ComboFix 08-12-16.03 - Kjetil 2008-12-17 20:44:42.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.3071.2507 [GMT 1:00] Kjører fra: g:\virus\Combofix.exe * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\admintxt.txt c:\windows\service.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-17 til 2008-12-17 ))))))))))))))))))))))))))))))))) . 2008-12-17 06:59 . 2008-12-17 06:59 d-------- c:\documents and settings\All Users\Programdata\Yahoo! Companion 2008-12-15 23:04 . 2008-12-15 23:04 d-------- c:\programfiler\Trend Micro 2008-12-14 23:57 . 2008-12-17 20:20 dr-h----- c:\documents and settings\Kjetil\Siste 2008-12-14 15:00 . 2008-12-14 15:00 0 -ra------ C:\logwmemory.bin 2008-12-14 14:58 . 2008-12-14 14:59 d-------- C:\Soldat 2008-12-14 14:58 . 2008-12-14 14:58 d-------- c:\documents and settings\Kjetil\Programdata\Soldat 2008-12-13 19:05 . 2008-12-13 19:05 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-13 17:40 . 2008-12-13 17:40 d-------- c:\programfiler\FreeUndelete 2008-12-13 17:40 . 2008-12-13 17:41 562,044,991 --a------ C:\bf2_patch_1.41..exe 2008-12-03 20:07 . 2008-12-14 15:13 d-------- c:\programfiler\Incomplete 2008-11-23 19:10 . 2008-11-23 19:46 d-------- c:\programfiler\SCAR 3.13 2008-11-18 21:30 . 2008-11-18 21:30 d-------- c:\programfiler\GameSpy 2008-11-18 21:06 . 2008-12-15 23:05 d-------- c:\programfiler\Electronic Arts 2008-11-18 20:22 . 2008-11-18 20:26 d-------- c:\programfiler\Windows Live . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-17 16:50 --------- d-----w c:\documents and settings\Kjetil\Programdata\Skype 2008-12-17 15:14 --------- d-----w c:\documents and settings\Kjetil\Programdata\skypePM 2008-12-15 22:05 11,706 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-12-15 21:03 --------- d-----w c:\documents and settings\Kjetil\Programdata\uTorrent 2008-12-14 14:12 --------- d-----w c:\programfiler\LimeWire 2008-12-13 18:05 --------- d-----w c:\programfiler\Java 2008-12-13 14:10 --------- d-----w c:\documents and settings\Kjetil\Programdata\Mount&Blade 2008-12-13 13:51 --------- d-----w c:\documents and settings\Kjetil\Programdata\dvdcss 2008-12-12 13:46 201,352 ----a-w c:\windows\system32\PnkBstrB.exe 2008-12-12 13:46 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-11 15:13 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-07 16:00 --------- d-----w c:\programfiler\Yahoo! 2008-12-07 15:59 --------- d-----w c:\documents and settings\All Users\Programdata\Yahoo! 2008-12-03 14:30 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-12-01 16:27 --------- d-----w c:\programfiler\uTorrent 2008-11-27 19:16 --------- d-----w c:\documents and settings\Kjetil\Programdata\SUPERAntiSpyware.com 2008-11-27 19:15 --------- d-----w c:\programfiler\SUPERAntiSpyware 2008-11-27 19:15 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-11-23 18:17 30 ----a-w c:\documents and settings\Kjetil\jagex_runescape_preferences.dat 2008-11-22 12:47 --------- d-----w c:\programfiler\Google 2008-11-18 20:17 669,184 ----a-w c:\windows\system32\pbsvc.exe 2008-11-18 20:17 22,328 ----a-w c:\documents and settings\Kjetil\Programdata\PnkBstrK.sys 2008-11-18 19:22 --------- d-----w c:\documents and settings\All Users\Programdata\WLInstaller 2008-11-16 18:27 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-16 18:26 --------- d-----w c:\documents and settings\Kjetil\Programdata\My Games 2008-11-15 03:56 --------- d-----w c:\programfiler\AssaultCube 2008-11-14 20:10 --------- d-----w c:\programfiler\Activision 2008-11-12 18:04 --------- d-----w c:\programfiler\MSXML 4.0 2008-11-10 20:34 --------- d-----w c:\programfiler\Microsoft DirectX SDK (November 2008) 2008-11-10 20:32 119,120 ----a-w c:\windows\dxsdkuninst.exe 2008-11-10 16:56 --------- d-----w c:\documents and settings\Kjetil\Programdata\Audacity 2008-11-10 16:41 --------- d-----w c:\programfiler\Audacity 1.3 Beta (Unicode) 2008-11-10 16:06 --------- d-----w c:\programfiler\SystemRequirementsLab 2008-11-05 19:28 --------- d-----w c:\programfiler\Netdevil 2008-10-27 17:39 360,784 ----a-w c:\windows\system32\XactEngineA3_3.dll 2008-10-27 17:39 359,760 ----a-w c:\windows\system32\dinput8d.dll 2008-10-27 17:39 349,520 ----a-w c:\windows\system32\d3dref9.dll 2008-10-27 17:39 286,032 ----a-w c:\windows\system32\XactEngineD3_3.dll 2008-10-27 17:39 123,216 ----a-w c:\windows\system32\XAPOFXD1_2.dll 2008-10-27 17:38 47,440 ----a-w c:\windows\system32\X3DAudioD1_5.dll 2008-10-27 17:37 906,576 ----a-w c:\windows\system32\xaudioD2_3.dll 2008-10-27 17:37 4,499,280 ----a-w c:\windows\system32\D3dx9d_40.dll 2008-10-27 17:37 3,796,816 ----a-w c:\windows\system32\d3dx9d_33.dll 2008-10-27 17:37 3,084,624 ----a-w c:\windows\system32\d3d9d.dll 2008-10-27 17:36 496,464 ----a-w c:\windows\system32\D3DX10d_40.dll 2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll 2008-10-24 22:31 --------- d-----w c:\programfiler\Phun 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-20 08:17 --------- d-----w c:\documents and settings\Kjetil\Programdata\Xfire 2008-10-20 08:16 --------- d-----w c:\programfiler\Xfire 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll 2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll 2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll 2008-10-09 21:30 170 ----a-w c:\programfiler\1bomb.ini 2008-10-09 00:47 42,320 ----a-w c:\windows\system32\xfcodec.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-03-13 17:26 1,784,320 ----a-w c:\documents and settings\Kjetil\autorun.dat 2008-03-07 13:35 21,060 ----a-w c:\documents and settings\Kjetil\config.dat 2008-01-28 09:54 397,312 ----a-r c:\documents and settings\Kjetil\AutoRun.exe 2007-05-14 20:31 135,168 ----a-w c:\programfiler\mozilla firefox\components\GoogleDesktopMozilla.dll 2008-05-06 22:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008050720080508\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-11-16_20.17.09.92 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-12 23:43:38 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll + 2008-11-23 17:03:27 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll - 2008-11-12 23:43:38 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2008-11-23 17:03:27 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll - 2008-08-07 06:15:37 9,662 ----a-r c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe + 2008-11-18 20:17:01 9,662 ----a-r c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe - 2008-08-07 06:15:37 10,134 ----a-r c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe + 2008-11-18 20:17:01 10,134 ----a-r c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe - 2008-08-07 06:15:37 10,134 ----a-r c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe + 2008-11-18 20:17:01 10,134 ----a-r c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe + 2008-11-18 19:25:12 86,746 ----a-r c:\windows\Installer\{29CB1674-DE1D-4D39-A871-FA0194FC58E9}\wlmail.exe + 2008-11-18 20:30:51 57,344 ----a-r c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\ARPPRODUCTICON.exe + 2008-11-18 20:30:51 57,344 ----a-r c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\Comrade.exe_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe + 2008-11-18 20:30:51 57,344 ----a-r c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\NewShortcut7_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe + 2008-11-18 20:30:51 57,344 ----a-r c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\NewShortcut8_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe + 2008-11-18 20:30:51 8,854 ----a-r c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\UNINST_Uninstall_Com_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe - 2008-11-12 18:08:22 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-12-11 15:13:23 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-11-12 18:08:22 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-12-11 15:13:23 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-11-12 18:08:22 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-12-11 15:13:23 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-11-12 18:08:22 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-12-11 15:13:23 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-11-12 18:08:22 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-12-11 15:13:23 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-11-12 18:08:22 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-12-11 15:13:24 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-11-12 18:08:22 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-12-11 15:13:24 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-11-12 18:08:22 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-12-11 15:13:23 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-11-12 18:08:22 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-12-11 15:13:23 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-11-12 18:08:22 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-12-11 15:13:23 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-11-12 18:08:22 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-12-11 15:13:24 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-11-12 18:08:22 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-12-11 15:13:23 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-07-22 16:40:02 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-11-27 19:16:50 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe - 2008-07-22 16:40:02 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2008-11-27 19:16:50 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2008-07-23 08:50:23 29,926 ----a-r c:\windows\Installer\{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}\MsblIco.Exe + 2008-11-18 19:26:47 29,926 ----a-r c:\windows\Installer\{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}\MsblIco.Exe - 2008-06-24 18:22:43 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ARPPRODUCTICON.exe + 2008-12-15 22:05:57 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ARPPRODUCTICON.exe - 2008-06-24 18:22:43 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_desktop_shortcut_F557710133CC471182353A95BCD49DB0.exe + 2008-12-15 22:05:57 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_desktop_shortcut_F557710133CC471182353A95BCD49DB0.exe - 2008-06-24 18:22:43 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_startmenu_shortc_F557710133CC471182353A95BCD49DB0.exe + 2008-12-15 22:05:57 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_startmenu_shortc_F557710133CC471182353A95BCD49DB0.exe - 2008-07-18 20:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-23 12:43:42 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll - 2006-10-18 19:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe - 2008-04-14 07:22:30 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll + 2008-10-03 10:04:49 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll - 2006-10-18 20:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll + 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2006-10-18 20:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll - 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2008-07-18 20:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2008-07-18 20:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2008-07-18 20:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2008-07-18 20:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll - 2008-07-18 20:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll - 2008-10-16 06:22:30 279,744 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-11-18 20:42:18 278,152 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe + 2008-12-13 18:05:29 144,792 ----a-w c:\windows\system32\java.exe - 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe + 2008-12-13 18:05:29 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe + 2008-12-13 18:05:29 148,888 ----a-w c:\windows\system32\javaws.exe - 2006-10-18 19:03:58 100,864 ----a-w c:\windows\system32\logagent.exe + 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe - 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe + 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe + 2007-10-18 10:31:46 51,224 ----a-w c:\windows\system32\sirenacm.dll + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll - 2008-07-11 12:42:28 62,976 ------w c:\windows\system32\tzchange.exe + 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe - 2006-10-18 20:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll + 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll - 2006-10-18 20:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll + 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll + 2008-12-17 15:14:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_238.dat + 2006-06-05 13:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2006-06-05 13:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 13:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-13 136600] "APDiskAgent"="c:\programfiler\AirPort\APDiskAgent.exe" [2007-01-15 409600] "WT GameChannel"="c:\programfiler\WildTangent\Apps\GameChannel.exe" [2003-10-09 184784] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 c:\windows\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2008-08-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Skype.lnk - c:\windows\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico [2008-11-08 94334] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-15 21:56 352256 g:\virus\SAS\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "aux1"= ctwdm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Xfire\\xfire.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Programfiler\\Foolish Entertainment\\ATC for Battlefield 2\\atcbf2.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"= "c:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\AssaultCube\\bin_win32\\ac_server.exe"= "c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\Documents and Settings\\Kjetil\\Skrivebord\\uTorrent.exe"= "c:\\Soldat\\Soldat.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= "c:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:UDP"= 5353:UDP:Bonjour R1 SASDIFSV;SASDIFSV;\??\g:\virus\SAS\SASDIFSV.SYS [2008-11-27 8944] R2 Ndiskio;Ndiskio;\??\c:\program files\Norman\Nse\bin\NDISKIO.SYS [2007-01-14 20448] R2 WinDefend;Windows Defender;"c:\programfiler\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R3 nsesvc;Norman Scanner Engine Service;"c:\program files\Norman\nse\bin\NSESVC.EXE" -daemon [2008-11-05 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-05-02 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\program files\Norman\Nvc\bin\nvcoas.exe" [2008-08-08 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 146488] S1 SASKUTIL;SASKUTIL;\??\g:\gunilla 2k\SAS\SASKUTIL.sys [] S3 ALSysIO;ALSysIO;\??\c:\docume~1\Kjetil\LOKALE~1\Temp\ALSysIO.sys [] S3 nvcfsr;nvcfsr;\??\c:\program files\Norman\Nvc\bin\nvcfsr.sys [2007-01-14 6712] S3 nvcoafl51;nvcoafl51;\??\c:\program files\Norman\Nvc\bin\nvcoafl51.sys [2007-01-14 30264] S3 nvcoaft51;nvcoaft51;\??\c:\program files\Norman\Nvc\bin\nvcoaft51.sys [2007-01-14 129848] S3 nvcoarc51;nvcoarc51;\??\c:\program files\Norman\Nvc\bin\nvcoarc51.sys [2007-01-14 23224] S3 SASENUM;SASENUM;\??\c:\programfiler\Gunilla\SASENUM.SYS [] S3 SetupNTGLM7X;SetupNTGLM7X;\??\K:\NTGLM7X.sys [] S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2007-06-27 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2007-06-28 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2007-06-28 97056] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75488b04-d274-11dc-9ada-0013d407e840}] \Shell\AutoRun\command - If Found,html . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2008-12-17 c:\windows\Tasks\MP Scheduled Scan.job - c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-SUPERAntiSpyware - c:\programfiler\Gunilla\SUPERAntiSpyware.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\programfiler\Gunilla\SASSEH.DLL MSConfigStartUp-SUPERAntiSpyware - c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe . ------- Tilleggsskanning ------- . IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\documents and settings\Kjetil\Programdata\Mozilla\Firefox\Profiles\cjza9vbm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.sol.no/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - plugin: c:\programfiler\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-17 20:46:45 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1100) g:\virus\SAS\SASWINLO.DLL . Tidspunkt ferdig: 2008-12-17 20:47:54 ComboFix-quarantined-files.txt 2008-12-17 19:47:51 ComboFix2.txt 2008-07-22 19:59:08 Pre-Run: 23 242 072 064 byte ledig Post-Run: 25,114,914,816 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 351 --- E O F --- 2008-12-12 23:30:27