Home » Spyware & Browser Hijacker Support Forum » WARNING!Win32/Adware.Virtumonde detected on you computer-brauche Hilfe! » Themenansicht
WARNING!Win32/Adware.Virtumonde detected on you computer-brauche Hilfe!Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
26.09.2008, 18:47
Member
Beiträge: 50 |
||
 
|
|
|
|
26.09.2008, 18:49
Moderator
Beiträge: 7805 |
#92
Aus neugier. Teste C:\WINDOWS\system32\ctfmon.exe bitte bei Virustotal Sieht irgendwie nach Virus/Virut aus....
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
26.09.2008, 18:53
Member
Beiträge: 50 |
#93
Ok mach ich.
hier erstmal das RSIT log: info.txt logfile of random's system information tool 1.02 2008-09-26 18:48:57 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Add/Remove 4Good-->C:\PROGRA~1\ADDREM~1\UNWISE.EXE C:\PROGRA~1\ADDREM~1\INSTALL.LOG Adobe Download Manager 2.0 (kan kun fjernes)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player 9-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001} Alps Pointing-device Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CardBus driver-->"C:\Program Files\CardBus\driver\Setup.exe" /REMOVECARDBUS CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" ClamWin Free Antivirus 0.94-->"C:\Program Files\ClamWin\unins000.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634} Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000} Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe" Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe" Microsoft .NET Framework 1.1 Danish Language Pack-->MsiExec.exe /X{973F8409-F8DA-4A40-ACB4-12B02F3399D7} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10406-6000-11D3-8CFE-0150048383C9} Microsoft Office Outlook 2003-->MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9} Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0510E9B6-C4C9-4C1D-8FE9-89EDDAA54958}\setup.exe" -L0x9 Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvts.inf QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Remote Administrator v2.2-->C:\Program Files\Radmin\uninstal.exe SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85} Secunia PSI (RC3)-->"C:\Program Files\Secunia\PSI (RC3)\uninstall.exe" Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SonicWALL Global VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe" -l0x9 -FromCPL SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x6 -removeonly Tablet PC Edition 2005 Multilingual User Interface (MUI) Pack-->MsiExec.exe /I{EFA2630A-CB41-4CAC-8458-7D4EDC9A00E0} Tablet PC Tutorials for Microsoft Windows XP SP2-->MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8} TOSHIBA Accelerometerværktøjer-->C:\WINDOWS\IsUn0406.exe -f"C:\Program Files\TOSHIBA\Accelerationsværktøjer\Uninst.isu" -c"C:\Program Files\TOSHIBA\Accelerationsværktøjer\SETUPSUB.dll" TOSHIBA Adgangskodeprogram til tavle-pc'er V1.02.00-->C:\WINDOWS\IsUn0406.exe -f"C:\Program Files\TOSHIBA\TSigReco\Uninst.isu" -c"C:\Program Files\TOSHIBA\TSigReco\TSigInst.dll" TOSHIBA Bootprogram til SD-hukommelse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F816A1EB-392D-459C-A5A2-8C8B9CD75446}\Setup.exe" -l0x6 TOSHIBA Brugerhåndbøger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\Setup.exe" -l0x6 TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x6 UNINSTALL TOSHIBA Formatering af SD-hukommelseskort-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe" -l0x6 TOSHIBA Lydeffekter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC99D835-CA4A-4E58-82F6-31D0ACF0CACA}\Setup.exe" /T24C502C5 TOSHIBA Mobile Extension3 (TME3) til Windows XP V3.65.00.XP-->C:\WINDOWS\IsUn0406.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll" TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUn0406.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu" TOSHIBA Pegefelt til/fra-funktion V2.05.00-->C:\WINDOWS\IsUn0406.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll" TOSHIBA Power Saver-->C:\WINDOWS\IsUn0406.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll" TOSHIBA Rotationshjælpeprogram-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53554FA3-F658-40F4-A7C6-4CD6F776A8F0}\setup.exe" TOSHIBA Software Modem-->Tosmreg -U TOSHIBA Utilities-->tutildel.exe TOSHIBA Værktøj til ændring af skærmenheder-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5 TOSHIBA-genvejstastværktøj til skærmenheder-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5 TOSHIBA-konsol-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x6 TOSHIBA-zoomfunktion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe" Trend Micro OfficeScan Client-->"C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe" Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6} Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" WinRAR-->C:\Program Files\WinRAR\uninstall.exe Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\Setup.exe" ======Hosts File====== 127.0.0.1 ZieF.pl ======Security center information====== AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated) FW: Trend Micro OfficeScan Enterprise Client Firewall (disabled) ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0d06 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip -----------------EOF----------------- Logfile of random's system information tool 1.02 (written by random/random) Run by RAK at 2008-09-26 18:48:48 Microsoft Windows XP Professional Service Pack 2 System drive C: has 46 GB (80%) free of 57 GB Total RAM: 1535 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:48:54, on 26.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\PROGRA~1\ICQ6\ICQ.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\services.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\System32\rs32net.exe C:\Program Files\Secunia\PSI (RC3)\psi.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\services.exe C:\WINDOWS\services.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\services.exe C:\Documents and Settings\RAK\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\RAK.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [gmmclphh] %systemroot%\gmmclphh.exe O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O4 - HKLM\..\Run: [runservices] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [jjsckgbr] %systemroot%\jjsckgbr.exe O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETVÆRKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe (User 'Default user') O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169464580803 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe O23 - Service: Windows Management Instrumentation Driver Extensions WmiRSVP (WmiRSVP) - Unknown owner - C:\WINDOWS\system32\A.tmp.exe (file missing) -- End of file - 6701 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576] "ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-09-05 94208] "gmmclphh"=C:\WINDOWS\gmmclphh.exe [] "rs32net"=C:\WINDOWS\System32\rs32net.exe [2008-09-26 30208] "runservices"=C:\WINDOWS\services.exe [2008-09-26 54784] "jjsckgbr"=C:\WINDOWS\jjsckgbr.exe [2008-09-26 163840] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ICQ"=C:\PROGRA~1\ICQ6\ICQ.exe [2008-08-24 173304] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 23040] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK] C:\WINDOWS\system32\000StTHK.exe [2001-06-23 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey] C:\WINDOWS\system32\00THotkey.exe [2004-08-23 262144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2004-08-04 23040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2004-04-15 4866048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2005-03-15 344064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5] C:\WINDOWS\system32\TFNF5.exe [2003-12-02 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2004-04-13 135168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] C:\WINDOWS\system32\TPSMain.exe [2004-06-28 274432] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk] C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RAK^Start Menu^Programs^Startup^Hurtig start af Microsoft Office OneNote 2003.lnk] C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] C:\Documents and Settings\RAK\Start Menu\Programs\Startup Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey] C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2004-08-04 47104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL] C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify] C:\WINDOWS\system32\tpgwlnot.dll [2004-08-04 30208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0uyxx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4eixx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5dhxx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8osxx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0uyxx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4eixx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati5dhxx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati8osxx.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program" "C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\WINDOWS\system32\regsvr32.exe"="C:\WINDOWS\system32\regsvr32.exe:*:Enabled:Windows Update" "\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8784980-66f7-11dd-845e-000e7b32456b}] shell\AutoRun\command - D:\SETUP.EXE /AUTORUN shell\configure\command - D:\SETUP.EXE shell\install\command - D:\SETUP.EXE ======List of files/folders created in the last 1 months====== 2008-10-21 14:53:52 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-10-21 14:53:50 ----D---- C:\WINDOWS\system32\Kaspersky Lab 2008-10-21 14:42:10 ----D---- C:\Program Files\iPod 2008-10-21 14:42:07 ----D---- C:\Program Files\iTunes 2008-10-21 14:42:07 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-21 14:40:36 ----D---- C:\Program Files\Bonjour 2008-10-21 14:28:31 ----D---- C:\Documents and Settings\RAK\Application Data\vlc 2008-10-21 14:24:15 ----D---- C:\Program Files\Common Files\Apple 2008-10-21 14:24:08 ----D---- C:\Program Files\QuickTime 2008-10-21 14:18:14 ----D---- C:\Program Files\Apple Software Update 2008-10-21 14:18:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple 2008-10-21 14:06:19 ----D---- C:\Program Files\Secunia 2008-10-21 14:03:11 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-10-21 14:00:15 ----D---- C:\Program Files\NOS 2008-10-21 14:00:15 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2008-10-21 10:29:55 ----D---- C:\Documents and Settings\RAK\Application Data\WinRAR 2008-10-20 18:29:46 ----A---- C:\WINDOWS\system32\6f79d7f4-.txt 2008-10-20 14:57:30 ----D---- C:\WINDOWS\erdnt 2008-10-20 11:39:09 ----D---- C:\Program Files\CCleaner 2008-10-19 21:58:23 ----D---- C:\Documents and Settings\RAK\Application Data\Malwarebytes 2008-10-19 21:58:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-19 21:58:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-19 20:27:29 ----A---- C:\WINDOWS\ntbtlog.txt 2008-10-19 19:11:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-19 19:09:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-26 18:48:48 ----D---- C:\rsit 2008-09-26 18:39:31 ----A---- C:\WINDOWS\jjsckgbr.exe 2008-09-26 18:39:08 ----N---- C:\WINDOWS\system32\rs32net.exe 2008-09-26 18:39:05 ----A---- C:\WINDOWS\system32\E.tmp 2008-09-26 18:38:54 ----N---- C:\WINDOWS\services.exe 2008-09-26 18:38:41 ----A---- C:\WINDOWS\system32\3.tmp 2008-09-26 18:25:36 ----A---- C:\WINDOWS\kilqjbra.exe 2008-09-26 18:25:07 ----A---- C:\WINDOWS\system32\9.tmp 2008-09-26 18:24:20 ----A---- C:\WINDOWS\system32\2.tmp 2008-09-26 18:05:33 ----A---- C:\WINDOWS\system32\A.tmp 2008-09-26 18:04:56 ----A---- C:\WINDOWS\system32\5.tmp 2008-09-26 18:02:47 ----D---- C:\WINDOWS\temp 2008-09-26 18:02:45 ----A---- C:\ComboFix.txt 2008-09-26 17:38:40 ----A---- C:\WINDOWS\system32\11.tmp 2008-09-26 17:38:16 ----A---- C:\WINDOWS\system32\10.tmp 2008-09-26 17:38:15 ----A---- C:\WINDOWS\system32\F.tmp 2008-09-24 23:36:13 ----A---- C:\WINDOWS\system32\C.tmp 2008-09-24 20:54:37 ----A---- C:\WINDOWS\system32\6.tmp 2008-09-24 20:37:04 ----D---- C:\QooBox 2008-09-24 20:37:02 ----A---- C:\WINDOWS\zip.exe 2008-09-24 20:37:02 ----A---- C:\WINDOWS\VFind.exe 2008-09-24 20:37:02 ----A---- C:\WINDOWS\swxcacls.exe 2008-09-24 20:37:02 ----A---- C:\WINDOWS\SWSC.exe 2008-09-24 20:37:02 ----A---- C:\WINDOWS\swreg.exe 2008-09-24 20:37:02 ----A---- C:\WINDOWS\sed.exe 2008-09-24 20:37:02 ----A---- C:\WINDOWS\Nircmd.exe 2008-09-24 20:37:02 ----A---- C:\WINDOWS\grep.exe 2008-09-24 20:37:02 ----A---- C:\WINDOWS\fdsv.exe 2008-09-24 19:35:29 ----D---- C:\Documents and Settings\RAK\Application Data\.clamwin 2008-09-24 19:35:00 ----D---- C:\Program Files\ClamWin 2008-09-24 19:00:32 ----A---- C:\WINDOWS\system32\doafueqi.tmp 2008-09-24 18:59:35 ----A---- C:\WINDOWS\system32\B.tmp 2008-09-24 18:59:14 ----A---- C:\WINDOWS\system32\4.tmp 2008-09-23 19:34:40 ----A---- C:\WINDOWS\system32\javaw.exe 2008-09-23 19:34:40 ----A---- C:\WINDOWS\system32\java.exe 2008-09-23 19:34:22 ----D---- C:\Program Files\Common Files\Java 2008-09-23 18:59:21 ----D---- C:\Program Files\Windows Installer Clean Up 2008-09-23 18:57:55 ----D---- C:\Program Files\MSECACHE 2008-09-22 21:06:57 ----D---- C:\Program Files\Java 2008-09-22 13:09:02 ----A---- C:\TempFix.txt 2008-09-22 12:05:02 ----D---- C:\Program Files\AddRemove 2008-09-21 17:32:48 ----N---- C:\WINDOWS\system32\vxblock.dll 2008-09-21 17:32:48 ----N---- C:\WINDOWS\system32\pxsfs.dll 2008-09-21 17:32:48 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2008-09-21 17:32:48 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2008-09-21 17:32:48 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2008-09-21 17:32:48 ----N---- C:\WINDOWS\system32\pxdrv.dll 2008-09-21 17:32:48 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2008-09-21 17:32:48 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2008-09-21 17:32:48 ----N---- C:\WINDOWS\system32\pxafs.dll 2008-09-21 17:32:47 ----N---- C:\WINDOWS\system32\pxwave.dll 2008-09-21 17:32:47 ----N---- C:\WINDOWS\system32\pxmas.dll 2008-09-21 17:32:47 ----N---- C:\WINDOWS\system32\px.dll 2008-09-21 17:32:18 ----D---- C:\Program Files\DivX 2008-09-12 14:29:13 ----D---- C:\Documents and Settings\RAK\Application Data\MSNInstaller 2008-09-12 14:27:15 ----D---- C:\WINDOWS\SxsCaPendDel 2008-09-12 14:08:45 ----D---- C:\finalburner 2008-09-12 13:42:39 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-12 13:42:17 ----D---- C:\Program Files\Windows Live 2008-09-12 13:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-12 13:39:47 ----D---- C:\Documents and Settings\RAK\Application Data\skypePM 2008-09-12 13:35:14 ----D---- C:\Documents and Settings\RAK\Application Data\Skype 2008-09-12 13:34:05 ----D---- C:\Program Files\Skype 2008-09-12 13:34:04 ----D---- C:\Program Files\Common Files\Skype 2008-09-12 13:32:58 ----D---- C:\Documents and Settings\All Users\Application Data\Skype 2008-09-12 12:57:40 ----D---- C:\Documents and Settings\RAK\Application Data\Apple Computer 2008-09-12 12:55:35 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-09-12 12:55:02 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-09-12 10:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-09-12 10:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-09-12 10:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-09-12 10:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-09-12 10:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-09-12 10:40:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-09-12 10:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-09-12 10:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-09-12 10:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-09-12 10:14:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-09-12 10:11:48 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$ 2008-09-12 10:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-09-12 10:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$ 2008-09-12 10:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$ 2008-09-12 10:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-09-12 09:56:59 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$ 2008-09-12 09:46:57 ----D---- C:\WINDOWS\system32\CatRoot_bak 2008-09-10 18:19:41 ----A---- C:\WINDOWS\system32\ptpusb.dll 2008-09-10 18:19:40 ----A---- C:\WINDOWS\system32\ptpusd.dll 2008-09-10 18:13:25 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2008-09-10 18:12:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2008-09-10 18:12:44 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2008-09-10 18:12:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2008-09-10 09:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$ 2008-09-10 09:34:24 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$ 2008-09-10 09:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$ 2008-09-10 09:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$ 2008-09-10 09:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$ 2008-09-10 09:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$ 2008-09-10 09:33:08 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$ 2008-09-10 09:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$ 2008-09-10 09:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$ 2008-09-10 09:32:44 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$ 2008-09-10 09:32:36 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$ 2008-09-10 09:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$ 2008-09-10 09:32:20 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$ 2008-09-10 09:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$ 2008-09-10 09:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB931836$ 2008-09-10 09:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$ 2008-09-10 09:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$ 2008-09-10 09:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$ 2008-09-10 09:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$ 2008-09-10 09:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$ 2008-09-10 09:31:16 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$ 2008-09-10 09:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$ 2008-09-10 09:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$ 2008-09-10 09:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$ 2008-09-10 09:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$ 2008-09-10 09:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$ 2008-09-10 09:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$ 2008-09-10 09:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$ 2008-09-10 09:29:59 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$ 2008-09-10 09:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB928090$ 2008-09-09 16:50:05 ----D---- C:\Program Files\WinRAR 2008-09-09 16:39:38 ----D---- C:\Documents and Settings\RAK\Application Data\ICQ 2008-09-09 16:38:49 ----D---- C:\Program Files\ICQ6 2008-09-09 16:34:02 ----D---- C:\Program Files\VideoLAN 2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll ======List of files/folders modified in the last 1 months====== 2008-10-21 14:53:52 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-21 14:53:50 ----HD---- C:\WINDOWS\inf 2008-10-21 14:18:17 ----SD---- C:\WINDOWS\Tasks 2008-10-21 14:03:24 ----D---- C:\Program Files\Common Files\Adobe 2008-10-21 14:02:52 ----D---- C:\Program Files\Adobe 2008-10-21 10:31:47 ----D---- C:\Temp 2008-10-20 12:06:10 ----D---- C:\WINDOWS\system32\wbem 2008-10-20 12:06:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-20 11:50:20 ----D---- C:\Program Files\Trend Micro 2008-10-19 23:23:01 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-19 19:11:38 ----D---- C:\Program Files\Lavasoft 2008-10-19 18:57:58 ----D---- C:\WINDOWS\Help 2008-10-17 19:53:30 ----D---- C:\WINDOWS\Debug 2008-10-17 19:48:57 ----RSD---- C:\WINDOWS\Fonts 2008-10-17 19:48:12 ----D---- C:\Program Files\Common Files\Microsoft Shared 2008-10-17 19:45:52 ----A---- C:\WINDOWS\win.ini 2008-09-26 18:43:25 ----D---- C:\Program Files\Mozilla Firefox 2008-09-26 18:40:04 ----D---- C:\WINDOWS\system32 2008-09-26 18:39:57 ----D---- C:\WINDOWS\system32\drivers 2008-09-26 18:39:57 ----D---- C:\WINDOWS 2008-09-26 18:37:09 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-09-26 18:06:27 ----D---- C:\WINDOWS\Minidump 2008-09-26 18:02:09 ----D---- C:\WINDOWS\system32\CatRoot2 2008-09-26 17:56:50 ----A---- C:\WINDOWS\system.ini 2008-09-26 17:54:14 ----D---- C:\WINDOWS\system32\config 2008-09-26 17:51:58 ----D---- C:\WINDOWS\AppPatch 2008-09-26 17:51:58 ----D---- C:\Program Files\Common Files 2008-09-26 17:39:36 ----SHD---- C:\System Volume Information 2008-09-26 17:39:36 ----D---- C:\WINDOWS\system32\Restore 2008-09-25 10:00:13 ----RD---- C:\Program Files 2008-09-25 00:10:24 ----A---- C:\WINDOWS\system32\svchost.exe 2008-09-24 20:41:38 ----D---- C:\WINDOWS\Prefetch 2008-09-23 19:34:49 ----SHD---- C:\WINDOWS\Installer 2008-09-22 11:13:14 ----D---- C:\Program Files\Radmin 2008-09-22 11:11:36 ----D---- C:\Program Files\Outlook Express 2008-09-22 11:11:30 ----D---- C:\Program Files\NetMeeting 2008-09-22 11:10:42 ----D---- C:\Program Files\Movie Maker 2008-09-22 11:10:40 ----D---- C:\Program Files\Microsoft Reader 2008-09-22 11:07:50 ----D---- C:\Program Files\Messenger 2008-09-22 11:07:43 ----D---- C:\Program Files\ltmoh 2008-09-22 11:04:17 ----D---- C:\Program Files\Internet Explorer 2008-09-22 10:51:39 ----D---- C:\Program Files\Apoint2K 2008-09-22 10:51:28 ----D---- C:\Program Files\AntiVir PersonalEdition Classic 2008-09-22 10:45:49 ----D---- C:\I386 2008-09-22 10:10:25 ----D---- C:\apps 2008-09-16 22:29:15 ----D---- C:\Documents and Settings\RAK\Application Data\Adobe 2008-09-16 20:15:33 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-09-12 14:29:15 ----D---- C:\Program Files\MSN 2008-09-12 14:24:14 ----SD---- C:\Documents and Settings\RAK\Application Data\Microsoft 2008-09-12 14:11:43 ----D---- C:\WINDOWS\WinSxS 2008-09-12 14:11:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-09-12 12:21:21 ----RASH---- C:\boot.ini 2008-09-12 12:03:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-12 12:03:26 ----D---- C:\WINDOWS\pss 2008-09-12 10:55:03 ----HD---- C:\WINDOWS\$hf_mig$ 2008-09-12 10:55:01 ----A---- C:\WINDOWS\imsins.BAK 2008-09-12 10:02:21 ----A---- C:\WINDOWS\win.tmp 2008-09-10 10:11:57 ----D---- C:\WINDOWS\msagent 2008-09-10 09:30:47 ----D---- C:\Program Files\Common Files\System 2008-09-09 16:40:37 ----HD---- C:\Program Files\InstallShield Installation Information 2008-09-09 16:35:00 ----D---- C:\Documents and Settings\RAK\Application Data\Mozilla ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys [] R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2004-06-16 5888] R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 TM_CFW;Common Firewall Driver; \??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sys [] R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [] R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [] R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2002-12-13 99577] R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024] R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604] R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-04-15 1376268] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584] R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-09-11 38425] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver; C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 8832] R3 tcpsr;tcpsr; \??\C:\WINDOWS\System32\drivers\tcpsr.sys [] R3 TEchoCan;Toshiba Audio Effect; C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-02-04 30720] R3 TMicAry;Toshiba Audio Effect with MicArray; C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-04 138240] R3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 8573] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-04 13568] S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-05-28 390944] S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128] S3 catchme;catchme; \??\C:\DOCUME~1\RAK\LOCALS~1\Temp\catchme.sys [] S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys [] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808] S3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 23180] S3 TS154_CB;T-Sinus 154card Driver; C:\WINDOWS\system32\DRIVERS\TS154ICB.sys [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496] S3 w32n5223;w32n5223 Protocol Driver; \??\C:\PROGRA~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-19 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-09-25 22016] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-06-16 45056] R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-09-25 22016] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2004-04-15 86016] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 53248] R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2004-04-13 135168] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872] S2 WmiRSVP;Windows Management Instrumentation Driver Extensions WmiRSVP; C:\WINDOWS\system32\A.tmp [2008-09-26 18] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 40960] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 273920] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 273920] S4 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2005-03-15 495616] S4 OfcPfwSvc;OfficeScanNT Personal Firewall; C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe [2005-03-15 237648] S4 OfcPfwSvc;OfficeScanNT Personal Firewall; C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe [2005-03-15 237648] S4 tmlisten;OfficeScanNT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2005-03-15 598104] -----------------EOF----------------- hier noch der link zu virustotal http://www.virustotal.com/de/analisis/652f4c3e920b85e6f23d616b45a27637 Dieser Beitrag wurde am 26.09.2008 um 19:43 Uhr von debbbbbbi editiert.
|
|
|
|
|
|
|
26.09.2008, 21:53
Ehrenmitglied
 Beiträge: 6028 |
#94
Virus.Win32.Virut.br da hilft nur noch eins,platt machen und Windows neu installieren
 __________ MfG Argus |
|
|
|
|
|
|
27.09.2008, 18:51
Member
Beiträge: 50 |
#95
hi also ich hab jetzt wohl ein echtes problem,oder?
seit gestern komm ich auch nicht mehr ins internet...kommt immer ne meldung wegen laufzeitüberschreitung.... oke gut dann muss ich das wohl machen...problem ist nur ich hab keine windows vesrion für den pc? h nur noch ne andere vonmeinem früheren pc auch XP aber die ist an den pc gebunden..so stehts zumindest auf der cd also dass si enur verbunden im kauf von dem pc gültig ist... kann ich die trotzdem fürden toschiba nehmen...oder gibts ne andere möglichkeit ein neues betriebssystem drauf zu machen? und wenn ich dann das neuinstalliert habe welche programme soll ich mir dann sofort wieder runter laden um so was wie jetzt zu verhindern? danke nochmal für die lange Hilfe! |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ComboFix 08-09-24.03 - RAK 2008-09-26 17:49:34.13 - NTFSx86
Running from: C:\Documents and Settings\RAK\Desktop\ComboFix.exe
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\file.bat
C:\WINDOWS\services.exe
C:\WINDOWS\system32\uwdryzc.dll
C:\WINDOWS\system32\drivers\str.sys . . . . failed to delete
.
---- Previous Run -------
.
C:\WINDOWS\system32\drivers\str.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICF
-------\Legacy_TCPSR
-------\Legacy_TCPSR
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.
2008-10-21 14:53 . 2008-10-21 14:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-10-21 14:53 . 2008-10-21 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-21 14:42 . 2008-10-21 14:42 <DIR> d-------- C:\Program Files\iTunes
2008-10-21 14:42 . 2008-10-21 14:42 <DIR> d-------- C:\Program Files\iPod
2008-10-21 14:42 . 2008-10-21 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-21 14:40 . 2008-10-21 14:40 <DIR> d-------- C:\Program Files\Bonjour
2008-10-21 14:28 . 2008-10-21 14:28 <DIR> d-------- C:\Documents and Settings\RAK\Application Data\vlc
2008-10-21 14:24 . 2008-09-22 11:13 <DIR> d-------- C:\Program Files\QuickTime
2008-10-21 14:24 . 2008-10-21 14:39 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-21 14:18 . 2008-10-21 14:18 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-21 14:18 . 2008-10-21 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-21 14:06 . 2008-10-21 14:06 <DIR> d-------- C:\Program Files\Secunia
2008-10-21 14:00 . 2008-10-21 14:06 <DIR> d-------- C:\Program Files\NOS
2008-10-21 14:00 . 2008-10-21 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-20 11:39 . 2008-10-20 11:39 <DIR> d-------- C:\Program Files\CCleaner
2008-10-19 21:58 . 2008-09-22 11:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-19 21:58 . 2008-10-19 21:58 <DIR> d-------- C:\Documents and Settings\RAK\Application Data\Malwarebytes
2008-10-19 21:58 . 2008-10-19 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-19 21:58 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-19 21:58 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-19 19:11 . 2008-10-19 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-19 19:09 . 2008-10-19 19:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-17 23:14 . 2008-10-17 23:14 268 --ah----- C:\sqmdata01.sqm
2008-10-17 23:14 . 2008-10-17 23:14 244 --ah----- C:\sqmnoopt01.sqm
2008-09-26 17:38 . 2008-09-26 17:38 54,784 --a------ C:\WINDOWS\system32\10.tmp
2008-09-26 17:38 . 2008-09-26 17:38 12,848 --a------ C:\WINDOWS\system32\11.tmp
2008-09-26 17:38 . 2008-09-26 17:38 140 --a------ C:\WINDOWS\system32\F.tmp
2008-09-24 23:36 . 2008-09-24 23:36 0 --a------ C:\WINDOWS\system32\C.tmp
2008-09-24 20:55 . 2008-09-26 17:37 32,256 --a------ C:\WINDOWS\system32\drivers\ati0uyxx.sys
2008-09-24 20:54 . 2008-09-24 20:54 228 --a------ C:\WINDOWS\system32\6.tmp
2008-09-24 19:56 . 2008-09-24 19:56 268 --ah----- C:\sqmdata11.sqm
2008-09-24 19:56 . 2008-09-24 19:56 244 --ah----- C:\sqmnoopt11.sqm
2008-09-24 19:35 . 2008-09-24 19:35 <DIR> d-------- C:\Program Files\ClamWin
2008-09-24 19:35 . 2008-09-24 19:36 <DIR> d-------- C:\Documents and Settings\RAK\Application Data\.clamwin
2008-09-24 19:35 . 2008-09-24 19:35 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
2008-09-24 19:23 . 2008-09-24 19:23 268 --ah----- C:\sqmdata10.sqm
2008-09-24 19:23 . 2008-09-24 19:23 244 --ah----- C:\sqmnoopt10.sqm
2008-09-24 19:10 . 2008-09-24 19:10 268 --ah----- C:\sqmdata09.sqm
2008-09-24 19:10 . 2008-09-24 19:10 244 --ah----- C:\sqmnoopt09.sqm
2008-09-24 19:00 . 2008-09-24 19:00 29 --a------ C:\WINDOWS\system32\doafueqi.tmp
2008-09-24 18:59 . 2008-09-24 19:58 294 --a-s---- C:\WINDOWS\system32\2680525725.dat
2008-09-24 18:59 . 2008-09-24 18:59 184 --a------ C:\WINDOWS\system32\4.tmp
2008-09-24 18:59 . 2008-09-24 18:59 18 --a------ C:\WINDOWS\system32\B.tmp
2008-09-24 09:51 . 2008-09-24 09:51 268 --ah----- C:\sqmdata08.sqm
2008-09-24 09:51 . 2008-09-24 09:51 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 22:27 . 2008-09-23 22:27 268 --ah----- C:\sqmdata07.sqm
2008-09-23 22:27 . 2008-09-23 22:27 244 --ah----- C:\sqmnoopt07.sqm
2008-09-23 21:48 . 2008-09-23 21:48 268 --ah----- C:\sqmdata06.sqm
2008-09-23 21:48 . 2008-09-23 21:48 244 --ah----- C:\sqmnoopt06.sqm
2008-09-23 19:57 . 2008-09-23 19:57 268 --ah----- C:\sqmdata05.sqm
2008-09-23 19:57 . 2008-09-23 19:57 244 --ah----- C:\sqmnoopt05.sqm
2008-09-23 19:34 . 2008-09-23 19:34 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-23 19:34 . 2008-09-23 19:34 53,352 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-09-23 18:59 . 2008-09-23 18:59 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-09-23 18:57 . 2008-09-23 18:57 <DIR> d-------- C:\Program Files\MSECACHE
2008-09-22 23:36 . 2008-09-22 23:36 268 --ah----- C:\sqmdata04.sqm
2008-09-22 23:36 . 2008-09-22 23:36 244 --ah----- C:\sqmnoopt04.sqm
2008-09-22 21:06 . 2008-09-23 19:34 <DIR> d-------- C:\Program Files\Java
2008-09-22 20:14 . 2008-09-22 20:14 268 --ah----- C:\sqmdata03.sqm
2008-09-22 20:14 . 2008-09-22 20:14 244 --ah----- C:\sqmnoopt03.sqm
2008-09-22 13:06 . 2008-09-22 13:06 268 --ah----- C:\sqmdata02.sqm
2008-09-22 13:06 . 2008-09-22 13:06 244 --ah----- C:\sqmnoopt02.sqm
2008-09-22 12:06 . 2008-09-22 12:06 1 --a------ C:\WINDOWS\AR.DAT
2008-09-22 12:05 . 2008-09-22 12:06 <DIR> d-------- C:\Program Files\AddRemove
2008-09-21 17:32 . 2008-09-21 17:33 <DIR> d-------- C:\Program Files\DivX
2008-09-16 09:02 . 2008-09-16 09:02 268 --ah----- C:\sqmdata00.sqm
2008-09-16 09:02 . 2008-09-16 09:02 244 --ah----- C:\sqmnoopt00.sqm
2008-09-12 14:29 . 2008-09-12 14:29 <DIR> d-------- C:\Documents and Settings\RAK\Application Data\MSNInstaller
2008-09-12 14:27 . 2008-09-12 22:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-12 14:24 . 2008-09-16 20:15 <DIR> d-------- C:\Documents and Settings\RAK\Contacts
2008-09-12 14:08 . 2008-09-12 14:08 <DIR> d-------- C:\finalburner
2008-09-12 13:42 . 2008-09-12 14:11 <DIR> d-------- C:\Program Files\Windows Live
2008-09-12 13:42 . 2008-09-12 14:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-12 13:41 . 2008-09-12 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-12 13:39 . 2008-09-12 16:09 <DIR> d-------- C:\Documents and Settings\RAK\Application Data\skypePM
2008-09-12 13:39 . 2008-09-12 13:39 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-12 13:35 . 2008-09-12 21:35 <DIR> d-------- C:\Documents and Settings\RAK\Application Data\Skype
2008-09-12 13:34 . 2008-09-12 13:34 <DIR> d-------- C:\Program Files\Skype
2008-09-12 13:34 . 2008-09-12 13:34 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-12 13:32 . 2008-09-12 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-09-12 12:57 . 2008-09-12 12:57 <DIR> d-------- C:\Documents and Settings\RAK\Application Data\Apple Computer
2008-09-12 12:55 . 2008-10-21 14:42 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-12 12:55 . 2008-09-12 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-12 09:46 . 2008-10-19 23:23 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-11 17:00 . 2008-05-01 16:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-10 18:19 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-09-10 18:19 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-10 18:19 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-10 18:19 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-09-10 18:13 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-10 18:12 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-10 18:12 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-10 18:12 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-10 18:12 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-09 16:39 . 2008-09-09 16:41 <DIR> d-------- C:\Documents and Settings\RAK\Application Data\ICQ
2008-09-09 16:38 . 2008-09-22 13:12 <DIR> d-------- C:\Program Files\ICQ6
2008-09-09 16:35 . 2008-09-09 16:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-09 16:34 . 2008-09-09 16:34 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 12:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-20 09:50 --------- d-----w C:\Program Files\Trend Micro
2008-10-19 17:11 --------- d-----w C:\Program Files\Lavasoft
2008-09-22 09:13 --------- d-----w C:\Program Files\Radmin
2008-09-22 09:10 --------- d-----w C:\Program Files\Microsoft Reader
2008-09-22 09:07 --------- d-----w C:\Program Files\ltmoh
2008-09-22 08:51 --------- d-----w C:\Program Files\Apoint2K
2008-09-12 10:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-09 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 20:49 --------- d-----w C:\Program Files\Google
2008-08-10 20:42 --------- d-----w C:\Program Files\Toshiba
2008-08-10 20:40 --------- d-----w C:\Program Files\T-COM
2008-08-10 20:39 --------- d-----w C:\Program Files\Yahoo!
2008-08-10 20:32 --------- d-----w C:\Program Files\Citrix
2008-08-10 20:30 --------- d-----w C:\Documents and Settings\RAK\Application Data\Lavasoft
2008-08-07 12:07 --------- d-----w C:\Documents and Settings\RAK\Application Data\toshiba
.
------- Sigcheck -------
2008-04-14 02:12 22016 04933b7f83558b4bf6e78df0377f6b45 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2008-09-25 00:10 22016 01fa1a1a35c922086f8003b7258cffd9 C:\WINDOWS\system32\svchost.exe
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 14:00 1039872 c7afa0d8c704de1ff569e08f5905eee0 C:\WINDOWS\explorer.exe
2008-04-14 02:12 1041408 c93ff630f758fd3fefc224e3f332eb86 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
2008-04-14 02:12 23040 6db539e61429a696826c1e2a67887892 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
2004-08-04 14:00 23040 c77a29024309359026e1bde524ed273d C:\WINDOWS\system32\ctfmon.exe
2005-06-11 02:17 65536 8624ff86c4fc8664b7ab56f1677787a2 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 14:00 65536 65e752cc224a5b13b1e6c8abe529219c C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 02:12 65536 73e9d073cbcc08b39623b547fa7f8a9c C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
2005-06-11 01:53 65536 8aa12067537d7cf4b6102b8822f9ed8a C:\WINDOWS\system32\spoolsv.exe
2008-04-14 02:12 33792 425ec2431f7a6f35a49ae5573d234933 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2004-08-04 14:00 32256 95ae3572f48fce4e1697d18b4c59ec0a C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-24_23.41.24.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-24 21:35:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-26 15:55:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-24 21:35:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-26 15:55:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-24 21:35:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-26 15:55:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" [2008-08-24 173304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23040]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-09-05 94208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 23040]
C:\Documents and Settings\RAK\Start Menu\Programs\Startup\
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [2008-06-16 671744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 14:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 04:41 11776 C:\WINDOWS\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2004-08-04 14:00 30208 C:\WINDOWS\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0uyxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4eixx.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^RAK^Start Menu^Programs^Startup^Hurtig start af Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\RAK\Start Menu\Programs\Startup\Hurtig start af Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Hurtig start af Microsoft Office OneNote 2003.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2004-08-23 09:55 262144 C:\WINDOWS\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 14:00 23040 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-04-15 16:05 4866048 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
--a------ 2005-03-15 17:55 344064 C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESRV.EXE]
--a------ 2004-04-13 12:58 135168 C:\Program Files\Toshiba\TME3\TMESRV31.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-23 21:28 32768 C:\WINDOWS\system32\000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-02-20 16:00 88363 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-04-15 16:05 331776 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2003-12-02 15:15 81920 C:\WINDOWS\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2004-06-28 14:42 274432 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\regsvr32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:Radmin
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 ati0uyxx;ati0uyxx;C:\WINDOWS\system32\Drivers\ati0uyxx.sys [2008-09-26 32256]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-04-05 81200]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 8832]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-02-04 30720]
R3 TMicAry;Toshiba Audio Effect with MicArray;C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-04 138240]
R3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-04 13568]
S0 ati4eixx;ati4eixx;C:\WINDOWS\system32\Drivers\ati4eixx.sys [ ]
S2 WmiRSVP;Windows Management Instrumentation Driver Extensions WmiRSVP;C:\WINDOWS\system32\A.tmp [ ]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
S3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 23180]
S3 TS154_CB;T-Sinus 154card Driver;C:\WINDOWS\system32\DRIVERS\TS154ICB.sys [ ]
S3 w32n5223;w32n5223 Protocol Driver;C:\PROGRA~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8784980-66f7-11dd-845e-000e7b32456b}]
\Shell\AutoRun\command - D:\SETUP.EXE /AUTORUN
\Shell\configure\command - D:\SETUP.EXE
\Shell\install\command - D:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\RAK\Application Data\Mozilla\Firefox\Profiles\5ghayvx5.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJPI142.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 17:57:03
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\drivers\str.sys 0 bytes
C:\WINDOWS\system32\drivers\xlcssadvaguoxp.sys 30976 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nydxzmdff]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\xlcssadvaguoxp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiRSVP]
"ImagePath"="C:\WINDOWS\system32\A.tmp srv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\tabbtnu.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-26 18:02:44 - machine was rebooted [RAK]
ComboFix-quarantined-files.txt 2008-09-26 16:02:40
ComboFix2.txt 2008-09-24 21:42:21
ComboFix3.txt 2008-09-22 11:42:41
Pre-Run: 48,378,527,744 bytes free
Post-Run: 48,301,035,520 bytes free
334 --- E O F --- 2008-10-19 21:23:10