ComboFix 09-02-12.03 - Ole-Johnny Mauritzen 2009-02-13 22:35:26.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.511.207 [GMT 1:00] Kjører fra: c:\documents and settings\Ole-Johnny Mauritzen\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Ole-Johnny Mauritzen\Skrivebord\CFScript.txt..txt * Opprettet nytt gjenopprettingspunkt FILE :: C:\.rnd C:\ryhjpas.exe c:\windows\system32\LMIinit.dll c:\windows\system32\LMIport.dll c:\windows\system32\LMIRfsClientNP.dll.000.bak c:\documents and settings\LogMeInRemoteUser -- Whitelisted -- . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\.rnd c:\documents and settings\All Users\Programdata\LogMeIn C:\ryhjpas.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-13 til 2009-02-13 ))))))))))))))))))))))))))))))))) . 2009-02-12 00:45 . 2009-02-12 00:45 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-12 00:45 . 2009-02-12 00:45 d-------- c:\documents and settings\Ole-Johnny Mauritzen\Programdata\Malwarebytes 2009-02-12 00:45 . 2009-02-12 00:45 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-12 00:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-12 00:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-12 00:24 . 2009-02-12 00:34 d-a------ c:\documents and settings\All Users\Programdata\TEMP 2009-02-11 23:01 . 2009-02-11 23:01 664 --a------ c:\windows\system32\d3d9caps.dat 2009-02-11 22:53 . 2009-02-11 22:54 d-------- C:\rsit 2009-02-11 22:53 . 2009-02-11 22:54 d-------- c:\programfiler\trend micro 2009-02-10 23:54 . 2009-01-26 00:55 dr------- c:\documents and settings\LogMeInRemoteUser\Start-meny 2009-02-10 23:54 . 2009-01-26 00:55 d--h----- c:\documents and settings\LogMeInRemoteUser\Skrivere 2009-02-10 23:54 . 2009-01-26 00:55 d-------- c:\documents and settings\LogMeInRemoteUser\Skrivebord 2009-02-10 23:54 . 2009-01-26 00:55 d--h----- c:\documents and settings\LogMeInRemoteUser\Siste 2009-02-10 23:54 . 2009-01-26 00:55 dr-h----- c:\documents and settings\LogMeInRemoteUser\Programdata 2009-02-10 23:54 . 2009-01-26 00:55 d-------- c:\documents and settings\LogMeInRemoteUser\Mine dokumenter 2009-02-10 23:54 . 2009-01-26 00:02 d--h----- c:\documents and settings\LogMeInRemoteUser\Maler 2009-02-10 23:54 . 2009-02-13 22:37 d--h----- c:\documents and settings\LogMeInRemoteUser\Lokale innstillinger 2009-02-10 23:54 . 2009-01-26 00:55 d-------- c:\documents and settings\LogMeInRemoteUser\Favoritter 2009-02-10 23:54 . 2009-01-26 00:55 d--h----- c:\documents and settings\LogMeInRemoteUser\AndrMask 2009-02-10 23:54 . 2009-02-10 23:54 d-------- c:\documents and settings\LogMeInRemoteUser 2009-01-31 13:58 . 2009-01-31 13:58 d-------- c:\programfiler\Telenor 2009-01-31 13:58 . 2009-01-31 13:58 d-------- c:\programfiler\Fellesfiler\GtFlashSwitch 2009-01-29 21:26 . 2009-01-29 21:26 d-------- c:\documents and settings\Ole-Johnny Mauritzen\Programdata\Template 2009-01-29 21:26 . 2009-02-11 22:15 2,124 --a------ c:\documents and settings\Ole-Johnny Mauritzen\Programdata\wklnhst.dat 2009-01-29 21:19 . 2009-01-29 21:23 d-------- c:\programfiler\Microsoft Works 2009-01-28 01:06 . 2009-01-28 01:06 d-------- c:\programfiler\Office 2009-01-28 01:01 . 2009-01-28 01:01 d-------- C:\sql2ksp3 2009-01-28 00:45 . 2009-01-28 00:46 d-------- C:\Winfakt Xpert 2009-01-28 00:45 . 2009-01-28 00:44 286,720 --a------ c:\windows\iun506.exe 2009-01-28 00:25 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-28 00:25 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-01-28 00:25 . 2008-04-13 19:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-01-27 22:43 . 2009-01-27 22:43 2 --a------ C:\1615134038 2009-01-27 22:00 . 2009-02-13 21:03 d-------- c:\programfiler\DNA 2009-01-27 22:00 . 2009-01-27 22:00 d-------- c:\programfiler\BitTorrent 2009-01-27 22:00 . 2009-02-13 22:33 d-------- c:\documents and settings\Ole-Johnny Mauritzen\Programdata\DNA 2009-01-27 22:00 . 2009-01-27 22:48 d-------- c:\documents and settings\Ole-Johnny Mauritzen\Programdata\BitTorrent 2009-01-26 20:00 . 2009-01-26 20:01 d-------- c:\programfiler\Fellesfiler\Adobe 2009-01-26 19:56 . 2009-01-26 22:34 d-------- c:\programfiler\NOS 2009-01-26 19:56 . 2009-02-09 16:41 d-------- c:\programfiler\Google 2009-01-26 19:56 . 2009-01-26 22:34 d-------- c:\documents and settings\All Users\Programdata\NOS 2009-01-26 19:53 . 2009-01-26 19:53 d-------- c:\windows\Sun 2009-01-26 19:53 . 2009-01-26 19:52 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-26 19:53 . 2009-01-26 19:52 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-26 19:52 . 2009-01-26 19:52 d-------- c:\programfiler\Java 2009-01-26 19:50 . 2009-01-26 19:50 0 --a------ c:\windows\VPC32.INI 2009-01-26 18:26 . 2009-02-01 18:00 d-------- C:\Downloads 2009-01-26 18:16 . 2009-01-26 18:15 124,167 --a------ c:\windows\system32\SYMEVNT.386 2009-01-26 18:16 . 2009-01-26 18:15 83,208 --a------ c:\windows\system32\S32EVNT1.DLL 2009-01-26 18:16 . 2009-01-26 18:15 73,624 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-26 18:15 . 2009-01-26 18:15 d-------- c:\programfiler\Symantec_Client_Security 2009-01-26 18:15 . 2009-01-26 18:16 d-------- c:\programfiler\Symantec 2009-01-26 18:15 . 2009-01-26 18:16 d-------- c:\programfiler\Fellesfiler\Symantec Shared 2009-01-26 18:15 . 2009-01-26 18:15 d-------- c:\documents and settings\All Users\Programdata\Symantec 2009-01-26 11:59 . 2009-01-26 13:19 4,352 --a------ c:\windows\system32\drivers\cleanhelper.sys 2009-01-26 02:02 . 2008-12-21 00:03 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-01-26 02:02 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-01-26 02:02 . 2007-03-08 06:11 1,007,616 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-26 02:02 . 2008-12-21 00:03 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-01-26 02:02 . 2008-12-21 00:03 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-01-26 02:02 . 2008-12-21 00:03 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-01-26 02:02 . 2008-12-21 00:03 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-01-26 02:02 . 2008-12-21 00:03 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-26 02:02 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-01-26 01:54 . 2009-02-11 22:11 11,994 --a------ c:\windows\system32\nvModes.dat 2009-01-26 01:54 . 2009-02-13 21:03 11,994 --a------ c:\windows\system32\nvModes.001 2009-01-26 01:43 . 2009-01-26 01:54 d-------- c:\windows\nview 2009-01-26 01:43 . 2004-10-26 12:01 176,128 --a------ c:\windows\system32\nvudisp.exe 2009-01-26 01:43 . 2004-10-26 12:01 13,866 --a------ c:\windows\system32\nvdisp.nvu 2009-01-26 01:28 . 2009-01-26 01:28 d-------- c:\windows\system32\CatRoot_bak 2009-01-26 01:23 . 2009-01-26 01:23 d-------- c:\windows\system32\no 2009-01-26 01:23 . 2009-01-26 02:03 d-------- c:\windows\system32\nb-no 2009-01-26 01:23 . 2009-01-26 01:23 d-------- c:\windows\system32\bits 2009-01-26 01:23 . 2009-01-26 01:23 d-------- c:\windows\l2schemas 2009-01-26 01:23 . 2008-06-14 18:36 272,256 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-01-26 01:20 . 2009-01-26 01:23 d-------- c:\windows\ServicePackFiles 2009-01-26 01:19 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-01-26 01:18 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-26 01:18 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-26 01:18 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-26 01:18 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-26 01:09 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-26 01:09 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-01-26 01:09 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2009-01-26 01:08 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-01-26 01:08 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-01-26 01:06 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-01-26 01:05 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-25 23:36 --------- d-----w c:\programfiler\Broadcom 2009-01-25 23:34 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-25 23:34 --------- d-----w c:\programfiler\SigmaTel 2009-01-25 23:33 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-25 23:33 --------- d-----w c:\programfiler\CONEXANT 2009-01-25 23:27 --------- d-----w c:\programfiler\Intel 2009-01-25 23:24 --------- d-----w c:\programfiler\Dell 2009-01-25 23:18 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-01-25 23:08 --------- d-----w c:\programfiler\microsoft frontpage 2009-01-25 23:05 --------- d-----w c:\programfiler\Elektroniske tjenester 2009-01-25 23:04 --------- d-----w c:\programfiler\Fellesfiler\Tjenester 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1615134038 -- Not a PE file. MD5: 444bcb3a3fcf8389296c49467f27e1d6 ---- Directory of C:\1615134038 ---- c:\1615134038\ ((((((((((((((((((((((((((((( SnapShot@2009-02-12_ 0.10.25,19 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-26 00:35:33 40,326 ----a-w c:\windows\system32\perfc009.dat + 2009-02-12 17:58:32 40,326 ----a-w c:\windows\system32\perfc009.dat - 2009-01-26 00:35:33 46,522 ----a-w c:\windows\system32\perfc014.dat + 2009-02-12 17:58:32 46,522 ----a-w c:\windows\system32\perfc014.dat - 2009-01-26 00:35:33 311,938 ----a-w c:\windows\system32\perfh009.dat + 2009-02-12 17:58:32 311,938 ----a-w c:\windows\system32\perfh009.dat - 2009-01-26 00:35:33 319,198 ----a-w c:\windows\system32\perfh014.dat + 2009-02-12 17:58:32 319,198 ----a-w c:\windows\system32\perfh014.dat + 2009-02-13 20:03:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_228.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408] "BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2009-01-27 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2005-07-05 639040] "PRONoMgr.exe"="c:\programfiler\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576] "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 90112] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-26 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "nwiz"="nwiz.exe" [2004-10-26 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\Dell\Bluetooth Software\BTTray.exe [2004-04-26 561213] Mobilt bredb†nd.lnk - c:\programfiler\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 733184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2005-07-05 01:33 188482 c:\windows\system32\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\DNA\\btdna.exe"= "c:\\Programfiler\\BitTorrent\\bittorrent.exe"= "c:\\Downloads\\Thomson\\ST510v4_R4.3.2.6 upgrade wizard\\UpgradeWizard\\upgradeST.exe"= "c:\\Downloads\\Thomson\\ST510v4_R4.3.2.6 upgrade wizard\\ST510v4_R4.3.2.6 upgrade wizard\\UpgradeWizard\\upgradeST.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1718:UDP"= 1718:UDP:Windows Media Format SDK (iexplore.exe) "1719:UDP"= 1719:UDP:Windows Media Format SDK (iexplore.exe) R2 GtFlashSwitch;GtFlashSwitch;c:\programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128] R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160] S1 b1e67abd;b1e67abd;c:\windows\system32\drivers\b1e67abd.sys --> c:\windows\system32\drivers\b1e67abd.sys [?] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2007-04-14 122496] S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-04-14 8064] S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007-04-14 37120] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.sol.no/ IE: Send To &Bluetooth - c:\programfiler\Dell\Bluetooth Software\btsendto_ie_ctx.htm TCP: {1B795C9C-DDD4-448D-B493-33C85AF32892} = 130.67.60.68,193.213.112.4 TCP: {DE28410A-824F-4417-9650-5AA1960B3B45} = 130.67.60.68,193.213.112.4 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-13 22:37:58 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(976) c:\windows\system32\LgNotify.dll . Tidspunkt ferdig: 2009-02-13 22:40:05 ComboFix-quarantined-files.txt 2009-02-13 21:40:01 ComboFix2.txt 2009-02-12 00:06:49 ComboFix3.txt 2009-02-11 23:11:44 Pre-Run: 93 345 984 512 byte ledig Post-Run: 93,358,981,120 byte ledig 214 --- E O F --- 2009-02-11 20:40:47