ComboFix 09-02-19.01 - Ingrid 2009-02-23 23:45:37.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1013.400 [GMT 3:00] Kjører fra: c:\documents and settings\Ingrid\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\d3d8caps.dat . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-23 til 2009-02-23 ))))))))))))))))))))))))))))))))) . 2009-02-23 23:21 . 2009-02-23 23:21 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-23 23:21 . 2009-02-23 23:21 d-------- c:\documents and settings\Ingrid\Programdata\Malwarebytes 2009-02-23 23:21 . 2009-02-23 23:21 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-23 23:21 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-23 23:21 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-23 22:27 . 2009-02-23 22:26 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-02-23 22:26 . 2009-02-23 23:41 d-------- c:\documents and settings\Ingrid\.housecall6.6 2009-02-23 21:18 . 2008-06-12 12:07 dr------- c:\documents and settings\Administrator\Start-meny 2009-02-23 21:18 . 2008-06-12 12:07 d--h----- c:\documents and settings\Administrator\Skrivere 2009-02-23 21:18 . 2008-06-12 11:44 d-------- c:\documents and settings\Administrator\Skrivebord 2009-02-23 21:18 . 2009-02-23 21:49 dr-h----- c:\documents and settings\Administrator\Siste 2009-02-23 21:18 . 2008-06-12 10:52 d-------- c:\documents and settings\Administrator\Programdata\InstallShield 2009-02-23 21:18 . 2008-06-12 11:43 dr-h----- c:\documents and settings\Administrator\Programdata 2009-02-23 21:18 . 2008-06-12 11:29 dr------- c:\documents and settings\Administrator\Mine dokumenter 2009-02-23 21:18 . 2008-06-12 10:12 d--h----- c:\documents and settings\Administrator\Maler 2009-02-23 21:18 . 2009-02-23 23:47 d--h----- c:\documents and settings\Administrator\Lokale innstillinger 2009-02-23 21:18 . 2008-06-12 10:20 dr------- c:\documents and settings\Administrator\Favoritter 2009-02-23 21:18 . 2008-06-12 12:07 d--h----- c:\documents and settings\Administrator\AndrMask 2009-02-23 21:18 . 2009-02-23 21:18 d-------- c:\documents and settings\Administrator 2009-02-06 13:54 . 2009-02-06 13:54 268 --ah----- C:\sqmdata16.sqm 2009-02-06 13:54 . 2009-02-06 13:54 244 --ah----- C:\sqmnoopt16.sqm 2009-01-30 09:56 . 2009-01-30 10:10 d-------- c:\documents and settings\Ingrid\Programdata\Download Manager 2009-01-24 00:00 . 2009-01-24 00:00 268 --ah----- C:\sqmdata15.sqm 2009-01-24 00:00 . 2009-01-24 00:00 244 --ah----- C:\sqmnoopt15.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-23 20:39 --------- d-----w c:\documents and settings\Ingrid\Programdata\OpenOffice.org2 2009-02-23 15:51 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-23 15:51 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-02-23 15:24 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2009-02-23 15:15 --------- d-----w c:\documents and settings\Ingrid\Programdata\skypePM 2009-02-23 15:15 --------- d-----w c:\documents and settings\Ingrid\Programdata\Skype 2009-02-23 15:11 --------- d-----w c:\documents and settings\Ingrid\Programdata\LimeWire 2009-01-30 06:52 --------- d-----w c:\documents and settings\Ingrid\Programdata\U3 2008-12-26 16:05 --------- d-----w c:\programfiler\Sony Ericsson 2008-12-26 16:05 --------- d-----w c:\programfiler\Sony 2008-12-26 16:05 --------- d-----w c:\programfiler\Fellesfiler\Sony Shared 2008-12-26 15:57 --------- d-----w c:\documents and settings\Ingrid\Programdata\Sony Setup 2008-12-26 15:53 --------- d-----w c:\programfiler\Sony Setup 2008-12-26 14:03 --------- d-----w c:\programfiler\LimeWire 2008-08-14 17:27 9,501,920 ----a-w c:\programfiler\vlc-0.8.6i-win32.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2008-07-30 21738792] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-01-12 1028096] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-05-27 413696] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072] "MGSysCtrl"="c:\programfiler\System Control Manager\MGSysCtrl.exe" [2008-06-10 782336] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-07-30 289064] "ITSecMng"="c:\programfiler\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-23 1601304] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "RTHDCPL"="RTHDCPL.EXE" [2008-05-08 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Ingrid\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.4.lnk - c:\programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Bluetooth Manager.lnk - c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-02-22 2938184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "area51"= 5 "NoChangeStartMenu"= 1 (0x1) "NoFileMenu"= 1 (0x1) "NoHardwareTab"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-23 18:51 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\FELLES~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= "c:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-08 325128] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-08 298264] R2 Micro Star SCM;Micro Star SCM;c:\programfiler\System Control Manager\MSIService.exe [2008-06-12 159744] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2008-06-12 14336] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-06-12 156160] R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [2008-06-12 263680] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-08-09 32000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36270bdd-7eb8-11dd-9015-001d92c72c44}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fd9ef34-fdd2-11dd-9069-001d92c72c44}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51effed4-e3e1-11dd-905f-001d92c72c44}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d439d0f-703f-11dd-9009-001d92c72c44}] \Shell\AutoRun\command - F:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cacfdcdd-ed1d-11dd-9064-001d92c72c44}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.msi.com.tw/ uInternet Connection Wizard,ShellNext = hxxp://www.msi.com.tw/ uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {898DF677-E833-41CE-A4AC-A3D139FEB849} = 62.56.162.33,62.56.240.40 FF - ProfilePath - c:\documents and settings\Ingrid\Programdata\Mozilla\Firefox\Profiles\u0ml9hjg.default\ FF - prefs.js: browser.startup.homepage - hxxp://nb-no.www.mozilla.com/nb-NO/firefox/3.0.1/firstrun/ FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\programfiler\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-23 23:47:41 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-02-23 23:49:16 ComboFix-quarantined-files.txt 2009-02-23 20:49:12 Pre-Run: 12 984 868 864 byte ledig Post-Run: 13,136,338,944 byte ledig 159 --- E O F --- 2009-02-19 14:53:06