ComboFix 08-10-30.07 - Anders 2008-10-30 18:11:54.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1113 [GMT 1:00] Running from: C:\Users\Anders\Downloads\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 ))))))))))))))))))))))))))))))) . 2008-10-30 17:53 . 2008-10-30 17:53 d-------- C:\Users\Anders\AppData\Roaming\Malwarebytes 2008-10-30 17:53 . 2008-10-30 17:53 d-------- C:\Users\All Users\Malwarebytes 2008-10-30 17:53 . 2008-10-30 17:53 d-------- C:\ProgramData\Malwarebytes 2008-10-30 17:53 . 2008-10-30 17:53 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-30 17:53 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-30 17:53 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-17 15:31 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-10-17 15:31 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-10-17 15:31 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax 2008-10-17 15:31 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax 2008-10-17 15:31 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-10-16 13:52 . 2008-09-03 04:59 468,992 --a------ C:\Windows\System32\newdev.dll 2008-10-16 13:52 . 2008-09-03 04:58 74,752 --a------ C:\Windows\System32\newdev.exe 2008-10-16 13:50 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys 2008-10-16 13:47 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-10-16 13:47 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-10-16 13:47 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-10-16 13:47 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll 2008-10-16 13:47 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys 2008-10-12 20:18 . 2008-10-12 20:19 d-------- C:\Program Files\coolpro2 2008-10-11 16:10 . 2008-10-11 16:10 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-10-11 15:34 . 2008-10-11 15:34 d-------- C:\Users\Anders\AppData\Roaming\Nokia Multimedia Player 2008-09-16 14:49 . 2008-07-19 06:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-09-16 14:49 . 2008-07-19 04:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-09-16 14:49 . 2008-07-19 06:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-09-16 14:49 . 2008-07-18 21:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-09-16 14:49 . 2008-07-19 04:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-09-16 14:49 . 2008-07-19 06:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-09-16 14:49 . 2008-07-19 06:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-09-16 14:49 . 2008-07-19 06:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-09-16 14:49 . 2008-07-18 19:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-09-10 18:40 . 2008-07-31 02:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 18:40 . 2008-08-02 02:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 18:40 . 2008-06-26 04:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 18:40 . 2008-06-26 04:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 18:40 . 2008-05-08 20:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 18:40 . 2008-05-20 03:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 18:40 . 2008-06-26 04:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 18:40 . 2008-08-02 04:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-10 18:40 . 2008-07-31 04:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-04 19:26 . 2008-09-02 11:48 19,512 --a------ C:\Windows\System32\drivers\nvcv32mf.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-30 17:17 --------- d-----w C:\Program Files\Norman 2008-10-29 17:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-10-19 16:32 --------- d-----w C:\ProgramData\Symantec 2008-10-19 16:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-17 14:37 --------- d-----w C:\Program Files\Windows Mail 2008-10-17 14:36 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-12 19:35 --------- d-----w C:\Users\Anders\AppData\Roaming\Nokia 2008-10-11 15:17 --------- d-----w C:\Users\Anders\AppData\Roaming\PC Suite 2008-10-03 15:14 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-09-30 16:05 --------- d-----w C:\Users\Anders\AppData\Roaming\uTorrent 2008-09-10 16:10 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-03 13:35 130,208 ------r C:\Windows\bwUnin-8.1.1.87-8876480SL.exe 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-13 10:40 174 --sha-w C:\Program Files\desktop.ini 2008-01-14 22:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-14 22:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-14 22:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 37376] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-08-05 308720] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 C:\Windows\RtHDVCpl.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe] "Skytel"="Skytel.exe" [2007-08-03 C:\Windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-08-03 91440] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-03 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.cdvc"= csccdvc.dll "msacm.pcdv"= pcdv.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C1C6B8B1-9F49-4DCE-9070-FAD460B6B75E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{619934C2-A5A7-4DE4-A2F4-654425EE5075}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{E911CC4B-00C2-490C-960C-EC6A2ABA3F84}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "TCP Query User{CB76362E-3E2B-4BF3-AFA9-EFFFEF7AA64A}C:\\download\\dcplusplus.exe"= UDP:C:\download\dcplusplus.exe:DC++ "UDP Query User{EFDB09E4-C3FA-4791-AE52-BA9E78CE3F22}C:\\download\\dcplusplus.exe"= TCP:C:\download\dcplusplus.exe:DC++ "{F33F170D-9AC5-4A43-A2BE-784C199C7865}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{12FADBE4-A06A-41B6-82D2-21DB7AAE7977}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{933186D8-FD5E-43DA-A323-50FC6CD773DB}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{9CB62D83-2CD7-47A2-B70C-86E33591EB53}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{58E01370-D5C6-48C6-B2E2-85AB792910AA}"= TCP:59058:Utorrent "{F17B18ED-4CCA-4604-BF2B-A36F472DC4CD}"= UDP:59058:Utorrent2 "TCP Query User{227D8271-103A-40A5-9A4C-0125EC4687B2}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{0456325D-D32F-4F8E-A3B1-84A40F1F7F47}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{9D90E0F3-F9C9-4DC1-8145-24C5005348D6}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{DA3A56E6-D474-458E-B072-7812E943B0AA}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{7516BDA9-203D-430C-87EC-1DC7ED45A940}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{3CE4926C-C0C0-4A9D-97E9-8F592D5C35F8}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "TCP Query User{7367F441-A577-4427-A859-22FAF2D0CCBD}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts "UDP Query User{2CD8981A-FC84-4390-8935-A05CFC19A5AF}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts "TCP Query User{343DDE48-51E7-464A-8386-AF7EEF6AE8B5}C:\\users\\anders\\appdata\\local\\temp\\cry800.tmp\\install.exe"= UDP:C:\users\anders\appdata\local\temp\cry800.tmp\install.exe:install.exe "UDP Query User{BA6150FA-8FEF-435A-8585-0CBD604BD953}C:\\users\\anders\\appdata\\local\\temp\\cry800.tmp\\install.exe"= TCP:C:\users\anders\appdata\local\temp\cry800.tmp\install.exe:install.exe "TCP Query User{88CF67E6-8ED4-413C-9A1F-19D80FF97364}C:\\program files\\betsafe poker\\ua.exe"= UDP:C:\program files\betsafe poker\ua.exe:UA Application "UDP Query User{061044D6-6672-4BEE-B4F5-FDCCFFD0795C}C:\\program files\\betsafe poker\\ua.exe"= TCP:C:\program files\betsafe poker\ua.exe:UA Application "{D9733A0C-4963-4F6A-B239-3C68854175AF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{A0D89E30-BC5B-45E4-9CFA-286CD4E12C52}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{BD951D8F-2CC5-442A-86E9-A9D5916F8A88}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{08861E8F-CC79-496F-8274-706D4788F70D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F239C6C4-27F1-440C-895D-779ACF126A3F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{B62D0898-746E-4AC4-8688-21AE7E7B3AA0}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts "UDP Query User{2617C65D-CCFC-418A-90AE-8D0E76B13E86}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts "TCP Query User{D694EB01-2F6F-4CCA-9C09-C2BD03354E2E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{78D1EC53-D4FE-4A63-80C1-690350DA35F5}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{558CF4AD-42A0-4B0B-97AD-B2D5C46EE4F1}C:\\download\\dcplusplus.exe"= UDP:C:\download\dcplusplus.exe:DC++ "UDP Query User{686BBDF1-3985-46AE-8147-38E8C35B5064}C:\\download\\dcplusplus.exe"= TCP:C:\download\dcplusplus.exe:DC++ "TCP Query User{D59F0872-2178-4E37-981A-7C034F7C0D9E}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{52C539B1-3564-4860-9B42-F8105D4DF7EA}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player "TCP Query User{93F3673F-CC96-40A3-8EFA-24A648570DA4}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{9C6CF94F-82C9-49FB-A751-7BE1E8FD6487}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever "TCP Query User{0F31E876-74CA-45E3-8EED-53A6E7468A94}C:\\spill\\empire earth\\empire earth.exe"= UDP:C:\spill\empire earth\empire earth.exe:Empire Earth "UDP Query User{884DB66F-75FA-4D04-A278-1D12F79A03BA}C:\\spill\\empire earth\\empire earth.exe"= TCP:C:\spill\empire earth\empire earth.exe:Empire Earth "{03941357-BD01-4F23-A5D6-A3A3F9433CC1}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{565CB9F6-D3F1-4300-9C5B-A5663980BE96}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{D6A81CC4-CF5F-4A55-BC8F-D7F1FC86BC14}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{39272331-AF54-4B9E-B5C1-84BC200AEE09}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{F2DDC9F6-AD23-4D71-8EA8-E07CB47FB8BA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{9DFFCB80-5C35-49DF-9A3C-E82C08FD6B1E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\uusee\\UUSeePlayer.exe"= C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448] R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2008-09-02 19512] R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 nvcfsr;nvcfsr;C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712] S3 nvcoafl4;nvcoafl4;C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 36472] S3 nvcoaft4;nvcoaft4;C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 104288] S3 nvcoarc4;nvcoarc4;C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 25528] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f467e3-77fc-11dc-a1ef-806e6f6e6963}] \shell\AutoRun\command - D:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2008-10-29 C:\Windows\Tasks\Norton Security Scan for Anders.job - C:\Program Files\Norton Security Scan\Nss.exe [2008-09-19 03:18] . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.no/ R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 -: {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Betway\Casino\casinogame.exe O9 -: {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Betway\Poker\MPPoker.exe O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 -: {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 -: {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Betway\Casino\casinogame.exe - O9 -: {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Betway\Poker\MPPoker.exe - O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe - O9 -: {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe - O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O16 -: {1819853F-A3CA-4BC4-AD65-EC29D7448494} - hxxp://centrebet.com/external/cust_static/activex/centrebetpokerlauncher.cab C:\Windows\Downloaded Program Files\centrebetpokerlauncher.inf C:\Windows\Downloaded Program Files\centrebetpokerlauncher.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-30 18:18:27 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Norman\Npm\Bin\elogsvc.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\PnkBstrA.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Windows\System32\conime.exe C:\Program Files\Norman\NVC\bin\Nip.exe C:\Program Files\Norman\NVC\bin\CClaw.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\Windows\System32\regsvr32.exe . ************************************************************************** . Completion time: 2008-10-30 18:25:14 - machine was rebooted [Anders] ComboFix-quarantined-files.txt 2008-10-30 17:24:44 Pre-Run: 120,706,437,120 byte ledig Post-Run: 120,635,453,440 byte ledig 247 --- E O F --- 2008-10-17 14:36:33