ComboFix 08-12-29.02 - Fiskeridirektoratet 2009-01-01 10:17:23.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.766.457 [GMT 1:00] Kjører fra: c:\documents and settings\Fiskeridirektoratet\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Fiskeridirektoratet\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt [COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\dwvgpilc . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FLWFWHUS -------\Service_FLWFWHUS ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-01 til 2009-01-01 ))))))))))))))))))))))))))))))))) . 2008-12-30 21:06 . 2008-12-30 21:06 d-------- c:\programfiler\Trend Micro 2008-12-30 20:19 . 2008-12-30 20:19 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-30 20:19 . 2008-12-30 20:19 d-------- c:\documents and settings\Fiskeridirektoratet\Programdata\Malwarebytes 2008-12-30 20:19 . 2008-12-30 20:19 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-30 20:19 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2008-12-30 20:19 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2008-12-20 19:09 . 2008-12-20 19:08 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll 2008-12-18 19:18 . 2008-12-18 19:18 136,054,152 --a------ c:\windows\SYSTEM32\xa4693579.exe 2008-12-18 19:17 . 2008-12-18 19:18 136,054,152 --a------ c:\windows\SYSTEM32\xa4636657.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-20 18:08 --------- d-----w c:\programfiler\Java 2008-12-18 22:52 --------- d-----w c:\documents and settings\Fiskeridirektoratet\Programdata\uTorrent 2008-11-29 10:37 --------- d-----w c:\programfiler\iTunes 2008-11-29 10:37 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-29 10:36 --------- d-----w c:\programfiler\iPod 2008-11-29 10:35 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-11-29 10:32 --------- d-----w c:\programfiler\QuickTime 2008-11-29 10:20 --------- d-----w c:\programfiler\Bonjour 2008-11-24 02:06 43,872 ------w c:\windows\system32\drivers\pxhelp20.sys 2008-11-16 20:32 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-16 20:30 --------- d-----w c:\programfiler\Google 2008-11-16 20:29 --------- d-----w c:\programfiler\Nokia 2008-11-16 20:29 --------- d-----w c:\documents and settings\All Users\Programdata\Downloaded Installations 2008-08-20 10:14 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008082020080821\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-30_23.50.29,07 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2009-01-01 09:26:07 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_560.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856] "updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OSCD_Creator"="c:\dell\PreODM.EXE" [2004-10-31 408576] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-20 136600] "DadApp"="c:\programfiler\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576] "DVDLauncher"="c:\programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "DMXLauncher"="c:\programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] "HP Component Manager"="c:\programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "Picasa Media Detector"="c:\programfiler\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-22 185896] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "OSCD_Creator"="c:\dell\PreODM.EXE" [2004-10-31 408576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Digital Line Detect.lnk - c:\programfiler\Digital Line Detect\DLG.exe [2005-04-16 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "SENTINEL"= snti386.dll "vidc.xvid"= xvid.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-24 97928] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-24 231704] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2007-12-12 30464] S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\DRIVERS\zd1211u.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed80bd93-6ab0-11dd-bb9d-0011437224f3}] \Shell\AutoRun\command - WD_Windows_Tools\setup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-29 c:\windows\Tasks\At1.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-31 c:\windows\Tasks\At10.job - c:\windows\system32\8xqKeA2y.exe [] 2009-01-01 c:\windows\Tasks\At11.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-24 c:\windows\Tasks\At12.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At13.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-24 c:\windows\Tasks\At14.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-31 c:\windows\Tasks\At15.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-20 c:\windows\Tasks\At16.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-31 c:\windows\Tasks\At17.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At18.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At19.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-25 c:\windows\Tasks\At2.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-22 c:\windows\Tasks\At20.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At21.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At22.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At23.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-29 c:\windows\Tasks\At24.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-29 c:\windows\Tasks\At25.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-25 c:\windows\Tasks\At26.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-13 c:\windows\Tasks\At27.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At28.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At29.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-13 c:\windows\Tasks\At3.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At30.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At31.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-21 c:\windows\Tasks\At32.job - c:\windows\system32\8xqKeA2y.exe [] 2008-11-08 c:\windows\Tasks\At33.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-31 c:\windows\Tasks\At34.job - c:\windows\system32\8xqKeA2y.exe [] 2009-01-01 c:\windows\Tasks\At35.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-24 c:\windows\Tasks\At36.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At37.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-24 c:\windows\Tasks\At38.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-31 c:\windows\Tasks\At39.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At4.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-20 c:\windows\Tasks\At40.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-31 c:\windows\Tasks\At41.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At42.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-23 c:\windows\Tasks\At43.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-22 c:\windows\Tasks\At44.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At45.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At46.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-30 c:\windows\Tasks\At47.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-29 c:\windows\Tasks\At48.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At5.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At6.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At7.job - c:\windows\system32\8xqKeA2y.exe [] 2008-10-20 c:\windows\Tasks\At8.job - c:\windows\system32\8xqKeA2y.exe [] 2008-11-08 c:\windows\Tasks\At9.job - c:\windows\system32\8xqKeA2y.exe [] 2008-12-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: www.postfoto.no c:\windows\Downloaded Program Files\fronter_oes2.exe - c:\windows\Downloaded Program Files\fronter_oes2.dll O16 -: {358DFA15-D48C-4296-8D16-7405F918333B} hxxps://fronter.com/florags/links/fronter_oes2.cab c:\windows\Downloaded Program Files\fronter_oes2.inf FF - ProfilePath - c:\documents and settings\Fiskeridirektoratet\Programdata\Mozilla\Firefox\Profiles\ldhl0m5k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\programfiler\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll [color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color] c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-01 10:26:50 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce OSCD_Creator = c:\dell\PreODM.EXE /2?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\windows\SYSTEM32\Crypserv.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\SYSTEM32\wscntfy.exe c:\windows\SYSTEM32\WBEM\wmiapsrv.exe c:\windows\SYSTEM32\igfxsrvc.exe c:\programfiler\iPod\bin\iPodService.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\programfiler\AVG\AVG8\avgrsx.exe . ************************************************************************** . Tidspunkt ferdig: 2009-01-01 10:34:47 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-01-01 09:34:04 ComboFix2.txt 2008-12-30 22:52:54 ComboFix3.txt 2008-12-30 19:51:31 Pre-Run: 3 894 845 440 byte ledig Post-Run: 3,752,615,936 byte ledig 274 --- E O F --- 2008-12-17 22:39:35