ComboFix 08-05-21.3 - 2008-05-23 0:32:09.3 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.321 [GMT 2:00] Running from: C:\Documents and Settings\All Users\Dokumenter\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))) . 2008-05-22 22:54 . 2008-05-22 22:54 d-------- C:\WINDOWS\ERUNT 2008-05-22 22:42 . 2008-05-23 00:02 d-------- C:\SDFix 2008-05-22 13:41 . 2008-05-22 13:41 d-------- C:\Programfiler\Trend Micro 2008-05-22 11:20 . 2008-05-23 00:06 dr-h----- C:\Documents and Settings\Siste 2008-05-22 11:06 . 2008-05-22 11:06 d-------- C:\Documents and Settings\Programdata\SUPERAntiSpyware.com 2008-05-22 09:54 . 2008-05-22 09:54 d-------- C:\Documents and Settings\Programdata\Webroot 2008-05-22 00:29 . 2008-05-22 00:29 d-------- C:\fsaua.data 2008-05-22 00:05 . 2008-05-22 00:15 d-------- C:\WINDOWS\BDOSCAN8 2008-05-21 20:01 . 2008-05-21 20:01 d-------- C:\Documents and Settings\All Users\Documents 2008-05-21 20:00 . 2008-05-21 20:01 d-------- C:\Programfiler\Fellesfiler\Teleca Shared 2008-05-21 20:00 . 2008-05-21 20:00 d-------- C:\Documents and Settings\All Users\Programdata\Teleca 2008-05-21 19:17 . 2008-05-21 19:17 d-------- C:\Programfiler\Photo! 2008-05-21 02:59 . 2007-08-14 08:12 5,760 --------- C:\WINDOWS\system32\42.tmp 2008-05-20 23:29 . 2008-05-22 15:16 d-------- C:\Programfiler\SpywareBlaster 2008-05-20 20:06 . 2008-05-20 20:06 d-------- C:\Programfiler\Spybot - Search & Destroy 2008-05-18 23:41 . 2004-08-04 10:04 4,190,352 --a------ C:\WINDOWS\system32\dllcache\luna.mst 2008-05-18 23:40 . 2003-08-01 20:44 1,501,696 --a------ C:\WINDOWS\system32\dllcache\diskcopy.dll 2008-05-18 23:39 . 2007-10-25 18:44 8,466,432 --a------ C:\WINDOWS\system32\dllcache\shell32.dll 2008-05-18 23:38 . 2007-02-28 18:05 2,182,144 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2008-05-18 20:16 . 2008-05-19 00:14 d-------- C:\WINDOWS\system32\no 2008-05-18 20:16 . 2008-05-19 00:14 d-------- C:\WINDOWS\l2schemas 2008-05-18 19:45 . 2004-08-04 08:00 71,040 --------- C:\WINDOWS\system32\drivers\_004176_.tmp.dll 2008-05-18 17:27 . 2008-04-13 20:37 2,909,184 --a------ C:\WINDOWS\system32\SET1F5B.tmp 2008-05-18 17:26 . 2008-04-14 18:22 8,466,944 --a------ C:\WINDOWS\system32\SETA29.tmp 2008-05-18 17:25 . 2008-04-14 18:22 1,706,496 --a------ C:\WINDOWS\system32\SETB80.tmp 2008-05-18 17:24 . 2008-04-14 18:22 2,843,136 --a------ C:\WINDOWS\system32\SETBC0.tmp 2008-05-18 17:23 . 2008-04-14 18:22 512,000 --a------ C:\WINDOWS\system32\SETC53.tmp 2008-05-18 17:23 . 2008-04-14 18:22 512,000 --a------ C:\WINDOWS\system32\SET1357.tmp 2008-05-18 17:23 . 2004-08-04 10:03 380,416 --a------ C:\WINDOWS\system32\irprops.cpl 2008-05-18 17:23 . 2008-04-14 18:22 299,520 --a------ C:\WINDOWS\system32\SETC50.tmp 2008-05-18 17:23 . 2008-04-14 18:22 299,520 --a------ C:\WINDOWS\system32\SET1354.tmp 2008-05-18 17:23 . 2008-04-14 18:23 33,280 --a------ C:\WINDOWS\system32\SETC4E.tmp 2008-05-18 17:23 . 2008-04-14 18:23 33,280 --a------ C:\WINDOWS\system32\SET1352.tmp 2008-05-18 17:23 . 2008-04-14 18:22 22,016 --a------ C:\WINDOWS\system32\SETC5F.tmp 2008-05-18 17:23 . 2008-04-14 18:22 22,016 --a------ C:\WINDOWS\system32\SET1363.tmp 2008-05-18 17:21 . 2008-04-14 18:21 1,267,200 --a------ C:\WINDOWS\system32\SETDB2.tmp 2008-05-18 17:20 . 2008-04-14 18:21 1,025,024 --a------ C:\WINDOWS\system32\SETE17.tmp 2008-05-18 17:19 . 2008-04-14 18:21 193,536 --a------ C:\WINDOWS\system32\SETE38.tmp 2008-05-18 17:19 . 2008-04-14 18:21 193,536 --a------ C:\WINDOWS\system32\SET1469.tmp 2008-05-18 17:19 . 2008-04-14 18:21 98,304 --a------ C:\WINDOWS\system32\SETE36.tmp 2008-05-18 17:19 . 2008-04-14 18:21 98,304 --a------ C:\WINDOWS\system32\SET1467.tmp 2008-05-18 16:15 . 2008-05-19 22:36 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-05-13 17:52 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-05-13 17:52 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-05-13 17:52 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-05-13 17:52 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-05-13 17:51 . 2008-05-22 11:10 d-------- C:\Programfiler\Spyware Doctor 2008-05-13 00:41 . 2008-05-21 20:40 d-------- C:\Programfiler\Wise Registry Cleaner 3 2008-05-13 00:40 . 2008-05-13 00:47 d-------- C:\Programfiler\Wise Disk Cleaner 2008-05-13 00:33 . 2008-05-13 00:33 d--h----- C:\$AVG8.VAULT$ 2008-05-11 18:57 . 2008-05-21 00:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-05-10 17:03 . 2008-05-10 17:03 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-26 11:31 . 2008-05-22 16:51 d-------- C:\WINDOWS\system32\drivers\Avg 2008-04-26 11:31 . 2008-04-26 11:31 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-04-26 11:31 . 2008-04-26 11:31 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-04-26 11:31 . 2008-04-26 11:31 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-04-26 11:31 . 2008-04-26 11:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-04-26 11:28 . 2008-04-26 11:28 d-------- C:\Programfiler\AVG 2008-04-26 11:28 . 2008-04-26 11:28 d-------- C:\Documents and Settings\All Users\Programdata\avg8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-22 22:38 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-05-22 14:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater 2008-05-22 09:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-05-21 19:18 --------- d-----w C:\Programfiler\Windows Live Safety Center 2008-05-21 18:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Ericsson 2008-05-21 18:00 --------- d-----w C:\Programfiler\Sony Ericsson 2008-05-21 17:25 --------- d-----w C:\Programfiler\ImTOO 2008-05-21 16:24 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-05-21 15:48 --------- d-----w C:\Programfiler\Paint.NET 2008-05-21 15:27 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-21 14:42 --------- d-----w C:\Programfiler\Mozilla Thunderbird 2008-05-21 13:57 --------- d-----w C:\Documents and Settings\Programdata\Skype 2008-05-20 17:21 --------- d-----w C:\Programfiler\Google 2008-05-19 16:05 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-05-19 13:57 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys 2008-05-14 01:26 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-05-12 22:46 --------- d-----w C:\Programfiler\YouTube Downloader 2008-05-12 22:46 --------- d-----w C:\Programfiler\Security Task Manager 2008-05-12 19:08 --------- d-----w C:\Programfiler\DCEnhancer 2008-04-20 22:06 --------- d-----w C:\Programfiler\PCPitstop 2008-04-20 21:56 --------- d-----w C:\Documents and Settings\All Users\Programdata\PCPitstop 2008-04-17 22:21 --------- d-----w C:\Programfiler\Picasa2 2008-04-14 16:22 1,033,728 ----a-w C:\WINDOWS\SETE58.tmp 2008-04-14 16:22 1,033,728 ----a-w C:\WINDOWS\SET1489.tmp 2008-04-11 00:22 --------- d-----w C:\Programfiler\Essentials Codec Pack 2008-04-10 23:43 --------- d-----w C:\Programfiler\ffdshow 2008-04-09 21:44 --------- d-----w C:\Programfiler\Media Player Classic 2008-04-09 13:15 --------- d-----w C:\Programfiler\RADVideo 2008-04-02 14:04 --------- d-----w C:\Programfiler\Java 2006-03-20 13:37 5,689,344 ----a-w C:\Programfiler\mplayerc.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-22_12.09.12.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-22 10:03:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-22 22:37:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-20 11:30:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-05-22 21:30:04 3,096,576 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-05-22 21:30:04 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-05-20 11:30:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-05-22 20:54:41 3,092,480 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-05-22 20:54:42 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 06:59 122880 C:\WINDOWS\BCMSMMSG.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 10:03 33280 C:\WINDOWS\system32\rundll32.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-26 11:28 1177368] "ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240] "SpySweeper"="C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 23:54 5361464] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968] C:\Documents and Settings\Start-meny\Programmer\Oppstart\ Secunia PSI (RC1).lnk - C:\Programfiler\Secunia\PSI (RC1)\psi.exe [2008-02-22 11:09:52 626688] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Google Updater.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^LUMIX Simple Viewer.lnk.disabled] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Run Google Web Accelerator.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^T^Start-meny^Programmer^Oppstart^Secunia PSI (RC1).lnk] backup=C:\WINDOWS\pss\Secunia PSI (RC1).lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] --------- 2004-03-04 21:59 487424 C:\Programfiler\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup] --a------ 2006-01-24 09:55 2633728 C:\Programfiler\LaCie\Backup Software\\LaCieBackup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --------- 2004-10-26 13:01 921600 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 17:17 159744 C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-06-24 21:26 68856 C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 22:05 204288 C:\Programfiler\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) "VETMSGNT"=2 (0x2) "CAISafe"=2 (0x2) "RemoteRegistry"=2 (0x2) "iPod Service"=3 (0x3) "CaCCProvSP"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "zBrowser Launcher"=C:\Programfiler\Logitech\iTouch\iTouch.exe "WheelMouse"=C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe "Dell AIO Printer A960"="C:\Programfiler\Dell AIO Printer A960\dlbfbmgr.exe" "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= "C:\\Programfiler\\Internet Explorer\\iexplore.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-26 11:31] R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 23:42] S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 11:31] S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-26 11:28] S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 11:28] S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 11:31] S3 0c9D;0c9D;C:\WINDOWS\system32\[u]0[/u]c9D.sys [] S3 0ed10;0ed10;C:\WINDOWS\system32\[u]0[/u]ed10.sys [] S3 1a44C;1a44C;C:\WINDOWS\system32\1a44C.sys [] S3 2148;2148;C:\WINDOWS\system32\2148.sys [] S3 37511;37511;C:\WINDOWS\system32\37511.sys [] S3 3b84D;3b84D;C:\WINDOWS\system32\3b84D.sys [] S3 6094B;6094B;C:\WINDOWS\system32\6094B.sys [] S3 8a23;8a23;C:\WINDOWS\system32\8a23.sys [] S3 9af4;9af4;C:\WINDOWS\system32\9af4.sys [] S3 9b85;9b85;C:\WINDOWS\system32\9b85.sys [] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-02-12 20:00] S3 Arfumftr;Trust RF-Mouse filter driver;C:\WINDOWS\system32\DRIVERS\Arfumftr.sys [2001-12-17 15:27] S3 ba49;ba49;C:\WINDOWS\system32\ba49.sys [] S3 c64E;c64E;C:\WINDOWS\system32\c64E.sys [] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2007-02-28 07:38] S3 d3cC;d3cC;C:\WINDOWS\system32\d3cC.sys [] S3 efb7;efb7;C:\WINDOWS\system32\efb7.sys [] S3 f1012;f1012;C:\WINDOWS\system32\f1012.sys [] S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 10:50] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\250.tmp [] S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-02-19 10:24] . Contents of the 'Scheduled Tasks' folder "2008-05-22 22:41:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 00:41:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2] "ImagePath"="\??\C:\WINDOWS\system32\250.tmp" . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Windows Defender\MsMpEng.exe C:\Programfiler\Spyware Doctor\pctsAuxs.exe C:\Programfiler\Spyware Doctor\pctsSvc.exe C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe . ************************************************************************** . Completion time: 2008-05-23 0:45:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-22 22:45:05 ComboFix2.txt 2008-05-22 21:23:05 ComboFix3.txt 2008-05-22 10:09:49 ComboFix4.txt 2008-05-21 11:55:41 Pre-Run: 10,204,119,040 byte ledig Post-Run: 10,183,503,872 byte ledig 248 --- E O F --- 2008-05-21 09:51:33