[LØST] Er jeg kvitt vundo/virtumonde? [Er det nå :)]

Argusblikk · 5. juli 2008

Hei. Har hatt store problemer med vundo/virtumonde, og diverse ad-ware, i det siste, men har gjort mitt ypperste for å bli kvitt skiten.

Har en HiJackThis-logg, om det hjelper? Noen som kan tyde den?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:22:44, on 05.07.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\vsnp2uvc.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Elantech\ktp.exe

C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe

C:\Program Files\Compal\Wireless Select Switch\WLSS.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\Krusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: {2b9bb2a9-9333-6e39-bc04-2e7f40574058} - {85047504-f7e2-40cb-93e6-33399a2bb9b2} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [sMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe

O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe

O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe

O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [5464a52d] rundll32.exe "C:\WINDOWS\system32\cjdinsip.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 8833 bytes

Edit:

Oh noes! Er dette vundo? :S (har kamuflert seg med idiotiske filnavn før...): O4 - HKLM\..\Run: [5464a52d] rundll32.exe "C:\WINDOWS\system32\cjdinsip.dll",b

Endret 5. juli 2008 av mks1001

snippsat · 5. juli 2008

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Argusblikk · 5. juli 2008

Here goes!:

ComboFix 08-07-04.2 - Michaels 2008-07-05 2:40:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2484 [GMT 2:00]

Running from: C:\Documents and Settings\Michaels\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\bsxehbbm.dll

C:\WINDOWS\system32\cjdinsip.dll

C:\WINDOWS\system32\cyacgbvy.dll

C:\WINDOWS\system32\dxnhqqqb.ini

C:\WINDOWS\system32\IPVEdfii.ini

C:\WINDOWS\system32\IPVEdfii.ini2

C:\WINDOWS\system32\jgitohpc.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\pwzauu.dll

C:\WINDOWS\system32\trvutshu.ini

C:\WINDOWS\system32\yucxrkys.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))

.

2008-07-05 02:34 . 2008-07-05 02:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-05 02:34 . 2008-07-05 02:34 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Malwarebytes

2008-07-05 02:34 . 2008-07-05 02:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-07-05 02:34 . 2008-06-28 14:21 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-07-05 02:34 . 2008-06-28 14:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-04 13:23 . 2008-07-05 02:19 <DIR> d-------- C:\Program Files\Orbitdownloader

2008-07-04 13:23 . 2008-07-04 13:35 <DIR> d-------- C:\downloads

2008-07-04 13:23 . 2008-07-05 02:43 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Orbit

2008-07-04 13:23 . 2008-07-04 13:23 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\GrabPro

2008-07-04 02:44 . 2008-07-04 02:44 138 --a------ C:\WINDOWS\wininit.ini

2008-07-04 01:45 . 2008-07-04 01:45 <DIR> d-------- C:\VundoFix Backups

2008-07-04 01:33 . 2008-07-04 01:33 <DIR> d-------- C:\Documents and Settings\Administrator

2008-07-04 01:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-07-04 01:28 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-07-04 01:28 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-07-04 01:28 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-07-04 01:28 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-07-04 01:28 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe

2008-07-04 01:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-07-04 01:28 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-07-04 01:28 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-07-04 01:28 . 2008-07-04 01:35 3,386 --a------ C:\WINDOWS\system32\tmp.reg

2008-07-04 00:39 . 2008-07-04 00:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-07-04 00:39 . 2008-07-04 01:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-04 00:34 . 2008-07-04 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-07-04 00:33 . 2008-07-04 00:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-07-04 00:33 . 2008-07-04 00:33 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\SUPERAntiSpyware.com

2008-07-04 00:31 . 2008-07-04 00:31 <DIR> d-------- C:\Program Files\Trend Micro

2008-07-03 14:33 . 2008-07-04 00:37 <DIR> d-------- C:\Documents and Settings\Michaels\.housecall6.6

2008-07-01 23:34 . 2008-07-05 01:04 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-07-01 15:17 . 2008-04-14 05:42 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-07-01 15:17 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-07-01 15:17 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-07-01 15:17 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-06-30 08:48 . 2008-06-30 08:48 <DIR> d-------- C:\Program Files\Lavasoft

2008-06-30 08:48 . 2008-06-30 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-06-30 08:47 . 2008-07-04 00:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-28 01:14 . 2008-06-28 01:14 <DIR> d---s---- C:\Documents and Settings\Michaels\UserData

2008-06-28 01:07 . 2008-06-28 01:10 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\albumart

2008-06-28 01:06 . 2008-06-28 01:06 <DIR> d-------- C:\Program Files\DivX

2008-06-27 19:52 . 2008-06-27 19:52 <DIR> d-------- C:\Program Files\QuickTime

2008-06-27 19:52 . 2008-06-27 19:52 <DIR> d-------- C:\Program Files\iTunes

2008-06-27 19:52 . 2008-06-27 19:52 <DIR> d-------- C:\Program Files\iPod

2008-06-27 19:51 . 2008-06-27 19:51 <DIR> d-------- C:\Program Files\Apple Software Update

2008-06-27 19:46 . 2008-06-30 14:16 <DIR> d-------- C:\Documents and Settings\Michaels\Shared

2008-06-27 19:46 . 2008-07-01 22:27 <DIR> d-------- C:\Documents and Settings\Michaels\Incomplete

2008-06-27 18:46 . 2008-06-27 18:46 <DIR> d-------- C:\Program Files\Bonjour

2008-06-27 18:46 . 2008-06-27 18:46 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Apple Computer

2008-06-27 18:45 . 2008-06-27 18:45 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-06-27 18:45 . 2008-06-27 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-06-27 18:45 . 2008-06-27 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-06-27 17:39 . 2008-06-27 18:50 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\DiskAid

2008-06-27 16:58 . 2008-06-27 16:58 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Nokia Multimedia Player

2008-06-27 16:46 . 2008-06-27 16:49 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\PC Suite

2008-06-27 16:46 . 2008-06-27 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-06-27 16:45 . 2008-06-27 16:45 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-06-27 16:45 . 2008-06-27 16:45 <DIR> d-------- C:\Program Files\Nokia

2008-06-27 16:45 . 2008-06-27 16:45 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-06-27 16:45 . 2008-06-27 16:45 <DIR> d-------- C:\Program Files\Common Files\Nokia

2008-06-27 16:45 . 2008-06-27 16:47 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\Nokia

2008-06-27 16:45 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-06-27 16:45 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-06-27 16:44 . 2008-06-27 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-06-25 19:23 . 2008-06-25 19:23 638 --a------ C:\WINDOWS\CDPlayer.ini

2008-06-24 23:58 . 2008-06-24 23:58 <DIR> d-------- C:\Program Files\Real

2008-06-24 23:54 . 2008-06-24 23:54 <DIR> d-------- C:\Program Files\Hotspot Shield

2008-06-24 21:34 . 2008-06-24 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MediaMonkey

2008-06-24 17:49 . 2008-06-27 19:50 <DIR> d-------- C:\Program Files\MediaMonkey

2008-06-20 20:58 . 2008-06-20 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

2008-06-19 20:30 . 2007-11-29 12:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-06-19 20:30 . 2007-12-24 13:47 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-06-19 20:30 . 2007-12-03 16:34 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

2008-06-19 20:30 . 2007-11-29 12:52 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-06-19 20:25 . 2008-06-19 20:30 <DIR> d-------- C:\Program Files\ffdshow

2008-06-19 20:22 . 2008-04-14 00:16 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys

2008-06-19 20:22 . 2008-04-14 00:16 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys

2008-06-19 20:22 . 2008-04-14 00:16 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys

2008-06-19 20:22 . 2008-04-14 00:16 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys

2008-06-19 20:22 . 2008-04-14 00:16 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys

2008-06-19 20:22 . 2008-04-14 00:16 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys

2008-06-19 20:22 . 2008-04-14 00:16 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys

2008-06-19 20:22 . 2008-04-14 00:16 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys

2008-06-19 19:38 . 2008-06-19 19:40 <DIR> d-------- C:\Program Files\Rivatuner

2008-06-19 18:13 . 2008-06-19 18:13 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-06-19 18:08 . 2008-06-19 18:08 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-06-19 18:06 . 2008-06-19 18:06 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\DAEMON Tools

2008-06-19 18:06 . 2008-06-19 18:06 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-15 19:39 . 2008-06-15 19:39 <DIR> d-------- C:\WINDOWS\Sun

2008-06-15 19:39 . 2008-06-15 19:40 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-06-15 19:39 . 2008-06-15 19:39 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\SystemRequirementsLab

2008-06-15 19:00 . 2008-06-15 19:00 <DIR> d-------- C:\WINDOWS\Logs

2008-06-15 18:11 . 2008-06-15 18:27 <DIR> d-------- C:\BMW M3 Challenge

2008-06-15 15:49 . 2008-06-15 15:49 0 -ra------ C:\logwmemory.bin

2008-06-15 15:46 . 2008-06-15 15:58 <DIR> d-------- C:\Program Files\Soldat

2008-06-15 07:51 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-15 07:50 . 2008-06-15 07:51 <DIR> d-------- C:\Program Files\Java

2008-06-15 07:50 . 2008-06-15 07:50 <DIR> d-------- C:\Program Files\Common Files\Java

2008-06-15 07:43 . 2008-06-15 07:43 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-06-14 20:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-14 20:37 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-06-14 20:37 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-14 14:48 . 2008-06-14 14:48 <DIR> d-------- C:\Program Files\Midway Home Entertainment

2008-06-14 14:41 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-06-14 14:41 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-06-14 14:41 . 2008-06-14 14:41 0 --ah----- C:\WINDOWS\SwSys2.bmp

2008-06-14 14:41 . 2008-06-14 14:41 0 --ah----- C:\WINDOWS\SwSys1.bmp

2008-06-14 14:30 . 2008-06-19 15:24 <DIR> d-------- C:\Documents and Settings\Michaels\Application Data\vlc

2008-06-14 13:49 . 2008-06-14 13:49 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2008-06-14 13:48 . 2008-06-14 13:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-06-14 13:48 . 2008-06-27 16:48 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-06-14 13:42 . 2008-06-14 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2008-06-14 11:53 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 11:53 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 11:52 . 2008-06-21 14:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-06-14 00:57 . 2008-06-14 00:57 268 --ah----- C:\sqmdata00.sqm

2008-06-14 00:57 . 2008-06-14 00:57 244 --ah----- C:\sqmnoopt00.sqm

2008-06-14 00:43 . 2008-06-14 00:43 <DIR> d-------- C:\Program Files\Alwil Software

2008-06-14 00:43 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-06-14 00:43 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-06-14 00:43 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-06-14 00:38 . 2008-06-14 22:35 <DIR> d-------- C:\Documents and Settings\Michaels\Contacts

2008-06-14 00:35 . 2008-06-14 00:39 <DIR> d-------- C:\Program Files\Windows Live

2008-06-14 00:35 . 2008-06-14 00:36 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-06-14 00:34 . 2008-06-14 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-06-14 00:31 . 2008-07-03 10:17 <DIR> d-------- C:\Program Files\Unlocker

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-27 14:45 --------- d-----w C:\Program Files\DIFX

2008-06-19 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-15 17:01 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-06-13 19:58 --------- d-----w C:\Program Files\Compal

2008-06-13 19:55 --------- d-----w C:\Program Files\Elantech

2008-06-13 19:54 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-06-13 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\XP32

2008-06-13 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vista64

2008-06-13 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vista32

2008-06-13 19:53 --------- d-----w C:\Program Files\Motorola

2008-06-13 19:53 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-13 19:51 --------- d-----w C:\Program Files\Broadcom

2008-06-13 19:44 --------- d-----w C:\Program Files\Intel

2008-06-13 19:43 --------- d-----w C:\Program Files\WIDCOMM

2008-06-13 19:39 --------- d-----w C:\Program Files\Common Files\snp2uvc

2008-06-13 19:39 --------- d-----w C:\Documents and Settings\Michaels\Application Data\InstallShield

2008-06-13 19:36 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-13 19:36 --------- d-----w C:\Program Files\Realtek

2008-06-13 19:27 --------- d-----w C:\Program Files\microsoft frontpage

2008-06-13 19:11 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-06-13 19:11 1,614,848 ----a-w C:\WINDOWS\system32\sfcfiles.dll

2008-06-13 15:31 684,032 ----a-w C:\WINDOWS\system32\NETw4c32.dll

2008-06-13 15:31 2,772,992 ----a-w C:\WINDOWS\system32\NETw4r32.dll

2008-06-13 15:31 2,530,176 ----a-w C:\WINDOWS\system32\drivers\NETw4x32.sys

2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll

2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll

2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll

2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll

2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll

2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll

2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll

2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 05:42 74,752 ----a-w C:\WINDOWS\system32\storprop.dll

2008-04-14 05:42 53,760 ----a-w C:\WINDOWS\system32\vfwwdm32.dll

2008-04-14 05:42 29,184 ----a-w C:\WINDOWS\system32\sdhcinst.dll

2008-04-14 05:41 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll

2008-04-14 05:41 30,208 ----a-w C:\WINDOWS\system32\bthserv.dll

2008-04-14 05:41 20,992 ----a-w C:\WINDOWS\system32\bthci.dll

2008-04-14 05:40 1,296,669 ----a-r C:\WINDOWS\SET3.tmp

2008-04-14 05:34 16,535 ----a-r C:\WINDOWS\SET8.tmp

2008-04-14 05:34 1,088,840 ----a-r C:\WINDOWS\SET4.tmp

2008-04-14 03:55 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin

2008-04-14 03:51 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll

2008-04-14 03:51 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll

2008-04-14 03:51 483,840 ----a-w C:\WINDOWS\system32\wzcsvc.dll

2008-04-14 03:51 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll

2008-04-14 03:51 47,104 ----a-w C:\WINDOWS\system32\cnbjmon.dll

2008-04-14 03:51 35,328 ----a-w C:\WINDOWS\system32\pid.dll

2008-04-14 03:51 20,992 ----a-w C:\WINDOWS\system32\hid.dll

2008-04-14 03:51 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 03:51 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll

2008-04-14 03:51 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll

2008-04-14 03:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 03:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 03:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 03:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 03:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 03:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 03:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 03:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 03:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 03:40 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 23:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-13 22:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe

2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 21:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll

2008-04-13 21:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 21:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 21:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 21:08 306,176 ----a-w C:\WINDOWS\system32\slbcsp.dll

2008-04-13 21:08 169,984 ----a-w C:\WINDOWS\system32\sccbase.dll

2008-04-13 21:08 101,888 ----a-w C:\WINDOWS\system32\gpkcsp.dll

2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 20:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-13 20:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dLL

2008-04-13 20:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll

2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 20:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-13 20:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-13 20:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-13 20:24 68,768 ----a-w C:\WINDOWS\system32\mmsystem.dll

2008-04-13 20:24 53,840 ----a-w C:\WINDOWS\system32\dosx.exe

2008-04-13 20:24 5,120 ----a-w C:\WINDOWS\system32\winnls.dll

2008-04-13 20:23 92,224 ----a-w C:\WINDOWS\system32\krnl386.exe

2008-04-13 20:22 3,338 ----a-w C:\WINDOWS\system32\redir.exe

2008-04-13 20:20 42,537 ----a-w C:\WINDOWS\system32\keyboard.sys

2008-04-13 20:19 35,648 ----a-w C:\WINDOWS\system32\ntio411.sys

2008-04-13 20:19 35,424 ----a-w C:\WINDOWS\system32\ntio412.sys

2008-04-13 20:19 34,560 ----a-w C:\WINDOWS\system32\ntio804.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 11:48 569344]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]

"SMBTray"="C:\Program Files\Compal\Smart Battery\SMBTray.exe" [2007-06-04 17:22 521776]

"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2007-02-13 13:11 647168]

"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 17:51 951856]

"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 18:55 190000]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 19:51 8523776]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 19:51 81920]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]

"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner\RivaTuner.exe" [2008-04-28 20:25 2707456]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-12 23:49 16377344 C:\WINDOWS\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2007-11-11 19:51 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/11/2006 4:35:34 PM 561213]

Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [7/4/2008 1:23:20 PM 1690824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Watch Dog]

-C:\Program Files\Compal Electronics [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R3 CamFilter;CamFilter;C:\WINDOWS\system32\Drivers\CamFilter.sys [2007-05-11 15:56]

R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-17 18:55]

R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]

.

- - - - ORPHANS REMOVED - - - -

BHO-{85047504-f7e2-40cb-93e6-33399a2bb9b2} - (no file)

WebBrowser-{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)

ShellExecuteHooks-{EB173FB4-E20A-43B4-8BC0-20D3A4CA48E5} - (no file)

Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-05 02:43:18

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe

.

**************************************************************************

.

Completion time: 2008-07-05 2:45:08 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-05 00:45:05

Pre-Run: 20,741,591,040 bytes free

Post-Run: 20,678,520,832 bytes free

363 --- E O F --- 2008-06-21 12:01:13

Edit:

Foretok et søk med MBAM (så du anbefalte det i en annen tråd..), og i følge det programmet er jeg REN! Er det sant?

Malwarebytes' Anti-Malware 1.19

Database versjon: 922

Windows 5.1.2600 Service Pack 3

03:06:22 05.07.2008

mbam-log-7-5-2008 (03-06-22).txt

Skanntype: Rask Skann

Objekter skannet: 41724

Tid tilbakelagt: 2 minute(s), 38 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert: