ComboFix 08-07-07.3 - Bjorn 2008-07-08 10:43:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.141 [GMT 2:00] Running from: C:\Documents and Settings\bjorn\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Antivirus2008y C:\Programfiler\Antivirus2008y\antvrs.exe C:\WINDOWS\system32\mdm.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NSESVC -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))) . 2008-07-08 10:35 . 2008-07-08 10:35 d--h----- C:\ErdUndoCache 2008-07-08 09:19 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-07-08 09:19 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-07-08 09:19 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-07-08 09:19 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-07-08 09:19 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-07-08 09:19 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-07-08 09:19 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-07-08 09:19 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-08 09:19 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-07 15:50 . 2008-07-07 15:50 d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-07 15:50 . 2008-07-07 15:50 d-------- C:\Documents and Settings\bjorn\Programdata\SUPERAntiSpyware.com 2008-07-07 15:50 . 2008-07-07 15:50 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-07 15:49 . 2008-07-07 15:49 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-07 15:49 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-07-07 15:48 . 2008-07-07 15:48 d-------- C:\Programfiler\Panda Security 2008-06-11 12:02 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 12:02 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 13:01 --------- d-----w C:\Programfiler\SuperOffice 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:16 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-06-04 12:55 1,215 ----a-w C:\Documents and Settings\bjorn\_-1594419042.dat 2005-02-02 23:28 1,544 ----a-w C:\Programfiler\Fellesfiler\highlight.rew . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "ModemOnHold"="C:\Programfiler\NetWaiting\netwaiting.exe" [2003-09-10 04:24 20480] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 12:09 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 12:06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 12:10 114688] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 15:03 36975] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 22:29 49152] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 20:48 761947] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2006-06-29 14:13 1032192] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-28 01:59 169984] "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.EXE" [2008-06-02 14:46 273520] "JobHisInit"="C:\Programfiler\RDS\RMClient\JobHisInit.exe" [2005-11-01 11:52 151552] "MplSetUp"="C:\Programfiler\RDS\RMClient\MplSetUp.exe" [2005-06-01 02:59 40960] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 01:30 282624 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1044-F000-BA7E-100000000002}\SC_Acrobat.exe [2008-01-14 16:29:46 25214] Auto Document Link.lnk - C:\Programfiler\RDS\PLDlnk.exe [2007-01-18 09:37:42 544768] Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2006-12-28 01:57:44 24576] Expressbooster.lnk - C:\Programfiler\Centos\Expressbooster\EXPBST.exe [2007-12-12 11:00:39 196608] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:54 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\RDS\\PLDlnk.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-29 10:58] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 15:00] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Antivirus2008y - C:\Programfiler\Antivirus2008y\antvrs.exe HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-08 10:51:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Norman\npm\bin\elogsvc.exe C:\Norman\npm\bin\Zanda.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Programfiler\Dell\QuickSet\NicConfigSvc.exe C:\Programfiler\RealVNC\VNC4\winvnc4.exe C:\Norman\npm\bin\Njeeves.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\Java\JRE15~1.0_0\bin\jusched.exe C:\PROGRA~1\filer\CYBERL~1\PowerDVD\DVDLAU~1.EXE C:\WINDOWS\system32\WLTRAY.EXE C:\PROGRA~1\SYNAPT~1\SynTP\SynTPEnh.exe C:\PROGRA~1\Dell\QuickSet\quickset.exe C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\issch.exe C:\Norman\NVC\bin\Nip.exe C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe C:\PROGRA~1\NETWAI~1\NETWAI~1.EXE C:\Norman\NVC\bin\CClaw.exe C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe . ************************************************************************** . Completion time: 2008-07-08 10:58:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-08 08:58:41 Pre-Run: 48,188,899,328 byte ledig Post-Run: 48,435,183,616 byte ledig 145 --- E O F --- 2008-06-21 05:16:21