ComboFix 08-12-11.01 - Astri lilleengen 2008-12-11 19:55:15.4 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.781 [GMT 1:00] Kjører fra: c:\documents and settings\Astri lilleengen\Skrivebord\ComboFix.exe [COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-11 til 2008-12-11 ))))))))))))))))))))))))))))))))) . 2008-12-11 18:53 . 2008-12-11 18:53 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-11 18:53 . 2008-12-11 18:53 d-------- c:\documents and settings\Astri lilleengen\Programdata\Malwarebytes 2008-12-11 18:53 . 2008-12-11 18:53 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-11 18:53 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-11 18:53 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-10 20:09 . 2008-12-10 20:09 d-------- c:\programfiler\Enigma Software Group 2008-12-06 20:04 . 2008-12-06 20:06 d-------- c:\programfiler\MortimerBeckettTimeParadox_at 2008-11-14 15:53 . 1998-11-13 14:09 306,688 --a------ c:\windows\IsUn0414.exe 2008-11-14 15:53 . 2008-11-14 15:53 272 --a------ c:\windows\_delis32.ini 2008-11-12 20:19 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 20:18 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 21:38 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-12-10 18:52 --------- d-----w c:\programfiler\SUPERAntiSpyware 2008-12-09 21:19 --------- d-----w c:\documents and settings\Astri lilleengen\Programdata\Bentley 2008-12-09 21:19 --------- d-----w c:\documents and settings\Astri lilleengen\Programdata\Autodesk 2008-12-09 21:19 --------- d-----w c:\documents and settings\Astri lilleengen\Programdata\Apple Computer 2008-12-09 21:19 --------- d-----w c:\documents and settings\Astri lilleengen\Programdata\AdobeUM 2008-12-09 21:19 --------- d-----w c:\documents and settings\Astri lilleengen\Programdata\Acoustica 2008-12-06 17:30 --------- d-----w c:\documents and settings\All Users\Programdata\VIZ_MPS 2008-12-06 12:26 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-06 12:24 --------- d-----w c:\programfiler\Java 2008-11-30 20:00 --------- d-----w c:\programfiler\MSN Messenger 2008-11-14 14:56 --------- d-----w c:\programfiler\EA GAMES 2008-11-14 14:55 --------- d-----w c:\programfiler\Oberon Media 2008-11-14 14:54 --------- d-----w c:\programfiler\Fellesfiler\Logitech 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-10-28 16:23 --------- d-----w c:\documents and settings\All Users\Programdata\Bentley 2008-10-28 15:41 --------- d-----w c:\programfiler\Fellesfiler\Bentley Shared 2008-10-28 15:40 --------- d-----w c:\programfiler\Bentley 2008-10-28 15:36 --------- d-----w c:\programfiler\MSXML 4.0 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-21 13:41 --------- d-----w c:\programfiler\Logitech 2008-10-21 13:40 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-10-21 13:33 --------- d-----w c:\documents and settings\All Users\Programdata\Logishrd 2008-10-20 18:32 --------- d-----w c:\programfiler\Fellesfiler\Adobe Systems Shared 2008-10-20 18:32 --------- d-----w c:\documents and settings\All Users\Programdata\Adobe Systems 2008-10-20 18:31 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-10-20 18:02 --------- dc----w c:\documents and settings\All Users\Programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-10-20 17:43 --------- d-----w c:\programfiler\LimeWire 2008-10-20 17:36 --------- d-----w c:\programfiler\VisualTool 2008-10-20 13:24 --------- d-----w c:\documents and settings\Astri lilleengen\Programdata\Go-Go Gourmet Chef of the Year 2008-10-20 13:21 --------- d-----w c:\programfiler\Fellesfiler\Oberon Media 2008-10-19 19:26 --------- d-----w c:\programfiler\Microsoft CAPICOM 2.1.0.2 2008-10-19 14:21 --------- d-----w c:\programfiler\weblin 2008-10-19 14:21 --------- d-----w c:\documents and settings\Astri lilleengen\Programdata\zweitgeist 2008-10-17 19:08 --------- d-----w c:\programfiler\Three Rings Design 2008-10-17 16:51 --------- d-----w c:\documents and settings\Astri lilleengen\Programdata\Leadertech 2008-10-17 16:49 --------- d-----w c:\documents and settings\All Users\Programdata\Logitech 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-01-24 13:57 32 ----a-r c:\documents and settings\All Users\hash.dat 2007-08-22 16:22 13,012 ----a-w c:\documents and settings\Astri lilleengen\Bubblets.dat 2007-04-13 19:30 1 ----a-w c:\documents and settings\Astri lilleengen\SI.bin . ((((((((((((((((((((((((((((( snapshot@2008-12-10_22.04.03.43 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-10 19:12:43 64,372 ----a-w c:\windows\system32\perfc009.dat + 2008-12-10 21:03:02 64,508 ----a-w c:\windows\system32\perfc009.dat - 2008-12-10 19:12:43 73,088 ----a-w c:\windows\system32\perfc014.dat + 2008-12-10 21:03:03 73,278 ----a-w c:\windows\system32\perfc014.dat - 2008-12-10 19:12:43 409,232 ----a-w c:\windows\system32\perfh009.dat + 2008-12-10 21:03:02 409,368 ----a-w c:\windows\system32\perfh009.dat - 2008-12-10 19:12:44 412,788 ----a-w c:\windows\system32\perfh014.dat + 2008-12-10 21:03:03 413,096 ----a-w c:\windows\system32\perfh014.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] "WinDNN"="c:\documents and settings\Astri lilleengen\Programdata\Google\klnxv19819115.exe" [2008-12-09 123392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SCDEmuApp.exe"="c:\programfiler\PowerISO\SCDEmuApp.exe" [2005-10-16 167936] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-05 7323648] "Norman ZANDA"="c:\norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "Adobe Photo Downloader"="k:\programfiler\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 57344] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Acrobat Assistant 7.0"="c:\programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe] "nwiz"="nwiz.exe" [2006-01-05 c:\windows\system32\nwiz.exe] "SMSERIAL"="sm56hlpr.exe" [2005-09-13 c:\windows\sm56hlpr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-10-20 25214] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-10 19:52 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.VP31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\StubInstaller.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-03-24 215040] R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2008-08-21 7040] S1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944] S1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024] S2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2007-03-24 20448] S3 LwAdiHid;Logitech WingMan digitale enheter (autogjenkjenning);c:\windows\system32\DRIVERS\LwAdiHid.sys [2008-10-17 20864] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-11 38496] S3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-07-04 322616] S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys [2007-03-24 6712] S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-05-09 19512] S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl51.sys [2007-03-24 30264] S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft51.sys [2007-03-24 129848] S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc51.sys [2007-03-24 23224] S3 nvcoas;Norman Virus Control on-access component;"c:\norman\Nvc\bin\nvcoas.exe" [2008-01-21 183352] S3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE [2007-05-27 146488] S3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2008-02-09 61536] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2008-02-09 88624] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = www.startsiden.no/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR IE: Convert link target to Adobe PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Astri lilleengen\Start-meny\Programmer\IMVU\Run IMVU.lnk IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Astri lilleengen\Start-meny\Programmer\IMVU\Run IMVU.lnk - c:\windows\Downloaded Program Files\DVC Download Control.ocx - O16 -: {ABB660B6-6694-407B-950A-EDBA5A159722} hxxp://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab c:\windows\Downloaded Program Files\GoBitGamesPlayer.dll - O16 -: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab c:\windows\Downloaded Program Files\GoBitGamesPlayer.inf c:\windows\Downloaded Program Files\ddfotg.1.0.0.32.dll - O16 -: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} hxxp://www.playfirst.com/play/game/dinerdashfloonthego/ddfotg.1.0.0.32.cab c:\windows\Downloaded Program Files\ddfotg.1.0.0.32.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-11 19:56:58 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(752) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL . Tidspunkt ferdig: 2008-12-11 19:57:46 ComboFix-quarantined-files.txt 2008-12-11 18:57:35 ComboFix2.txt 2008-12-10 21:05:50 Pre-Run: 38,826,758,144 byte ledig Post-Run: 38,932,905,984 byte ledig 210 --- E O F --- 2008-12-10 18:46:20