ComboFix 08-12-29.02 - Frode 2008-12-30 20:45:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2038.1340 [GMT 1:00] Kjører fra: c:\documents and settings\Frode\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\Acer\Bio-Protection fingerprint solution\PwdFilter.dll c:\windows\system32\biologon.dll c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-28 til 2008-12-30 ))))))))))))))))))))))))))))))))) . 2008-12-30 20:19 . 2008-12-30 20:19 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-30 20:19 . 2008-12-30 20:19 d-------- c:\documents and settings\Frode\Programdata\Malwarebytes 2008-12-30 20:19 . 2008-12-30 20:19 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-30 20:19 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-30 20:19 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-29 22:20 . 2008-12-30 14:40 d-------- c:\programfiler\Fighters 2008-12-29 22:20 . 2008-12-29 22:20 d-------- c:\documents and settings\All Users\Programdata\Fighters 2008-12-24 16:57 . 2008-12-24 17:00 d-------- c:\documents and settings\Frode\Programdata\RegTool 2008-12-23 17:02 . 2008-12-30 20:23 d-------- C:\$AVG8.VAULT$ 2008-12-18 20:48 . 2008-12-18 20:48 136,054,152 --a------ c:\windows\system32\xa199874203.exe 2008-12-18 20:48 . 2008-12-18 20:48 136,054,152 --a------ c:\windows\system32\xa199864281.exe 2008-12-16 13:18 . 2008-12-16 13:18 d-------- c:\documents and settings\Frode\Programdata\dvdcss 2008-12-16 00:36 . 2008-12-16 00:36 d-------- c:\documents and settings\Frode\Programdata\Apple Computer 2008-12-16 00:35 . 2008-12-16 00:35 d-------- c:\programfiler\iTunes 2008-12-16 00:35 . 2008-12-16 00:35 d-------- c:\programfiler\iPod 2008-12-16 00:35 . 2008-12-16 00:35 d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-16 00:35 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2008-12-16 00:35 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2008-12-16 00:34 . 2008-12-16 00:34 d-------- c:\programfiler\QuickTime 2008-12-16 00:34 . 2008-12-16 00:34 d-------- c:\programfiler\Bonjour 2008-12-16 00:34 . 2008-12-16 00:34 d-------- c:\documents and settings\All Users\Programdata\Apple Computer 2008-12-16 00:33 . 2008-12-16 00:35 d-------- c:\programfiler\Fellesfiler\Apple 2008-12-16 00:33 . 2008-12-16 00:33 d-------- c:\programfiler\Apple Software Update 2008-12-16 00:33 . 2008-12-16 00:33 d-------- c:\documents and settings\All Users\Programdata\Apple 2008-12-10 17:56 . 2008-12-10 17:56 d-------- c:\windows\Sun 2008-12-10 17:26 . 2008-12-10 17:26 d-------- c:\programfiler\uTorrent 2008-12-10 17:26 . 2008-12-28 21:06 d-------- c:\documents and settings\Frode\Programdata\uTorrent 2008-12-10 17:12 . 2008-12-10 17:12 d-------- c:\documents and settings\Frode\Programdata\vlc 2008-12-10 17:00 . 2008-12-10 17:00 d-------- c:\programfiler\VideoLAN 2008-12-10 15:07 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll 2008-12-10 15:06 . 2008-12-10 17:26 dr------- c:\documents and settings\Frode\Start-meny 2008-12-10 15:06 . 2007-01-29 14:28 d--h----- c:\documents and settings\Frode\Skrivere 2008-12-10 15:06 . 2008-12-30 20:27 d-------- c:\documents and settings\Frode\Skrivebord 2008-12-10 15:06 . 2008-12-30 20:31 dr-h----- c:\documents and settings\Frode\Siste 2008-12-10 15:06 . 2008-12-30 20:19 dr-h----- c:\documents and settings\Frode\Programdata 2008-12-10 15:06 . 2008-12-23 17:57 dr------- c:\documents and settings\Frode\Mine dokumenter 2008-12-10 15:06 . 2007-01-29 14:33 d--h----- c:\documents and settings\Frode\Maler 2008-12-10 15:06 . 2007-01-29 14:28 d--h----- c:\documents and settings\Frode\Lokale innstillinger 2008-12-10 15:06 . 2008-12-10 17:28 dr------- c:\documents and settings\Frode\Favoritter 2008-12-10 15:06 . 2007-01-29 14:28 d--h----- c:\documents and settings\Frode\AndrMask 2008-12-10 15:06 . 2008-12-30 10:33 d-------- c:\documents and settings\Frode 2008-12-10 15:04 . 2008-12-30 16:32 d-------- c:\windows\system32\drivers\Avg 2008-12-10 15:04 . 2008-12-10 15:04 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-12-10 15:04 . 2008-12-10 15:04 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-12-10 15:04 . 2008-12-10 15:04 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys 2008-12-10 15:04 . 2008-12-10 15:04 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-12-10 15:03 . 2008-12-10 15:03 d-------- c:\programfiler\AVG 2008-12-10 15:03 . 2008-12-10 15:03 d-------- c:\documents and settings\All Users\Programdata\avg8 2008-12-10 15:03 . 2008-12-10 15:03 50,968 --a------ c:\windows\system32\avgfwdx.dll 2008-12-10 15:03 . 2008-12-10 15:03 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys 2008-12-10 15:02 . 2008-12-10 15:02 d-------- C:\AvgAgentFiles 2008-12-10 11:10 . 2008-11-03 09:47 1,498,560 --a------ c:\windows\system32\igkrng400.bin 2008-12-10 11:10 . 2008-11-03 09:59 147,456 --a------ c:\windows\system32\igfxCoIn_v5009.dll 2008-12-10 10:55 . 2008-12-10 10:55 d-------- c:\programfiler\WinPCap 2008-12-10 10:54 . 2008-12-10 10:54 d-------- c:\windows\system32\config\systemprofile\Programdata\Intel 2008-12-10 10:54 . 2008-12-10 10:54 d-------- c:\documents and settings\All Users\Programdata\Intel 2008-12-10 10:54 . 2007-07-20 14:29 888,832 --a------ c:\windows\system32\WirelessMgr.dll 2008-12-10 10:54 . 2008-12-10 10:54 319,488 --a------ c:\windows\system32\AegisI5Installer.exe 2008-12-10 10:54 . 2007-07-20 14:30 65,536 --a------ c:\windows\system32\acerGina.dll 2008-12-10 10:54 . 2008-12-10 10:54 21,425 --a------ c:\windows\system32\drivers\AegisP.sys 2008-12-10 08:23 . 2007-07-31 10:43 14,544 --a------ c:\windows\system32\drivers\TVicPort.sys 2008-12-10 08:23 . 2007-07-31 10:43 8,704 --a------ c:\windows\system32\drivers\TVicPort64.sys 2008-12-10 08:23 . 2007-07-31 10:43 8,704 --a------ c:\windows\system32\drivers\int15_64.sys 2008-12-10 08:23 . 2007-07-31 10:43 6,144 --a------ c:\windows\system32\drivers\zntport64.sys 2008-12-10 08:23 . 2007-07-31 10:43 6,080 --a------ c:\windows\system32\drivers\zntport.sys 2008-12-10 08:21 . 2008-12-10 08:21 d-------- C:\Acer 2008-12-10 08:21 . 2006-02-22 11:19 1,047,552 --a------ c:\windows\system32\mfc71u.dll 2008-12-10 08:21 . 2007-07-12 09:30 618,496 --a------ c:\windows\system32\Acer.Empowering.Windows.Forms.dll 2008-12-10 08:21 . 2006-06-13 14:42 602,112 --a------ c:\windows\system32\Acer.Empowering.Windows.Forms_v820.dll 2008-12-10 08:21 . 2006-05-25 18:18 331,776 --a------ c:\windows\system32\ScrollBarLib.dll 2008-12-10 08:21 . 2005-04-07 18:08 78,208 --a------ c:\windows\system32\drivers\epm-shd.sys 2008-12-10 08:21 . 2006-02-22 11:19 69,632 --a------ c:\windows\system32\eRecUtil.dll 2008-12-10 08:21 . 2007-03-06 14:58 57,344 --a------ c:\windows\system32\acpimof.dll 2008-12-10 08:21 . 2007-07-12 09:30 53,248 --a------ c:\windows\system32\Interop.Shell32.dll 2008-12-10 08:21 . 2006-04-18 19:54 49,152 --a------ c:\windows\system32\SysMonitor.exe 2008-12-10 08:21 . 2006-02-16 15:39 45,056 --a------ c:\windows\system32\Epm-Po.dll 2008-12-10 08:21 . 2004-07-19 13:10 4,096 --a------ c:\windows\system32\drivers\epm-psd.sys 2008-12-10 08:17 . 2008-12-10 08:17 d-------- c:\programfiler\Telenor 2008-12-10 08:17 . 2008-12-10 08:17 d-------- c:\programfiler\Fellesfiler\GtFlashSwitch 2008-12-10 08:10 . 2008-12-10 08:10 d-------- c:\programfiler\java 2008-12-10 08:10 . 2008-12-10 08:10 d-------- c:\programfiler\Fellesfiler\Java 2008-12-10 08:10 . 2008-12-10 08:10 69,632 --a------ c:\windows\system32\javacpl.cpl 2008-12-10 08:09 . 2008-12-10 08:10 d-------- c:\programfiler\Buypass 2008-12-10 08:08 . 2008-12-10 08:08 d-------- c:\programfiler\Citrix 2008-12-10 07:02 . 2008-12-10 07:02 d-------- c:\programfiler\MSECache 2008-12-10 06:36 . 2008-12-10 06:36 91 --a------ c:\windows\GridV.UNI 2008-12-10 06:35 . 2008-12-10 06:35 d-------- c:\programfiler\Acer Inc 2008-12-10 06:27 . 2008-12-10 06:27 d-------- c:\programfiler\Acer 2008-12-10 06:27 . 2008-12-10 06:27 709,120 --a------ c:\windows\system32\DemoAPI.dll 2008-12-10 06:27 . 2008-12-10 06:27 114,688 --a------ c:\windows\system32\VMC3KAPI.dll 2008-12-10 06:27 . 2008-12-10 06:27 114,688 --a------ c:\windows\system32\VCryptAPI.dll 2008-12-10 06:27 . 2008-12-10 06:27 19,456 --a------ c:\windows\system32\ShlCmd.exe 2008-12-10 06:26 . 2008-12-10 06:26 d-------- c:\programfiler\Fellesfiler\SPBA 2008-12-10 06:26 . 2008-12-10 06:26 d-------- c:\documents and settings\All Users\Programdata\UIB 2008-12-09 10:06 . 2008-10-24 12:21 455,296 --a--c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-12-09 10:05 . 2008-09-04 18:17 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll 2008-12-09 10:05 . 2008-10-15 17:38 337,408 --a--c--- c:\windows\system32\dllcache\netapi32.dll 2008-12-09 10:04 . 2008-08-14 14:27 2,190,976 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-12-09 10:04 . 2008-08-14 14:27 2,147,328 --a--c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-12-09 10:04 . 2008-08-14 14:27 2,067,840 --a--c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-12-09 10:04 . 2008-08-14 14:27 2,025,984 --a--c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-12-09 10:04 . 2008-09-15 16:29 1,846,400 --a--c--- c:\windows\system32\dllcache\win32k.sys 2008-12-09 10:04 . 2008-09-08 11:41 333,824 --a--c--- c:\windows\system32\dllcache\srv.sys 2008-12-09 10:04 . 2008-08-14 11:04 138,496 --a--c--- c:\windows\system32\dllcache\afd.sys 2008-12-09 10:01 . 2008-05-01 15:38 331,776 --a--c--- c:\windows\system32\dllcache\msadce.dll 2008-12-09 10:00 . 2008-04-11 20:06 691,712 --a--c--- c:\windows\system32\dllcache\inetcomm.dll 2008-12-09 09:59 . 2008-06-14 18:36 272,256 --a--c--- c:\windows\system32\dllcache\bthport.sys 2008-12-09 09:59 . 2008-05-08 15:02 203,136 --a--c--- c:\windows\system32\dllcache\rmcast.sys 2008-12-09 09:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2008-12-09 09:49 . 2008-12-09 09:49 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2008-12-09 09:49 . 2008-12-09 09:49 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2008-12-09 09:46 . 2008-12-09 09:46 d-------- c:\documents and settings\eisan\Programdata\InstallShield 2008-12-09 09:45 . 2008-12-09 09:45 d-------- c:\programfiler\Synaptics 2008-12-09 09:45 . 2007-03-23 12:21 202,912 --a------ c:\windows\system32\drivers\SynTP.sys 2008-12-09 09:45 . 2007-03-23 12:27 196,608 --a------ c:\windows\system32\SynCtrl.dll 2008-12-09 09:45 . 2007-03-23 12:26 163,840 --a------ c:\windows\system32\SynCOM.dll 2008-12-09 09:45 . 2007-03-23 12:35 143,360 --a------ c:\windows\system32\SynTPAPI.dll 2008-12-09 09:45 . 2007-03-23 13:21 110,592 --a------ c:\windows\system32\SynTPCo4.dll 2008-12-09 09:44 . 2008-12-09 09:44 d-------- c:\windows\system32\RTCOM 2008-12-09 09:44 . 2008-12-09 09:44 d-------- c:\programfiler\Realtek 2008-12-09 09:44 . 2007-07-31 17:29 16,380,416 --a------ c:\windows\RTHDCPL.exe 2008-12-09 09:44 . 2007-07-31 17:29 9,715,200 --a------ c:\windows\RTLCPL.exe 2008-12-09 09:44 . 2007-07-31 17:29 4,449,280 --a------ c:\windows\system32\drivers\RtkHDAud.sys 2008-12-09 09:44 . 2007-07-31 17:29 2,808,832 --a------ c:\windows\alcwzrd.exe 2008-12-09 09:44 . 2007-07-31 17:29 2,165,760 --a------ c:\windows\MicCal.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 09:54 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-10 09:54 --------- d-----w c:\programfiler\Intel 2008-11-03 08:46 6,273,504 ----a-w c:\windows\system32\drivers\igxpmp32.sys 2007-06-21 17:38 30,280 ----a-w c:\programfiler\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 17:38 79,432 ----a-w c:\programfiler\mozilla firefox\plugins\CgpCore.dll 2007-06-21 17:38 71,240 ----a-w c:\programfiler\mozilla firefox\plugins\confmgr.dll 2007-06-21 17:38 140,872 ----a-w c:\programfiler\mozilla firefox\plugins\ctxmui.dll 2007-06-21 17:39 38,472 ----a-w c:\programfiler\mozilla firefox\plugins\icafile.dll 2007-06-21 17:39 46,664 ----a-w c:\programfiler\mozilla firefox\plugins\icalogon.dll 2007-06-21 17:39 34,376 ----a-w c:\programfiler\mozilla firefox\plugins\logging.dll 2007-06-21 17:39 685,640 ----a-w c:\programfiler\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 17:40 30,280 ----a-w c:\programfiler\mozilla firefox\plugins\TcpPServ.dll 2008-12-29 21:00 67,688 ----a-w c:\programfiler\mozilla firefox\components\jar50.dll 2008-12-29 21:00 54,368 ----a-w c:\programfiler\mozilla firefox\components\jsd3250.dll 2008-12-29 21:00 34,944 ----a-w c:\programfiler\mozilla firefox\components\myspell.dll 2008-12-29 21:00 46,712 ----a-w c:\programfiler\mozilla firefox\components\spellchk.dll 2008-12-29 21:00 172,136 ----a-w c:\programfiler\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2007-07-31 53248] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 851968] "ZPdtWzdVitaKey MC3000"="c:\programfiler\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2008-12-10 3809792] "SunJavaUpdateSched"="c:\programfiler\java\jre1.6.0\bin\jusched.exe" [2008-12-10 77824] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136] "Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-13 1261336] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "RTHDCPL"="RTHDCPL.EXE" [2007-07-31 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-12-10 45056] Adobe Reader Synchronizer.lnk - c:\programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2008-12-10 06:27 2801152 c:\programfiler\Acer\Bio-Protection fingerprint solution\WinNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba] 2007-05-03 12:40 331264 c:\programfiler\Fellesfiler\SPBA\homefus2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"=c:\windows\system32\klomp.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgam.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-10 12936] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-10 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-10 90632] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-10 874776] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-10 231704] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-12-10 1212184] R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2008-12-10 4096] R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2008-12-10 78208] R2 GtFlashSwitch;GtFlashSwitch;c:\programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128] R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-10 29208] S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-12-10 29208] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e940d22-c911-11dd-8625-0013e8cfcf93}] \Shell\AutoRun\command - E:\WDSetup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-12-24 c:\windows\Tasks\RegTool Scan.job - c:\programfiler\RegTool\RegTool.exe [] 2008-12-24 c:\windows\Tasks\RegTool Scan.job - c:\programfiler\RegTool [] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: *.buypass.no Trusted Zone: *.headit.no Trusted Zone: *.norsk-tipping.no FF - ProfilePath - c:\documents and settings\Frode\Programdata\Mozilla\Firefox\Profiles\963zaew7.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-30 20:58:00 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1364) c:\programfiler\Acer\Bio-Protection fingerprint solution\WinNotify.dll c:\programfiler\Acer\Bio-Protection fingerprint solution\CustomRes.dll c:\programfiler\Fellesfiler\SPBA\vtapip.dll c:\programfiler\Fellesfiler\SPBA\infra.dll c:\programfiler\Fellesfiler\SPBA\homefus2.dll c:\programfiler\Fellesfiler\SPBA\homepass.dll c:\programfiler\Fellesfiler\SPBA\bio.dll c:\programfiler\Fellesfiler\SPBA\remote.dll c:\programfiler\Fellesfiler\SPBA\vtapipql.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\agrsmsvc.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Intel\Wireless\Bin\EvtEng.exe c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe c:\progra~1\AVG\AVG8\avgam.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\igfxsrvc.exe c:\docume~1\Frode\LOKALE~1\Temp\RtkBtMnt.exe c:\programfiler\iPod\bin\iPodService.exe c:\programfiler\Acer\Bio-Protection fingerprint solution\FPLaunch.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Tidspunkt ferdig: 2008-12-30 21:00:00 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2008-12-30 19:59:57 Pre-Run: 89 754 861 568 byte ledig Post-Run: 90,404,470,784 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 304