ComboFix 09-01-21.04 - Carina Wulff 2009-01-30 19:25:36.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.478 [GMT 1:00] Kjører fra: c:\documents and settings\Carina Wulff\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Carina Wulff\Skrivebord\CFScript.txt AV: avast! antivirus 4.8.1229 [VPS 081025-1] *On-access scanning disabled* (Outdated) * Opprettet nytt gjenopprettingspunkt . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-28 til 2009-01-30 ))))))))))))))))))))))))))))))))) . 2008-12-31 10:58 . 2008-12-31 10:58 d-------- c:\documents and settings\Carina Wulff\Programdata\vlc 2008-12-30 17:12 . 2008-12-30 18:59 d-------- c:\documents and settings\Carina Wulff\Programdata\MozillaControl 2008-12-30 17:12 . 2008-12-30 17:12 d-------- c:\documents and settings\All Users\Application Data\Graboid Inc 2008-12-30 16:58 . 2008-12-30 16:58 d-------- c:\program files\VideoLAN 2008-12-30 16:58 . 2008-12-30 16:59 d-------- c:\program files\Mozilla ActiveX Control v1.7.12 2008-12-30 16:58 . 2008-12-30 17:12 d-------- c:\program files\Graboid 2008-12-08 22:37 . 2008-12-08 22:37 d-------- c:\program files\Adobe Media Player 2008-12-08 22:36 . 2008-12-08 22:36 d-------- c:\program files\Common Files\Adobe AIR 2008-12-02 18:20 . 2008-12-02 18:20 d-------- c:\windows\system32\scripting 2008-12-02 18:20 . 2008-12-02 18:20 d-------- c:\windows\system32\en 2008-12-02 18:20 . 2008-12-02 18:20 d-------- c:\windows\system32\bits 2008-12-02 18:20 . 2008-12-02 18:20 d-------- c:\windows\l2schemas 2008-12-02 18:16 . 2008-12-02 18:20 d-------- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 21:34 --------- d-----w c:\program files\Google 2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-12-02 20:29 --------- d-----w c:\program files\MSN Messenger 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll 2007-06-24 08:08 51,224 ----a-w c:\documents and settings\Carina Wulff\Programdata\GDIPFONTCACHEV1.DAT 2008-09-30 19:18 16,384 --sha-w c:\windows\system32\config\systemprofile\Logg\History.IE5\index.dat 2008-09-30 20:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Logg\History.IE5\MSHist012008093020081001\index.dat 2008-09-30 20:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Temporary Internet Files\Content.IE5\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856] "Mumin2_Setup.exe"="c:\downlo~1\MUMIN2~1.EXE" [2008-05-17 0] "filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-04-04 134144] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-26 282624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 90112] "MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968] c:\documents and settings\Carina Wulff\Start Menu\Programs\Startup\ Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-12-08 261120] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-02 110592] CmmLogon.lnk - c:\program files\Fortech\ComMa32\Bin\CmmLogon.exe [2007-02-12 24064] HP Photosmart Premier Hurtigstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728] Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-12-12 118784] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2404:TCP"= 2404:TCP:ahdybkg R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-26 78416] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-26 20560] S3 Asgosgo_1.;Asgosgo_1.;c:\windows\system32\drivers\kbdhid.sys [2006-09-13 14592] S3 Hspapeeiwdm;Hspapeeiwdm; [x] S4 Dnsverevagu;Dnsverevagu;c:\windows\system32\mstinit.exe [2006-03-16 12288] S4 xjezcwq;Driver Task;c:\windows\system32\svchost.exe -k netsvcs [2006-03-16 14336] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-30 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=64&bd=pavilion&pf=laptop uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} - hxxp://www.liquidlab.se/smupdate/stallet/SetupInf.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-30 19:25:49 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????c??????`?@?????L?@ skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xjezcwq] "ServiceDll"="c:\windows\system32\fypbcyby.dll" . Tidspunkt ferdig: 2009-01-30 19:27:29 ComboFix-quarantined-files.txt 2009-01-30 18:27:07 ComboFix2.txt 2009-01-30 17:59:35 ComboFix3.txt 2009-01-29 21:28:59 Pre-Run: 86 114 070 528 bytes free Post-Run: 86,105,886,720 byte ledig 167 --- E O F --- 2009-01-14 07:14:57