ComboFix 09-01-13.03 - K 2009-01-14  0:10:42.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.894.404 [GMT 1:00]
Kjører fra: c:\downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
 * Opprettet nytt gjenopprettingspunkt

[COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2008-12-13 til 2009-01-13  )))))))))))))))))))))))))))))))))
.

2009-01-14 00:07 . 2009-01-14 00:07	<DIR>	d--------	C:\32788R22FWJFW
2009-01-13 23:12 . 2009-01-13 23:12	<DIR>	d--------	c:\programfiler\Malwarebytes' Anti-Malware
2009-01-13 23:12 . 2009-01-13 23:12	<DIR>	d--------	c:\documents and settings\K\Programdata\Malwarebytes
2009-01-13 23:12 . 2009-01-13 23:12	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Malwarebytes
2009-01-13 23:12 . 2009-01-04 18:38	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 23:12 . 2009-01-04 18:38	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2009-01-13 22:40 . 2009-01-13 22:40	<DIR>	d--------	c:\programfiler\XoftSpySE
2009-01-12 02:42 . 2009-01-13 18:28	<DIR>	d--h-----	C:\$AVG8.VAULT$
2009-01-12 01:44 . 2009-01-12 01:44	10,520	--a------	c:\windows\system32\avgrsstx.dll
2009-01-12 01:43 . 2009-01-13 16:39	<DIR>	d--------	c:\windows\system32\drivers\Avg
2009-01-12 01:43 . 2009-01-12 01:43	<DIR>	d--------	c:\programfiler\AVG
2009-01-12 01:43 . 2009-01-13 18:59	<DIR>	d--------	c:\documents and settings\K\Programdata\AVGTOOLBAR
2009-01-12 01:43 . 2009-01-12 01:43	<DIR>	d--------	c:\documents and settings\All Users\Programdata\avg8
2009-01-12 01:43 . 2009-01-12 01:43	97,928	--a------	c:\windows\system32\drivers\avgldx86.sys
2009-01-08 03:57 . 2009-01-13 16:28	<DIR>	d--------	c:\documents and settings\K\Programdata\skypePM
2009-01-08 03:57 . 2009-01-08 03:57	56	--ah-----	c:\windows\system32\ezsidmv.dat
2009-01-08 03:55 . 2009-01-08 03:55	<DIR>	d--------	c:\programfiler\Skype
2009-01-08 03:55 . 2009-01-08 03:55	<DIR>	d--------	c:\programfiler\Fellesfiler\Skype
2009-01-08 03:55 . 2009-01-13 23:05	<DIR>	d--------	c:\documents and settings\K\Programdata\Skype
2009-01-08 03:55 . 2009-01-08 03:55	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Skype

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 14:44	---------	d-----w	c:\programfiler\PowerISO
2009-01-12 01:11	---------	d-----w	c:\programfiler\BitComet
2009-01-12 00:49	---------	d-----w	c:\programfiler\F-Secure
2008-12-12 17:36	3,081,216	----a-w	c:\windows\system32\dllcache\mshtml.dll
2008-11-15 07:27	---------	d-----w	c:\programfiler\Apache Group
2008-11-15 07:14	---------	d-----w	c:\programfiler\MySQL
2008-10-24 11:10	453,632	----a-w	c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01	283,648	----a-w	c:\windows\system32\gdi32.dll
2008-10-23 13:01	283,648	----a-w	c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\wuweb.dll
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\wuapi.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\wucltui.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\cdm.dll
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\wuauclt.exe
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09	43,544	----a-w	c:\windows\system32\wups2.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\wups.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06	268,648	----a-w	c:\windows\system32\mucltui.dll
2008-10-16 13:06	208,744	----a-w	c:\windows\system32\muweb.dll
2008-10-15 17:01	332,800	----a-w	c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45	18,432	----a-w	c:\windows\system32\dllcache\iedw.exe
2006-11-20 21:09	774,144	----a-w	c:\programfiler\RngInterstitial.dll
2006-09-29 11:30	421,888	----a-w	c:\programfiler\VS_Net_2005_Pro_Downloader2.exe
2006-09-29 09:52	421,888	----a-w	c:\programfiler\VS_Net_2005_Pro_Downloader.exe
2006-09-26 20:09	217	----a-w	c:\programfiler\setup.ini
2002-03-11 09:06	1,822,520	----a-w	c:\programfiler\instmsiw.exe
2002-03-11 08:45	1,708,856	----a-w	c:\programfiler\instmsia.exe
2009-01-08 12:18	67,688	----a-w	c:\programfiler\mozilla firefox\components\jar50.dll
2009-01-08 12:18	54,368	----a-w	c:\programfiler\mozilla firefox\components\jsd3250.dll
2009-01-08 12:18	34,944	----a-w	c:\programfiler\mozilla firefox\components\myspell.dll
2009-01-08 12:18	46,712	----a-w	c:\programfiler\mozilla firefox\components\spellchk.dll
2009-01-08 12:18	172,136	----a-w	c:\programfiler\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-27 1318128]
"Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"LaunchAp"="c:\programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\programfiler\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\programfiler\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]
"CtrlVol"="c:\programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\programfiler\Launch Manager\Wbutton.exe" [2005-11-08 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2006-09-24 282624]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-12 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\K\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Monitor Apache Servers.lnk - c:\programfiler\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 41042]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-27 15:51 294912 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\LimeWire\\LimeWire.exe"=
"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\MSN Messenger\\livecall.exe"=
"c:\\Programfiler\\BitTorrent\\bittorrent.exe"=
"c:\\Programfiler\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Programfiler\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26592:TCP"= 26592:TCP:BitComet 26592 TCP
"26592:UDP"= 26592:UDP:BitComet 26592 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-12 97928]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2003-04-28 9867]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2006-09-28 12106]
R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2006-09-28 4392]
R3 POWERKEY;POWERKEY;c:\programfiler\Launch Manager\POWERKEY.SYS [2000-12-19 2343]
R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-12 231704]
R4 F-Secure Filter;F-Secure File System Filter;\??\c:\programfiler\F-Secure\Common\FSfilter.sys --> c:\programfiler\F-Secure\Common\FSfilter.sys [?]
R4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\programfiler\F-Secure\Common\FSrec.sys --> c:\programfiler\F-Secure\Common\FSrec.sys [?]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-09-28 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-09-28 4010]
S1 mailKmd;mailKmd; [x]
S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
S3 SI15CI;SI15CI;\??\c:\elements\1stboot\SI15CI.SYS --> c:\elements\1stboot\SI15CI.SYS [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programfiler\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - AVG8WD
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - INT15.SYS
*Deregistered* - F-Secure Gatekeeper
*Deregistered* - FSpm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e618084d-b6b3-11dd-aabb-0016d34707c5}]
\Shell\1\Command - Recycled.exe
\Shell\2\Command - Recycled.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-01-13 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-01-13 c:\windows\Tasks\XoftSpySE 2.job
- c:\programfiler\XoftSpySE\XoftSpy.exe [2009-01-07 16:47]

2009-01-13 c:\windows\Tasks\XoftSpySE.job
- c:\programfiler\XoftSpySE\XoftSpy.exe [2009-01-07 16:47]
.
- - - - TOMME PEKERE FJERNET - - - -

Notify-WgaLogon - (no file)


.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg
IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Åpne i ny bakgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?c44aa96c978c4d0ca661adb9f6e0b06e
IE: Åpne i ny forgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?c44aa96c978c4d0ca661adb9f6e0b06e

c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}
hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
c:\windows\Downloaded Program Files\GoPetsWeb.inf
FF - ProfilePath - c:\documents and settings\K\Programdata\Mozilla\Firefox\Profiles\451oqgox.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - |hxxp://www.google.no/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programfiler\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\programfiler\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programfiler\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 00:15:07
Windows 5.1.2600 Service Pack 2 NTFS

skanner skjulte prosesser ... 

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ... 

skanning vellykket
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programfiler\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\programfiler\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Tidspunkt ferdig: 2009-01-14  0:17:05
ComboFix-quarantined-files.txt  2009-01-13 23:16:52

Pre-Run: 11ÿ047ÿ153ÿ664 byte ledig
Post-Run: 11,848,646,656 byte ledig

231	--- E O F ---	2009-01-08 02:53:22