ComboFix 08-06-07.3 - Kjell 2008-06-08 17:02:22.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.456 [GMT 2:00] Running from: C:\Documents and Settings\Kjell\Skrivebord\ComboFixen.exe Command switches used :: C:\Documents and Settings\Kjell\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))) . 2008-06-08 14:18 . 2008-06-08 16:59 dr-h----- C:\Documents and Settings\Kjell\Siste 2008-06-08 14:10 . 2008-06-08 14:10 d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-08 14:10 . 2008-06-08 14:10 d-------- C:\Documents and Settings\Kjell\Programdata\SUPERAntiSpyware.com 2008-06-08 14:10 . 2008-06-08 14:10 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-08 14:09 . 2008-06-08 14:09 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-08 14:02 . 2008-06-08 14:02 d-------- C:\Programfiler\CCleaner 2008-06-08 11:55 . 2008-06-08 11:57 d-------- C:\Programfiler\WAV 2008-05-27 22:04 . 2008-05-27 22:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-27 22:04 . 2008-05-27 22:04 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-22 00:36 . 2008-05-22 00:36 244 --ah----- C:\sqmnoopt19.sqm 2008-05-22 00:36 . 2008-05-22 00:36 244 --ah----- C:\sqmnoopt18.sqm 2008-05-22 00:36 . 2008-05-22 00:36 232 --ah----- C:\sqmdata19.sqm 2008-05-22 00:36 . 2008-05-22 00:36 232 --ah----- C:\sqmdata18.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-08 13:31 --------- d-----w C:\Programfiler\SD-Faktura 2008-05-01 16:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-05-01 16:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-05-01 16:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-02-26 13:28 33,784 ----a-w C:\Documents and Settings\Kjell\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-06-08_15.20.50.65 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-08 13:13:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-08 14:53:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-06-08 08:35:59 72,150 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-08 14:58:09 72,150 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-08 08:35:59 80,940 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-06-08 14:58:09 80,940 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-06-08 08:35:59 425,834 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-08 14:58:09 425,834 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-06-08 08:35:59 429,776 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-06-08 14:58:09 429,776 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-06-08 14:53:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_f60.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "IncrediMail"="C:\Programfiler\IncrediMail\bin\IncMail.exe" [2008-02-03 16:04 214456] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 04:33 155648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 02:02 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 02:02 126976] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2005-03-04 12:26 606208] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04 53248] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "STATUS"="STATUS.EXE" [2001-10-29 17:33 170496 C:\WINDOWS\system32\STATUS.EXE] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-04-05 16:38 98304] "ISDNStatus"="C:\Programfiler\ISDN_UTL\isdnsta.exe" [2003-07-17 17:16 593920] "OpwareSE2"="C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152] "Norman ZANDA"="C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] "Antivirus"="C:\Programfiler\WAV\wav.exe" [2008-06-05 10:07 325632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2005-09-27 10:08:27 24576] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.I420"= vdrcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Documents and Settings\\Kjell\\Skrivebord\\Fest\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\SD-Faktura\\Faktura.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "C:\\Programfiler\\Ares Ultra\\Ares Ultra.exe"= "C:\\Programfiler\\Ares Gold\\AresGold.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\IncrediMail\\bin\\ImApp.exe"= "C:\\Programfiler\\IncrediMail\\bin\\IncMail.exe"= "C:\\Programfiler\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Programfiler\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-11-04 12:23] R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-11-04 12:23] R2 Ndiskio;Ndiskio;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 10:45] R3 nvcoas;Norman Virus Control on-access component;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23] S2 TA128;Intelligent ISDN PCMCIA;C:\WINDOWS\system32\DRIVERS\TA128.SYS [2003-04-01 11:51] S3 ABOVCOM1;ABOVCOM1;C:\WINDOWS\system32\DRIVERS\ABOVCOM1.SYS [2001-01-06 20:07] S3 CoIsdn;Intelligent COISDN Adapter;C:\WINDOWS\system32\DRIVERS\CoIsdn.sys [2003-04-01 11:47] S3 ISDN_u;ISDN USB CAPI;C:\WINDOWS\system32\DRIVERS\ISDN_u.sys [2003-04-19 11:14] S3 nvcfsr;nvcfsr;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25] S3 nvcoafl51;nvcoafl51;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25] S3 nvcoaft51;nvcoaft51;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25] S3 nvcoarc51;nvcoarc51;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41] S3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2003-01-13 18:41] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-06-08 15:03:01 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-08 17:05:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-08 17:06:50 ComboFix-quarantined-files.txt 2008-06-08 15:06:45 ComboFix2.txt 2008-06-08 13:21:36 Pre-Run: 11,709,227,008 byte ledig Post-Run: 11,700,592,640 byte ledig 152 --- E O F --- 2008-05-20 11:51:18