ComboFix 08-06-07.3 - Kjell 2008-06-08 15:07:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.315 [GMT 2:00] Running from: C:\Documents and Settings\Kjell\Skrivebord\ComboFixen.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Skrivebord\Online Security Guide.url C:\Documents and Settings\All Users\Skrivebord\Security Troubleshooting.url C:\Documents and Settings\All Users\Start-meny\Online Security Guide.url C:\Documents and Settings\All Users\Start-meny\Programmer\InternetGameBox C:\Documents and Settings\All Users\Start-meny\Programmer\InternetGameBox\InternetGameBox.lnk C:\Documents and Settings\All Users\Start-meny\Programmer\InternetGameBox\Privacy Policy.url C:\Documents and Settings\All Users\Start-meny\Programmer\InternetGameBox\Terms and Conditions.url C:\Documents and Settings\All Users\Start-meny\Programmer\InternetGameBox\Uninstall.lnk C:\Documents and Settings\All Users\Start-meny\Programmer\InternetGameBox\Website.url C:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url C:\Documents and Settings\Kjell\Favoritter\Online Security Test.url C:\Documents and Settings\Kjell\Programdata\FunWebProducts C:\Documents and Settings\Kjell\Programdata\FunWebProducts\Data\Kjell\avatar.dat C:\Programfiler\FunWebProducts C:\Programfiler\FunWebProducts\ScreenSaver\Images\[u]0[/u]00AFCAE.urr C:\Programfiler\FunWebProducts\ScreenSaver\Images\[u]0[/u]20D4E35.urr C:\Programfiler\FunWebProducts\Shared\Cache\AvatarSmallBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MailStampBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\MyStationeryBtn.html C:\Programfiler\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Programfiler\internet explorer\msimg32.dll C:\Programfiler\internetgamebox C:\Programfiler\internetgamebox\InternetGameBox.exe C:\Programfiler\internetgamebox\language C:\Programfiler\internetgamebox\ressources\AttenteOff.html C:\Programfiler\internetgamebox\ressources\AttenteOn.html C:\Programfiler\internetgamebox\ressources\configv2_en.xml C:\Programfiler\internetgamebox\ressources\configv2_es.xml C:\Programfiler\internetgamebox\ressources\configv2_fr.xml C:\Programfiler\internetgamebox\ressources\favoris\defaultv2.swf C:\Programfiler\internetgamebox\skins\skinv2.skn C:\Programfiler\internetgamebox\uninst.exe C:\Programfiler\MyWebSearch C:\Programfiler\MyWebSearch\bar\1.bin\F3BKGERR.JPG C:\Programfiler\MyWebSearch\bar\1.bin\F3BROVLY.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3CJPEG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3DTACTL.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HISTSW.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HTMLMU.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3HTTPCT.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3IMSTUB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3POPSWT.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3PSSAVR.SCR C:\Programfiler\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3RESTUB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SCHMON.EXE C:\Programfiler\MyWebSearch\bar\1.bin\F3SCRCTR.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SHLLVW.DLL C:\Programfiler\MyWebSearch\bar\1.bin\F3SPACER.WMV C:\Programfiler\MyWebSearch\bar\1.bin\F3WALLPP.DAT C:\Programfiler\MyWebSearch\bar\1.bin\F3WPHOOK.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3FFXTBR.JAR C:\Programfiler\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\1.bin\M3HTML.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3IDLE.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3IMPIPE.EXE C:\Programfiler\MyWebSearch\bar\1.bin\M3MSG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3NTSTBR.JAR C:\Programfiler\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST C:\Programfiler\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3PLUGIN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3SKIN.DLL C:\Programfiler\MyWebSearch\bar\1.bin\M3SKPLAY.EXE C:\Programfiler\MyWebSearch\bar\1.bin\M3SLSRCH.EXE C:\Programfiler\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Programfiler\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Programfiler\MyWebSearch\bar\1.bin\NPMYWEBS.DLL C:\Programfiler\MyWebSearch\bar\Avatar\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]001916D C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]0058DC0.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00597F2.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00599B7.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]0059B9B.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]0059D60.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00F3FFD C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00F482B C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00F5819.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00F59A0.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00F5BA4.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00F6930.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00F6B15.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]00F6D66.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]0BC5198.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]0BC536D.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]0BC54F3.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]107668A.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]10768DC.bin C:\Programfiler\MyWebSearch\bar\Cache\[u]0[/u]1076AA1 C:\Programfiler\MyWebSearch\bar\Cache\files.ini C:\Programfiler\MyWebSearch\bar\Game\CHECKERS.F3S C:\Programfiler\MyWebSearch\bar\Game\CHESS.F3S C:\Programfiler\MyWebSearch\bar\Game\REVERSI.F3S C:\Programfiler\MyWebSearch\bar\History\search2 C:\Programfiler\MyWebSearch\bar\icons\CM.ICO C:\Programfiler\MyWebSearch\bar\icons\MFC.ICO C:\Programfiler\MyWebSearch\bar\icons\PSS.ICO C:\Programfiler\MyWebSearch\bar\icons\SMILEY.ICO C:\Programfiler\MyWebSearch\bar\icons\WB.ICO C:\Programfiler\MyWebSearch\bar\icons\ZWINKY.ICO C:\Programfiler\MyWebSearch\bar\Message\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Notifier\COMMON.F3S C:\Programfiler\MyWebSearch\bar\Notifier\DOG.F3S C:\Programfiler\MyWebSearch\bar\Notifier\FISH.F3S C:\Programfiler\MyWebSearch\bar\Notifier\KUNGFU.F3S C:\Programfiler\MyWebSearch\bar\Notifier\LIFEGARD.F3S C:\Programfiler\MyWebSearch\bar\Notifier\MAID.F3S C:\Programfiler\MyWebSearch\bar\Notifier\MAILBOX.F3S C:\Programfiler\MyWebSearch\bar\Notifier\OPERA.F3S C:\Programfiler\MyWebSearch\bar\Notifier\ROBOT.F3S C:\Programfiler\MyWebSearch\bar\Notifier\SEDUCT.F3S C:\Programfiler\MyWebSearch\bar\Notifier\SURFER.F3S C:\Programfiler\MyWebSearch\bar\Settings\prevcfg2.htm C:\Programfiler\MyWebSearch\bar\Settings\s_pid.dat C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL C:\Programfiler\NetProject C:\Programfiler\NetProject\myd.ico C:\Programfiler\NetProject\mym.ico C:\Programfiler\NetProject\myp.ico C:\Programfiler\NetProject\myv.ico C:\Programfiler\NetProject\ot.ico C:\Programfiler\NetProject\sbmdl.dll C:\Programfiler\NetProject\sbmntr.exe C:\Programfiler\NetProject\sbsm.exe C:\Programfiler\NetProject\sbun.exe C:\Programfiler\NetProject\scit.exe C:\Programfiler\NetProject\scm.exe C:\Programfiler\NetProject\scu.exe C:\Programfiler\NetProject\ts.ico C:\Programfiler\NetProject\wamdl.dll C:\Programfiler\NetProject\waun.exe C:\WINDOWS\system32\247880 C:\WINDOWS\system32\247880\247880.dll C:\WINDOWS\system32\eiceuseygi.dat C:\WINDOWS\system32\eiceuseygi.exe c:\WINDOWS\system32\eiceuseygi_nav.dat c:\WINDOWS\system32\eiceuseygi_navps.dat C:\WINDOWS\system32\f3PSSavr.scr C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\wav.cpl . ((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))) . 2008-06-08 14:18 . 2008-06-08 14:51 dr-h----- C:\Documents and Settings\Kjell\Siste 2008-06-08 14:10 . 2008-06-08 14:10 d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-08 14:10 . 2008-06-08 14:10 d-------- C:\Documents and Settings\Kjell\Programdata\SUPERAntiSpyware.com 2008-06-08 14:10 . 2008-06-08 14:10 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-08 14:09 . 2008-06-08 14:09 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-08 14:02 . 2008-06-08 14:02 d-------- C:\Programfiler\CCleaner 2008-06-08 11:55 . 2008-06-08 11:57 d-------- C:\Programfiler\WAV 2008-05-27 22:04 . 2008-05-27 22:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-27 22:04 . 2008-05-27 22:04 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-22 00:36 . 2008-05-22 00:36 244 --ah----- C:\sqmnoopt19.sqm 2008-05-22 00:36 . 2008-05-22 00:36 244 --ah----- C:\sqmnoopt18.sqm 2008-05-22 00:36 . 2008-05-22 00:36 232 --ah----- C:\sqmdata19.sqm 2008-05-22 00:36 . 2008-05-22 00:36 232 --ah----- C:\sqmdata18.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-08 12:36 --------- d-----w C:\Programfiler\SD-Faktura 2008-05-01 16:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-05-01 16:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-05-01 16:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-02-26 13:28 33,784 ----a-w C:\Documents and Settings\Kjell\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}] 2008-02-14 15:54 1555480 --a------ C:\Programfiler\The_Pirate_Bay\tbThe_.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "C:\Programfiler\The_Pirate_Bay\tbThe_.dll" [2008-02-14 15:54 1555480] "{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Programfiler\NetProject\wamdl.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}] [HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Programfiler\NetProject\wamdl.dll [ ] [HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "IncrediMail"="C:\Programfiler\IncrediMail\bin\IncMail.exe" [2008-02-03 16:04 214456] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 04:33 155648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 02:02 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 02:02 126976] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2005-03-04 12:26 606208] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04 53248] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "STATUS"="STATUS.EXE" [2001-10-29 17:33 170496 C:\WINDOWS\system32\STATUS.EXE] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-04-05 16:38 98304] "ISDNStatus"="C:\Programfiler\ISDN_UTL\isdnsta.exe" [2003-07-17 17:16 593920] "OpwareSE2"="C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152] "Norman ZANDA"="C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] "Antivirus"="C:\Programfiler\WAV\wav.exe" [2008-06-05 10:07 325632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2005-09-27 10:08:27 24576] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.I420"= vdrcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Documents and Settings\\Kjell\\Skrivebord\\Fest\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\SD-Faktura\\Faktura.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "C:\\Programfiler\\Ares Ultra\\Ares Ultra.exe"= "C:\\Programfiler\\Ares Gold\\AresGold.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\IncrediMail\\bin\\ImApp.exe"= "C:\\Programfiler\\IncrediMail\\bin\\IncMail.exe"= "C:\\Programfiler\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Programfiler\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-11-04 12:23] R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-11-04 12:23] R2 Ndiskio;Ndiskio;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 10:45] R3 nvcoas;Norman Virus Control on-access component;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23] S2 TA128;Intelligent ISDN PCMCIA;C:\WINDOWS\system32\DRIVERS\TA128.SYS [2003-04-01 11:51] S3 ABOVCOM1;ABOVCOM1;C:\WINDOWS\system32\DRIVERS\ABOVCOM1.SYS [2001-01-06 20:07] S3 CoIsdn;Intelligent COISDN Adapter;C:\WINDOWS\system32\DRIVERS\CoIsdn.sys [2003-04-01 11:47] S3 ISDN_u;ISDN USB CAPI;C:\WINDOWS\system32\DRIVERS\ISDN_u.sys [2003-04-19 11:14] S3 nvcfsr;nvcfsr;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25] S3 nvcoafl51;nvcoafl51;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25] S3 nvcoaft51;nvcoaft51;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25] S3 nvcoarc51;nvcoarc51;C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41] S3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2003-01-13 18:41] . Contents of the 'Scheduled Tasks' folder "2008-06-08 13:18:02 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-08 15:14:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKEEPER.exe C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\npm\bin\elogsvc.exe C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\npm\bin\Zanda.exe C:\PROGRA~1\Intel\Wireless\Bin\ZCfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programfiler\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Programfiler\Dell\NicConfigSvc\NicConfigSvc.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\Apoint\Apoint.exe C:\PROGRA~1\Java\JRE15~1.0_0\bin\jusched.exe C:\PROGRA~1\Intel\Wireless\Bin\iFrmewrk.exe C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\npm\bin\Njeeves.exe C:\PROGRA~1\Dell\QuickSet\quickset.exe C:\PROGRA~1\filer\CYBERL~1\PowerDVD\DVDLAU~1.EXE C:\PROGRA~1\Java\JRE15~1.0_0\bin\jucheck.exe C:\PROGRA~1\QUICKT~1\qttask.exe C:\PROGRA~1\ScanSoft\OMNIPA~1.0\OPWARE~1.EXE C:\DOCUME~1\Kjell\MINEDO~1\NORTON\Norman\npm\bin\Zlh.exe C:\PROGRA~1\Apoint\ApntEx.exe C:\PROGRA~1\MACROG~1\SweetIM\SweetIM.exe C:\Documents and Settings\Kjell\Mine dokumenter\NORTON\Norman\NVC\Bin\Nip.exe C:\DOCUME~1\Kjell\MINEDO~1\NORTON\Norman\NVC\Bin\CClaw.exe C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE C:\PROGRA~1\INCRED~1\bin\ImApp.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-06-08 15:21:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-08 13:21:19 Pre-Run: 11,751,849,984 byte ledig Post-Run: 11,741,786,112 byte ledig 325 --- E O F --- 2008-05-20 11:51:18 Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A33FA729-D155-4B23-842B-2C665ECABDB6}"= - "{51D81DD5-55B7-497F-95DB-D356429BB54E}"=- [-HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}] [-HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{51D81DD5-55B7-497F-95DB-D356429BB54E}"=- [-HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]