Win32.Zafi.B - Free Antivirus Forum

Win32.Zafi.B

BullGuard Antivirus Forum > Virus Removal > Removal Tools > Win32.Zafi.B

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

ramu5274
New Member

Date Joined Feb 2009
Total Posts : 11

Posted 2-16-2009 4:22 (GMT +1)

Can anyone please help me to remove this Win32.Zafi.B virus from my computer.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 2-16-2009 7:43 (GMT +1)

Hello

Download this program: http://www.ctrlaltdel.dk/Fix_download.exe

and save it on the desktop. Then double click on it (Fix_download.exe).

You may have to allow the program to download files from the web!

The program download the necessary cleaning programs. Once the program
is downloaded, there will be a folder on your desktop named
Fix. – if the instructions not automatically opens, so
double-click "FIX_manual.htm" in Fix folder.

Please follow the instructions and copy the logs here, in this Topic.

Note : Fix_download.exe is detected by some antivirus programs as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

If necessary, temporarily disable your anti-virus, real-time protection before downloading

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

ramu5274
New Member

Date Joined Feb 2009
Total Posts : 11

Posted 2-16-2009 9:24 (GMT +1)

Thank u very much for the reply

ramu5274
New Member

Date Joined Feb 2009
Total Posts : 11

Posted 2-17-2009 12:17 (GMT +1)

Malwarebytes' Anti-Malware 1.34
Database version: 1766
Windows 5.1.2600 Service Pack 3

2009-02-17 00:01:44
mbam-log-2009-02-17 (00-01-44).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 159639
Time elapsed: 1 hour(s), 19 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ramu5274
New Member

Date Joined Feb 2009
Total Posts : 11

Posted 2-17-2009 12:18 (GMT +1)

ComboFix 09-02-15.01 - Ram 2009-02-17 0:08:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.1526.683 [GMT 1:00]
Körs från: c:\documents and settings\Ram\Skrivbord\FIX\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *enabled*
* Skapade en ny återställningspunkt
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ram\Application Data\Google\ckzty22913935.exe
c:\documents and settings\Ram\Start-meny\Program\Autostart\ChkDisk.dll
c:\documents and settings\Ram\Start-meny\Program\Autostart\ChkDisk.lnk
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
E:\resycled

.
(((((((((((((((((((((((( Filer Skapade från 2009-01-16 till 2009-02-16 ))))))))))))))))))))))))))))))
.

2009-02-16 22:40 . 2009-02-16 22:40 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware
2009-02-16 22:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 22:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-16 22:26 . 2009-02-16 22:26 <KAT> d-------- c:\program\CCleaner
2009-02-15 19:25 . 2009-02-15 19:26 <KAT> d-------- c:\program\Fighters
2009-02-15 19:25 . 2009-02-15 19:25 <KAT> d-------- c:\documents and settings\All Users\Application Data\Fighters
2009-02-15 19:05 . 2009-02-15 19:05 <KAT> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-02-14 23:34 . 2009-02-15 18:06 <KAT> d-------- c:\program\Enigma Software Group
2009-02-14 23:22 . 2009-02-14 23:22 <KAT> d-------- C:\!KillBox
2009-02-14 16:59 . 2009-02-14 16:59 <KAT> d-------- c:\documents and settings\Ram\Application Data\Malwarebytes
2009-02-14 16:59 . 2009-02-14 16:59 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-23 22:13 . 2009-02-10 17:41 <KAT> d-------- c:\documents and settings\Ram\Application Data\U3
2009-01-16 19:07 . 2009-01-16 19:07 <KAT> d-------- c:\program\Personal
2009-01-16 19:07 . 2009-01-16 19:07 <KAT> d-------- c:\documents and settings\Ram\Application Data\Personal

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 09:48 --------- d-----w c:\program\lg_swupdate
2009-02-15 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-15 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Infineon
2009-02-10 20:46 --------- d-----w c:\documents and settings\Ram\Application Data\Azureus
2009-02-10 15:13 --------- d-----w c:\program\Delade filer\Symantec Shared
2009-01-31 17:49 --------- d-----w c:\documents and settings\Ram\Application Data\SopCast
2009-01-14 16:10 --------- d-----w c:\documents and settings\Ram\Application Data\Canon
2009-01-14 16:09 --------- d-----w c:\program\Canon
2009-01-14 16:03 --------- d-----w c:\program\ScanSoft
2009-01-14 16:03 --------- d-----w c:\program\Delade filer\ScanSoft Shared
2009-01-14 16:03 --------- d-----w c:\program\Delade filer\InstallShield
2009-01-14 16:03 --------- d-----w c:\documents and settings\Ram\Application Data\ScanSoft
2009-01-14 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2009-01-14 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-14 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\CanonBJ
2009-01-14 15:57 --------- d--h--w c:\program\CanonBJ
2009-01-05 09:11 --------- d-----w c:\program\Norton AntiVirus
2009-01-04 16:11 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-04 16:11 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-04 16:11 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-04 16:11 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-04 16:11 --------- d-----w c:\program\Symantec
2009-01-03 22:05 10,344 ----a-w c:\windows\system32\drivers\symlcbrd.sys
2009-01-03 22:03 --------- d-----w c:\program\Java
2009-01-03 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-01-03 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-02 00:41 --------- d-----w c:\program\Trojan Remover
2009-01-01 18:00 --------- d-----w c:\program\Allok Video Joiner
2008-12-21 14:25 --------- d-----w c:\program\NortonInstaller
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2006-10-16 18:52 19,392 ----a-w c:\documents and settings\Ram\Application Data\GDIPFONTCACHEV1.DAT
2008-10-11 12:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008101120081012\index.dat
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"mRouterConfig"="c:\program\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
"Creative Live! Cam Manager"="c:\program\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Yahoo! Pager"="c:\program\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"Veoh"="c:\program\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"VeohPlugin"="c:\program\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"msnmsgr"="c:\program\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2006-06-02 786521]
"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"batterymiser"="c:\program\LG Software\Battery Miser\batterymiser.exe" [2006-09-29 327680]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-08 7405568]
"KeybdUtility"="c:\program\LG Software\On Screen Display\HotKey.exe" [2006-09-25 2711552]
"LG Intelligent Update"="c:\program\lg_swupdate\autoupdate.exe" [2008-06-20 126976]
"OmniPass"="c:\program\Softex\OmniPass\scureapp.exe" [2006-01-08 1847296]
"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Acrobat Assistant 7.0"="c:\program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-27 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-27 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-27 118784]
"PC Suite for Smartphones"="c:\program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2008-04-26 185896]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-06-03 32768]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ccApp"="c:\program\Delade filer\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program\Norton AntiVirus\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="c:\program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SSBkgdUpdate"="c:\program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"spywarefighterguard"="c:\program\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-02-08 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"LG Direct Media Button Service"="LGDMEBTN.exe" [2006-02-02 c:\windows\system32\LGDMEBTN.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-09-07 25214]
BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-01-16 927248]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-09-29 114688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-10 06:59 115816 c:\program\Delade filer\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 16:46 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPO3]
--a------ 2006-04-24 15:22 1028096 c:\program\LG Software\IP Operator\IP Operator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 17:05 1695232 c:\program\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program\Delade filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 02:23 443968 c:\program\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRSTrayApp]
--a------ 2006-02-09 10:17 176128 c:\program\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-09-26 18:14 3660848 c:\program\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 c:\program\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-06-28 21:32 89541 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program\\LimeWire\\LimeWire.exe"=
"c:\\Program\\Azureus\\Azureus.exe"=
"c:\\Program\\DAP\\DAP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program\\TpadSoftPhone3\\TpadSoftphone.exe"=
"c:\\Program\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program\\MSN Messenger\\livecall.exe"=
"c:\\Program\\SightSpeed\\SightSpeed.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"c:\\Program\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10000:UDP"= 10000:UDP:Tpad RTP
"5060:UDP"= 5060:UDP:Tpad SIP

R2 PTK License-FIGHTERS-4665699;PTK License-FIGHTERS-4665699;c:\program\Fighters\LicenseService.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-4665699;PTK Live Update-FIGHTERS-4665699;c:\program\Fighters\UpdateService.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-4665699;PTK Scanner-FIGHTERS-4665699;c:\program\Fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-4665699;PTK SharedAccess-FIGHTERS-4665699;c:\program\Fighters\ConfigService.exe [2008-11-18 139912]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [2006-02-09 31744]
R3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [2006-04-11 75648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-15 99376]
R3 LGDMEBTN;LG Direct Media Button Device Driver;c:\windows\system32\drivers\LGDMEBTN.sys [2006-02-02 15616]
R3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2006-02-09 20608]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-12-27 36352]
S3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys --> c:\windows\system32\drivers\lgodd_filter.sys [?]
S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]
S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]
S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152]
S3 sea3mgmt;Sony Ericsson Device 0A3 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea3mgmt.sys [2007-01-26 88656]
S3 sea3nd5;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (NDIS);c:\windows\system32\drivers\sea3nd5.sys [2007-01-26 18736]
S3 sea3obex;Sony Ericsson Device 0A3 USB WMC OBEX Interface;c:\windows\system32\drivers\sea3obex.sys [2007-01-26 86464]
S3 sea3unic;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (WDM);c:\windows\system32\drivers\sea3unic.sys [2007-01-26 90832]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2008-04-30 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2008-04-30 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2008-04-30 166720]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a114b4ee-e992-11dd-a853-000df0267fc2}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Innehållet i mappen 'Schemalagda aktiviteter':

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-16 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Ram.job
- c:\program\Norton AntiVirus\Navw32.exe [2007-01-14 10:09]
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKLM-Run-realtecks - c:\documents and settings\Ram\Application Data\Google\ckzty22913935.exe
Notify-OPXPGina - (no file)

.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: &Clean Traces - c:\program\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program\DAP\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download &all with DAP - c:\program\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program\DAP\dapie.dll
DPF: {A2ECDF87-BFE5-4EBA-852A-45E4F881377F} - hxxp://www.flashants.com/codebase/iceplayer.cab
DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - hxxp://static.35mb.com/applet/applet_o.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 00:11:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\program\Softex\OmniPass\ginastub.dll
c:\program\Softex\OmniPass\ssplogon.dll
c:\program\Softex\OmniPass\cryptodll.dll
c:\program\Softex\OmniPass\storeng.dll
c:\program\Softex\OmniPass\autheng.dll
c:\program\Softex\OmniPass\userdata.dll
c:\program\Softex\OmniPass\hdddrv.dll
c:\program\Softex\OmniPass\ldapdrv.dll
c:\program\Softex\OmniPass\cachedrv.dll
c:\program\Softex\OmniPass\sftxtgp.dll
c:\program\Softex\OmniPass\mstrpwd.dll
c:\program\Softex\OmniPass\authntec.dll
c:\windows\system32\atsc63.dll
c:\program\Softex\OmniPass\TpmDrv.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\msimtf.dll
.
!!!!tid: 2009-02-17 0:13:23
ComboFix-quarantined-files.txt 2009-02-16 23:13:19

Före genomsökningen: 15 822 462 976 byte ledigt
Efter genomsökningen: 18,034,733,056 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

291 --- E O F --- 2009-02-15 17:57:57

ramu5274
New Member

Date Joined Feb 2009
Total Posts : 11

Posted 2-17-2009 12:18 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:13, on 2009-02-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Canon\IJPLM\IJPLMSVC.EXE
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Fighters\configservice.exe
C:\Program\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Fighters\licenseservice.exe
C:\Program\Fighters\updateservice.exe
C:\Program\Fighters\ScannerService.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\LG Software\Battery Miser\batterymiser.exe
C:\Program\Softex\OmniPass\scureapp.exe
C:\WINDOWS\system32\LGDMEBTN.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\V0400Mon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\Veoh Networks\Veoh\VeohClient.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
c:\program\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\Program\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ram\Skrivbord\FIX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [LG Intelligent Update] C:\Program\lg_swupdate\autoupdate.exe Gilautouc
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OmniPass] C:\Program\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: &Clean Traces - C:\Program\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program\DAP\dapextie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Program\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} - http://static.35mb.com/applet/applet_o.cab
O16 - DPF: {A2ECDF87-BFE5-4EBA-852A-45E4F881377F} (icePlayer Class) - http://www.flashants.com/codebase/iceplayer.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://static.35mb.com/applet/applet_o.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program\Softex\OmniPass\Omniserv.exe
O23 - Service: PTK License-FIGHTERS-4665699 - SPAMfighter - C:\Program\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-4665699 - SPAMfighter - C:\Program\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-4665699 - SPAMfighter - C:\Program\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-4665699 - SPAMfighter - C:\Program\Fighters\configservice.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 16734 bytes

ramu5274
New Member

Date Joined Feb 2009
Total Posts : 11

Posted 2-17-2009 12:20 (GMT +1)

I have posted the 3 logs please help me to remove the Win32.Zafi.B

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 2-17-2009 9:01 (GMT +1)

Please upload and have this file scanned:

c:\windows\system32\bmpsap.dll

Here

http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Post back the results

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

ramu5274
New Member

Date Joined Feb 2009
Total Posts : 11

Posted 2-17-2009 3:25 (GMT +1)

Scanner	Malware name
A-Squared	X
AntiVir	TR/Delf.BWF.7
ArcaVir	Trojan.Downloader.Small.Dla
Avast	Win32:Trojan-gen {Other}
AVG Antivirus	Generic10.JFX
BitDefender	Trojan.Generic.553457
ClamAV	Trojan.Delf-4810
CPsecure	X
Dr.Web	X
F-Prot Antivirus	X
F-Secure Anti-Virus	Trojan.Win32.Delf.bwf
G DATA	X
Ikarus	Virus.Win32.Delf.FUM
Kaspersky Anti-Virus	Trojan.Win32.Delf.bwf
NOD32	X
Norman Virus Control	X
Panda Antivirus	X
Sophos Antivirus	Mal/Generic-A
VirusBuster	Trojan.Delf.BTGU
VBA32	Trojan.Win32.Delf.bwf

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 2-18-2009 10:01 (GMT +1)

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

Killall::

Snapshot::

File::

c:\windows\system32\bmpsap.dll

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"=-

Save this as:
CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post fresh combofix log.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

ramu5274
New Member

Date Joined Feb 2009
Total Posts : 11

Posted 2-18-2009 6:30 (GMT +1)

ComboFix 09-02-17.02 - Ram 2009-02-18 18:16:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.1526.867 [GMT 1:00]
Körs från: c:\documents and settings\Ram\Skrivbord\FIX\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\Ram\Skrivbord\FIX\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *enabled*
* Skapade en ny återställningspunkt

FILE ::
c:\windows\system32\bmpsap.dll
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bmpsap.dll

.
(((((((((((((((((((((((( Filer Skapade från 2009-01-18 till 2009-02-18 ))))))))))))))))))))))))))))))
.

2009-02-16 22:40 . 2009-02-16 22:40 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware
2009-02-16 22:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 22:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-16 22:26 . 2009-02-16 22:26 <KAT> d-------- c:\program\CCleaner
2009-02-15 19:25 . 2009-02-15 19:26 <KAT> d-------- c:\program\Fighters
2009-02-15 19:25 . 2009-02-15 19:25 <KAT> d-------- c:\documents and settings\All Users\Application Data\Fighters
2009-02-15 19:05 . 2009-02-15 19:05 <KAT> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-02-14 23:34 . 2009-02-15 18:06 <KAT> d-------- c:\program\Enigma Software Group
2009-02-14 23:22 . 2009-02-14 23:22 <KAT> d-------- C:\!KillBox
2009-02-14 16:59 . 2009-02-14 16:59 <KAT> d-------- c:\documents and settings\Ram\Application Data\Malwarebytes
2009-02-14 16:59 . 2009-02-14 16:59 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-23 22:13 . 2009-02-10 17:41 <KAT> d-------- c:\documents and settings\Ram\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 17:24 --------- d-----w c:\program\lg_swupdate
2009-02-17 22:38 --------- d-----w c:\documents and settings\Ram\Application Data\Azureus
2009-02-15 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-15 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Infineon
2009-02-10 15:13 --------- d-----w c:\program\Delade filer\Symantec Shared
2009-01-31 17:49 --------- d-----w c:\documents and settings\Ram\Application Data\SopCast
2009-01-16 18:07 --------- d-----w c:\program\Personal
2009-01-16 18:07 --------- d-----w c:\documents and settings\Ram\Application Data\Personal
2009-01-14 16:10 --------- d-----w c:\documents and settings\Ram\Application Data\Canon
2009-01-14 16:09 --------- d-----w c:\program\Canon
2009-01-14 16:03 --------- d-----w c:\program\ScanSoft
2009-01-14 16:03 --------- d-----w c:\program\Delade filer\ScanSoft Shared
2009-01-14 16:03 --------- d-----w c:\program\Delade filer\InstallShield
2009-01-14 16:03 --------- d-----w c:\documents and settings\Ram\Application Data\ScanSoft
2009-01-14 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2009-01-14 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-14 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\CanonBJ
2009-01-14 15:57 --------- d--h--w c:\program\CanonBJ
2009-01-05 09:11 --------- d-----w c:\program\Norton AntiVirus
2009-01-04 16:11 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-04 16:11 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-04 16:11 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-04 16:11 --------- d-----w c:\program\Symantec
2009-01-03 22:05 10,344 ----a-w c:\windows\system32\drivers\symlcbrd.sys
2009-01-03 22:03 --------- d-----w c:\program\Java
2009-01-03 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-01-03 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-02 00:41 --------- d-----w c:\program\Trojan Remover
2009-01-01 18:00 --------- d-----w c:\program\Allok Video Joiner
2008-12-21 14:25 --------- d-----w c:\program\NortonInstaller
2006-10-16 18:52 19,392 ----a-w c:\documents and settings\Ram\Application Data\GDIPFONTCACHEV1.DAT
2008-10-11 12:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008101120081012\index.dat
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"mRouterConfig"="c:\program\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
"Creative Live! Cam Manager"="c:\program\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Yahoo! Pager"="c:\program\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"Veoh"="c:\program\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"VeohPlugin"="c:\program\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"msnmsgr"="c:\program\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2006-06-02 786521]
"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"batterymiser"="c:\program\LG Software\Battery Miser\batterymiser.exe" [2006-09-29 327680]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-08 7405568]
"KeybdUtility"="c:\program\LG Software\On Screen Display\HotKey.exe" [2006-09-25 2711552]
"LG Intelligent Update"="c:\program\lg_swupdate\autoupdate.exe" [2008-06-20 126976]
"OmniPass"="c:\program\Softex\OmniPass\scureapp.exe" [2006-01-08 1847296]
"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Acrobat Assistant 7.0"="c:\program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-27 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-27 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-27 118784]
"PC Suite for Smartphones"="c:\program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2008-04-26 185896]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-06-03 32768]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ccApp"="c:\program\Delade filer\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program\Norton AntiVirus\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="c:\program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SSBkgdUpdate"="c:\program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"spywarefighterguard"="c:\program\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-02-08 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"LG Direct Media Button Service"="LGDMEBTN.exe" [2006-02-02 c:\windows\system32\LGDMEBTN.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-09-07 25214]
BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-01-16 927248]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-10 06:59 115816 c:\program\Delade filer\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 16:46 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPO3]
--a------ 2006-04-24 15:22 1028096 c:\program\LG Software\IP Operator\IP Operator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 17:05 1695232 c:\program\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program\Delade filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 02:23 443968 c:\program\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRSTrayApp]
--a------ 2006-02-09 10:17 176128 c:\program\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-09-26 18:14 3660848 c:\program\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 c:\program\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-06-28 21:32 89541 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program\\LimeWire\\LimeWire.exe"=
"c:\\Program\\Azureus\\Azureus.exe"=
"c:\\Program\\DAP\\DAP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program\\TpadSoftPhone3\\TpadSoftphone.exe"=
"c:\\Program\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program\\MSN Messenger\\livecall.exe"=
"c:\\Program\\SightSpeed\\SightSpeed.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"c:\\Program\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10000:UDP"= 10000:UDP:Tpad RTP
"5060:UDP"= 5060:UDP:Tpad SIP

R2 PTK License-FIGHTERS-4665699;PTK License-FIGHTERS-4665699;c:\program\Fighters\LicenseService.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-4665699;PTK Live Update-FIGHTERS-4665699;c:\program\Fighters\UpdateService.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-4665699;PTK Scanner-FIGHTERS-4665699;c:\program\Fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-4665699;PTK SharedAccess-FIGHTERS-4665699;c:\program\Fighters\ConfigService.exe [2008-11-18 139912]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [2006-02-09 31744]
R3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [2006-04-11 75648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-15 99376]
R3 LGDMEBTN;LG Direct Media Button Device Driver;c:\windows\system32\drivers\LGDMEBTN.sys [2006-02-02 15616]
R3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2006-02-09 20608]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-12-27 36352]
S3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys --> c:\windows\system32\drivers\lgodd_filter.sys [?]
S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]
S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]
S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152]
S3 sea3mgmt;Sony Ericsson Device 0A3 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea3mgmt.sys [2007-01-26 88656]
S3 sea3nd5;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (NDIS);c:\windows\system32\drivers\sea3nd5.sys [2007-01-26 18736]
S3 sea3obex;Sony Ericsson Device 0A3 USB WMC OBEX Interface;c:\windows\system32\drivers\sea3obex.sys [2007-01-26 86464]
S3 sea3unic;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (WDM);c:\windows\system32\drivers\sea3unic.sys [2007-01-26 90832]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2008-04-30 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [2008-04-30 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2008-04-30 166720]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a114b4ee-e992-11dd-a853-000df0267fc2}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Innehållet i mappen 'Schemalagda aktiviteter':

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-16 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Ram.job
- c:\program\Norton AntiVirus\Navw32.exe [2007-01-14 10:09]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: &Clean Traces - c:\program\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program\DAP\dapextie.htm
IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download &all with DAP - c:\program\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program\DAP\dapie.dll
DPF: {A2ECDF87-BFE5-4EBA-852A-45E4F881377F} - hxxp://www.flashants.com/codebase/iceplayer.cab
DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - hxxp://static.35mb.com/applet/applet_o.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 18:21:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\program\Softex\OmniPass\ginastub.dll
c:\program\Softex\OmniPass\ssplogon.dll
c:\program\Softex\OmniPass\cryptodll.dll
c:\program\Softex\OmniPass\storeng.dll
c:\program\Softex\OmniPass\autheng.dll
c:\program\Softex\OmniPass\userdata.dll
c:\program\Softex\OmniPass\hdddrv.dll
c:\program\Softex\OmniPass\ldapdrv.dll
c:\program\Softex\OmniPass\cachedrv.dll
c:\program\Softex\OmniPass\sftxtgp.dll
c:\program\Softex\OmniPass\mstrpwd.dll
c:\program\Softex\OmniPass\authntec.dll
c:\windows\system32\atsc63.dll
c:\program\Softex\OmniPass\TpmDrv.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\msimtf.dll

- - - - - - - > 'explorer.exe'(5080)
c:\program\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\program\Softex\OmniPass\SCUREDLL.dll
c:\program\Delade filer\Ahead\Lib\NeroSearchBar.dll
c:\program\Delade filer\Ahead\Lib\MFC71U.DLL
c:\program\Delade filer\Ahead\Lib\BCGCBPRO800u.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program\Softex\OmniPass\OmniServ.exe
c:\program\Delade filer\Symantec Shared\ccSvcHst.exe
c:\program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program\Bonjour\mDNSResponder.exe
c:\program\Delade filer\Symantec Shared\ccSvcHst.exe
c:\program\Canon\IJPLM\ijplmsvc.exe
c:\program\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
c:\program\Fighters\Spywarefighter\SpywarefighterTray.exe
c:\program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
c:\program\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program\iPod\bin\iPodService.exe
c:\program\lg_swupdate\Gilautouc.exe
c:\program\Delade filer\Teleca Shared\Generic.exe
c:\program\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
c:\program\Symbian\Shared\SYMBIA~1\SCBAL.exe
.
**************************************************************************
.
!!!!tid: 2009-02-18 18:28:34 - datorn startades om.
ComboFix-quarantined-files.txt 2009-02-18 17:28:24
ComboFix2.txt 2009-02-16 23:13:25

Före genomsökningen: 18 049 200 128 byte ledigt
Efter genomsökningen: 18,032,566,272 byte ledigt

307 --- E O F --- 2009-02-15 17:57:57

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 2-19-2009 6:17 (GMT +1)

How are things running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

ramu5274
New Member

Date Joined Feb 2009
Total Posts : 11

Posted 3-2-2009 3:53 (GMT +1)

everything is working good thank u very much for the help

Forum Information

Currently it is Sunday, March 14, 2010 1:41 AM (GMT +1)
There are a total of 76.176 posts in 17.594 threads.
In the last 3 days there were 5 new threads and 68 reply posts. View Active Threads