ComboFix 08-03-26.3 - elev 2008-03-28 14:37:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1202 [GMT 1:00] Running from: C:\Documents and Settings\elev\Mine dokumenter\Antivirusprog\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))) . 2008-03-28 14:03 . 2008-03-28 14:03 d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-28 13:59 . 2008-03-28 14:36 dr-h----- C:\Documents and Settings\elev\Siste 2008-03-27 23:10 . 2008-03-27 17:49 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll 2008-03-27 16:55 . 2008-03-28 13:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-27 16:55 . 2008-03-27 16:55 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-26 20:17 . 2008-03-26 20:17 268 --ah----- C:\sqmdata08.sqm 2008-03-26 20:17 . 2008-03-26 20:17 244 --ah----- C:\sqmnoopt08.sqm 2008-03-20 13:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-20 13:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-20 13:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-19 17:22 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-19 17:21 . 2008-03-19 17:21 d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-03-19 17:11 . 2008-03-19 17:15 d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-03-19 17:10 . 2008-03-28 13:31 d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-03-17 14:41 . 2008-03-17 14:41 d-------- C:\Programfiler\Lavasoft 2008-03-17 14:41 . 2008-03-17 14:42 d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-03-16 20:24 . 2008-03-16 20:24 d-------- C:\Documents and Settings\All Users\Programdata\nView_Profiles 2008-03-16 18:56 . 2008-03-16 18:56 d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-03-16 18:56 . 2008-03-27 17:57 d-------- C:\Documents and Settings\elev\Programdata\AVG7 2008-03-16 18:56 . 2008-03-16 18:56 d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-03-16 18:56 . 2008-03-16 19:01 d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-03-16 15:37 . 2008-03-16 15:37 d-------- C:\Documents and Settings\elev\Programdata\VSRevoGroup 2008-03-16 14:51 . 2008-03-16 14:51 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-16 14:50 . 2008-03-28 14:03 d-------- C:\Documents and Settings\elev\Programdata\SUPERAntiSpyware.com 2008-03-16 14:49 . 2008-03-16 14:49 d-------- C:\Programfiler\VS Revo Group 2008-03-16 14:44 . 2008-03-16 14:44 d-------- C:\Programfiler\CCleaner 2008-02-28 00:55 . 2008-03-28 14:02 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 13:38 --------- d-----w C:\Documents and Settings\elev\Programdata\DNA 2008-03-28 12:47 --------- d-----w C:\Programfiler\Trend Micro 2008-03-28 12:41 --------- d-----w C:\Programfiler\Windows Live 2008-03-27 17:23 --------- d-----w C:\Documents and Settings\elev\Programdata\OpenOffice.org2 2008-03-27 16:59 --------- d-----w C:\Documents and Settings\All Users\Programdata\Messenger Plus! 2008-03-22 22:12 --------- d-----w C:\Documents and Settings\elev\Programdata\uTorrent 2008-03-16 16:06 --------- d-----w C:\Programfiler\Google 2008-03-16 15:02 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-13 22:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\OrdnettPluss 2008-03-03 15:51 --------- d-----w C:\Programfiler\uTorrent 2008-02-24 15:00 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-02-18 21:42 --------- d-----w C:\Documents and Settings\elev\Programdata\BitTorrent 2008-02-18 18:46 --------- d-----w C:\Documents and Settings\elev\Programdata\fork enc amen 2008-02-18 18:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\Trans Once Mess Frag 2008-02-18 18:45 --------- d-----w C:\Programfiler\fork enc amen 2008-02-18 18:28 --------- d-----w C:\Programfiler\DNA 2008-02-08 19:07 --------- d-----w C:\Programfiler\DivX 2008-01-29 15:32 --------- d-----w C:\Programfiler\BearShare 2007-07-31 09:55 76 --sh--r C:\WINDOWS\CT4CET.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [ ] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-03-27 17:12 288576] "way find"="C:\DOCUME~1\elev\PROGRA~1\FORKEN~1\Peak Free.exe" [2008-02-18 19:45 458240] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-02-02 00:00 36864] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 11:48 1392640] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 15:07 8433664] "nwiz"="nwiz.exe" [2007-06-06 15:07 1626112 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-06-06 15:07 67584 C:\WINDOWS\system32\nvhotkey.dll] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-06 15:07 81920] "SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 16:10 405504 C:\WINDOWS\stsystra.exe] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2007-07-03 12:57 1228800] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 15:10 851968] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-16 18:58 579072] "Ad-Watch"="C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 10:57 2684280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-16 18:56 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Kunnskapsforlaget\\Ordnett Pluss\\lib\\IeEmbed.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\BearShare\\BearShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35] R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 11:31] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-03-20 00:00] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 17:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM . Contents of the 'Scheduled Tasks' folder "2008-03-28 13:00:00 C:\WINDOWS\Tasks\AE1A1084914D8524.job" - c:\docume~1\elev\progra~1\forken~1\pile 2 settings.exe "2008-03-12 09:10:00 C:\WINDOWS\Tasks\Oppdater Ordnett Pluss.job" - C:\Programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 14:39:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\DLAAPI_W.DLL . Completion time: 2008-03-28 14:39:39 ComboFix-quarantined-files.txt 2008-03-28 13:39:31 Pre-Run: 12,155,392,000 byte ledig Post-Run: 12,145,614,848 byte ledig . 2008-03-20 16:01:28 --- E O F ---