ComboFix 08-05-12.1 - Sverre 2008-05-13 22:43:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.95 [GMT 2:00] Running from: c:\Antispam\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\agdrugoa.ini C:\WINDOWS\system32\clemdqjx.dll C:\WINDOWS\system32\crogcgcj.ini C:\WINDOWS\system32\cvggabhs.dll C:\WINDOWS\system32\djpnqnlx.ini C:\WINDOWS\system32\dtjjwrew.ini C:\WINDOWS\system32\epigksfg.ini C:\WINDOWS\system32\epnvyvwh.ini C:\WINDOWS\system32\exndwsrv.dll C:\WINDOWS\system32\ftbimmyi.ini C:\WINDOWS\system32\handikmb.ini C:\WINDOWS\system32\ihxyarnw.ini C:\WINDOWS\system32\jafkbttx.ini C:\WINDOWS\system32\KmooWvut.ini C:\WINDOWS\system32\KmooWvut.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mpVvxyay.ini C:\WINDOWS\system32\mpVvxyay.ini2 C:\WINDOWS\system32\necqwanw.ini C:\WINDOWS\system32\nqqWxGgh.ini C:\WINDOWS\system32\nqqWxGgh.ini2 C:\WINDOWS\system32\ntntrbxe.dll C:\WINDOWS\system32\oaowlwcm.ini C:\WINDOWS\system32\papgbite.ini C:\WINDOWS\system32\pircvxfl.ini C:\WINDOWS\system32\pncxenyl.dll C:\WINDOWS\system32\qtDLknmp.ini C:\WINDOWS\system32\qtDLknmp.ini2 C:\WINDOWS\system32\rbqmguaa.ini C:\WINDOWS\system32\rintfmqd.dll C:\WINDOWS\system32\sgcxcxvf.ini C:\WINDOWS\system32\strmxtna.dll C:\WINDOWS\system32\sxsxwsxr.ini C:\WINDOWS\system32\ujctbygi.ini C:\WINDOWS\system32\vsrsnbih.ini C:\WINDOWS\system32\wgqghqfh.dll C:\WINDOWS\system32\xrqssimw.ini C:\WINDOWS\system32\xwdcaluj.ini C:\WINDOWS\system32\yssoilow.ini C:\WINDOWS\system32\yxtkvglr.dll C:\WINDOWS\system32\aaugmqbr.dll . ((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))) . 2008-05-13 21:35 . 2008-05-13 21:35 d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-13 21:35 . 2008-05-13 21:35 d-------- C:\Documents and Settings\Sverre\Programdata\SUPERAntiSpyware.com 2008-05-13 21:35 . 2008-05-13 21:35 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-13 21:29 . 2008-05-13 21:29 dr-h----- C:\Documents and Settings\Sverre\Siste 2008-05-13 21:28 . 2008-05-13 21:28 d-------- C:\Programfiler\CCleaner 2008-05-13 21:25 . 2008-05-13 21:36 d-------- C:\Antispam 2008-05-12 22:29 . 2008-05-12 22:29 2,112 --a------ C:\WINDOWS\system32\ttduenxn.exe 2008-05-11 18:53 . 2008-05-11 18:53 2,112 --a------ C:\WINDOWS\system32\ibkqhhrk.exe 2008-05-10 13:20 . 2008-05-10 13:20 2,112 --a------ C:\WINDOWS\system32\smawbmkx.exe 2008-05-09 13:15 . 2008-05-09 13:15 2,112 --a------ C:\WINDOWS\system32\dkuthgmn.exe 2008-05-08 12:57 . 2008-05-08 12:57 2,112 --a------ C:\WINDOWS\system32\kbvjmmfg.exe 2008-05-07 12:48 . 2008-05-07 12:48 2,112 --a------ C:\WINDOWS\system32\igemvemt.exe 2008-04-21 17:16 . 2008-05-13 22:12 d-------- C:\Programfiler\UltraVNC 2008-04-21 16:34 . 2008-04-21 16:34 d-------- C:\Programfiler\Lavasoft 2008-04-21 16:34 . 2008-04-21 16:34 d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-04-21 16:33 . 2008-05-13 21:34 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-21 06:57 . 2008-05-12 22:26 109,778 --a------ C:\WINDOWS\BM432a413a.xml 2008-04-21 06:51 . 2008-04-21 18:56 d-------- C:\WINDOWS\system32\892267 2008-04-17 17:45 . 2008-04-17 17:45 dr------- C:\Documents and Settings\LocalService\Favoritter 2008-04-17 17:05 . 2008-04-17 17:05 d-------- C:\Programfiler\ErrorSmart 2008-04-17 17:05 . 2008-04-17 17:07 d-------- C:\Documents and Settings\Sverre\Programdata\ErrorSmart 2008-04-13 19:24 . 2008-04-21 18:56 d-------- C:\WINDOWS\system32\215651 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 20:50 --------- d-----w C:\Programfiler\Symantec AntiVirus . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-06 23:47 68856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-11-21 18:38 52840] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 20:49 125632] "HP Software Update"="c:\Programfiler\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152] "HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928] "ErrorSmart"="C:\Programfiler\ErrorSmart\ErrorSmart.exe" [2008-04-01 13:10 18666744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24 237568] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\UltraVNC\\vncviewer.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Programfiler\\UltraVNC\\winvnc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 uvnc_service;uvnc_service;"C:\Programfiler\UltraVNC\WinVNC.exe" -service [] . Contents of the 'Scheduled Tasks' folder "2008-05-13 01:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Programfiler\ErrorSmart\ErrorSmart.ex - C:\Programfiler\ErrorSmart.Sverre+Runs ErrorSmart to optimize your registry. . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-13 22:50:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\hpzipm12.exe C:\Programfiler\HP\hpcoretech\comp\hpdarc.exe . ************************************************************************** . Completion time: 2008-05-13 22:57:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-13 20:57:05 Pre-Run: 25,967,452,160 byte ledig Post-Run: 25,841,451,008 byte ledig 156 --- E O F --- 2008-04-09 01:03:08