ComboFix 09-02-06.04 - eier 2009-02-07 17:54:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1014.556 [GMT 1:00] Kjører fra: c:\documents and settings\eier\Skrivebord\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) FW: Trend Micro Personal Firewall *enabled* * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\winamp.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-07 til 2009-02-07 ))))))))))))))))))))))))))))))))) . 2009-02-07 17:38 . 2009-02-07 17:38 d-------- c:\documents and settings\eier\Programdata\Malwarebytes 2009-02-07 17:38 . 2009-02-07 17:38 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-07 17:38 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-07 17:38 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-07 17:35 . 2009-02-07 17:38 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-07 16:48 . 2009-02-07 17:28 22,066 --a------ C:\pap.exe 2009-02-07 14:43 . 2009-02-07 17:58 29,184 --a------ C:\sihw.exe 2009-02-06 06:45 . 2009-02-06 06:45 24,158 --a------ C:\fef.exe 2009-02-04 20:38 . 2009-02-04 20:38 29,184 --a------ c:\windows\system32\izktkvwu.exe 2009-02-04 18:18 . 2009-02-04 18:18 49,202 -r-hs---- c:\windows\wswc.exe 2009-02-04 18:18 . 2009-02-04 20:37 49,202 --a------ C:\am.exe 2009-02-03 17:13 . 2009-02-03 17:13 dr-h----- c:\documents and settings\eier\Siste 2009-02-03 16:58 . 2009-02-03 16:58 29,184 --a------ c:\windows\system32\yxcfir.exe 2009-01-23 15:35 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll 2009-01-23 15:34 . 2009-01-23 15:34 d-------- c:\programfiler\Microsoft ActiveSync 2009-01-23 15:33 . 2009-01-23 15:34 d-------- c:\windows\SHELLNEW 2009-01-23 15:26 . 2009-01-23 15:30 419,174,400 --a------ C:\OFFICE2003.ISO 2009-01-23 15:25 . 2009-01-23 15:26 82,219,008 --a------ C:\ONENOTE.ISO 2009-01-23 15:23 . 2009-01-23 15:35 382 --a------ c:\windows\ODBC.INI 2009-01-23 15:21 . 2009-01-23 15:21 d-------- c:\programfiler\Microsoft.NET 2009-01-23 15:20 . 2009-01-23 15:20 dr-h----- C:\MSOCache 2009-01-10 00:09 . 2009-02-07 17:57 d-------- c:\documents and settings\eier\Tracing 2009-01-09 23:59 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-01-09 23:58 . 2009-01-09 23:58 d-------- c:\programfiler\Microsoft Sync Framework 2009-01-09 23:54 . 2009-01-09 23:54 d-------- c:\programfiler\Microsoft 2009-01-09 23:53 . 2009-01-09 23:53 d-------- c:\programfiler\Windows Live SkyDrive 2009-01-09 23:50 . 2009-01-09 23:50 d-------- c:\programfiler\Fellesfiler\Windows Live . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 16:57 --------- d-----w c:\programfiler\Steam 2009-01-30 22:04 --------- d-----w c:\documents and settings\eier\Programdata\LimeWire 2009-01-30 20:36 34 ----a-w c:\documents and settings\eier\jagex_runescape_preferences.dat 2009-01-19 12:43 --------- d-----w c:\programfiler\LingDys 3.0 2009-01-15 22:24 --------- d-----w c:\programfiler\Google 2009-01-15 20:53 --------- d-----w c:\programfiler\Windows Live 2009-01-09 23:02 --------- d-----w c:\programfiler\Windows Live Toolbar 2008-12-26 21:32 --------- d-----w c:\programfiler\Microsoft Silverlight 2008-12-26 14:31 --------- d-----w c:\programfiler\LMMS 0.4.2 2008-12-24 23:31 28,648 ----a-w c:\windows\system32\drivers\INFCACHE.1 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 08:12 --------- d-----w c:\documents and settings\eier\Programdata\LingDys 2008-12-10 08:06 --------- d-----w c:\documents and settings\All Users\Programdata\LingDys 2008-12-09 12:10 --------- d-----w c:\programfiler\LingSpeak 1.0 2008-12-04 23:36 308,072 ----a-w c:\windows\WLXPGSS.SCR . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "Steam"="c:\programfiler\Steam\Steam.exe" [2008-12-07 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "LaunchAp"="c:\programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\programfiler\Launch Manager\HotkeyApp.exe" [2006-11-09 192512] "Wbutton"="c:\programfiler\Launch Manager\Wbutton.exe" [2006-11-09 86016] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 761946] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "fssui"="c:\programfiler\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984] "OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-04-21 710000] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696] "Microsoft Internet Explorer"="c:\windows\system32\iexplore.exe" [2008-04-14 79001] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "Windows UDP's Control Service"="wswc.exe" [2009-02-04 c:\windows\wswc.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Bluetooth Manager.lnk - c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-08-02 2760704] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12345:TCP"= 12345:TCP:Trend Micro OfficeScan Listener R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-09-12 9867] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55136] R2 fsssvc;Windows Live Tryggere for familien;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] R2 SeaPort;SeaPort;c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R2 TmFilter;Trend Micro Filter;c:\programfiler\Trend Micro\OfficeScan Client\tmxpflt.sys [2008-08-16 205328] R2 TmPreFilter;Trend Micro PreFilter;c:\programfiler\Trend Micro\OfficeScan Client\tmpreflt.sys [2008-08-16 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-02-04 315920] R3 TmPfw;OfficeScan NT Firewall;c:\programfiler\Trend Micro\OfficeScan Client\TmPfw.exe [2008-02-04 939344] R3 WisLMSvc;WisLMSvc;c:\programfiler\Launch Manager\WisLMSvc.exe [2008-09-12 118784] S1 mailKmd;mailKmd; [x] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-11-22 90536] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-11-22 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-11-22 122152] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-11-22 115496] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-11-22 25768] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-11-22 111912] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-11-22 117672] S3 TmProxy;OfficeScan NT Proxy Service;c:\programfiler\Trend Micro\OfficeScan Client\TmProxy.exe [2008-02-04 558416] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f80d0a4-a729-11dd-8e44-0018de366120}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4c921af-8007-11dd-8e14-001641969765}] \Shell\Auto\command - Start.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff499072-ab56-11dd-8e4a-001641969765}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-CtrlVol - c:\programfiler\Launch Manager\CtrlVol.exe . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-07 17:57:28 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\programfiler\Launch Manager\CtrlVol.exe??X???0???\???????0??????????????|???|???????|????????L???????8'????F?????????????h?????????????B????????|@??|????=??|[?A?????????z?A?v?&???B~??????F?4^@???????????????A?*