ComboFix 08-12-29.02 - Fiskeridirektoratet 2008-12-30 23:45:38.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.766.401 [GMT 1:00] Kjører fra: c:\documents and settings\Fiskeridirektoratet\Skrivebord\ComboFix.exe Command switches brukt :: e:\logg 15\CFScript.txt..txt * Opprettet nytt gjenopprettingspunkt [COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR] . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-28 til 2008-12-30 ))))))))))))))))))))))))))))))))) . 2008-12-30 21:06 . 2008-12-30 21:06 d-------- c:\programfiler\Trend Micro 2008-12-30 20:19 . 2008-12-30 20:19 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-30 20:19 . 2008-12-30 20:19 d-------- c:\documents and settings\Fiskeridirektoratet\Programdata\Malwarebytes 2008-12-30 20:19 . 2008-12-30 20:19 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-30 20:19 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2008-12-30 20:19 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2008-12-20 19:09 . 2008-12-20 19:08 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll 2008-12-18 19:18 . 2008-12-18 19:18 136,054,152 --a------ c:\windows\SYSTEM32\xa4693579.exe 2008-12-18 19:17 . 2008-12-18 19:18 136,054,152 --a------ c:\windows\SYSTEM32\xa4636657.exe 2008-11-29 11:36 . 2008-11-29 11:36 d-------- c:\programfiler\iPod 2008-11-29 11:35 . 2008-11-29 11:37 d-------- c:\programfiler\iTunes 2008-11-29 11:35 . 2008-11-29 11:37 d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-29 11:31 . 2008-11-29 11:32 d-------- c:\programfiler\QuickTime 2008-11-29 11:20 . 2008-11-29 11:20 d-------- c:\programfiler\Bonjour 2008-11-12 19:02 . 2008-10-24 12:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-11-12 19:01 . 2008-09-04 18:17 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll 2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\SYSTEM32\QuickTimeVR.qtx 2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\SYSTEM32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-30 18:56 --------- d-----w c:\documents and settings\All Users\Programdata\dwvgpilc 2008-12-20 18:08 --------- d-----w c:\programfiler\Java 2008-12-18 22:52 --------- d-----w c:\documents and settings\Fiskeridirektoratet\Programdata\uTorrent 2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-11-29 10:35 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-11-24 02:06 43,872 ------w c:\windows\system32\drivers\pxhelp20.sys 2008-11-24 02:06 120,568 ------w c:\windows\SYSTEM32\pxcpyi64.exe 2008-11-24 02:06 118,256 ------w c:\windows\SYSTEM32\pxinsi64.exe 2008-11-16 20:32 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-16 20:30 --------- d-----w c:\programfiler\Google 2008-11-16 20:29 --------- d-----w c:\programfiler\Nokia 2008-11-16 20:29 --------- d-----w c:\documents and settings\All Users\Programdata\Downloaded Installations 2008-10-23 12:43 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll 2008-10-23 12:43 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll 2008-10-16 13:15 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll 2008-10-15 16:38 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll 2008-10-03 10:04 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll 2008-09-15 15:29 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys 2008-09-15 15:29 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll 2008-09-10 01:16 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll 2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys 2008-09-04 17:17 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll 2008-08-20 10:14 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008082020080821\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856] "updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OSCD_Creator"="c:\dell\PreODM.EXE" [2004-10-31 408576] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-20 136600] "DadApp"="c:\programfiler\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576] "DVDLauncher"="c:\programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "DMXLauncher"="c:\programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] "HP Component Manager"="c:\programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "Picasa Media Detector"="c:\programfiler\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-22 185896] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Digital Line Detect.lnk - c:\programfiler\Digital Line Detect\DLG.exe [2005-04-16 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "SENTINEL"= snti386.dll "vidc.xvid"= xvid.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-24 97928] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-24 231704] S2 FLWFWHUS;FLWFWHUS;\??\c:\windows\system32\flwfwhus.xzn [] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2007-12-12 30464] S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed80bd93-6ab0-11dd-bb9d-0011437224f3}] \Shell\AutoRun\command - WD_Windows_Tools\setup.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-29 c:\windows\Tasks\At1.job - c:\windows\system32\8xqKeA2y.exe [] 2008-11-22 c:\windows\Tasks\At10.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-24 c:\windows\Tasks\At11.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-24 c:\windows\Tasks\At12.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At13.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-24 c:\windows\Tasks\At14.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-22 c:\windows\Tasks\At15.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-20 c:\windows\Tasks\At16.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-26 c:\windows\Tasks\At17.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At18.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At19.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-25 c:\windows\Tasks\At2.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-22 c:\windows\Tasks\At20.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At21.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At22.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At23.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-29 c:\windows\Tasks\At24.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-29 c:\windows\Tasks\At25.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-25 c:\windows\Tasks\At26.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-13 c:\windows\Tasks\At27.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At28.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At29.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-13 c:\windows\Tasks\At3.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At30.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At31.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At32.job - c:\windows\system32\8xqKeA2y.exe [] 2008-11-08 c:\windows\Tasks\At33.job - c:\windows\system32\8xqKeA2y.exe [] 2008-11-22 c:\windows\Tasks\At34.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-24 c:\windows\Tasks\At35.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-24 c:\windows\Tasks\At36.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At37.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-24 c:\windows\Tasks\At38.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-22 c:\windows\Tasks\At39.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At4.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-20 c:\windows\Tasks\At40.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-26 c:\windows\Tasks\At41.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At42.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At43.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-22 c:\windows\Tasks\At44.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At45.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At46.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At47.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-29 c:\windows\Tasks\At48.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At5.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At6.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At7.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At8.job - c:\windows\system32\8xqKeA2y.exe [] 2008-11-08 c:\windows\Tasks\At9.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: www.postfoto.no c:\windows\Downloaded Program Files\fronter_oes2.exe - c:\windows\Downloaded Program Files\fronter_oes2.dll O16 -: {358DFA15-D48C-4296-8D16-7405F918333B} hxxps://fronter.com/florags/links/fronter_oes2.cab c:\windows\Downloaded Program Files\fronter_oes2.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-30 23:49:35 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FLWFWHUS] "ImagePath"="\??\c:\windows\system32\flwfwhus.xzn" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(440) c:\windows\system32\avgrsstx.dll c:\windows\system32\igfxdev.dll - - - - - - - > 'lsass.exe'(504) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-30 23:52:50 ComboFix-quarantined-files.txt 2008-12-30 22:51:31 ComboFix2.txt 2008-12-30 19:51:31 Pre-Run: 3 960 311 808 byte ledig Post-Run: 3,942,555,648 byte ledig 281 --- E O F --- 2008-12-17 22:39:35