ComboFix 09-02-19.01 - Ingrid 2009-02-23 23:45:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1013.400 [GMT 3:00]
Kjører fra: c:\documents and settings\Ingrid\Skrivebord\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\d3d8caps.dat
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-23 til 2009-02-23 )))))))))))))))))))))))))))))))))
.
2009-02-23 23:21 . 2009-02-23 23:21
d-------- c:\programfiler\Malwarebytes' Anti-Malware
2009-02-23 23:21 . 2009-02-23 23:21 d-------- c:\documents and settings\Ingrid\Programdata\Malwarebytes
2009-02-23 23:21 . 2009-02-23 23:21 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2009-02-23 23:21 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 23:21 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 22:27 . 2009-02-23 22:26 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-02-23 22:26 . 2009-02-23 23:41 d-------- c:\documents and settings\Ingrid\.housecall6.6
2009-02-23 21:18 . 2008-06-12 12:07 dr------- c:\documents and settings\Administrator\Start-meny
2009-02-23 21:18 . 2008-06-12 12:07 d--h----- c:\documents and settings\Administrator\Skrivere
2009-02-23 21:18 . 2008-06-12 11:44 d-------- c:\documents and settings\Administrator\Skrivebord
2009-02-23 21:18 . 2009-02-23 21:49 dr-h----- c:\documents and settings\Administrator\Siste
2009-02-23 21:18 . 2008-06-12 10:52 d-------- c:\documents and settings\Administrator\Programdata\InstallShield
2009-02-23 21:18 . 2008-06-12 11:43 dr-h----- c:\documents and settings\Administrator\Programdata
2009-02-23 21:18 . 2008-06-12 11:29 dr------- c:\documents and settings\Administrator\Mine dokumenter
2009-02-23 21:18 . 2008-06-12 10:12 d--h----- c:\documents and settings\Administrator\Maler
2009-02-23 21:18 . 2009-02-23 23:47 d--h----- c:\documents and settings\Administrator\Lokale innstillinger
2009-02-23 21:18 . 2008-06-12 10:20 dr------- c:\documents and settings\Administrator\Favoritter
2009-02-23 21:18 . 2008-06-12 12:07 d--h----- c:\documents and settings\Administrator\AndrMask
2009-02-23 21:18 . 2009-02-23 21:18 d-------- c:\documents and settings\Administrator
2009-02-06 13:54 . 2009-02-06 13:54 268 --ah----- C:\sqmdata16.sqm
2009-02-06 13:54 . 2009-02-06 13:54 244 --ah----- C:\sqmnoopt16.sqm
2009-01-30 09:56 . 2009-01-30 10:10 d-------- c:\documents and settings\Ingrid\Programdata\Download Manager
2009-01-24 00:00 . 2009-01-24 00:00 268 --ah----- C:\sqmdata15.sqm
2009-01-24 00:00 . 2009-01-24 00:00 244 --ah----- C:\sqmnoopt15.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 20:39 --------- d-----w c:\documents and settings\Ingrid\Programdata\OpenOffice.org2
2009-02-23 15:51 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-23 15:51 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-23 15:24 --------- d-----w c:\documents and settings\All Users\Programdata\avg8
2009-02-23 15:15 --------- d-----w c:\documents and settings\Ingrid\Programdata\skypePM
2009-02-23 15:15 --------- d-----w c:\documents and settings\Ingrid\Programdata\Skype
2009-02-23 15:11 --------- d-----w c:\documents and settings\Ingrid\Programdata\LimeWire
2009-01-30 06:52 --------- d-----w c:\documents and settings\Ingrid\Programdata\U3
2008-12-26 16:05 --------- d-----w c:\programfiler\Sony Ericsson
2008-12-26 16:05 --------- d-----w c:\programfiler\Sony
2008-12-26 16:05 --------- d-----w c:\programfiler\Fellesfiler\Sony Shared
2008-12-26 15:57 --------- d-----w c:\documents and settings\Ingrid\Programdata\Sony Setup
2008-12-26 15:53 --------- d-----w c:\programfiler\Sony Setup
2008-12-26 14:03 --------- d-----w c:\programfiler\LimeWire
2008-08-14 17:27 9,501,920 ----a-w c:\programfiler\vlc-0.8.6i-win32.exe
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2008-07-30 21738792]
"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-01-12 1028096]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-05-27 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
"MGSysCtrl"="c:\programfiler\System Control Manager\MGSysCtrl.exe" [2008-06-10 782336]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ITSecMng"="c:\programfiler\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-23 1601304]
"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-08 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\Ingrid\Start-meny\Programmer\Oppstart\
OpenOffice.org 2.4.lnk - c:\programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Bluetooth Manager.lnk - c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-02-22 2938184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"area51"= 5
"NoChangeStartMenu"= 1 (0x1)
"NoFileMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-23 18:51 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FELLES~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programfiler\\LimeWire\\LimeWire.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"c:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-08 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-08 298264]
R2 Micro Star SCM;Micro Star SCM;c:\programfiler\System Control Manager\MSIService.exe [2008-06-12 159744]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2008-06-12 14336]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-06-12 156160]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [2008-06-12 263680]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-08-09 32000]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36270bdd-7eb8-11dd-9015-001d92c72c44}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fd9ef34-fdd2-11dd-9069-001d92c72c44}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51effed4-e3e1-11dd-905f-001d92c72c44}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d439d0f-703f-11dd-9009-001d92c72c44}]
\Shell\AutoRun\command - F:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cacfdcdd-ed1d-11dd-9064-001d92c72c44}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.msi.com.tw/
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com.tw/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {898DF677-E833-41CE-A4AC-A3D139FEB849} = 62.56.162.33,62.56.240.40
FF - ProfilePath - c:\documents and settings\Ingrid\Programdata\Mozilla\Firefox\Profiles\u0ml9hjg.default\
FF - prefs.js: browser.startup.homepage - hxxp://nb-no.www.mozilla.com/nb-NO/firefox/3.0.1/firstrun/
FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programfiler\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 23:47:41
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
Tidspunkt ferdig: 2009-02-23 23:49:16
ComboFix-quarantined-files.txt 2009-02-23 20:49:12
Pre-Run: 12 984 868 864 byte ledig
Post-Run: 13,136,338,944 byte ledig
159 --- E O F --- 2009-02-19 14:53:06