Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:52, on 14.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Programfiler\Fellesfiler\Siemens\S7IEPG\s7oiehsx.exe
C:\Programfiler\Fellesfiler\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Siemens\sws\almsrv\almsrvx.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAMFILER\KEYBOARD MANAGER\MANAGER UTILITY\KEYBOARDMANAGER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe
C:\Programfiler\Fellesfiler\Siemens\S7ubtoox\s7ubtstx.exe
C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\Fellesfiler\Siemens\Sqlany\dbsrv9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.no/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Programfiler\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ISUSPM] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe -scheduler
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [S7UB Start] "C:\Programfiler\Fellesfiler\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mpx.no
O16 - DPF: Bootstrap -
http://remotecontrol26.imageserveronlin ... tstrap.cabO16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) -
http://web04.ifi.fi/WEBUPLOAD/app_suppo ... loader.cabO16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) -
http://fika-web.ifolor.net/OrderingGene ... r_fika.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Fac ... loader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 8059482578O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Programfiler\Fellesfiler\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: autodesk - Unknown owner - C:\flexlm\adsk\lmgrd.exe (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programfiler\Symantec\pcAnywhere\awhost32.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Programfiler\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Programfiler\Fellesfiler\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Programfiler\Fellesfiler\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 8547 bytes
----------------------
ComboFix 08-08-13.05 - Thomas 2008-08-14 16:52:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.558 [GMT 2:00]
Running from: C:\Documents and Settings\Thomas\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomas\Skrivebord\WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Kristine\Programdata\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnk
C:\Documents and Settings\Kristine\Skrivebord\AntiMalwareGuard.lnk
C:\Documents and Settings\Thomas\Cookies.\thomas@adtrgt[2].txt
C:\Documents and Settings\Thomas\Cookies.\thomas@network.adsmarket[2].txt
C:\Programfiler\AntiMalwareGuard
C:\Programfiler\AntiMalwareGuard\BL.dat
C:\Programfiler\AntiMalwareGuard\WL.dat
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\__c001A9B.exe
C:\WINDOWS\system32\__c00D2A4.dat
C:\WINDOWS\system32\~.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.
2008-08-14 11:05 . 2008-08-14 11:05 268 --ah----- C:\sqmdata19.sqm
2008-08-14 11:05 . 2008-08-14 11:05 244 --ah----- C:\sqmnoopt19.sqm
2008-08-13 00:11 . 2008-08-13 21:10 <DIR> dr-h----- C:\Documents and Settings\Thomas\Siste
2008-08-12 09:32 . 2008-08-12 09:32 268 --ah----- C:\sqmdata18.sqm
2008-08-12 09:32 . 2008-08-12 09:32 244 --ah----- C:\sqmnoopt18.sqm
2008-08-02 23:41 . 2008-08-02 23:41 268 --ah----- C:\sqmdata17.sqm
2008-08-02 23:41 . 2008-08-02 23:41 244 --ah----- C:\sqmnoopt17.sqm
2008-07-25 14:11 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-25 14:11 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-25 14:11 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-25 14:11 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-25 14:11 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-25 14:11 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 18:58 --------- d-----w C:\Programfiler\Trend Micro
2008-07-25 12:11 --------- d-----w C:\Programfiler\Nokia
2008-07-25 12:11 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations
2008-07-25 12:09 --------- d-----w C:\Programfiler\Fellesfiler\Nokia
2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2008-07-16 11:43 --------- d-----w C:\Programfiler\sPlan60 (Demo)
2008-07-16 11:43 --------- d-----w C:\Programfiler\EasyCut3
2008-07-09 11:04 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-09 11:04 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-27 20:25 --------- d-----w C:\Programfiler\OutlookSMS
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-03 12:19 7122944]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 13:00 102400]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 13:00 684032]
"Keyboard Manager Utility"="C:\Programfiler\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2005-06-07 13:00 2936832]
"pccguide.exe"="C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-16 22:23 897089]
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-03-01 21:04 155648]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 08:29 237568]
"ISUSPM"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"S7UB Start"="C:\Programfiler\Fellesfiler\Siemens\S7ubtoox\s7ubtstx.exe" [2007-07-27 18:04 102453]
"CloneCDTray"="C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"NSLauncher"="C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"nwiz"="nwiz.exe" [2005-11-03 12:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-03-18 13:00 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-03-18 13:00 2752000 C:\WINDOWS\ALCWZRD.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 19968 C:\WINDOWS\Logi_MwX.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\PROGRA~1\DVDREG~2\DVDShell.dll" [2004-10-09 16:18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 10:51 24638 C:\WINDOWS\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"C:\\Programfiler\\Symantec\\pcAnywhere\\awrem32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\MSN Messenger\\livecall.exe"=
"C:\\Programfiler\\Fellesfiler\\Siemens\\SQLANY\\dbsrv9.exe"=
"C:\\Programfiler\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=
"C:\\Programfiler\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=
"C:\\WINDOWS\\system32\\s7otbxsx.exe"=
"C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 almservice;Automation License Manager Service;C:\Programfiler\Fellesfiler\Siemens\sws\almsrv\almsrvx.exe [2007-07-26 09:08]
R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2007-06-25 15:47]
R2 s7asysvx;S7 Global Services;C:\Programfiler\Siemens\Step7\S7BIN\s7asysvx.exe [2007-07-27 14:06]
R2 s7oiehsx;SIMATIC IEPG Help Service;C:\Programfiler\Fellesfiler\Siemens\S7IEPG\s7oiehsx.exe [2007-08-28 13:42]
R2 s7snsrtx;PROFINET IO RT-Protocol;C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys [2007-07-30 12:06]
R2 S7TraceServiceX;S7TraceServiceX;C:\Programfiler\Fellesfiler\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2007-03-22 12:29]
R2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys [2007-08-10 09:34]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-05 15:27]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 15:27]
S2 autodesk;autodesk;C:\flexlm\adsk\lmgrd.exe []
S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2002-10-18 02:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - C:\PROGRAMFILER\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe
HKLM-Run-Adobe Photo Downloader - C:\Programfiler\Adobe\Photoshop Elements 6.0\apdproxy.exe
HKLM-Run-NWEReboot - (no file)
Notify-__c00D2A4 - C:\WINDOWS\system32\__c00D2A4.dat
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.no/O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: Bootstrap -
hxxp://remotecontrol26.imageserveronlin ... tstrap.cabC:\WINDOWS\Downloaded Program Files\OSD2C4.OSD
C:\WINDOWS\Downloaded Program Files\Bootstrap.dll
O16 -: {274967E8-7BE3-4195-B719-CFE8878B2E39} -
hxxp://web04.ifi.fi/WEBUPLOAD/app_suppo ... loader.cabC:\WINDOWS\Downloaded Program Files\FotolaboUploader.inf
C:\WINDOWS\Downloaded Program Files\FotolaboUploader.ocx
O16 -: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} -
hxxp://fika-web.ifolor.net/OrderingGene ... r_fika.cabC:\WINDOWS\Downloaded Program Files\IfolorUploader.inf
C:\WINDOWS\Downloaded Program Files\IfolorUploader.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-14 16:58:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\Fellesfiler\Siemens\SQLANY\dbsrv9.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-14 17:03:15 - machine was rebooted [Thomas]
ComboFix-quarantined-files.txt 2008-08-14 15:03:11
Pre-Run: 27,634,528,256 byte ledig
Post-Run: 27,906,994,176 byte ledig
WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
182