ComboFix 09-02-01.01 - Per Magne Jensen 2009-02-02 11:30:57.4 - NTFSx86 Kjører fra: c:\documents and settings\Per Magne Jensen\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Per Magne Jensen\Skrivebord\CFScript.txt AV: Norman Security Suite ver. 7.00 *On-access scanning enabled* (Updated) FW: Personlig brannmur *enabled* FILE :: C:\bacn.exe C:\biin.exe C:\lv.exe C:\pps.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bacn.exe C:\biin.exe C:\lv.exe C:\pps.exe c:\programfiler\%systemdir% c:\programfiler\%systemdir%\4w4y c:\programfiler\%systemdir%\564.reg c:\programfiler\%systemdir%\582.reg c:\programfiler\%systemdir%\638.reg c:\programfiler\%systemdir%\647.reg c:\programfiler\%systemdir%\f&ll c:\programfiler\%systemdir%\ffe.e c:\programfiler\%systemdir%\m4x[1] c:\programfiler\%systemdir%\m4x[3] c:\programfiler\%systemdir%\m4x[4] c:\programfiler\%systemdir%\m4x[5] c:\programfiler\%systemdir%\m4x[6] c:\programfiler\%systemdir%\m4x[7] c:\programfiler\%systemdir%\m4x[c] c:\programfiler\%systemdir%\m4x[o] c:\programfiler\%systemdir%\m4x[x] c:\programfiler\%systemdir%\mirc.ini c:\programfiler\%systemdir%\remote.ini c:\programfiler\%systemdir%\systemac.dll c:\programfiler\%systemdir%\v1rg1n c:\programfiler\%systemdir%\XGun . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-02 til 2009-02-02 ))))))))))))))))))))))))))))))))) . 2009-01-31 14:09 . 2009-01-31 14:09 d-------- c:\documents and settings\Per Magne Jensen\Programdata\Malwarebytes 2009-01-31 14:09 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-31 14:08 . 2009-01-31 14:09 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-01-31 14:08 . 2009-01-31 14:08 d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Malwarebytes 2009-01-31 14:08 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-31 01:10 . 2009-02-02 11:26 dr-h----- c:\documents and settings\Per Magne Jensen\Siste 2009-01-31 00:54 . 2009-01-31 00:54 d-------- c:\programfiler\CCleaner 2009-01-31 00:51 . 2009-01-31 00:51 3,171,208 --a------ c:\programfiler\ccsetup216.exe 2009-01-30 18:39 . 2009-01-30 18:39 32,034,360 --a------ c:\programfiler\Norman_Malware_Cleaner.exe 2009-01-30 18:21 . 2009-01-30 18:21 d-------- c:\documents and settings\NetworkService.NT-MYNDIGHET\Start-meny 2009-01-30 18:20 . 2009-02-02 10:06 d-------- c:\programfiler\Norman 2009-01-30 18:20 . 2008-05-16 11:28 212,024 --a------ c:\windows\system32\nscrnsav.scr 2009-01-30 18:20 . 2008-02-07 12:12 79,752 --a------ c:\windows\system32\drivers\ndis_rd.sys 2009-01-30 18:20 . 2008-02-07 12:12 74,624 --a------ c:\windows\system32\drivers\tdi_rd.sys 2009-01-30 18:20 . 2008-04-16 12:57 42,552 --a------ c:\windows\system32\drivers\ale_nf.sys 2009-01-30 18:20 . 2008-09-02 12:48 19,512 --a------ c:\windows\system32\drivers\nvcw32mf.sys 2009-01-29 19:14 . 2004-08-04 13:00 24,576 --a------ c:\windows\system32\userinit.exe 2009-01-29 19:14 . 2004-08-04 13:00 24,576 --a--c--- c:\windows\system32\dllcache\userinit.exe 2009-01-29 11:19 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-29 11:19 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-01-28 16:35 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-01-28 16:28 . 2009-01-28 16:35 d-------- c:\windows\system32\XPSViewer 2009-01-28 16:28 . 2009-01-28 16:28 d-------- c:\programfiler\Reference Assemblies 2009-01-28 16:28 . 2009-01-28 16:28 d-------- c:\programfiler\MSBuild 2009-01-28 16:28 . 2009-01-28 16:28 d-------- C:\fbbf11e3826617ce800e90f3 2009-01-28 16:28 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2009-01-28 16:28 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2009-01-28 16:28 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-01-28 16:28 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2009-01-28 16:28 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2009-01-28 16:28 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll 2009-01-28 16:28 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-01-28 16:21 . 2009-01-28 16:22 d-------- c:\windows\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ 2009-01-28 16:20 . 2009-01-28 16:20 d-------- c:\programfiler\Microsoft CAPICOM 2.1.0.2 2009-01-28 14:49 . 2009-01-30 22:50 4,352 --a------ c:\windows\system32\drivers\cleanhelper.sys 2009-01-27 19:48 . 2009-01-30 18:02 d-------- c:\documents and settings\All Users.WINDOWS\Programdata\avg8 2009-01-27 19:43 . 2009-01-30 00:05 d--hs---- c:\windows\system32\twain32 2009-01-26 22:38 . 2009-01-27 20:35 d-------- c:\documents and settings\Per Magne Jensen\Programdata\Twain 2009-01-26 21:04 . 2009-01-26 21:04 54,157,776 --a------ C:\avg_free_stf_en_8_176a1400.exe 2009-01-26 00:35 . 2009-01-26 20:17 16,827 --a------ c:\windows\system32\drivers\hosts . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 01:02 --------- d-----w c:\programfiler\Symantec 2009-01-31 01:02 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2009-01-31 01:02 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Symantec 2009-01-30 22:54 5,154,304 ----a-w c:\programfiler\WindowsDefender.msi 2009-01-30 18:44 --------- d-----w c:\programfiler\ZoomText 9.0 2009-01-30 17:16 39,863,808 ----a-w c:\programfiler\NormanSecuritySuite_710_NOR_R08.msi 2009-01-26 19:09 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Programdata\TEMP 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-27 13:26 1,680,640 ----a-w c:\programfiler\TeamViewer_Setup.exe 2008-10-27 13:17 13,765,176 ----a-w c:\programfiler\sdasetup.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-31_14.33.42.43 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe - 2009-01-31 13:19:55 225,066 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-02-02 09:08:31 225,060 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-02-02 09:06:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d0.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "NPCTray"="c:\programfiler\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\ Ralink Wireless Utility.lnk - c:\programfiler\RALINK\Common\RaUI.exe [2008-10-27 630784] Service Manager.lnk - c:\programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920] VC5 Server Manager.lnk - c:\programfiler\NEDAP\VC5\BIN\VC5ServerManager.exe [2007-10-01 233472] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\TeamViewer3\\TeamViewer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017 S0 NDIS_RD;Norman Firewall NDIS driver; [x] S1 Ai2sXP;Ai2sXP;c:\windows\System32\drivers\Ai2sXP.sys [2005-11-10 7296] S1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [2008-10-10 53816] S1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\TDI_RD.SYS [2008-02-07 74624] S2 MSSQL$VC5;MSSQL$VC5;c:\programfiler\Microsoft SQL Server\MSSQL$VC5\Binn\sqlservr.exe [2008-05-25 9154560] S2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\NDISKIO.SYS [2007-01-02 20448] S2 NEDAP VC4 Controller Server;NEDAP VC4 Controller Server;c:\programfiler\NEDAP\VC5\bin\vc4server.exe [2007-10-01 700416] S2 NEDAP VC5 Scheduler;NEDAP VC5 Scheduler;c:\programfiler\NEDAP\VC5\bin\vc5scheduler.exe [2007-10-01 1437696] S2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\npf\bin\npfsvc32.exe [2008-10-21 597104] S2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\Nprosec.exe [2008-04-22 121912] S2 NVOY;Norman's Very Own supplY of resources;c:\programfiler\Norman\npm\bin\nvoy.exe [2008-02-07 121912] S2 SQLAgent$VC5;SQLAgent$VC5;c:\programfiler\Microsoft SQL Server\MSSQL$VC5\Binn\sqlagent.EXE [2005-05-03 323584] S3 NPC;Norman Parental Control;c:\programfiler\Norman\npc\bin\npcsvc32.exe [2008-04-17 416880] S3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\nse\bin\NSESVC.EXE [2008-11-27 183352] S3 NUAA;Norman User Activity Agent;c:\programfiler\Norman\npc\bin\nuaa.exe [2008-04-30 117816] S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512] S3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\Nvc\Bin\nvcoas.exe [2008-04-30 191544] S3 NVCScheduler;Norman Virus Control Scheduler;c:\programfiler\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - AegisP *Deregistered* - AFD *Deregistered* - Ai2sXP *Deregistered* - ALG *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - Cdfs *Deregistered* - COMSysApp *Deregistered* - Crypkey License *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmio *Deregistered* - dmload *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - eLoggerSvc6 *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - Fastfat *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - HTTP *Deregistered* - HTTPFilter *Deregistered* - IISADMIN *Deregistered* - ImapiService *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - Kbdclass *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mchInjDrv *Deregistered* - mdmxsdk *Deregistered* - mnmdd *Deregistered* - Mouclass *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - MSDTC *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - MSSQL$VC5 *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NDIS_RD *Deregistered* - Ndiskio *Deregistered* - NdisTapi *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NEDAP VC4 Controller Server *Deregistered* - NEDAP VC5 Scheduler *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - NetworkX *Deregistered* - Nla *Deregistered* - Norman NJeeves *Deregistered* - Norman ZANDA *Deregistered* - NPC *Deregistered* - Npfs *Deregistered* - NPFSvc32 *Deregistered* - NPROSEC *Deregistered* - NPROSECSVC *Deregistered* - nsesvc *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - NUAA *Deregistered* - NvcMFlt *Deregistered* - nvcoas *Deregistered* - NVCScheduler *Deregistered* - NVOY *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - PCIIde *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - RasAuto *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - rdpdr *Deregistered* - RemoteAccess *Deregistered* - RemoteRegistry *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - SMTPSVC *Deregistered* - Spooler *Deregistered* - SQLAgent$VC5 *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TDI_RD *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - upnphost *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - W3SVC *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WS2IFSL *Deregistered* - wscsvc *Deregistered* - wuauserv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68b0b579-02d8-11dc-a175-000c76af206b}] \Shell\AutoRun\command - E:\LaunchU3.exe . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.aftenbladet.no/ LSP: c:\programfiler\Norman\npc\bin\nlf.dll DPF: {76E11BD9-E2F5-4F12-9922-A372B26B0F56} - hxxp://medlem.tine.no/hk/komponent/ddTabHandler.dll DPF: {B6C10489-FB89-11D4-93C9-006008A7EED4} - hxxp://localhost/vc5/navigation/teechart/Teesmall5.cab DPF: {FEE62325-41BF-4421-8811-33CAFBE7EF6C} - hxxp://localhost/vc5/navigation/socketx/socketx.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 11:34:06 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-02-02 11:36:06 ComboFix-quarantined-files.txt 2009-02-02 10:36:02 ComboFix2.txt 2009-02-01 12:13:04 ComboFix3.txt 2009-01-31 17:37:24 ComboFix4.txt 2009-01-31 13:34:48 Pre-Run: 65,243,906,048 byte ledig Post-Run: 65,242,210,304 byte ledig 317 --- E O F --- 2009-01-29 17:01:10