ComboFix 09-02-12.03 - eier 2009-02-14 14:12:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1014.545 [GMT 1:00] Kjører fra: c:\documents and settings\eier\Skrivebord\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) FW: Trend Micro Personal Firewall *enabled* * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\303369.exe c:\windows\system32\init32.exe c:\windows\system32\kazaabackupfiles c:\windows\system32\kazaabackupfiles\shServ.exe c:\windows\system32\uniq.tll c:\windows\system32\win32hlp.cnf [color=blue]Infisert kopi av c:\windows\system32\userinit.exe ble funnet og desinfisert Gjenopprettet kopi fra - c:\windows\$NtServicePackUninstall$\userinit.exe[/COLOR] . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-14 til 2009-02-14 ))))))))))))))))))))))))))))))))) . 2009-02-14 14:09 . 2009-02-14 14:09 d-------- C:\32788R22FWJFW 2009-02-14 13:57 . 2009-02-10 21:30 93,184 -r-hs---- c:\windows\system32\kysvr32.exe 2009-02-14 13:45 . 2009-02-14 13:57 dr-h----- c:\documents and settings\eier\Siste 2009-02-11 15:09 . 2009-02-11 15:09 118 --a------ c:\windows\system32\MRT.INI 2009-02-11 15:05 . 2009-02-11 17:38 28,160 --a------ C:\nan.exe 2009-02-10 21:41 . 2009-02-14 14:17 d-------- c:\programfiler\fsdfs 2009-02-10 21:41 . 2009-02-10 21:41 728,092 --a------ c:\windows\bin.exe 2009-02-10 21:30 . 2009-02-10 21:30 93,184 --a------ C:\df.exe 2009-02-09 23:04 . 2009-02-09 23:04 135,559 --a------ c:\documents and settings\eier\bz.exe 2009-02-09 21:38 . 2009-02-09 21:38 191,096 ---hs---- c:\windows\system32\wsncs.exe 2009-02-09 20:41 . 2009-02-09 20:41 32,200 ---h----- c:\windows\system32\rpvgdxv.exe 2009-02-07 17:38 . 2009-02-07 17:38 d-------- c:\documents and settings\eier\Programdata\Malwarebytes 2009-02-07 17:38 . 2009-02-07 17:38 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-07 17:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-07 17:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-07 17:35 . 2009-02-14 13:50 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-06 06:45 . 2009-02-06 06:45 24,158 --a------ C:\fef.exe 2009-02-04 20:38 . 2009-02-04 20:38 29,184 --a------ c:\windows\system32\izktkvwu.exe 2009-01-23 15:35 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll 2009-01-23 15:34 . 2009-01-23 15:34 d-------- c:\programfiler\Microsoft ActiveSync 2009-01-23 15:33 . 2009-01-23 15:34 d-------- c:\windows\SHELLNEW 2009-01-23 15:26 . 2009-01-23 15:30 419,174,400 --a------ C:\OFFICE2003.ISO 2009-01-23 15:25 . 2009-01-23 15:26 82,219,008 --a------ C:\ONENOTE.ISO 2009-01-23 15:23 . 2009-01-23 15:35 382 --a------ c:\windows\ODBC.INI 2009-01-23 15:21 . 2009-01-23 15:21 d-------- c:\programfiler\Microsoft.NET 2009-01-23 15:20 . 2009-01-23 15:20 dr-h----- C:\MSOCache . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-14 13:14 --------- d-----w c:\programfiler\Steam 2009-02-08 22:24 34 ----a-w c:\documents and settings\eier\jagex_runescape_preferences.dat 2009-01-30 22:04 --------- d-----w c:\documents and settings\eier\Programdata\LimeWire 2009-01-19 12:43 --------- d-----w c:\programfiler\LingDys 3.0 2009-01-15 22:24 --------- d-----w c:\programfiler\Google 2009-01-15 20:53 --------- d-----w c:\programfiler\Windows Live 2009-01-09 23:02 --------- d-----w c:\programfiler\Windows Live Toolbar 2009-01-09 22:58 --------- d-----w c:\programfiler\Microsoft Sync Framework 2009-01-09 22:54 --------- d-----w c:\programfiler\Microsoft 2009-01-09 22:53 --------- d-----w c:\programfiler\Windows Live SkyDrive 2009-01-09 22:50 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2008-12-26 21:32 --------- d-----w c:\programfiler\Microsoft Silverlight 2008-12-26 14:31 --------- d-----w c:\programfiler\LMMS 0.4.2 2008-12-24 23:31 28,648 ----a-w c:\windows\system32\drivers\INFCACHE.1 2008-12-04 23:36 308,072 ----a-w c:\windows\WLXPGSS.SCR . ((((((((((((((((((((((((((((( SnapShot@2009-02-07_18.02.59.51 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-30 20:36:01 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll + 2009-02-08 22:24:14 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll - 2009-01-30 20:36:01 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2009-02-08 22:24:14 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2008-10-16 20:33:22 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-10-16 20:33:22 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-10-16 20:33:22 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-10-16 20:33:22 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-10-16 20:33:22 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-10-16 13:15:01 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-10-16 20:33:22 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-10-16 20:33:23 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-10-16 20:33:23 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-10-16 20:33:23 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-10-16 20:33:26 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-10-16 20:33:26 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-10-16 20:33:26 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-10-16 20:33:27 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-10-16 20:33:27 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-10-16 20:33:27 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-10-16 20:33:30 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-10-16 20:33:30 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-10-16 20:33:31 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-10-16 20:33:31 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-10-16 20:33:31 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 02:01:51 214,752 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-10-16 20:33:31 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-10-16 20:33:32 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-10-16 20:33:32 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-10-16 20:33:33 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll + 2007-06-20 04:34:06 135,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\BRTVIEW.DLL + 2007-06-20 04:33:40 86,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\DBSHARE.DLL + 2007-06-20 04:29:50 537,496 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\IMCOMMON.DLL + 2007-06-20 04:34:14 147,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\IMUTIL.DLL + 2007-06-20 04:29:08 335,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\PDSBASE.DLL + 2007-06-20 04:30:34 2,715,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\SG.DLL + 2007-06-20 04:34:36 186,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\SQLSHARE.DLL + 2007-06-20 04:30:32 2,279,776 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\VISFILT.DLL - 2009-01-25 00:05:33 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2009-02-11 14:08:23 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2009-01-25 00:05:33 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2009-02-11 14:08:23 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-01-25 00:05:33 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-02-11 14:08:23 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2009-01-25 00:05:33 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2009-02-11 14:08:23 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-01-25 00:05:33 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2009-02-11 14:08:23 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2009-01-25 00:05:33 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-02-11 14:08:23 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2009-01-25 00:05:33 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-02-11 14:08:23 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2009-01-25 00:05:33 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-02-11 14:08:23 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2009-01-25 00:05:33 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2009-02-11 14:08:23 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2009-01-25 00:05:33 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-02-11 14:08:23 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2009-01-25 00:05:33 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2009-02-11 14:08:23 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2009-01-25 00:05:33 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-02-11 14:08:23 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2009-01-25 00:05:33 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2009-02-11 14:08:23 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2009-01-25 00:05:15 12,288 ----a-r c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2009-02-11 14:08:44 12,288 ----a-r c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2009-01-25 00:05:15 135,168 ----a-r c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2009-02-11 14:08:44 135,168 ----a-r c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2009-01-25 00:05:15 4,096 ----a-r c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-02-11 14:08:44 4,096 ----a-r c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2009-01-25 00:05:15 176,128 ----a-r c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe + 2009-02-11 14:08:44 176,128 ----a-r c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe - 2008-10-16 20:33:22 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 23:03:36 124,928 ----a-w c:\windows\system32\advpack.dll - 2008-11-22 22:54:33 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-11 12:36:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-11-22 22:54:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat + 2009-02-11 12:36:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat + 2009-02-09 22:56:12 1,000,000 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Search Enhancement Pack\Search Box Extension\history.dat + 2009-02-09 22:56:12 78,924 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - 2008-11-22 22:54:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2009-02-11 12:36:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2009-02-09 22:41:20 133,632 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\SX8TM1OF\lsp[1].exe - 2008-10-16 20:33:22 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-12-20 23:03:36 124,928 -c----w c:\windows\system32\dllcache\advpack.dll - 2008-10-16 20:33:22 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 23:03:36 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll - 2008-10-16 20:33:22 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 23:03:36 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll - 2008-10-16 20:33:22 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll + 2008-12-20 23:03:36 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll - 2008-10-16 20:33:22 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-12-20 23:03:36 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-10-16 13:15:01 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-19 09:13:43 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe - 2008-10-16 20:33:22 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 23:03:36 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2008-10-16 20:33:23 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 23:03:36 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll + 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll - 2008-10-16 20:33:23 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-12-20 23:03:37 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-10-16 20:33:23 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-20 23:03:37 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-16 20:33:26 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-12-20 23:03:39 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-10-16 20:33:26 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-12-20 23:03:39 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2008-10-16 20:33:26 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-12-20 23:03:39 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe - 2008-10-16 20:33:27 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll + 2008-12-20 23:03:41 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll - 2008-10-16 20:33:27 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-12-20 23:03:41 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-10-16 20:33:27 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-20 23:03:42 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll + 2009-01-16 20:31:48 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll - 2008-10-16 20:33:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll + 2008-12-20 23:03:45 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll - 2008-10-16 20:33:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 23:03:45 193,024 -c----w c:\windows\system32\dllcache\msrating.dll - 2008-10-16 20:33:31 671,232 -c----w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 23:03:46 671,232 -c----w c:\windows\system32\dllcache\mstime.dll - 2008-10-16 20:33:31 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-12-20 23:03:46 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-10-16 20:33:31 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-20 23:03:46 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll - 2008-10-16 20:33:31 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-12-20 23:03:46 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2008-10-16 20:33:32 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 23:03:47 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll + 2004-08-04 12:00:00 24,576 -c--a-w c:\windows\system32\dllcache\userinit.exe - 2008-10-16 20:33:32 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-12-20 23:03:48 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2008-10-16 20:33:33 826,368 -c----w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 23:03:48 826,368 -c----w c:\windows\system32\dllcache\wininet.dll - 2008-10-16 20:33:22 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-12-20 23:03:36 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-10-16 20:33:22 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-12-20 23:03:36 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-10-16 20:33:22 133,120 ------w c:\windows\system32\extmgr.dll + 2008-12-20 23:03:36 133,120 ------w c:\windows\system32\extmgr.dll - 2008-10-16 20:33:22 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-12-20 23:03:36 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-10-16 13:15:01 70,656 ------w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:13:43 70,656 ------w c:\windows\system32\ie4uinit.exe - 2008-10-16 20:33:22 153,088 ------w c:\windows\system32\ieakeng.dll + 2008-12-20 23:03:36 153,088 ------w c:\windows\system32\ieakeng.dll - 2008-10-16 20:33:23 230,400 ------w c:\windows\system32\ieaksie.dll + 2008-12-20 23:03:36 230,400 ------w c:\windows\system32\ieaksie.dll - 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll - 2008-10-16 20:33:23 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-12-20 23:03:37 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-10-16 20:33:23 384,512 ------w c:\windows\system32\iedkcs32.dll + 2008-12-20 23:03:37 384,512 ------w c:\windows\system32\iedkcs32.dll - 2008-10-16 20:33:26 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-12-20 23:03:39 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-10-16 20:33:26 44,544 ------w c:\windows\system32\iernonce.dll + 2008-12-20 23:03:39 44,544 ------w c:\windows\system32\iernonce.dll - 2008-10-16 20:33:26 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-12-20 23:03:39 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2008-10-16 20:33:27 27,648 ------w c:\windows\system32\jsproxy.dll + 2008-12-20 23:03:41 27,648 ------w c:\windows\system32\jsproxy.dll - 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe + 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe - 2008-10-16 20:33:27 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 23:03:41 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-10-16 20:33:27 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-12-20 23:03:42 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll + 2009-01-16 20:31:48 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-10-16 20:33:30 477,696 ------w c:\windows\system32\mshtmled.dll + 2008-12-20 23:03:45 477,696 ------w c:\windows\system32\mshtmled.dll - 2008-10-16 20:33:30 193,024 ------w c:\windows\system32\msrating.dll + 2008-12-20 23:03:45 193,024 ------w c:\windows\system32\msrating.dll - 2008-10-16 20:33:31 671,232 ------w c:\windows\system32\mstime.dll + 2008-12-20 23:03:46 671,232 ------w c:\windows\system32\mstime.dll - 2008-10-16 20:33:31 102,912 ----a-w c:\windows\system32\occache.dll + 2008-12-20 23:03:46 102,912 ----a-w c:\windows\system32\occache.dll - 2008-10-16 20:33:31 44,544 ------w c:\windows\system32\pngfilt.dll + 2008-12-20 23:03:46 44,544 ------w c:\windows\system32\pngfilt.dll - 2007-11-30 12:39:50 17,784 ------w c:\windows\system32\spmsg.dll + 2008-07-09 07:44:41 17,784 ------w c:\windows\system32\spmsg.dll - 2008-10-16 20:33:31 105,984 ----a-w c:\windows\system32\url.dll + 2008-12-20 23:03:46 105,984 ----a-w c:\windows\system32\url.dll - 2008-10-16 20:33:32 1,160,192 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 23:03:47 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-04-14 16:23:14 26,112 ----a-w c:\windows\system32\userinit.exe + 2004-08-04 12:00:00 24,576 ----a-w c:\windows\system32\userinit.exe - 2008-10-16 20:33:32 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 23:03:48 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-10-16 20:33:33 826,368 ----a-w c:\windows\system32\wininet.dll + 2008-12-20 23:03:48 826,368 ----a-w c:\windows\system32\wininet.dll + 2008-04-21 12:44:12 300,392 ----a-w c:\windows\temp\IZ26A.EXE . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "Steam"="c:\programfiler\Steam\Steam.exe" [2008-12-07 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "LaunchAp"="c:\programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\programfiler\Launch Manager\HotkeyApp.exe" [2006-11-09 192512] "Wbutton"="c:\programfiler\Launch Manager\Wbutton.exe" [2006-11-09 86016] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 761946] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "fssui"="c:\programfiler\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984] "OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-04-21 710000] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696] "CtrlVol"="c:\programfiler\Launch Manager\CtrlVol.exe" [BU] "kiss"="c:\programfiler\fsdfs\S.exe" [2007-09-14 3104] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Bluetooth Manager.lnk - c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-08-02 2760704] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\wsncs.exe"= "c:\\Programfiler\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Programfiler\\Toshiba\\Bluetooth Toshiba Stack\\TosBtSrv.exe"=c:\\Programfiler\\Toshiba\\Bluetooth Toshiba Stack\\TosBtSrv.exe "c:\\WINDOWS\\system32\\svchost.exe"=c:\\WINDOWS\\system32\\svchost.exe "c:\\WINDOWS\\RTHDCPL.EXE"= c:\\WINDOWS\\RTHDCPL.exe "c:\\Programfiler\\Toshiba\\Bluetooth Toshiba Stack\\tosOBEX.exe"= c:\\Programfiler\\Toshiba\\Bluetooth Toshiba Stack\\TosOBEX.exe "c:\\Programfiler\\Trend Micro\\OfficeScan Client\\ntrtscan.exe"=c:\\Programfiler\\Trend Micro\\OfficeScan Client\\ntrtscan.exe "c:\\Programfiler\\fsdfs\\kiss.exe"= "c:\\Programfiler\\Trend Micro\\OfficeScan Client\\CNTAoSMgr.exe"=c:\\Programfiler\\Trend Micro\\OfficeScan Client\\CNTAoSMgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12345:TCP"= 12345:TCP:Trend Micro OfficeScan Listener R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-09-12 9867] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55136] R2 fsssvc;Windows Live Tryggere for familien;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] R2 SeaPort;SeaPort;c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R2 TmFilter;Trend Micro Filter;c:\programfiler\Trend Micro\OfficeScan Client\tmxpflt.sys [2008-08-16 205328] R2 TmPreFilter;Trend Micro PreFilter;c:\programfiler\Trend Micro\OfficeScan Client\tmpreflt.sys [2008-08-16 36368] R2 WSNCS;Windows Server Network Colocation Service;c:\windows\system32\wsncs.exe [2009-02-09 191096] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-02-04 315920] R3 TmPfw;OfficeScan NT Firewall;c:\programfiler\Trend Micro\OfficeScan Client\TmPfw.exe [2008-02-04 939344] R3 WisLMSvc;WisLMSvc;c:\programfiler\Launch Manager\WisLMSvc.exe [2008-09-12 118784] S1 mailKmd;mailKmd; [x] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-11-22 90536] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-11-22 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-11-22 122152] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-11-22 115496] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-11-22 25768] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-11-22 111912] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-11-22 117672] S3 TmProxy;OfficeScan NT Proxy Service;c:\programfiler\Trend Micro\OfficeScan Client\TmProxy.exe [2008-02-04 558416] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f80d0a4-a729-11dd-8e44-0018de366120}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4c921af-8007-11dd-8e14-001641969765}] \Shell\Auto\command - Start.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff499072-ab56-11dd-8e4a-001641969765}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-Windows UDP's Control Service - wswc.exe . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-14 14:15:12 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\programfiler\Launch Manager\CtrlVol.exe??X???0???\???????0??????????????|???|???????|????????L???????8'????F?????????????h?????????????B????????|@??|????=??|[?A?????????z?A??RA???B~??????F?4^@???????????????A?????????z?A???@?('??6u@?('???RA???@?8'????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\rundll32.exe c:\programfiler\fsdfs\kiss.exe c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe c:\programfiler\OpenOffice.org 3\program\soffice.exe c:\programfiler\OpenOffice.org 3\program\soffice.bin c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe c:\programfiler\Trend Micro\OfficeScan Client\NTRtScan.exe c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\programfiler\Trend Micro\OfficeScan Client\TmListen.exe c:\windows\temp\IZ26A.EXE c:\programfiler\Launch Manager\WLBTTray.exe c:\programfiler\Trend Micro\OfficeScan Client\CNTAoSMgr.exe . ************************************************************************** . Tidspunkt ferdig: 2009-02-14 14:22:44 - maskinen ble startet på nytt [eier] ComboFix-quarantined-files.txt 2009-02-14 13:22:41 Pre-Run: 106 109 407 232 byte ledig Post-Run: 106,110,341,120 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 423 --- E O F --- 2009-02-11 14:10:13