\Documents and Settings\Göran\mshucqmq.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\ohazapck.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\ohazapck.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\meedtudx.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\meedtudx.exe
2008-02-22 00:26 . 2008-02-22 00:26    21,840    --a------    C:\Documents and Settings\Göran\enemnqly.exe
2008-02-22 00:26 . 2008-02-22 00:26    21,840    --a------    C:\Documents and Settings\Göran\enemnqly.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\dcugvfvs.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\dcugvfvs.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\aentmhjv.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\aentmhjv.exe
2008-02-22 00:23 . 2008-02-22 00:23    21,840    --a------    C:\Documents and Settings\Göran\oqxwqkgm.exe
2008-02-22 00:23 . 2008-02-22 00:23    21,840    --a------    C:\Documents and Settings\Göran\oqxwqkgm.exe
2008-02-22 00:18 . 2008-02-22 00:18    21,840    --a------    C:\Documents and Settings\Göran\qgdixtbm.exe
2008-02-22 00:18 . 2008-02-22 00:18    21,840    --a------    C:\Documents and Settings\Göran\qgdixtbm.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 21:15    ---------    d-----w    C:\Documents and Settings\Göran\Application Data\MSN6
2006-03-18 21:43    212,849    ----a-w    C:\Program\hijackthis.zip
2006-03-15 13:19    212,992    ----a-w    C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 16:55    280,576    ----a-w    C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-10-06 14:17    280,576    ----a-w    C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]
"LDM"="C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-10 21:56 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\Program\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"avgnt"="C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-27 17:24 249896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"BrMfcWnd"="C:\Program\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
"SetDefPrt"="C:\Program\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:34 15360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Logitech Desktop Messenger.lnk - C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-10 21:56:47 450560]
Logitech SetPoint.lnk - C:\Program\Logitech\SetPoint\SetPoint.exe [2007-02-10 21:55:44 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-22 19:44 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.DLL 2006-12-22 19:44 258048 C:\Program\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^NETGEAR WG311v3 Smart Wizard.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\NETGEAR WG311v3 Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311v3 Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program\Adobe\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2006-04-10 14:58 61440 C:\Program\Brother\ControlCenter3\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--------- 2003-05-08 11:34 69632 C:\Program\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-18 14:00 40960 C:\Program\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-10 21:56 32768 C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-18 13:47 57393 C:\Program\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 08:57 143360 C:\Program\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 02:56 36975 C:\Program\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 08:18 307200 C:\Program\Adobe\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote]
--a------ 2003-09-03 18:57 131072 C:\Program\InterVideo\WinDVR\WinRemote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSCHEDULER]
--a------ 2003-09-03 18:49 139264 C:\Program\INTERV~1\WinDVR\WINSCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=
"C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15937:TCP"= 15937:TCP:BitComet 15937 TCP
"15937:UDP"= 15937:UDP:BitComet 15937 UDP

R2 Cap7134;TV Capture Card 7130;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-08-25 17:00]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
R3 PhTVTune;TV Capture Card tv tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-16 17:00]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d9a020-8dfa-11db-8f2b-fe30f407d118}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d9a022-8dfa-11db-8f2b-fe30f407d118}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c55214a-38a2-11dc-8fd2-000bcd057a98}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{433ee6da-ac46-11dc-9034-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{433ee6dc-ac46-11dc-9034-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{618055bc-c2e3-11dc-9059-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8570e686-8e04-11db-8f2c-f5103885c11e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8570e687-8e04-11db-8f2c-f5103885c11e}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acdafa36-2ae1-11dc-8fce-000bcd057a98}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e70b107b-91dc-11db-8f32-000bcd057a98}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{028E2D30-93C4-EAEB-0801-040005020704}]
C:\WINDOWS\system32\drwatson.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 23:26:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-03-05 23:26:31
ComboFix-quarantined-files.txt 2008-03-05 22:26:23

8 mars, 2008

Alla filerna som står under rubriken Files Created from 2008-02-05 to 2008-03-05 ser ut som Vundo-filer. Om det har gått två dagar sedan du laddade ner ComboFix så ta bort den du har och ladda ner på nytt innan du kör den igen och klistrar in den nya loggen.

Om ComboFix är nynerladdad så pröva med detta:

Ladda ner Malwarebytes Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe

Dubbelklicka på mbam-setup.exe för att installera programmet.

Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte är öppen i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny ComboFix-logg.

8 mars, 2008

Han missuppfattade vad jag sa så han hade kört den gamla ComboFixen igen men sen raderade han den och laddade ner den nya. Så här kommer 2 loggar först med gamla ComboFix sen den helt nynerladdade:

ComboFix 08-03-05.1 - Göran 2008-03-08 15:26:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.544 [GMT 1:00]
Running from: C:\Documents and Settings\Göran\Mina dokument\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-02-22 01:13 . 2008-02-22 01:13    21,840    --a------    C:\Documents and Settings\Göran\pgkiogbz.exe
2008-02-22 01:13 . 2008-02-22 01:13    21,840    --a------    C:\Documents and Settings\Göran\pgkiogbz.exe
2008-02-22 01:12 . 2008-02-22 01:12    21,840    --a------    C:\Documents and Settings\Göran\jllqnqad.exe
2008-02-22 01:12 . 2008-02-22 01:12    21,840    --a------    C:\Documents and Settings\Göran\jllqnqad.exe
2008-02-22 01:05 . 2008-02-22 01:05    21,840    --a------    C:\Documents and Settings\Göran\iedkgzbk.exe
2008-02-22 01:05 . 2008-02-22 01:05    21,840    --a------    C:\Documents and Settings\Göran\iedkgzbk.exe
2008-02-22 01:03 . 2008-02-22 01:03    21,840    --a------    C:\Documents and Settings\Göran\fpnufxak.exe
2008-02-22 01:03 . 2008-02-22 01:03    21,840    --a------    C:\Documents and Settings\Göran\fpnufxak.exe
2008-02-22 01:01 . 2008-02-22 01:01    21,840    --a------    C:\Documents and Settings\Göran\eaxzjsxe.exe
2008-02-22 01:01 . 2008-02-22 01:01    21,840    --a------    C:\Documents and Settings\Göran\eaxzjsxe.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\wxsvqexq.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\wxsvqexq.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\lsqxexsg.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\lsqxexsg.exe
2008-02-22 00:59 . 2008-02-22 00:59    21,840    --a------    C:\Documents and Settings\Göran\wgxvpdkb.exe
2008-02-22 00:59 . 2008-02-22 00:59    21,840    --a------    C:\Documents and Settings\Göran\wgxvpdkb.exe
2008-02-22 00:35 . 2008-02-22 00:35    21,840    --a------    C:\Documents and Settings\Göran\fvykptka.exe
2008-02-22 00:35 . 2008-02-22 00:35    21,840    --a------    C:\Documents and Settings\Göran\fvykptka.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\tlzxmxly.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\tlzxmxly.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\rinuijju.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\rinuijju.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\psycrbqc.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\psycrbqc.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\flzgophs.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\flzgophs.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\lircirnd.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\lircirnd.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\grsjswiu.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\grsjswiu.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\aqizcqkv.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\aqizcqkv.exe
2008-02-22 00:32 . 2008-02-22 00:32    21,840    --a------    C:\Documents and Settings\Göran\bgwblbvr.exe
2008-02-22 00:32 . 2008-02-22 00:32    21,840    --a------    C:\Documents and Settings\Göran\bgwblbvr.exe
2008-02-22 00:29 . 2008-02-22 00:29    21,840    --a------    C:\Documents and Settings\Göran\mshucqmq.exe
2008-02-22 00:29 . 2008-02-22 00:29    21,840    --a------    C:\Documents and Settings\Göran\mshucqmq.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\ohazapck.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\ohazapck.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\meedtudx.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\meedtudx.exe
2008-02-22 00:26 . 2008-02-22 00:26    21,840    --a------    C:\Documents and Settings\Göran\enemnqly.exe
2008-02-22 00:26 . 2008-02-22 00:26    21,840    --a------    C:\Documents and Settings\Göran\enemnqly.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\dcugvfvs.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\dcugvfvs.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\aentmhjv.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\aentmhjv.exe
2008-02-22 00:23 . 2008-02-22 00:23    21,840    --a------    C:\Documents and Settings\Göran\oqxwqkgm.exe
2008-02-22 00:23 . 2008-02-22 00:23    21,840    --a------    C:\Documents and Settings\Göran\oqxwqkgm.exe
2008-02-22 00:18 . 2008-02-22 00:18    21,840    --a------    C:\Documents and Settings\Göran\qgdixtbm.exe
2008-02-22 00:18 . 2008-02-22 00:18    21,840    --a------    C:\Documents and Settings\Göran\qgdixtbm.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 21:15    ---------    d-----w    C:\Documents and Settings\Göran\Application Data\MSN6
2006-03-18 21:43    212,849    ----a-w    C:\Program\hijackthis.zip
2006-03-15 13:19    212,992    ----a-w    C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 16:55    280,576    ----a-w    C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-10-06 14:17    280,576    ----a-w    C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\Program\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"avgnt"="C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-27 17:24 249896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"BrMfcWnd"="C:\Program\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
"SetDefPrt"="C:\Program\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:34 15360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Logitech Desktop Messenger.lnk - C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-10 21:56:47 450560]
Logitech SetPoint.lnk - C:\Program\Logitech\SetPoint\SetPoint.exe [2007-02-10 21:55:44 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-22 19:44 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.DLL 2006-12-22 19:44 258048 C:\Program\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^NETGEAR WG311v3 Smart Wizard.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\NETGEAR WG311v3 Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311v3 Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program\Adobe\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2006-04-10 14:58 61440 C:\Program\Brother\ControlCenter3\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--------- 2003-05-08 11:34 69632 C:\Program\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-18 14:00 40960 C:\Program\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-10 21:56 32768 C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-18 13:47 57393 C:\Program\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 08:57 143360 C:\Program\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 02:56 36975 C:\Program\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 08:18 307200 C:\Program\Adobe\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote]
--a------ 2003-09-03 18:57 131072 C:\Program\InterVideo\WinDVR\WinRemote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSCHEDULER]
--a------ 2003-09-03 18:49 139264 C:\Program\INTERV~1\WinDVR\WINSCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=
"C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15937:TCP"= 15937:TCP:BitComet 15937 TCP
"15937:UDP"= 15937:UDP:BitComet 15937 UDP

R2 Cap7134;TV Capture Card 7130;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-08-25 17:00]
R3 PhTVTune;TV Capture Card tv tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-16 17:00]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d9a020-8dfa-11db-8f2b-fe30f407d118}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d9a022-8dfa-11db-8f2b-fe30f407d118}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c55214a-38a2-11dc-8fd2-000bcd057a98}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{433ee6da-ac46-11dc-9034-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{433ee6dc-ac46-11dc-9034-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{618055bc-c2e3-11dc-9059-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8570e686-8e04-11db-8f2c-f5103885c11e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8570e687-8e04-11db-8f2c-f5103885c11e}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acdafa36-2ae1-11dc-8fce-000bcd057a98}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e70b107b-91dc-11db-8f32-000bcd057a98}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{028E2D30-93C4-EAEB-0801-040005020704}]
C:\WINDOWS\system32\drwatson.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net
Rootkit scan 2008-03-08 15:28:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-03-08 15:28:53
ComboFix-quarantined-files.txt 2008-03-08 14:28:45
ComboFix2.txt 2008-03-05 22:26:32

ComboFix 08-03-07.4 - 2008-03-08 16:09:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.509 [GMT 1:00]
Running from: C:\Documents and Settings\Göran\Mina dokument\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-02-22 01:13 . 2008-02-22 01:13    21,840    --a------    C:\Documents and Settings\Göran\pgkiogbz.exe
2008-02-22 01:13 . 2008-02-22 01:13    21,840    --a------    C:\Documents and Settings\Göran\pgkiogbz.exe
2008-02-22 01:12 . 2008-02-22 01:12    21,840    --a------    C:\Documents and Settings\Göran\jllqnqad.exe
2008-02-22 01:12 . 2008-02-22 01:12    21,840    --a------    C:\Documents and Settings\Göran\jllqnqad.exe
2008-02-22 01:05 . 2008-02-22 01:05    21,840    --a------    C:\Documents and Settings\Göran\iedkgzbk.exe
2008-02-22 01:05 . 2008-02-22 01:05    21,840    --a------    C:\Documents and Settings\Göran\iedkgzbk.exe
2008-02-22 01:03 . 2008-02-22 01:03    21,840    --a------    C:\Documents and Settings\Göran\fpnufxak.exe
2008-02-22 01:03 . 2008-02-22 01:03    21,840    --a------    C:\Documents and Settings\Göran\fpnufxak.exe
2008-02-22 01:01 . 2008-02-22 01:01    21,840    --a------    C:\Documents and Settings\Göran\eaxzjsxe.exe
2008-02-22 01:01 . 2008-02-22 01:01    21,840    --a------    C:\Documents and Settings\Göran\eaxzjsxe.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\wxsvqexq.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\wxsvqexq.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\lsqxexsg.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\lsqxexsg.exe
2008-02-22 00:59 . 2008-02-22 00:59    21,840    --a------    C:\Documents and Settings\Göran\wgxvpdkb.exe
2008-02-22 00:59 . 2008-02-22 00:59    21,840    --a------    C:\Documents and Settings\Göran\wgxvpdkb.exe
2008-02-22 00:35 . 2008-02-22 00:35    21,840    --a------    C:\Documents and Settings\Göran\fvykptka.exe
2008-02-22 00:35 . 2008-02-22 00:35    21,840    --a------    C:\Documents and Settings\Göran\fvykptka.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\tlzxmxly.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\tlzxmxly.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\rinuijju.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\rinuijju.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\psycrbqc.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\psycrbqc.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\flzgophs.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\flzgophs.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\lircirnd.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\lircirnd.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\grsjswiu.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\grsjswiu.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\aqizcqkv.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\aqizcqkv.exe
2008-02-22 00:32 . 2008-02-22 00:32    21,840    --a------    C:\Documents and Settings\Göran\bgwblbvr.exe
2008-02-22 00:32 . 2008-02-22 00:32    21,840    --a------    C:\Documents and Settings\Göran\bgwblbvr.exe
2008-02-22 00:29 . 2008-02-22 00:29    21,840    --a------    C:\Documents and Settings\Göran\mshucqmq.exe
2008-02-22 00:29 . 2008-02-22 00:29    21,840    --a------    C:\Documents and Settings\Göran\mshucqmq.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\ohazapck.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\ohazapck.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\meedtudx.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\meedtudx.exe
2008-02-22 00:26 . 2008-02-22 00:26    21,840    --a------    C:\Documents and Settings\Göran\enemnqly.exe
2008-02-22 00:26 . 2008-02-22 00:26    21,840    --a------    C:\Documents and Settings\Göran\enemnqly.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\dcugvfvs.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\dcugvfvs.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\aentmhjv.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\aentmhjv.exe
2008-02-22 00:23 . 2008-02-22 00:23    21,840    --a------    C:\Documents and Settings\Göran\oqxwqkgm.exe
2008-02-22 00:23 . 2008-02-22 00:23    21,840    --a------    C:\Documents and Settings\Göran\oqxwqkgm.exe
2008-02-22 00:18 . 2008-02-22 00:18    21,840    --a------    C:\Documents and Settings\Göran\qgdixtbm.exe
2008-02-22 00:18 . 2008-02-22 00:18    21,840    --a------    C:\Documents and Settings\Göran\qgdixtbm.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 21:15    ---------    d-----w    C:\Documents and Settings\Göran\Application Data\MSN6
2006-03-18 21:43    212,849    ----a-w    C:\Program\hijackthis.zip
2006-03-15 13:19    212,992    ----a-w    C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 16:55    280,576    ----a-w    C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-10-06 14:17    280,576    ----a-w    C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\Program\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"avgnt"="C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-27 17:24 249896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"BrMfcWnd"="C:\Program\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
"SetDefPrt"="C:\Program\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:34 15360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Logitech Desktop Messenger.lnk - C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-10 21:56:47 450560]
Logitech SetPoint.lnk - C:\Program\Logitech\SetPoint\SetPoint.exe [2007-02-10 21:55:44 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-22 19:44 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.DLL 2006-12-22 19:44 258048 C:\Program\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^NETGEAR WG311v3 Smart Wizard.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\NETGEAR WG311v3 Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311v3 Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program\Adobe\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2006-04-10 14:58 61440 C:\Program\Brother\ControlCenter3\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--------- 2003-05-08 11:34 69632 C:\Program\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-18 14:00 40960 C:\Program\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-10 21:56 32768 C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-18 13:47 57393 C:\Program\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 08:57 143360 C:\Program\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 02:56 36975 C:\Program\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 08:18 307200 C:\Program\Adobe\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote]
--a------ 2003-09-03 18:57 131072 C:\Program\InterVideo\WinDVR\WinRemote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSCHEDULER]
--a------ 2003-09-03 18:49 139264 C:\Program\INTERV~1\WinDVR\WINSCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=
"C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15937:TCP"= 15937:TCP:BitComet 15937 TCP
"15937:UDP"= 15937:UDP:BitComet 15937 UDP

R2 Cap7134;TV Capture Card 7130;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-08-25 17:00]
R3 PhTVTune;TV Capture Card tv tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-16 17:00]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d9a020-8dfa-11db-8f2b-fe30f407d118}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d9a022-8dfa-11db-8f2b-fe30f407d118}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c55214a-38a2-11dc-8fd2-000bcd057a98}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{433ee6da-ac46-11dc-9034-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{433ee6dc-ac46-11dc-9034-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{618055bc-c2e3-11dc-9059-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8570e686-8e04-11db-8f2c-f5103885c11e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8570e687-8e04-11db-8f2c-f5103885c11e}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acdafa36-2ae1-11dc-8fce-000bcd057a98}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e70b107b-91dc-11db-8f32-000bcd057a98}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{028E2D30-93C4-EAEB-0801-040005020704}]
C:\WINDOWS\system32\drwatson.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 16:10:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-03-08 16:10:32
ComboFix-quarantined-files.txt 2008-03-08 15:10:24
ComboFix2.txt 2008-03-08 14:28:54
ComboFix3.txt 2008-03-05 22:26:32

8 mars, 2008

Hjälpte inte med den nya versionen så gör det som jag skrev om Malwarebytes Anti-Malware

11 mars, 2008

Har sökt med Malwarebytes Anti-Malware nu, men det hittade inget!

12 mars, 2008

När det går så lång tid så får du ta bort ComboFix och ladda ner den senaste igen.

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).
Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

Ta bort dessa filer:
2008-02-22 01:13 . 2008-02-22 01:13    21,840    --a------    C:\Documents and Settings\Göran\pgkiogbz.exe
2008-02-22 01:13 . 2008-02-22 01:13    21,840    --a------    C:\Documents and Settings\Göran\pgkiogbz.exe
2008-02-22 01:12 . 2008-02-22 01:12    21,840    --a------    C:\Documents and Settings\Göran\jllqnqad.exe
2008-02-22 01:12 . 2008-02-22 01:12    21,840    --a------    C:\Documents and Settings\Göran\jllqnqad.exe
2008-02-22 01:05 . 2008-02-22 01:05    21,840    --a------    C:\Documents and Settings\Göran\iedkgzbk.exe
2008-02-22 01:05 . 2008-02-22 01:05    21,840    --a------    C:\Documents and Settings\Göran\iedkgzbk.exe
2008-02-22 01:03 . 2008-02-22 01:03    21,840    --a------    C:\Documents and Settings\Göran\fpnufxak.exe
2008-02-22 01:03 . 2008-02-22 01:03    21,840    --a------    C:\Documents and Settings\Göran\fpnufxak.exe
2008-02-22 01:01 . 2008-02-22 01:01    21,840    --a------    C:\Documents and Settings\Göran\eaxzjsxe.exe
2008-02-22 01:01 . 2008-02-22 01:01    21,840    --a------    C:\Documents and Settings\Göran\eaxzjsxe.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\wxsvqexq.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\wxsvqexq.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\lsqxexsg.exe
2008-02-22 01:00 . 2008-02-22 01:00    21,840    --a------    C:\Documents and Settings\Göran\lsqxexsg.exe
2008-02-22 00:59 . 2008-02-22 00:59    21,840    --a------    C:\Documents and Settings\Göran\wgxvpdkb.exe
2008-02-22 00:59 . 2008-02-22 00:59    21,840    --a------    C:\Documents and Settings\Göran\wgxvpdkb.exe
2008-02-22 00:35 . 2008-02-22 00:35    21,840    --a------    C:\Documents and Settings\Göran\fvykptka.exe
2008-02-22 00:35 . 2008-02-22 00:35    21,840    --a------    C:\Documents and Settings\Göran\fvykptka.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\tlzxmxly.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\tlzxmxly.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\rinuijju.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\rinuijju.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\psycrbqc.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\psycrbqc.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\flzgophs.exe
2008-02-22 00:34 . 2008-02-22 00:34    21,840    --a------    C:\Documents and Settings\Göran\flzgophs.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\lircirnd.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\lircirnd.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\grsjswiu.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\grsjswiu.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\aqizcqkv.exe
2008-02-22 00:33 . 2008-02-22 00:33    21,840    --a------    C:\Documents and Settings\Göran\aqizcqkv.exe
2008-02-22 00:32 . 2008-02-22 00:32    21,840    --a------    C:\Documents and Settings\Göran\bgwblbvr.exe
2008-02-22 00:32 . 2008-02-22 00:32    21,840    --a------    C:\Documents and Settings\Göran\bgwblbvr.exe
2008-02-22 00:29 . 2008-02-22 00:29    21,840    --a------    C:\Documents and Settings\Göran\mshucqmq.exe
2008-02-22 00:29 . 2008-02-22 00:29    21,840    --a------    C:\Documents and Settings\Göran\mshucqmq.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\ohazapck.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\ohazapck.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\meedtudx.exe
2008-02-22 00:28 . 2008-02-22 00:28    21,840    --a------    C:\Documents and Settings\Göran\meedtudx.exe
2008-02-22 00:26 . 2008-02-22 00:26    21,840    --a------    C:\Documents and Settings\Göran\enemnqly.exe
2008-02-22 00:26 . 2008-02-22 00:26    21,840    --a------    C:\Documents and Settings\Göran\enemnqly.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\dcugvfvs.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\dcugvfvs.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\aentmhjv.exe
2008-02-22 00:25 . 2008-02-22 00:25    21,840    --a------    C:\Documents and Settings\Göran\aentmhjv.exe
2008-02-22 00:23 . 2008-02-22 00:23    21,840    --a------    C:\Documents and Settings\Göran\oqxwqkgm.exe
2008-02-22 00:23 . 2008-02-22 00:23    21,840    --a------    C:\Documents and Settings\Göran\oqxwqkgm.exe
2008-02-22 00:18 . 2008-02-22 00:18    21,840    --a------    C:\Documents and Settings\Göran\qgdixtbm.exe
2008-02-22 00:18 . 2008-02-22 00:18    21,840    --a------    C:\Documents and Settings\Göran\qgdixtbm.exe

Starta om datorn i normalt läge och klistra in en ny ComboFix-logg.

29 mars, 2008

ComboFix 08-03-27.1 - Göran 2008-03-28 20:28:06.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.533 [GMT 1:00]
Running from: C:\Documents and Settings\Göran\Mina dokument\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-11 23:24 . 2001-09-06 20:33   99,328   --a------   C:\WINDOWS\system32\srusd.dll
2008-03-11 23:24 . 2001-09-06 20:33   99,328   --a--c---   C:\WINDOWS\system32\dllcache\srusd.dll
2008-03-11 23:24 . 2001-09-06 20:33   71,680   --a------   C:\WINDOWS\system32\fnfilter.dll
2008-03-11 23:24 . 2001-09-06 20:33   71,680   --a--c---   C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-03-11 23:24 . 2001-09-06 20:12   6,912   --a------   C:\WINDOWS\system32\drivers\serscan.sys
2008-03-11 23:24 . 2001-09-06 20:12   6,912   --a--c---   C:\WINDOWS\system32\dllcache\serscan.sys
2008-03-11 21:37 . 2008-03-11 21:37   <KAT>   d--------   C:\Program\Malwarebytes' Anti-Malware
2008-03-11 21:37 . 2008-03-11 21:37   <KAT>   d--------   C:\Documents and Settings\Göran\Application Data\Malwarebytes
2008-03-11 21:37 . 2008-03-11 21:37   <KAT>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 21:15   ---------   d-----w   C:\Documents and Settings\Göran\Application Data\MSN6
2006-03-18 21:43   212,849   ----a-w   C:\Program\hijackthis.zip
2006-03-15 13:19   212,992   ----a-w   C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 16:55   280,576   ----a-w   C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-10-06 14:17   280,576   ----a-w   C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-03-05_23.26.11,92   )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-05-07 11:26:54   192,512   ----a-w   C:\WINDOWS\Downloaded Program Files\CamCli.dll
+ 2003-05-07 11:26:54   180,224   ----a-w   C:\WINDOWS\Downloaded Program Files\ijl11.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\Program\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"avgnt"="C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-27 17:24 249896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"BrMfcWnd"="C:\Program\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
"SetDefPrt"="C:\Program\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:34 15360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Logitech Desktop Messenger.lnk - C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-10 21:56:47 450560]
Logitech SetPoint.lnk - C:\Program\Logitech\SetPoint\SetPoint.exe [2007-02-10 21:55:44 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-22 19:44 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.DLL 2006-12-22 19:44 258048 C:\Program\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^NETGEAR WG311v3 Smart Wizard.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\NETGEAR WG311v3 Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311v3 Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program\Adobe\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2006-04-10 14:58 61440 C:\Program\Brother\ControlCenter3\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--------- 2003-05-08 11:34 69632 C:\Program\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-18 14:00 40960 C:\Program\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-10 21:56 32768 C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-18 13:47 57393 C:\Program\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 08:57 143360 C:\Program\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 02:56 36975 C:\Program\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 08:18 307200 C:\Program\Adobe\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote]
--a------ 2003-09-03 18:57 131072 C:\Program\InterVideo\WinDVR\WinRemote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSCHEDULER]
--a------ 2003-09-03 18:49 139264 C:\Program\INTERV~1\WinDVR\WINSCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=
"C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15937:TCP"= 15937:TCP:BitComet 15937 TCP
"15937:UDP"= 15937:UDP:BitComet 15937 UDP

R2 Cap7134;TV Capture Card 7130;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-08-25 17:00]
R3 PhTVTune;TV Capture Card tv tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-16 17:00]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d9a020-8dfa-11db-8f2b-fe30f407d118}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d9a022-8dfa-11db-8f2b-fe30f407d118}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c55214a-38a2-11dc-8fd2-000bcd057a98}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{433ee6da-ac46-11dc-9034-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{433ee6dc-ac46-11dc-9034-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{618055bc-c2e3-11dc-9059-001b2f2c810e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8570e686-8e04-11db-8f2c-f5103885c11e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8570e687-8e04-11db-8f2c-f5103885c11e}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acdafa36-2ae1-11dc-8fce-000bcd057a98}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e70b107b-91dc-11db-8f32-000bcd057a98}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{028E2D30-93C4-EAEB-0801-040005020704}]
C:\WINDOWS\system32\drwatson.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 20:29:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-03-28 20:30:26
ComboFix-quarantined-files.txt 2008-03-28 19:30:17
ComboFix2.txt 2008-03-08 15:10:32
ComboFix3.txt 2008-03-08 14:28:54
ComboFix4.txt 2008-03-05 22:26:32
Pre-Run: 31,439,884,288 byte ledigt
Post-Run: 31,430,168,576 byte ledigt

29 mars, 2008

Nu har det gått så lång tid så jag kan inte längre se filer som kom in i datorn den 22 februari när infektionen inträffade.
Verkar problemet ha upphört?
Skanna med SUPERAntiSpyware och Malwarebytes Anti-Malware, naturligtvis så ska programmen uppdateras innan skanningen. Hittar de något?

Logga in

ComboFix logg

Rekommendera Poster

Megaman9

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Megaman9

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Megaman9

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Megaman9

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Arkiverat

Vem är online 0 Medlemmar, 0 anonym, 34 gäster (Visa hela listan)

Populära medlemmar

Publika meddelanden

Senaste som Tittar

Senaste inlägg

Forum

Aktivitet

pcforalla.se