ComboFix 08-08-26.02 - Regnskap 2008-08-27 7:41:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1614 [GMT 2:00] Running from: C:\Documents and Settings\Regnskap\Skrivebord\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Regnskap\Cookies\regnskap@stl.p.a1.traceworks[1].txt C:\Documents and Settings\Regnskap\Cookies\regnskap@www.nettkatalogen[1].txt C:\Documents and Settings\Regnskap\Programdata\macromedia\Flash Player\#SharedObjects\JP7JWFVX\bin.clearspring.com C:\Documents and Settings\Regnskap\Programdata\macromedia\Flash Player\#SharedObjects\JP7JWFVX\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Regnskap\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Regnskap\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\WINDOWS\system32\__c001A8A1.dat . ((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))) . 2008-08-27 07:25 . 2008-08-27 07:25 d-------- C:\Documents and Settings\Regnskap\Programdata\Malwarebytes 2008-08-27 07:24 . 2008-08-27 07:25 d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-08-27 07:24 . 2008-08-27 07:24 d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-27 07:24 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-27 07:24 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-26 13:25 . 2008-08-26 13:25 d-------- C:\Programfiler\Trend Micro 2008-08-26 11:55 . 2008-08-26 11:55 d-------- C:\VundoFix Backups 2008-08-26 10:18 . 2008-08-26 10:18 d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-26 10:18 . 2008-08-26 10:18 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-26 10:18 . 2008-08-26 10:18 d-------- C:\Documents and Settings\Regnskap\Programdata\SUPERAntiSpyware.com 2008-08-26 10:18 . 2008-08-26 10:18 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-26 07:19 . 2008-08-26 07:19 65,341,884 --a------ C:\SYM_REGISTRY_BACKUP.reg 2008-08-13 06:54 . 2008-04-11 21:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 06:54 . 2008-05-01 16:38 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-27 05:44 --------- d-----w C:\Programfiler\SPAMfighter 2008-08-26 05:22 --------- d-----w C:\Programfiler\Norton AntiVirus 2008-08-26 05:22 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 09:23 1695232] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 16:22 94208] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 16:19 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 16:23 114688] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 16:23 86016] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-31 12:54 58728] "SetRefresh"="C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 20:01 525824] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-22 11:46 100056] "SPAMfighter Agent"="C:\Programfiler\SPAMfighter\SFAgent.exe" [2007-11-01 18:15 308880] "Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 19:07 61952 C:\WINDOWS\system32\hdashcut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-03-08 14:26 13924864 C:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] Service Manager.lnk - C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32 81920] Sonic CinePlayer Quick Launch.lnk - C:\Programfiler\Fellesfiler\Sonic Shared\CineTray.exe [2005-10-15 03:01:00 114688] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 19:08] R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Programfiler\SPAMfighter\sfus.exe [2007-11-01 18:15] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - Notify-54d00ef5382 - C:\WINDOWS\system32\__c001A8A1.dat . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.sol.no/ O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-27 07:45:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Symantec Shared\CCSETMGR.EXE C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCEVTMGR.EXE C:\Programfiler\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Programfiler\Norton AntiVirus\NAVAPSVC.EXE C:\Programfiler\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 2008-08-27 7:57:00 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-27 05:56:55 Pre-Run: 136,858,554,368 byte ledig Post-Run: 137,204,924,416 byte ledig 122 --- E O F --- 2008-08-18 05:16:38