ComboFix 09-01-17.03 - Thomas 2009-01-18 16:28:08.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2047.1197 [GMT 1:00] Kjører fra: c:\documents and settings\Thomas\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Thomas\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: C:\-1602116274 c:\windows\RunUpdater.exe c:\windows\YahooUpdater.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1602116274 c:\documents and settings\Thomas\Programdata\cogad c:\documents and settings\Thomas\Programdata\cogad\cogad.exe c:\windows\RunUpdater.exe c:\windows\YahooUpdater.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-18 til 2009-01-18 ))))))))))))))))))))))))))))))))) . 2009-01-18 01:01 . 2009-01-18 16:25 dr-h----- c:\documents and settings\Thomas\Siste 2009-01-17 14:11 . 2009-01-17 14:11 d-------- c:\programfiler\Microsoft Games for Windows - LIVE 2009-01-16 20:11 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-01-16 20:11 . 2009-01-16 20:11 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-01-16 20:11 . 2009-01-16 20:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-01-16 20:09 . 2009-01-16 20:11 d-------- c:\documents and settings\Thomas\Programdata\PC Suite 2009-01-16 20:09 . 2009-01-16 20:09 d-------- c:\documents and settings\Thomas\Programdata\Nokia 2009-01-16 20:09 . 2009-01-16 20:11 d-------- c:\documents and settings\All Users\Programdata\PC Suite 2009-01-16 20:07 . 2009-01-16 20:07 d-------- c:\programfiler\Fellesfiler\PCSuite 2009-01-16 20:06 . 2009-01-16 20:06 d-------- c:\programfiler\PC Connectivity Solution 2009-01-16 20:06 . 2009-01-16 20:07 d-------- c:\programfiler\Nokia 2009-01-16 20:06 . 2009-01-16 20:06 d-------- c:\programfiler\Fellesfiler\Nokia 2009-01-16 20:06 . 2009-01-16 20:06 d-------- c:\programfiler\DIFX 2009-01-16 20:06 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2009-01-16 20:06 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2009-01-16 20:06 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2009-01-16 20:06 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2009-01-16 20:06 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2009-01-16 20:06 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-01-16 20:06 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2009-01-16 20:04 . 2009-01-16 20:04 d-------- c:\documents and settings\All Users\Programdata\Installations 2009-01-16 19:59 . 2008-04-13 20:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys 2009-01-16 19:59 . 2008-04-13 20:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys 2009-01-16 19:57 . 2009-01-16 19:57 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-16 19:57 . 2009-01-16 19:57 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2009-01-13 16:23 . 2009-01-13 16:23 d-------- c:\programfiler\WebShow 2009-01-13 15:32 . 2009-01-13 15:32 d-------- c:\programfiler\Trend Micro 2009-01-10 21:33 . 2009-01-10 21:33 d-------- C:\fsaua.data 2009-01-10 21:24 . 2009-01-10 21:24 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-09 22:23 . 2009-01-09 22:23 d-------- c:\documents and settings\All Users\Programdata\HipSoft 2009-01-07 22:23 . 2009-01-07 22:23 d-------- c:\programfiler\Fellesfiler\Symantec Shared 2008-12-25 22:18 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll 2008-12-25 22:18 . 2008-12-08 12:53 50,688 --a------ c:\windows\system32\ff_acm.acm 2008-12-25 22:18 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2008-12-25 21:11 . 2008-12-25 21:11 36 ---h----- c:\windows\system32\swk.ini 2008-12-22 21:42 . 2008-12-22 21:44 d-------- c:\documents and settings\Thomas\Programdata\vlc 2008-12-22 18:00 . 2008-12-22 18:00 d-------- c:\documents and settings\Thomas\Shaders 2008-12-19 11:07 . 2008-12-19 11:07 0 --a------ C:\LHT3.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 15:31 --------- d-----w c:\documents and settings\Thomas\Programdata\Azureus 2009-01-18 10:42 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-18 00:15 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-01-17 12:50 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-01-17 12:49 --------- d-----w c:\programfiler\AGEIA Technologies 2009-01-17 07:59 34 ----a-w c:\documents and settings\Thomas\jagex_runescape_preferences.dat 2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-10 20:24 --------- d-----w c:\programfiler\Java 2009-01-10 19:28 --------- d-----w c:\programfiler\SUPERAntiSpyware 2009-01-10 16:52 --------- d-----w c:\programfiler\WinClamAVShield 2009-01-10 16:51 --------- d-----w c:\documents and settings\Thomas\Programdata\Spyware Terminator 2009-01-10 16:49 --------- d-----w c:\programfiler\Spyware Terminator 2009-01-10 16:48 --------- d-----w c:\documents and settings\All Users\Programdata\Spyware Terminator 2009-01-07 18:19 --------- d-----w c:\programfiler\CCleaner 2009-01-03 18:18 --------- d-----w c:\documents and settings\Thomas\Programdata\dvdcss 2009-01-02 18:32 --------- d-----w c:\programfiler\DAEMON Tools Pro 2008-12-31 14:05 --------- d-----w c:\documents and settings\Thomas\Programdata\SUPERAntiSpyware.com 2008-12-29 20:09 --------- d-----w c:\programfiler\Diablo II 2008-12-29 19:55 21,840 ----atw c:\windows\system32\SIntfNT.dll 2008-12-29 19:55 17,212 ----atw c:\windows\system32\SIntf32.dll 2008-12-29 19:55 12,067 ----atw c:\windows\system32\SIntf16.dll 2008-12-28 17:26 --------- d-----w c:\programfiler\EGOSOFT 2008-12-27 11:43 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-12-27 11:43 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-25 21:39 --------- d-----w c:\programfiler\Winamp 2008-12-25 21:19 --------- d-----w c:\programfiler\ffdshow 2008-12-24 20:57 --------- d-----w c:\documents and settings\All Users\Programdata\Fallout3 2008-12-22 14:50 --------- d-----w c:\programfiler\Opera 2008-12-21 10:36 --------- d-----w c:\documents and settings\All Users\Programdata\TrackMania 2008-12-20 08:19 --------- d-----w c:\programfiler\World of Warcraft 2008-12-19 21:57 --------- d-----w c:\programfiler\THQ 2008-12-17 14:39 --------- d-----w c:\documents and settings\All Users\Programdata\Emotum 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 08:45 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-12-07 11:36 --------- d-----w c:\programfiler\dvdSanta 2008-12-06 21:21 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys 2008-12-06 18:54 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys 2008-12-06 17:57 --------- d-----w c:\documents and settings\Thomas\Programdata\DAEMON Tools Pro 2008-12-06 16:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-06 16:52 --------- d-----w c:\documents and settings\All Users\Programdata\DAEMON Tools Pro 2008-12-05 13:24 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-12-04 14:54 --------- d-----w c:\programfiler\EA GAMES 2008-12-04 08:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll 2008-12-03 14:49 --------- d-----w c:\documents and settings\Thomas\Programdata\Capcom 2008-11-29 19:39 --------- d-----w c:\programfiler\Electronic Arts 2008-11-27 14:52 --------- d-----w c:\programfiler\Defraggler 2008-11-27 14:13 --------- d-----w c:\programfiler\Telenor 2008-11-27 14:13 --------- d-----w c:\documents and settings\All Users\Programdata\Telenor 2008-11-26 07:55 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-11-25 16:45 --------- d-----w c:\programfiler\Activision 2008-11-25 14:27 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec 2008-11-25 07:38 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe 2008-11-21 15:11 --------- d-----w c:\programfiler\Azureus 2008-11-12 12:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-10-29 10:24 831,048 ----a-w c:\windows\system32\WudfUpdate_01005.dll 2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll 2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll 2008-10-26 11:52 22,328 ----a-w c:\documents and settings\Thomas\Programdata\PnkBstrK.sys 2008-10-26 11:52 2,250,024 ----a-w c:\windows\system32\pbsvc.exe 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2007-09-25 17:02 1 ----a-w c:\documents and settings\Thomas\SI.bin 2008-09-24 19:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008092420080925\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LDM"="c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-10 67128] "DAEMON Tools"="c:\programfiler\DAEMON Tools\daemon.exe" [2007-04-03 165784] "GAINWARD"="c:\programfiler\EXPERTool\TBPanel.exe" [2008-05-23 2170880] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-10 136600] "AWWFSPU"="c:\programfiler\ASUS WiFi-AP Solo\AWWFSPU.exe" [2006-12-18 712781] "Gainward"="c:\windows\TBPanel.exe" [2008-03-10 2177576] "Launch LCDMon"="c:\programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824] "Launch LGDCore"="c:\programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-17 2094352] "Start WingMan Profiler"="c:\programfiler\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-09-19 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] "RTHDCPL"="RTHDCPL.EXE" [2006-10-12 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-17 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-01-07 181624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Thomas\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2007-07-02 534016] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ InterVideo WinCinema Manager.lnk - c:\programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-06-27 114688] Logitech Desktop Messenger.lnk - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-10 67128] Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2005-06-27 434176] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]] Source= c:\programfiler\Windows NT\kyzeveka.html FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= c:\programfiler\Microsoft Works\howy.html FriendlyName= [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll "msacm.l3codec"= l3codecp.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]stera [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Thomas^Start-meny^Programmer^Oppstart^Weather.lnk] path=c:\documents and settings\Thomas\Start-meny\Programmer\Oppstart\Weather.lnk backup=c:\windows\pss\Weather.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] --a------ 2008-03-10 11:46 2177576 c:\windows\TBPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-07 23:53 1410296 c:\programfiler\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-04 19:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-10-12 19:36 16267776 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Ventrilo"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\EA GAMES\\Kampen om Midgard(tm)\\game.dat"= "c:\\Programfiler\\EA GAMES\\Kampen om Midgard(tm)\\patchget.dat"= "c:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"= "c:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"= "c:\\Programfiler\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"= "c:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programfiler\\Azureus\\Azureus.exe"= "c:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic.exe"= "c:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic_online.exe"= "c:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Valve\\Steam\\SteamApps\\sebbe1122\\counter-strike\\hl.exe"= "c:\\Programfiler\\Counter-Strike Source\\hl2.exe"= "c:\\Programfiler\\Codemasters\\GRID\\GRID.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Games\\Mass Effect\\MassEffectLauncher.exe"= "c:\\Programfiler\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"= "c:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Programfiler\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\mIRC\\backups\\mirc.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\Disney Interactive Studios\\Pure\\Pure.exe"= "c:\\Programfiler\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\javaw.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "32715:TCP"= 32715:TCP:t "4575:TCP"= 4575:TCP:Azureus "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-04-19 141312] R3 AR2425;AzureWave AR5006 Wireless Network Adapter Service;c:\windows\system32\drivers\aw5006.sys [2007-04-08 556832] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-04-08 35840] R4 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - MBAMSwissArmy [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - d:\win\CDSplash.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f605dc2-2fb1-11dc-a3b3-0013d417efab}] \Shell\AutoRun\command - M:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9a2be7c-0233-11dc-89ac-0013d417efab}] \Shell\AutoRun\command - Z:\SH4Autorun.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-18 c:\windows\Tasks\NSSstub.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-07 19:23] 2007-05-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\programfiler\Spybot - Search & Destroy\SpybotSD.exe [] . . ------- Tilleggsskanning ------- . uDefault_Search_URL = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 16:32:15 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-725345543-746137067-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2d,b3,5a,21,bb,37,b1,82,c9,6f,1b,be,74,9e,fa,ab,50,d3,bf,60,0f,ba,c2, bc,5c,3e,e1,50,a3,a8,e0,e9,23,a9,6e,81,6f,6e,df,3d,62,ab,f8,90,6d,ad,06,68,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-725345543-746137067-682003330-1004\Software\SecuROM\License information*] "datasecu"=hex:86,c7,5b,c3,f0,0c,8b,84,b0,49,da,86,f5,40,53,ed,f7,eb,03,1c,9b, 9c,e7,11,66,50,38,f5,97,f8,9e,59,90,06,04,86,7f,f0,33,37,0b,04,4c,4d,4f,51,\ "rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6,ce,19,23,b7 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(756) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll . Tidspunkt ferdig: 2009-01-18 16:37:17 ComboFix-quarantined-files.txt 2009-01-18 15:37:15 ComboFix2.txt 2009-01-18 10:58:01 Pre-Run: 68 058 796 032 byte ledig Post-Run: 68,042,330,112 byte ledig 311 --- E O F --- 2009-01-14 21:27:12