ComboFix 09-02-02.04 - Server 2009-02-03 17:56:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.958.541 [GMT 1:00] Kjører fra: c:\documents and settings\Server\Skrivebord\ComboFix.exe AV: Trend Micro PC-cillin Internet Security 2006 *On-access scanning disabled* (Updated) FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\FTPx.dll c:\windows\system32\SOCKETX.DLL . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-03 til 2009-02-03 ))))))))))))))))))))))))))))))))) . 2009-02-02 11:17 . 2009-02-02 11:17 d-------- c:\programfiler\Google 2009-02-02 11:16 . 2009-02-03 09:23 d-------- c:\programfiler\NOS 2009-02-02 11:16 . 2009-02-03 09:23 d-------- c:\documents and settings\All Users\Programdata\NOS 2009-01-30 13:38 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-30 13:38 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-30 13:38 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-30 13:38 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-30 13:38 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-01-30 13:38 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-30 13:37 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-01-30 13:36 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-01-30 13:31 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-30 13:31 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-01-30 13:28 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2009-01-29 15:16 . 2001-01-24 07:11 552,960 --a------ c:\windows\system32\saxzip.ocx 2009-01-22 16:05 . 2009-02-03 17:48 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-01-22 16:05 . 2009-01-22 16:05 d-------- c:\documents and settings\Server\Programdata\Malwarebytes 2009-01-22 16:05 . 2009-01-22 16:05 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-01-22 16:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-22 16:05 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-14 17:44 . 2009-01-14 17:44 dr------- c:\documents and settings\Server\Programdata\Brother 2009-01-13 11:56 . 2009-01-14 17:44 429 --a------ c:\windows\brwmark.ini 2009-01-13 11:56 . 2009-01-13 11:56 208 --a------ c:\windows\Brpfx04a.ini 2009-01-13 11:56 . 2009-01-13 11:56 92 --a------ c:\windows\brpcfx.ini 2009-01-13 11:56 . 2009-01-13 11:58 65 --a------ c:\windows\system32\BD7420.dat 2009-01-13 11:56 . 2009-01-13 11:56 52 --a------ c:\windows\BRPP2KA.INI 2009-01-13 11:55 . 2004-11-02 21:19 120,832 --a------ c:\windows\system32\BrWia04b.dll 2009-01-13 11:55 . 2003-08-21 01:00 77,824 --------- c:\windows\system32\BROSNMP.DLL 2009-01-13 11:55 . 2004-08-16 00:00 73,728 --------- c:\windows\system32\brrbtool.exe 2009-01-13 11:55 . 2006-01-18 22:44 53,248 --a------ c:\windows\system32\drivers\BrSerIf.sys 2009-01-13 11:55 . 2004-11-25 11:11 50,688 --------- c:\windows\system32\brinsstr.dll 2009-01-13 11:55 . 2004-09-21 13:11 37,888 --a------ c:\windows\system32\BrUSi04b.dll 2009-01-13 11:55 . 2004-09-24 00:00 24,223 --------- c:\windows\system32\brlm03a.dll 2009-01-13 11:55 . 2004-10-15 12:50 15,295 --a------ c:\windows\system32\drivers\BrScnUsb.sys 2009-01-13 11:55 . 2006-01-19 03:17 11,904 --a------ c:\windows\system32\drivers\BrUsbSer.sys 2009-01-13 11:54 . 2009-01-13 11:54 d-------- c:\programfiler\Common Files 2009-01-13 11:54 . 2009-01-13 11:55 d-------- c:\programfiler\Brother 2009-01-13 11:54 . 2009-01-13 11:54 d-------- C:\Brother 2009-01-13 11:54 . 2004-12-03 01:26 188,416 --------- c:\windows\system32\PDRVINST.DLL 2009-01-13 11:54 . 2004-12-10 16:35 147,456 --------- c:\windows\brunin03.dll 2009-01-13 11:54 . 2004-10-13 01:00 122,880 --------- c:\windows\system32\BrfxD04a.dll 2009-01-13 11:54 . 2002-10-31 01:09 81,920 --------- c:\windows\system32\BrWebIns.dll 2009-01-13 11:54 . 2003-07-03 01:08 65,536 --------- c:\windows\system32\BRWEBUP.EXE 2009-01-13 11:54 . 2001-11-15 01:00 6,224 --------- c:\windows\CVRPAGE.bmp 2009-01-13 11:54 . 2003-11-28 18:57 0 --a------ c:\windows\brdfxspd.dat 2009-01-13 11:52 . 2009-01-13 11:52 d-------- c:\documents and settings\All Users\Programdata\Brother 2009-01-13 11:12 . 2008-04-13 20:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-13 11:12 . 2008-04-13 20:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 16:59 --------- d-----w c:\documents and settings\Server\Programdata\Hamachi 2009-02-03 08:23 --------- d-----w c:\programfiler\LogMeIn 2009-02-03 08:23 --------- d-----w c:\documents and settings\Server\Programdata\OpenOffice.org2 2009-02-02 10:21 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-01-29 14:17 --------- d-----w c:\programfiler\IMButikk3 2009-01-13 10:54 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-13 10:54 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-08 11:19 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-08-25 13:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008082520080826\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-29_14.59.11,98 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-10 01:13:05 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll + 2007-11-30 12:39:50 17,784 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe + 2007-11-30 12:39:50 17,784 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll + 2008-10-23 12:45:15 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:08:08 17,784 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:08:08 232,824 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:08:08 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:44:45 760,696 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:44:52 385,912 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll + 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2008-08-14 13:27:44 2,147,328 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 13:27:48 2,067,840 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 13:27:45 2,025,984 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 13:27:48 2,190,976 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2007-03-06 02:01:51 214,752 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll + 2007-08-13 17:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll + 2008-06-23 16:57:25 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll + 2008-06-23 16:57:25 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll + 2008-06-23 16:57:25 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll + 2008-06-23 16:57:26 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll + 2008-06-23 16:57:26 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll + 2008-06-23 09:22:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe + 2008-06-23 16:57:27 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll + 2008-06-23 16:57:27 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll + 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll + 2008-06-23 16:57:27 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll + 2008-06-23 16:57:27 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll + 2008-06-23 16:57:31 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll + 2008-06-23 16:57:31 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll + 2008-06-23 16:57:31 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll + 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe + 2008-06-23 09:23:15 625,664 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe + 2008-06-23 16:57:33 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll + 2008-06-23 16:57:33 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll + 2008-06-23 16:57:33 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll + 2008-06-23 16:57:37 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll + 2008-06-23 16:57:38 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll + 2008-06-23 16:57:38 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll + 2008-06-23 16:57:39 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll + 2008-06-23 16:57:39 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll + 2007-03-06 02:01:51 214,752 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll + 2008-06-23 16:57:39 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll + 2008-06-23 16:57:39 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll + 2008-06-23 16:57:40 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll + 2008-06-23 16:57:40 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll + 2008-06-24 08:57:38 3,592,192 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll + 2007-03-06 02:01:51 214,752 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll + 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1044-7B44-A90000000001}\SC_Reader.exe - 2008-06-23 16:57:25 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-10-16 20:33:22 124,928 ----a-w c:\windows\system32\advpack.dll - 2008-04-14 17:51:02 577,580 ----a-w c:\windows\system32\BAXI.dll + 2008-04-14 16:51:02 577,580 ----a-w c:\windows\system32\BAXI.dll - 2007-07-30 18:19:20 92,504 ----a-w c:\windows\system32\cdm.dll + 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll - 2008-08-25 13:29:33 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-02 10:17:15 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-25 13:29:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat + 2009-02-02 10:17:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat - 2008-08-25 13:29:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2009-02-02 10:17:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat - 2008-06-23 16:57:25 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll + 2008-10-16 20:33:22 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll - 2008-06-20 11:40:08 138,496 -c----w c:\windows\system32\dllcache\afd.sys + 2008-08-14 10:04:36 138,496 -c----w c:\windows\system32\dllcache\afd.sys + 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2008-06-23 16:57:25 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-10-16 20:33:22 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-06-23 16:57:25 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-10-16 20:33:22 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll - 2008-06-23 16:57:26 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-10-16 20:33:22 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-10-23 12:43:42 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll - 2008-06-23 16:57:26 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-10-16 20:33:22 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-06-23 09:22:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe + 2008-10-16 13:15:01 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe - 2008-06-23 16:57:27 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll + 2008-10-16 20:33:22 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll - 2008-06-23 16:57:27 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll + 2008-10-16 20:33:23 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll - 2008-06-21 05:23:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll + 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll - 2008-06-23 16:57:27 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-10-16 20:33:23 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-06-23 16:57:27 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll + 2008-10-16 20:33:23 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll - 2008-06-23 16:57:31 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-10-16 20:33:26 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-06-23 16:57:31 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll + 2008-10-16 20:33:26 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll - 2008-06-23 16:57:31 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-10-16 20:33:26 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-06-23 09:20:26 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-06-23 09:23:15 625,664 -c--a-w c:\windows\system32\dllcache\iexplore.exe + 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe - 2008-06-23 16:57:33 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-10-16 20:33:27 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2008-04-14 16:22:54 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-10 02:11:20 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe - 2008-06-23 16:57:33 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-10-16 20:33:27 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-06-23 16:57:33 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-10-16 20:33:27 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-06-24 08:57:38 3,592,192 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-06-23 16:57:37 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-10-16 20:33:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-06-23 16:57:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-10-16 20:33:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-06-23 16:57:38 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-10-16 20:33:31 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2008-04-14 17:22:14 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll + 2008-09-04 17:17:41 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll - 2008-04-14 16:22:13 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll + 2008-09-10 01:16:38 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll - 2008-06-23 16:57:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll + 2008-10-16 20:33:31 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll - 2008-06-23 16:57:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-10-16 20:33:31 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll - 2008-04-14 16:22:28 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll + 2008-10-03 10:04:49 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll - 2008-06-23 16:57:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll + 2008-10-16 20:33:31 105,984 -c--a-w c:\windows\system32\dllcache\url.dll - 2008-06-23 16:57:39 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-10-16 20:33:32 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2007-08-13 17:54:10 765,952 -c--a-w c:\windows\system32\dllcache\VGX.dll + 2008-05-27 17:30:38 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll - 2008-06-23 16:57:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll + 2008-10-16 20:33:32 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll - 2008-06-23 16:57:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-10-16 20:33:33 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2008-04-14 16:22:32 1,053,184 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll + 2008-06-10 05:11:46 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2008-04-14 16:23:28 2,109,440 -c--a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-11-07 15:45:32 2,174,976 -c--a-w c:\windows\system32\dllcache\WMVCore.dll + 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2007-07-30 18:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 13:12:24 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll - 2008-06-20 11:40:08 138,496 ----a-w c:\windows\system32\drivers\afd.sys + 2008-08-14 10:04:36 138,496 ----a-w c:\windows\system32\drivers\afd.sys - 2008-04-13 19:17:01 456,576 ----a-w c:\windows\system32\drivers\mrxsmb.sys + 2008-10-24 11:21:09 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys - 2005-09-27 14:23:12 25,088 ----a-w c:\windows\system32\drivers\tmpreflt.sys + 2008-11-26 16:42:40 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys - 2005-09-27 14:23:40 183,808 ----a-w c:\windows\system32\drivers\tmxpflt.sys + 2008-11-26 16:42:42 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys - 2005-09-27 14:23:54 962,672 ----a-w c:\windows\system32\drivers\VsapiNT.sys + 2008-11-26 16:39:56 1,195,384 ----a-w c:\windows\system32\drivers\VsapiNT.sys - 2008-06-23 16:57:25 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-10-16 20:33:22 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-06-23 16:57:25 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-10-16 20:33:22 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-06-23 16:57:26 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-10-16 20:33:22 133,120 ----a-w c:\windows\system32\extmgr.dll - 2009-01-24 08:11:49 103,032 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-01-31 02:09:39 103,032 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-04-14 16:22:02 285,184 ----a-w c:\windows\system32\gdi32.dll + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\system32\gdi32.dll - 2008-06-23 16:57:26 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-10-16 20:33:22 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-06-23 09:22:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-10-16 13:15:01 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-06-23 16:57:27 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-10-16 20:33:22 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-06-23 16:57:27 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-10-16 20:33:23 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-06-21 05:23:54 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-06-23 16:57:27 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-10-16 20:33:23 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-06-23 16:57:27 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-10-16 20:33:23 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-06-23 16:57:31 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-10-16 20:33:26 6,066,176 ----a-w c:\windows\system32\ieframe.dll - 2008-06-23 16:57:31 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-10-16 20:33:26 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-06-23 16:57:31 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-10-16 20:33:26 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2008-06-23 16:57:33 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-10-16 20:33:27 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2008-04-14 16:22:54 103,936 ----a-w c:\windows\system32\logagent.exe + 2008-06-10 02:11:20 103,936 ----a-w c:\windows\system32\logagent.exe - 2008-08-05 09:11:02 15,888,504 ----a-w c:\windows\system32\MRT.exe + 2009-01-09 16:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe - 2004-02-22 23:00:00 78,848 ----a-w c:\windows\system32\Msbind.dll + 2004-02-22 22:00:00 78,848 ----a-w c:\windows\system32\Msbind.dll - 2008-06-23 16:57:33 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-10-16 20:33:27 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-06-23 16:57:33 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-10-16 20:33:27 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-06-24 08:57:38 3,592,192 ----a-w c:\windows\system32\mshtml.dll + 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll - 2008-06-23 16:57:37 477,696 ----a-w c:\windows\system32\mshtmled.dll + 2008-10-16 20:33:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-06-23 16:57:38 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-10-16 20:33:30 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-06-23 16:57:38 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-10-16 20:33:31 671,232 ----a-w c:\windows\system32\mstime.dll - 2008-04-14 17:22:14 1,104,896 ----a-w c:\windows\system32\msxml3.dll + 2008-09-04 17:17:41 1,106,944 ----a-w c:\windows\system32\msxml3.dll - 2008-04-14 16:22:13 1,306,624 ------w c:\windows\system32\msxml6.dll + 2008-09-10 01:16:38 1,307,648 ------w c:\windows\system32\msxml6.dll + 2008-10-16 13:07:48 208,744 ----a-w c:\windows\system32\muweb.dll - 2008-04-14 16:22:14 337,408 ----a-w c:\windows\system32\netapi32.dll + 2008-10-15 16:38:04 337,408 ----a-w c:\windows\system32\netapi32.dll - 2008-04-14 15:53:16 2,067,584 ----a-w c:\windows\system32\ntkrnlpa.exe + 2008-08-14 13:27:48 2,067,840 ----a-w c:\windows\system32\ntkrnlpa.exe - 2008-04-14 15:53:54 2,190,720 ----a-w c:\windows\system32\ntoskrnl.exe + 2008-08-14 13:27:48 2,190,976 ----a-w c:\windows\system32\ntoskrnl.exe - 2008-06-23 16:57:39 102,912 ----a-w c:\windows\system32\occache.dll + 2008-10-16 20:33:31 102,912 ----a-w c:\windows\system32\occache.dll - 2008-06-23 16:57:39 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-10-16 20:33:31 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll - 2008-04-14 16:22:28 246,814 ----a-w c:\windows\system32\strmdll.dll + 2008-10-03 10:04:49 247,326 ----a-w c:\windows\system32\strmdll.dll - 2008-07-11 12:42:28 62,976 ----a-w c:\windows\system32\tzchange.exe + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe - 2008-06-23 16:57:39 105,984 ----a-w c:\windows\system32\url.dll + 2008-10-16 20:33:31 105,984 ----a-w c:\windows\system32\url.dll - 2008-06-23 16:57:39 1,159,680 ----a-w c:\windows\system32\urlmon.dll + 2008-10-16 20:33:32 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-06-23 16:57:40 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-10-16 20:33:32 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-04-14 15:43:42 1,845,632 ----a-w c:\windows\system32\win32k.sys + 2008-09-15 15:29:07 1,846,400 ----a-w c:\windows\system32\win32k.sys - 2008-06-23 16:57:40 826,368 ----a-w c:\windows\system32\wininet.dll + 2008-10-16 20:33:33 826,368 ----a-w c:\windows\system32\wininet.dll - 2008-04-14 16:22:32 1,053,184 ----a-w c:\windows\system32\wmnetmgr.dll + 2008-06-10 05:11:46 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll - 2008-04-14 16:23:28 2,109,440 ----a-w c:\windows\system32\wmvcore.dll + 2008-11-07 15:45:32 2,174,976 ----a-w c:\windows\system32\WMVCore.dll - 2007-07-30 18:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll + 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll - 2007-07-30 18:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe + 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe - 2007-07-30 18:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll + 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll - 2007-07-30 18:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll - 2007-07-30 18:18:40 33,624 ----a-w c:\windows\system32\wups.dll + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll - 2007-07-30 18:19:12 43,352 ----a-w c:\windows\system32\wups2.dll + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll - 2007-07-30 18:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll + 2008-10-16 13:12:24 202,776 ----a-w c:\windows\system32\wuweb.dll + 2009-02-03 08:23:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_284.dat + 2009-02-03 08:23:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5dc.dat + 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2008-04-15 17:51:52 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-02 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\programfiler\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 540672] "TBSysTray"="c:\programfiler\UPDD\TBSystry.exe" [2005-01-01 675913] "LogMeIn GUI"="c:\programfiler\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-08 136600] "SetDefPrt"="c:\programfiler\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152] "ControlCenter2.0"="c:\programfiler\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256] "pccguide.exe"="c:\programfiler\Trend Micro\Internet Security 2006\pccguide.exe" [2005-12-06 897089] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2006-12-15 c:\windows\system32\VTTrayp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Server\Start-meny\Programmer\Oppstart\ hamachi.lnk - c:\programfiler\Hamachi\hamachi.exe [2008-08-25 625952] OpenOffice.org 2.3.lnk - c:\programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Service Manager.lnk - c:\programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-18 08:28 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Hamachi\\hamachi.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:5900 "1433:TCP"= 1433:TCP:1433 "5033:TCP"= 5033:TCP:hucsbtry R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-11-29 17920] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programfiler\LogMeIn\x86\rainfo.sys [2008-02-28 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-08-25 47640] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-09-27 205328] R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-12-06 340040] R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-12-02 634944] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-09-27 36368] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-12-02 286791] R3 TBUPDD;Universal Pointer Device Driver;c:\windows\system32\drivers\TBUPDDWD.SYS [2007-11-29 355897] S2 smfnppm;Driver Config;c:\windows\system32\svchost.exe -k netsvcs [2007-08-02 14336] S3 S12345;S12345;\??\d:\s12345.sys --> d:\s12345.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs smfnppm . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-AdobeUpdater - c:\programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-03 17:59:15 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = c:\programfiler\VIAudioi\SBADeck\ADeck.exe 1????\ ?|????d:\codec\VIACODE???|???|??????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smfnppm] "ServiceDll"="c:\windows\system32\aumex.dll" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\LMIinit.dll c:\windows\system32\wbem\wbemcomn.dll . Tidspunkt ferdig: 2009-02-03 18:01:38 ComboFix-quarantined-files.txt 2009-02-03 17:01:34 ComboFix2.txt 2009-01-29 14:00:52 Pre-Run: 72 785 682 432 byte ledig Post-Run: 72,798,081,024 byte ledig 440 --- E O F --- 2009-01-31 02:03:32