ComboFix 09-01-21.04 - Stian 2009-01-30 20:07:44.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.2047.1623 [GMT 1:00] Kjører fra: c:\documents and settings\Stian\Skrivebord\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-28 til 2009-01-30 ))))))))))))))))))))))))))))))))) . 2009-01-30 19:58 . 2009-01-30 19:58 d-------- c:\windows\LastGood 2009-01-30 19:57 . 2008-12-13 07:40 3,593,216 --a------ c:\windows\system32\SET2DD.tmp 2009-01-30 19:50 . 2008-09-16 00:05 60,416 --a------ c:\windows\system32\antiwpa.dll 2009-01-30 19:36 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-01-30 19:36 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-01-30 19:36 . 2007-03-08 06:11 1,007,616 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-30 19:36 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-01-30 19:36 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-01-30 19:36 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-01-30 19:36 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-01-30 19:36 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-30 19:36 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-01-30 19:33 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-01-30 19:31 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-30 19:31 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-30 19:31 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-30 19:31 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-30 19:31 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-01-30 19:31 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-01-30 19:31 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-30 19:31 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-01-30 19:31 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-01-30 19:30 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-01-30 19:29 . 2008-06-14 18:36 272,256 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-01-30 19:29 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2009-01-30 18:59 . 2009-01-30 18:59 d-------- c:\windows\system32\no 2009-01-30 18:59 . 2009-01-30 19:36 d-------- c:\windows\system32\nb-no 2009-01-30 18:59 . 2009-01-30 18:59 d-------- c:\windows\system32\bits 2009-01-30 18:59 . 2009-01-30 18:59 d-------- c:\windows\l2schemas 2009-01-30 18:58 . 2009-01-30 18:58 d-------- c:\windows\ServicePackFiles 2009-01-30 18:55 . 2009-01-30 19:58 1,374 --a------ c:\windows\imsins.BAK 2009-01-30 18:54 . 2009-01-30 19:49 dr-h----- c:\documents and settings\Stian\Siste 2009-01-30 18:53 . 2009-01-30 18:53 d-------- c:\windows\EHome 2009-01-30 18:43 . 2004-08-04 00:54 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys 2009-01-30 18:38 . 2009-01-30 18:38 d-------- c:\programfiler\uTorrent 2009-01-30 18:38 . 2009-01-30 19:43 d-------- c:\documents and settings\Stian\Programdata\uTorrent 2009-01-30 18:29 . 2009-01-30 18:29 d-------- c:\windows\system32\ANTIWPA 2009-01-30 18:29 . 2009-01-30 18:29 d-------- C:\SavedWPA 2009-01-30 18:29 . 2009-01-30 18:29 d-------- c:\documents and settings\All Users\Programdata\Office Genuine Advantage 2009-01-30 18:29 . 2009-01-30 18:29 76,288 --a------ c:\windows\system32\taskkill.exe 2009-01-30 18:27 . 2009-01-30 18:27 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-01-30 18:27 . 2009-01-30 18:27 d-------- c:\documents and settings\Stian\Programdata\Malwarebytes 2009-01-30 18:27 . 2009-01-30 18:27 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-01-30 18:27 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-30 18:27 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-30 18:10 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg 2009-01-30 18:10 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg 2009-01-30 18:09 . 2009-01-30 18:09 d-------- c:\programfiler\ESET 2009-01-30 18:09 . 2009-01-30 18:09 d-------- c:\documents and settings\All Users\Programdata\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-30 16:40 --------- d-----w c:\programfiler\CCleaner 2009-01-30 16:34 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-30 16:34 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-30 16:34 --------- d-----w c:\programfiler\D-Link 2009-01-30 16:34 --------- d-----w c:\programfiler\ANI 2009-01-30 15:36 --------- d-----w c:\programfiler\microsoft frontpage 2009-01-30 15:35 --------- d-----w c:\programfiler\Elektroniske tjenester 2009-01-30 15:34 --------- d-----w c:\programfiler\Fellesfiler\Tjenester 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "D-Link AirPlus XtremeG"="c:\programfiler\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 1011712] "ANIWZCS2Service"="c:\programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "egui"="c:\programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-03-22 450400] R4 ekrn;Eset Service;c:\programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-04 3584] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{60338FA9-CDD3-1454-75B8-A3F18949DB02}] c:\programfiler\Common Files\svchost.exe s . . ------- Tilleggsskanning ------- . uStart Page = about:blank FF - ProfilePath - c:\documents and settings\Stian\Programdata\Mozilla\Firefox\Profiles\a3fi6xst.default\ ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-30 20:07:50 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-01-30 20:08:29 ComboFix-quarantined-files.txt 2009-01-30 19:08:27 Pre-Run: 243 843 289 088 byte ledig Post-Run: 243,865,395,200 byte ledig 136