ComboFix 08-12-06.06 - mr.x 2008-12-07 14:54:49.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.2861 [GMT 1:00]
Kjører fra: c:\documents and settings\mr.x\Skrivebord\ComboFix.exe
 * Opprettet nytt gjenopprettingspunkt

[COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Programdata\whlprd32a.dll

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2008-11-07 til 2008-12-07  )))))))))))))))))))))))))))))))))
.

2008-12-07 14:33 . 2008-12-07 14:49	<DIR>	d--------	c:\windows\LastGood.Tmp
2008-12-07 14:30 . 2008-12-07 14:30	<DIR>	d--------	c:\windows\system32\no
2008-12-07 14:30 . 2008-12-07 14:30	<DIR>	d--------	c:\windows\system32\nb-no
2008-12-07 14:30 . 2008-12-07 14:30	<DIR>	d--------	c:\windows\system32\bits
2008-12-07 14:30 . 2008-12-07 14:30	<DIR>	d--------	c:\windows\l2schemas
2008-12-07 14:25 . 2008-12-07 14:50	1,374	--a------	c:\windows\imsins.BAK
2008-12-07 14:14 . 2008-12-07 14:53	<DIR>	dr-h-----	c:\documents and settings\mr.x\Siste
2008-12-07 14:13 . 2008-12-07 14:13	<DIR>	d--------	c:\programfiler\Malwarebytes' Anti-Malware
2008-12-07 14:13 . 2008-12-07 14:13	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\Malwarebytes
2008-12-07 14:13 . 2008-12-07 14:13	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Malwarebytes
2008-12-07 14:13 . 2008-12-03 19:54	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-07 14:13 . 2008-12-03 19:54	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2008-12-07 14:04 . 2008-12-07 14:04	<DIR>	d--------	c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com
2008-12-07 14:03 . 2008-12-07 14:03	<DIR>	d--------	c:\programfiler\SUPERAntiSpyware
2008-12-07 14:03 . 2008-12-07 14:03	<DIR>	d--------	c:\programfiler\Fellesfiler\Wise Installation Wizard
2008-12-07 14:03 . 2008-12-07 14:03	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\SUPERAntiSpyware.com
2008-12-07 12:52 . 2008-12-07 12:52	<DIR>	d--------	c:\programfiler\Trend Micro
2008-12-07 12:47 . 2008-12-07 12:47	<DIR>	d--------	c:\documents and settings\mr.x\DoctorWeb
2008-12-07 12:30 . 2008-12-07 12:30	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\Uniblue
2008-12-06 23:56 . 2008-12-07 02:19	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\gtk-2.0
2008-12-06 23:55 . 2008-12-06 23:55	<DIR>	d--------	c:\documents and settings\mr.x\.thumbnails
2008-12-06 23:24 . 2008-12-06 23:24	<DIR>	d--------	c:\programfiler\GIMP-2.0
2008-12-06 23:24 . 2008-12-07 02:19	<DIR>	d--------	c:\documents and settings\mr.x\.gimp-2.6
2008-12-06 23:24 . 2008-12-06 23:24	<DIR>	d--------	c:\documents and settings\mr.x\.gegl-0.0
2008-12-06 23:01 . 2008-12-06 23:01	<DIR>	d--------	c:\programfiler\RealDrawPRO5
2008-12-06 22:44 . 2008-12-06 22:44	<DIR>	d--------	c:\programfiler\uTorrent
2008-12-06 22:44 . 2008-12-07 02:22	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\uTorrent
2008-12-06 18:42 . 2008-12-07 14:46	<DIR>	d--------	C:\HammerAutosave
2008-12-06 14:28 . 2008-12-06 14:28	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-12-06 14:27 . 2008-12-06 14:27	<DIR>	d--------	c:\programfiler\Fellesfiler\Adobe AIR
2008-12-06 14:26 . 2008-12-06 14:26	<DIR>	d--------	c:\programfiler\Fellesfiler\Adobe
2008-12-06 14:25 . 2008-12-07 12:07	<DIR>	d--------	c:\programfiler\NOS
2008-12-06 14:25 . 2008-12-07 12:07	<DIR>	d--------	c:\documents and settings\All Users\Programdata\NOS
2008-12-06 14:21 . 2008-12-06 14:21	<DIR>	d--------	c:\programfiler\LMPC3
2008-12-06 14:21 . 2006-06-26 11:24	4,224	--a------	c:\windows\system32\drivers\lmpc2.sys
2008-12-06 14:11 . 2003-06-19 01:31	17,920	--a------	c:\windows\system32\mdimon.dll
2008-12-06 14:11 . 2008-12-06 14:11	382	--a------	c:\windows\ODBC.INI
2008-12-06 14:10 . 2008-12-06 14:11	<DIR>	d--------	c:\windows\SHELLNEW
2008-12-06 14:10 . 2008-12-06 14:10	<DIR>	d--------	c:\programfiler\Microsoft.NET
2008-12-06 14:08 . 2008-12-06 14:08	<DIR>	dr-h-----	C:\MSOCache
2008-12-05 21:03 . 2008-09-10 02:16	1,307,648	-----c---	c:\windows\system32\dllcache\msxml6.dll
2008-12-05 18:39 . 2008-12-06 13:52	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\skypePM
2008-12-05 18:39 . 2008-12-05 18:39	56	--ah-----	c:\windows\system32\ezsidmv.dat
2008-12-05 18:28 . 2008-12-07 14:10	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\Skype
2008-12-05 17:13 . 2008-12-05 17:13	<DIR>	d--------	c:\programfiler\Google
2008-12-05 17:11 . 2008-12-05 17:11	<DIR>	d--------	c:\programfiler\Skype
2008-12-05 17:11 . 2008-12-05 17:11	<DIR>	d--------	c:\programfiler\Fellesfiler\Skype
2008-12-05 17:11 . 2008-12-05 17:11	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Skype
2008-12-05 17:04 . 2008-12-05 17:04	2,422	--a------	c:\windows\system32\wpa.bak
2008-12-05 16:30 . 2008-12-05 16:32	<DIR>	d--------	c:\windows\9580813D94B14C289426A441E2BB29A5.TMP
2008-12-05 16:29 . 2008-12-07 14:48	<DIR>	d--------	c:\programfiler\Steam
2008-12-05 15:58 . 2008-12-05 15:58	<DIR>	d---s----	c:\documents and settings\mr.x\UserData
2008-12-05 15:51 . 2008-12-05 15:51	410,984	--a------	c:\windows\system32\deploytk.dll
2008-12-05 15:51 . 2008-12-05 15:51	73,728	--a------	c:\windows\system32\javacpl.cpl
2008-12-05 15:11 . 2008-08-14 14:27	2,190,976	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 15:11 . 2008-08-14 14:27	2,147,328	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 15:11 . 2008-08-14 14:27	2,067,840	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 15:11 . 2008-08-14 14:27	2,025,984	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 15:11 . 2008-09-15 16:29	1,846,400	-----c---	c:\windows\system32\dllcache\win32k.sys
2008-12-05 15:11 . 2008-09-08 11:41	333,824	-----c---	c:\windows\system32\dllcache\srv.sys
2008-12-05 15:11 . 2008-06-14 18:36	272,256	-----c---	c:\windows\system32\dllcache\bthport.sys
2008-12-05 15:11 . 2008-08-14 11:04	138,496	-----c---	c:\windows\system32\dllcache\afd.sys
2008-12-05 15:10 . 2008-09-04 18:17	1,106,944	-----c---	c:\windows\system32\dllcache\msxml3.dll
2008-12-05 15:10 . 2008-04-11 20:06	691,712	-----c---	c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 15:10 . 2008-10-24 12:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 15:10 . 2008-10-15 17:38	337,408	-----c---	c:\windows\system32\dllcache\netapi32.dll
2008-12-05 15:10 . 2008-05-01 15:38	331,776	-----c---	c:\windows\system32\dllcache\msadce.dll
2008-12-05 15:10 . 2008-05-08 15:02	203,136	-----c---	c:\windows\system32\dllcache\rmcast.sys
2008-12-04 22:52 . 2008-12-07 14:49	<DIR>	d--h-----	c:\windows\$hf_mig$
2008-12-04 22:49 . 2008-12-04 22:49	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\vlc
2008-12-04 22:47 . 2008-12-04 22:47	<DIR>	d--------	c:\programfiler\VideoLAN
2008-12-04 22:10 . 2008-12-05 16:35	<DIR>	d--------	c:\programfiler\Spybot - Search & Destroy
2008-12-04 22:10 . 2008-12-05 15:56	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2008-12-04 22:07 . 2008-12-07 14:51	64,900	--a------	c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-12-04 22:07 . 2008-12-07 14:51	54,756	--a------	c:\windows\system32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-12-04 22:07 . 2008-12-07 14:51	54,756	--a------	c:\windows\system32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-12-04 22:07 . 2008-12-07 14:51	1,080	--a------	c:\windows\system32\settingsbkup.sfm
2008-12-04 22:07 . 2008-12-07 14:51	1,080	--a------	c:\windows\system32\settings.sfm
2008-12-04 22:06 . 2008-12-04 22:06	<DIR>	d--------	c:\programfiler\NVIDIA Corporation
2008-12-04 22:05 . 2008-12-04 22:05	<DIR>	d--------	c:\programfiler\NVIDIA nTune Performance Application
2008-12-04 22:00 . 2007-08-21 09:12	21,760	--a------	c:\windows\system32\drivers\point32.sys
2008-12-04 21:59 . 2008-12-04 22:00	<DIR>	d--------	c:\programfiler\Microsoft IntelliPoint
2008-12-04 21:58 . 2008-12-04 21:58	<DIR>	d--------	c:\programfiler\MSXML 6.0
2008-12-04 21:51 . 2008-12-04 21:51	<DIR>	d--------	c:\programfiler\Logitech
2008-12-04 21:51 . 2008-12-04 21:51	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Logitech
2008-12-04 21:46 . 2000-05-22 09:58	647,872	---------	c:\windows\system32\Mscomct2.ocx
2008-12-04 21:46 . 1999-10-10 18:00	41,984	---------	c:\windows\Ctregrun.exe
2008-12-04 21:46 . 2003-06-12 23:25	7,062	--a------	c:\windows\system32\audiopid.vxd
2008-12-04 21:45 . 2008-12-04 21:45	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\Creative
2008-12-04 21:45 . 2008-12-04 21:45	409,600	--a------	c:\windows\system32\wrap_oal.dll
2008-12-04 21:45 . 2000-05-11 01:00	90,112	---------	c:\windows\Updreg.EXE
2008-12-04 21:45 . 2008-12-04 21:45	86,016	--a------	c:\windows\system32\OpenAL32.dll
2008-12-04 21:45 . 2005-02-07 10:45	3,128	-ra------	c:\windows\system32\XFi.bmp
2008-12-04 21:45 . 2005-02-07 10:45	766	-ra------	c:\windows\system32\SBXFi.ico
2008-12-04 21:44 . 2008-12-04 21:45	<DIR>	d--------	c:\windows\system32\Data
2008-12-04 21:44 . 2006-05-24 06:47	86,445	-ra------	c:\windows\system32\instwdm.ini
2008-12-04 21:44 . 2006-05-24 05:55	11,776	--a------	c:\windows\INRES.DLL
2008-12-04 21:44 . 2006-05-24 05:20	10,240	--a------	c:\windows\CTDCRES.DLL
2008-12-04 21:44 . 2006-06-12 04:33	3,072	--a------	c:\windows\CTXFIRES.DLL
2008-12-04 21:44 . 2006-05-24 04:15	191	-ra------	c:\windows\system32\ctzapxx.ini
2008-12-04 21:43 . 2008-12-04 21:45	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Creative
2008-12-04 21:43 . 2006-05-03 18:07	29,705,938	---------	c:\windows\system32\28MBGM.sf2
2008-12-04 21:43 . 2000-12-13 11:21	7,572,224	---------	c:\windows\system32\CT8MGM.SF2
2008-12-04 21:43 . 2000-12-05 02:11	4,174,814	---------	c:\windows\system32\CT4MGM.SF2
2008-12-04 21:43 . 1999-09-22 16:18	2,167,684	---------	c:\windows\system32\CT2MGM.SF2
2008-12-04 21:41 . 2008-12-04 22:44	<DIR>	d--------	c:\programfiler\Creative
2008-12-04 21:29 . 2008-12-04 21:29	<DIR>	d--------	c:\windows\nview
2008-12-04 21:29 . 2007-11-07 00:00	356,352	--a------	c:\windows\system32\nvudisp.exe
2008-12-04 21:29 . 2008-12-04 21:29	162,159	--a------	c:\windows\system32\nvapps.xml
2008-12-04 21:29 . 2007-11-07 00:00	17,737	--a------	c:\windows\system32\nvdisp.nvu
2008-12-04 21:28 . 2007-11-06 18:03	356,352	--a------	c:\windows\system32\NVUNINST.EXE
2008-12-04 21:27 . 2008-05-07 06:12	1,291,264	-----c---	c:\windows\system32\dllcache\quartz.dll
2008-12-04 21:25 . 2008-12-04 21:25	<DIR>	d--------	c:\windows\system32\Lang
2008-12-04 21:25 . 2008-12-04 21:25	940,794	--a------	c:\windows\system32\LoopyMusic.wav
2008-12-04 21:25 . 2008-12-04 21:25	146,650	--a------	c:\windows\system32\BuzzingBee.wav
2008-12-04 21:06 . 2008-12-04 21:36	<DIR>	d--------	c:\programfiler\FOXCONN
2008-12-04 20:57 . 2008-12-04 20:57	<DIR>	d--------	c:\windows\RaidTool
2008-12-04 20:57 . 2008-12-04 20:57	<DIR>	d--------	C:\RaidTool
2008-12-04 20:57 . 2007-08-29 09:57	1,966,080	-r-------	c:\windows\system32\xRaidSetup.exe
2008-12-04 20:57 . 2007-08-20 06:31	151,552	-r-------	c:\windows\system32\xRaidAPI.dll
2008-12-04 20:57 . 2007-08-31 03:58	63,360	-ra------	c:\windows\system32\drivers\jraid.sys
2008-12-04 20:56 . 2007-05-31 08:19	96,896	-ra------	c:\windows\system32\drivers\Rtenicxp.sys
2008-12-04 20:55 . 2008-12-04 20:55	<DIR>	d--------	c:\windows\OPTIONS
2008-12-04 20:55 . 2008-12-04 20:55	<DIR>	d--------	c:\documents and settings\mr.x\Programdata\InstallShield
2008-12-04 20:55 . 2007-07-12 04:49	96,384	-ra------	c:\windows\system32\drivers\Rtnicxp.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 14:51	---------	d-----w	c:\programfiler\Java
2008-12-04 16:13	---------	d-----w	c:\programfiler\microsoft frontpage
2008-12-04 16:11	---------	d-----w	c:\programfiler\Fellesfiler\Java
2008-12-04 16:11	---------	d-----w	c:\programfiler\Common Files
2008-12-04 16:09	---------	d-----w	c:\programfiler\Fellesfiler\Tjenester
2008-12-04 16:09	---------	d-----w	c:\programfiler\Elektroniske tjenester
2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\wuweb.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\wuapi.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\wucltui.dll
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\cdm.dll
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\wuauclt.exe
2008-10-16 13:09	43,544	----a-w	c:\windows\system32\wups2.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\wups.dll
2008-09-15 15:29	1,846,400	----a-w	c:\windows\system32\win32k.sys
2008-09-10 01:16	1,307,648	----a-w	c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-05 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programfiler\\Steam\\SteamApps\\karl_den_store\\counter-strike source\\hl2.exe"=
"c:\\Programfiler\\uTorrent\\uTorrent.exe"=
"c:\\Programfiler\\Steam\\SteamApps\\karl_den_store\\team fortress 2\\hl2.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-04 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-04 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-04 76040]
R2 Ndiskio;Ndiskio;\??\c:\programfiler\Norman\Nse\bin\NDISKIO.SYS [2008-12-04 20448]
R3 LMPC2;LMPC2;c:\windows\system32\drivers\LMPC2.sys [2008-12-06 4224]
R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-04 875288]
S3 FXDrv32;FXDrv32;\??\E:\FXDrv32.sys []
S3 nsesvc;Norman Scanner Engine Service;"c:\programfiler\Norman\nse\bin\NSESVC.EXE" -daemon [2008-12-04 322616]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-12-04 19512]
S3 nvcoas;Norman Virus Control on-access component;"c:\programfiler\Norman\Nvc\bin\nvcoas.exe" [2008-12-04 183352]
S3 NVCScheduler;Norman Virus Control Scheduler;c:\programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2008-12-04 146488]

*Newly Created Service* - PROCEXP90
.
- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\programfiler\Uniblue\RegistryBooster\RegistryBooster.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 14:55:46
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ... 

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ... 

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\avgrsstx.dll
c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1080)
c:\windows\system32\avgrsstx.dll
.
Tidspunkt ferdig: 2008-12-07 14:56:18
ComboFix-quarantined-files.txt  2008-12-07 13:56:11

Pre-Run: 709 820 964 864 byte ledig
Post-Run: 709,934,858,240 byte ledig

225	--- E O F ---	2008-12-05 23:09:02