ComboFix 09-01-12.03 - Thomas 2009-01-13 16:13:33.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2047.1455 [GMT 1:00] Kjører fra: c:\documents and settings\Thomas\Skrivebord\spill\ComboFix.exe * Opprettet nytt gjenopprettingspunkt [COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Thomas\Lokale innstillinger\Temporary Internet Files\fbk.sts c:\documents and settings\Thomas\Programdata\ICROSO~1 c:\documents and settings\Thomas\Programdata\SKS~1 c:\programfiler\dns c:\programfiler\dns\affid.dat c:\programfiler\dns\uid.dat c:\programfiler\dns\urls.dat c:\programfiler\dns\version.txt c:\programfiler\dns\x.bmp c:\programfiler\Fellesfiler\{3081A~1 c:\programfiler\Fellesfiler\{3081A~1\Bar888.dll.lzma c:\programfiler\Fellesfiler\{A081A~1 c:\programfiler\Fellesfiler\uninstall information c:\programfiler\icroso~1 c:\programfiler\pppatc~1 c:\programfiler\windows c:\programfiler\winupdate c:\programfiler\winupdates c:\windows\smante~1 c:\windows\system32\bund1 c:\windows\system32\bund1\ClientBundle1.exe c:\windows\system32\bund1\temp.txt c:\windows\system32\gjjlm.bak1 c:\windows\system32\gjjlm.bak2 c:\windows\system32\gjjlm.tmp c:\windows\system32\guard.tmp c:\windows\system32\iltqtmtp.ini c:\windows\system32\kbwhomjm.ini2 c:\windows\system32\kbwhomjm.tmp c:\windows\system32\micro1 c:\windows\system32\nprmsqlp.ini c:\windows\system32\pthreadGC2.dll c:\windows\system32\sstem3~1 c:\windows\system32\stera.log c:\windows\system32\xuuuchkn.ini c:\windows\system32\yfvjgreb.ini c:\windows\wnsxs~1 C:\xcrashdump.dat ----- BITS: Mulige infiserte sider ----- hxxp://rapidshare.com . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CORE -------\Legacy_FOPN -------\Legacy_TDSSSERV -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-13 til 2009-01-13 ))))))))))))))))))))))))))))))))) . 2009-01-13 15:32 . 2009-01-13 15:32 d-------- c:\programfiler\Trend Micro 2009-01-10 21:37 . 2009-01-10 21:38 d-------- C:\32788R22FWJFW.0.tmp 2009-01-10 21:33 . 2009-01-10 21:33 d-------- C:\fsaua.data 2009-01-10 21:24 . 2009-01-10 21:24 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-10 20:14 . 2009-01-11 19:43 dr-h----- c:\documents and settings\Thomas\Siste 2009-01-09 22:25 . 2009-01-09 22:25 d-------- c:\documents and settings\Thomas\Programdata\cogad 2009-01-09 22:25 . 2009-01-09 22:25 20,480 --a------ c:\windows\YahooUpdater.exe 2009-01-09 22:25 . 2009-01-09 22:25 4,951 --a------ c:\windows\RunUpdater.exe 2009-01-09 22:25 . 2009-01-09 22:25 2 --a------ C:\-1602116274 2009-01-09 22:23 . 2009-01-09 22:23 d-------- c:\documents and settings\All Users\Programdata\HipSoft 2009-01-07 22:23 . 2009-01-07 22:23 d-------- c:\programfiler\Fellesfiler\Symantec Shared 2008-12-25 22:18 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll 2008-12-25 22:18 . 2008-12-08 12:53 50,688 --a------ c:\windows\system32\ff_acm.acm 2008-12-25 22:18 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2008-12-25 21:11 . 2008-12-25 21:11 36 ---h----- c:\windows\system32\swk.ini 2008-12-22 21:42 . 2008-12-22 21:44 d-------- c:\documents and settings\Thomas\Programdata\vlc 2008-12-22 18:00 . 2008-12-22 18:00 d-------- c:\documents and settings\Thomas\Shaders 2008-12-19 11:07 . 2008-12-19 11:07 0 --a------ C:\LHT3.tmp 2008-12-17 15:39 . 2008-12-17 15:39 d-------- c:\documents and settings\All Users\Programdata\Emotum . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-13 15:18 --------- d-----w c:\programfiler\Mjcore 2009-01-13 15:16 --------- d-----w c:\documents and settings\Thomas\Programdata\Azureus 2009-01-13 13:56 34 ----a-w c:\documents and settings\Thomas\jagex_runescape_preferences.dat 2009-01-10 20:24 --------- d-----w c:\programfiler\Java 2009-01-10 19:28 --------- d-----w c:\programfiler\SUPERAntiSpyware 2009-01-10 16:52 --------- d-----w c:\programfiler\WinClamAVShield 2009-01-10 16:51 --------- d-----w c:\documents and settings\Thomas\Programdata\Spyware Terminator 2009-01-10 16:49 --------- d-----w c:\programfiler\Spyware Terminator 2009-01-10 16:48 --------- d-----w c:\documents and settings\All Users\Programdata\Spyware Terminator 2009-01-09 22:16 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-07 18:19 --------- d-----w c:\programfiler\CCleaner 2009-01-07 18:16 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-03 18:18 --------- d-----w c:\documents and settings\Thomas\Programdata\dvdcss 2009-01-02 18:32 --------- d-----w c:\programfiler\DAEMON Tools Pro 2008-12-31 14:05 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-31 14:05 --------- d-----w c:\documents and settings\Thomas\Programdata\SUPERAntiSpyware.com 2008-12-29 20:09 --------- d-----w c:\programfiler\Diablo II 2008-12-28 17:26 --------- d-----w c:\programfiler\EGOSOFT 2008-12-27 11:43 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-25 21:39 --------- d-----w c:\programfiler\Winamp 2008-12-25 21:19 --------- d-----w c:\programfiler\ffdshow 2008-12-24 20:57 --------- d-----w c:\documents and settings\All Users\Programdata\Fallout3 2008-12-22 14:50 --------- d-----w c:\programfiler\Opera 2008-12-21 10:36 --------- d-----w c:\documents and settings\All Users\Programdata\TrackMania 2008-12-20 08:19 --------- d-----w c:\programfiler\World of Warcraft 2008-12-19 21:57 --------- d-----w c:\programfiler\THQ 2008-12-07 11:36 --------- d-----w c:\programfiler\dvdSanta 2008-12-06 21:21 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys 2008-12-06 18:54 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys 2008-12-06 17:57 --------- d-----w c:\documents and settings\Thomas\Programdata\DAEMON Tools Pro 2008-12-06 16:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-06 16:52 --------- d-----w c:\documents and settings\All Users\Programdata\DAEMON Tools Pro 2008-12-04 14:54 --------- d-----w c:\programfiler\EA GAMES 2008-12-03 14:49 --------- d-----w c:\documents and settings\Thomas\Programdata\Capcom 2008-11-29 19:39 --------- d-----w c:\programfiler\Electronic Arts 2008-11-27 14:52 --------- d-----w c:\programfiler\Defraggler 2008-11-27 14:13 --------- d-----w c:\programfiler\Telenor 2008-11-27 14:13 --------- d-----w c:\documents and settings\All Users\Programdata\Telenor 2008-11-25 16:45 --------- d-----w c:\programfiler\Activision 2008-11-25 14:27 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec 2008-11-21 15:11 --------- d-----w c:\programfiler\Azureus 2008-10-26 11:52 22,328 ----a-w c:\documents and settings\Thomas\Programdata\PnkBstrK.sys 2007-09-25 17:02 1 ----a-w c:\documents and settings\Thomas\SI.bin 2008-09-24 19:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008092420080925\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-08 21:08 279944 --a------ c:\programfiler\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}] 2009-01-13 16:18 136192 --a------ c:\programfiler\Mjcore\Mjcore.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programfiler\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programfiler\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LDM"="c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-10 67128] "DAEMON Tools"="c:\programfiler\DAEMON Tools\daemon.exe" [2007-04-03 165784] "Veoh"="c:\programfiler\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120] "GAINWARD"="c:\programfiler\EXPERTool\TBPanel.exe" [2008-05-23 2170880] "cogad"="c:\documents and settings\Thomas\Programdata\cogad\cogad.exe" [2009-01-09 56832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-10 136600] "AWWFSPU"="c:\programfiler\ASUS WiFi-AP Solo\AWWFSPU.exe" [2006-12-18 712781] "Gainward"="c:\windows\TBPanel.exe" [2008-03-10 2177576] "Launch LCDMon"="c:\programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824] "Launch LGDCore"="c:\programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-17 2094352] "Start WingMan Profiler"="c:\programfiler\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-09-19 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] "RTHDCPL"="RTHDCPL.EXE" [2006-10-12 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-01-07 181624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Thomas\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2007-07-02 534016] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ InterVideo WinCinema Manager.lnk - c:\programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-06-27 114688] Logitech Desktop Messenger.lnk - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-10 67128] Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2005-06-27 434176] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]] Source= c:\programfiler\Windows NT\kyzeveka.html FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= c:\programfiler\Microsoft Works\howy.html FriendlyName= [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll "msacm.l3codec"= l3codecp.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]stera [HKLM\~\startupfolder\C:^Documents and Settings^Thomas^Start-meny^Programmer^Oppstart^Weather.lnk] path=c:\documents and settings\Thomas\Start-meny\Programmer\Oppstart\Weather.lnk backup=c:\windows\pss\Weather.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] --a------ 2008-03-10 11:46 2177576 c:\windows\TBPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-07 23:53 1410296 c:\programfiler\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-04 19:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-10-12 19:36 16267776 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Ventrilo"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\EA GAMES\\Kampen om Midgard(tm)\\game.dat"= "c:\\Programfiler\\EA GAMES\\Kampen om Midgard(tm)\\patchget.dat"= "c:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"= "c:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"= "c:\\Programfiler\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"= "c:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programfiler\\Azureus\\Azureus.exe"= "c:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic.exe"= "c:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic_online.exe"= "c:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Programfiler\\Valve\\Steam\\SteamApps\\sebbe1122\\counter-strike\\hl.exe"= "c:\\Programfiler\\Counter-Strike Source\\hl2.exe"= "c:\\Programfiler\\Codemasters\\GRID\\GRID.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Games\\Mass Effect\\MassEffectLauncher.exe"= "c:\\Programfiler\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"= "c:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Programfiler\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\mIRC\\backups\\mirc.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\Disney Interactive Studios\\Pure\\Pure.exe"= "c:\\Programfiler\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "32715:TCP"= 32715:TCP:t "4575:TCP"= 4575:TCP:Azureus "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-04-19 141312] R3 AR2425;AzureWave AR5006 Wireless Network Adapter Service;c:\windows\system32\drivers\aw5006.sys [2007-04-08 556832] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-04-08 35840] R4 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560] S1 d35503a1;d35503a1;c:\windows\system32\drivers\d35503a1.sys --> c:\windows\system32\drivers\d35503a1.sys [?] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - d:\win\CDSplash.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f605dc2-2fb1-11dc-a3b3-0013d417efab}] \Shell\AutoRun\command - M:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9a2be7c-0233-11dc-89ac-0013d417efab}] \Shell\AutoRun\command - Z:\SH4Autorun.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-13 c:\windows\Tasks\NSSstub.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-07 19:23] 2007-05-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\programfiler\Spybot - Search & Destroy\SpybotSD.exe [] . - - - - TOMME PEKERE FJERNET - - - - BHO-{37CF169B-C511-FFBA-5761-8EE35C8A93F2} - c:\windows\system32\ifsecn.dll HKCU-Run-SUPERAntiSpyware - c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe HKU-Default-Explorer_Run-{A081A54E-0C8B-1044-0511-05012505002f} - c:\programfiler\Fellesfiler\{A081A54E-0C8B-1044-0511-05012505002f}\Update.exe MSConfigStartUp-DNS - c:\programfiler\Fellesfiler\mc-110-12-0000140.exe MSConfigStartUp-Error Safe - c:\programfiler\Error Safe Free\ERS.exe MSConfigStartUp-services32 - c:\programfiler\Fellesfiler\Windows\mc-110-12-0000140.exe MSConfigStartUp-wfrr - c:\progra~1\FELLES~1\wfrr\wfrrm.exe MSConfigStartUp-p2pnetworking - xz.exe . ------- Tilleggsskanning ------- . uDefault_Search_URL = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ IE: Crawler Search - tbr:iemenu IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programfiler\Crawler\Toolbar\ctbr.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-13 16:17:51 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-725345543-746137067-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2d,b3,5a,21,bb,37,b1,82,c9,6f,1b,be,74,9e,fa,ab,50,d3,bf,60,0f,ba,c2, bc,5c,3e,e1,50,a3,a8,e0,e9,23,a9,6e,81,6f,6e,df,3d,62,ab,f8,90,6d,ad,06,68,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-725345543-746137067-682003330-1004\Software\SecuROM\License information*] "datasecu"=hex:86,c7,5b,c3,f0,0c,8b,84,b0,49,da,86,f5,40,53,ed,f7,eb,03,1c,9b, 9c,e7,11,66,50,38,f5,97,f8,9e,59,90,06,04,86,7f,f0,33,37,0b,04,4c,4d,4f,51,\ "rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6,ce,19,23,b7 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(760) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\programfiler\Spyware Terminator\sp_rsser.exe c:\windows\system32\rundll32.exe c:\programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE c:\programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe c:\programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Tidspunkt ferdig: 2009-01-13 16:22:55 - maskinen ble startet på nytt [Thomas] ComboFix-quarantined-files.txt 2009-01-13 15:22:52 Pre-Run: 68,643,876,864 byte ledig Post-Run: 68,689,465,344 byte ledig 349 --- E O F --- 2008-12-19 09:14:18