ComboFix 09-02-26.02 - anne 2009-02-27 10:05:22.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1044.18.1014.769 [GMT 1:00]
Kjører fra: c:\documents and settings\anne\Skrivebord\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2009-01-27 til 2009-02-27  )))))))))))))))))))))))))))))))))
.

2009-02-27 09:40 . 2009-02-27 09:40	<DIR>	d--------	c:\programfiler\Malwarebytes' Anti-Malware
2009-02-27 09:40 . 2009-02-27 09:40	<DIR>	d--------	c:\documents and settings\anne\Programdata\Malwarebytes
2009-02-27 09:40 . 2009-02-27 09:40	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Malwarebytes
2009-02-27 09:40 . 2009-02-11 10:19	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-27 09:40 . 2009-02-11 10:19	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2009-02-24 15:20 . 2009-02-24 15:20	<DIR>	d--h-----	c:\windows\system32\GroupPolicy
2009-02-24 15:07 . 2006-07-21 10:50	155,648	--a------	c:\windows\system32\igfxres.dll
2009-02-24 14:02 . 2009-02-24 14:02	<DIR>	d--------	c:\windows\LastGood
2009-02-24 13:19 . 2009-02-24 13:33	<DIR>	d--------	c:\programfiler\RegCleaner
2009-02-24 13:19 . 2009-02-24 13:19	644	--a------	C:\RegCleaner.lnk
2009-02-24 13:18 . 2009-02-24 13:18	553,687	--a------	C:\regcleaner.exe
2009-02-24 13:12 . 2009-02-24 13:12	<DIR>	d--------	c:\windows\LastGood.Tmp
2009-02-24 13:12 . 2009-02-24 13:13	6,643	--a------	c:\windows\system32\spupdsvc.inf
2009-02-24 13:09 . 2009-02-24 13:09	<DIR>	d--------	c:\windows\ServicePackFiles
2009-02-24 13:09 . 2008-04-14 09:22	294,912	-----c---	c:\windows\system32\dllcache\dlimport.exe
2009-02-24 13:07 . 2006-12-28 12:01	19,569	--a------	c:\windows\[u]0[/u]03051_.tmp
2009-02-24 13:02 . 2009-02-24 13:02	320,077,352	--a------	C:\WindowsXP-KB936929-SP3-x86-NOR.exe
2009-02-24 11:03 . 2009-02-24 11:03	<DIR>	d--------	C:\fsaua.data
2009-02-24 10:55 . 2009-02-24 11:34	<DIR>	d--------	c:\documents and settings\anne\.housecall6.6
2009-02-24 10:54 . 2009-02-24 11:31	664	--a------	c:\windows\system32\d3d9caps.dat
2009-02-24 09:45 . 2008-04-14 09:22	21,504	--a------	c:\windows\system32\hidserv.dll
2009-02-24 09:45 . 2008-04-14 08:50	14,592	--a------	c:\windows\system32\drivers\kbdhid.sys
2009-02-20 12:42 . 2009-02-20 12:42	410,984	--a------	c:\windows\system32\deploytk.dll
2009-02-20 12:42 . 2009-02-20 12:42	73,728	--a------	c:\windows\system32\javacpl.cpl
2009-02-16 09:14 . 2009-02-23 08:24	<DIR>	d--------	c:\windows\system32\drivers\Avg
2009-02-16 09:14 . 2009-02-16 09:14	<DIR>	d--------	c:\programfiler\AVG
2009-02-16 09:14 . 2009-02-16 09:14	<DIR>	d--------	c:\documents and settings\All Users\Programdata\avg8
2009-02-16 09:14 . 2009-02-16 09:14	325,128	--a------	c:\windows\system32\drivers\avgldx86.sys
2009-02-16 09:14 . 2009-02-16 09:14	107,272	--a------	c:\windows\system32\drivers\avgtdix.sys
2009-02-16 09:14 . 2009-02-16 09:14	10,520	--a------	c:\windows\system32\avgrsstx.dll
2009-02-16 09:11 . 2008-12-21 00:03	6,066,688	-----c---	c:\windows\system32\dllcache\ieframe.dll
2009-02-16 09:11 . 2007-04-17 10:32	2,455,488	-----c---	c:\windows\system32\dllcache\ieapfltr.dat
2009-02-16 09:11 . 2007-03-08 06:11	1,007,616	-----c---	c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-16 09:11 . 2008-12-21 00:03	459,264	-----c---	c:\windows\system32\dllcache\msfeeds.dll
2009-02-16 09:11 . 2008-12-21 00:03	383,488	-----c---	c:\windows\system32\dllcache\ieapfltr.dll
2009-02-16 09:11 . 2008-12-21 00:03	267,776	-----c---	c:\windows\system32\dllcache\iertutil.dll
2009-02-16 09:11 . 2008-12-21 00:03	63,488	-----c---	c:\windows\system32\dllcache\icardie.dll
2009-02-16 09:11 . 2008-12-21 00:03	52,224	-----c---	c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-16 09:11 . 2008-12-19 10:10	13,824	-----c---	c:\windows\system32\dllcache\ieudinit.exe
2009-02-14 03:01 . 2008-09-15 16:29	1,846,400	-----c---	c:\windows\system32\dllcache\win32k.sys
2009-02-14 03:01 . 2008-10-24 12:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys
2009-02-14 03:01 . 2008-12-11 11:57	333,952	-----c---	c:\windows\system32\dllcache\srv.sys
2009-02-14 03:01 . 2008-06-14 18:36	272,256	---------	c:\windows\system32\drivers\bthport.sys
2009-02-14 03:01 . 2008-06-14 18:36	272,256	-----c---	c:\windows\system32\dllcache\bthport.sys
2009-02-13 14:30 . 2009-02-24 08:21	<DIR>	d--------	c:\programfiler\LogMeIn
2009-02-13 14:30 . 2009-02-13 14:30	<DIR>	d--------	c:\documents and settings\All Users\Programdata\LogMeIn
2009-02-13 14:30 . 2008-10-16 20:35	87,352	--a------	c:\windows\system32\LMIinit.dll
2009-02-13 14:30 . 2008-10-16 20:35	83,288	--a------	c:\windows\system32\LMIRfsClientNP.dll
2009-02-13 14:30 . 2008-07-24 18:46	47,640	--a------	c:\windows\system32\drivers\LMIRfsDriver.sys
2009-02-13 14:30 . 2008-10-16 20:35	28,984	--a------	c:\windows\system32\LMIport.dll
2009-02-13 14:30 . 2009-02-13 14:30	1,024	--a------	C:\.rnd
2009-02-13 14:29 . 2009-02-13 14:29	<DIR>	d--------	c:\windows\Sun
2009-02-13 14:22 . 2008-05-07 06:12	1,291,264	-----c---	c:\windows\system32\dllcache\quartz.dll
2009-02-13 14:22 . 2008-04-11 20:06	691,712	-----c---	c:\windows\system32\dllcache\inetcomm.dll
2009-02-13 14:22 . 2008-10-15 17:38	337,408	-----c---	c:\windows\system32\dllcache\netapi32.dll
2009-02-13 14:22 . 2008-10-23 13:43	286,720	-----c---	c:\windows\system32\dllcache\gdi32.dll
2009-02-13 14:22 . 2008-07-07 21:29	253,952	-----c---	c:\windows\system32\dllcache\es.dll
2009-02-13 14:22 . 2008-05-08 15:02	203,136	-----c---	c:\windows\system32\dllcache\rmcast.sys
2009-02-13 14:22 . 2008-06-24 17:46	74,240	-----c---	c:\windows\system32\dllcache\mscms.dll
2009-02-13 14:00 . 2009-02-24 13:10	<DIR>	d--------	c:\windows\system32\nb-NO
2009-02-13 13:59 . 2009-02-13 13:59	<DIR>	d--------	c:\windows\system32\XPSViewer
2009-02-13 13:59 . 2009-02-13 13:59	<DIR>	d--------	c:\programfiler\Reference Assemblies
2009-02-13 13:59 . 2009-02-13 13:59	<DIR>	d--------	c:\programfiler\MSBuild
2009-02-13 13:58 . 2006-06-29 13:07	14,048	---------	c:\windows\system32\spmsg2.dll
2009-02-13 13:56 . 2009-02-13 13:56	<DIR>	d--------	c:\programfiler\MSXML 6.0
2009-02-13 13:45 . 2009-02-13 13:45	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Yahoo! Companion
2009-02-13 13:38 . 2009-02-13 13:38	<DIR>	d--------	c:\programfiler\Crystal Decisions
2009-02-13 13:13 . 2008-08-14 14:27	2,190,976	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-13 13:13 . 2008-08-14 14:27	2,147,328	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-13 13:13 . 2008-08-14 14:27	2,067,840	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-13 13:13 . 2008-08-14 14:27	2,025,984	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-13 12:56 . 2009-02-13 12:56	<DIR>	d--------	c:\programfiler\Visma
2009-02-13 12:56 . 2009-02-13 12:56	<DIR>	d--------	c:\programfiler\Fellesfiler\Crystal Decisions
2009-02-13 12:50 . 2009-02-13 12:50	<DIR>	d--------	c:\windows\SchCache
2009-02-13 12:50 . 2008-08-18 07:40	<DIR>	d--hs----	c:\documents and settings\anne\UserData
2009-02-13 12:50 . 2008-02-27 20:29	<DIR>	dr-------	c:\documents and settings\anne\Start-meny
2009-02-13 12:50 . 2008-02-27 20:29	<DIR>	d--h-----	c:\documents and settings\anne\Skrivere
2009-02-13 12:50 . 2009-02-27 10:00	<DIR>	d--------	c:\documents and settings\anne\Skrivebord
2009-02-13 12:50 . 2009-02-27 09:55	<DIR>	dr-h-----	c:\documents and settings\anne\Siste
2009-02-13 12:50 . 2009-02-16 09:04	<DIR>	d--------	c:\documents and settings\anne\Programdata\Symantec
2009-02-13 12:50 . 2009-02-05 09:12	<DIR>	d--------	c:\documents and settings\anne\Programdata\Sonic
2009-02-13 12:50 . 2008-03-03 14:28	<DIR>	d--------	c:\documents and settings\anne\Programdata\InterTrust
2009-02-13 12:50 . 2008-12-12 12:13	<DIR>	d--------	c:\documents and settings\anne\Programdata\CyberLink
2009-02-13 12:50 . 2008-06-18 08:05	<DIR>	d--------	c:\documents and settings\anne\Programdata\Avocent AdminWorks
2009-02-13 12:50 . 2009-02-12 11:42	<DIR>	d--------	c:\documents and settings\anne\Programdata\AdobeUM
2009-02-13 12:50 . 2008-09-16 08:45	<DIR>	d--------	c:\documents and settings\anne\Programdata\aAvgApi
2009-02-13 12:50 . 2009-02-27 09:40	<DIR>	dr-h-----	c:\documents and settings\anne\Programdata
2009-02-13 12:50 . 2008-03-10 08:32	<DIR>	d--------	c:\documents and settings\anne\Mine dokumenter
2009-02-13 12:50 . 2008-02-27 19:52	<DIR>	d--h-----	c:\documents and settings\anne\Maler
2009-02-13 12:50 . 2009-02-27 10:05	<DIR>	d--h-----	c:\documents and settings\anne\Lokale innstillinger
2009-02-13 12:50 . 2009-02-16 10:05	<DIR>	dr-------	c:\documents and settings\anne\Favoritter
2009-02-13 12:50 . 2008-10-23 07:30	<DIR>	d--h-----	c:\documents and settings\anne\AndrMask
2009-02-13 12:50 . 2009-02-24 13:14	<DIR>	d--------	c:\documents and settings\anne
2009-02-13 12:49 . 2009-02-09 19:21	<DIR>	dr-------	c:\documents and settings\administrator.TOTALHOLDING\Start-meny
2009-02-13 12:49 . 2006-07-20 18:40	<DIR>	d--h-----	c:\documents and settings\administrator.TOTALHOLDING\Skrivere
2009-02-13 12:49 . 2009-02-13 12:49	<DIR>	d--------	c:\documents and settings\administrator.TOTALHOLDING\Skrivebord
2009-02-13 12:49 . 2009-02-13 12:49	<DIR>	dr-h-----	c:\documents and settings\administrator.TOTALHOLDING\Siste
2009-02-13 12:49 . 2009-02-13 12:49	<DIR>	d--------	c:\documents and settings\administrator.TOTALHOLDING\Programdata\Avocent AdminWorks
2009-02-13 12:49 . 2009-02-16 09:04	<DIR>	dr-h-----	c:\documents and settings\administrator.TOTALHOLDING\Programdata
2009-02-13 12:49 . 2009-02-13 12:49	<DIR>	dr-------	c:\documents and settings\administrator.TOTALHOLDING\Mine dokumenter
2009-02-13 12:49 . 2009-02-09 19:21	<DIR>	d--h-----	c:\documents and settings\administrator.TOTALHOLDING\Maler
2009-02-13 12:49 . 2009-02-27 10:05	<DIR>	d--h-----	c:\documents and settings\administrator.TOTALHOLDING\Lokale innstillinger
2009-02-13 12:49 . 2009-02-13 12:49	<DIR>	dr-------	c:\documents and settings\administrator.TOTALHOLDING\Favoritter
2009-02-13 12:49 . 2006-07-20 18:40	<DIR>	d--h-----	c:\documents and settings\administrator.TOTALHOLDING\AndrMask
2009-02-13 12:49 . 2009-02-16 09:15	<DIR>	d--------	c:\documents and settings\administrator.TOTALHOLDING
2009-02-13 12:49 . 2004-08-04 21:00	221,184	--a------	c:\windows\system32\wmpns.dll
2009-02-13 12:49 . 2009-02-13 14:06	64,072	--a------	c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-02-09 11:42 . 2009-02-09 11:42	<DIR>	d--------	c:\windows\SHELLNEW
2009-02-09 11:41 . 2009-02-09 11:41	<DIR>	d--------	c:\programfiler\Microsoft.NET
2009-02-09 11:40 . 2009-02-09 11:40	<DIR>	dr-h-----	C:\MSOCache
2009-02-09 11:11 . 2003-06-19 01:31	17,920	--a------	c:\windows\system32\mdimon.dll
2009-02-09 11:11 . 2009-02-13 14:14	479	--a------	c:\windows\ODBC.INI
2009-02-09 11:03 . 2009-02-09 11:03	<DIR>	d--------	c:\windows\AcerDRV
2009-02-09 11:03 . 2009-02-09 11:03	<DIR>	d--------	c:\programfiler\Acer WLAN 11g USB Dongle
2009-02-09 11:03 . 2009-02-09 11:03	<DIR>	d--------	c:\documents and settings\Bruker\Programdata\Avocent AdminWorks
2009-02-09 11:03 . 2009-02-09 11:03	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Avocent AdminWorks
2009-02-09 11:03 . 2009-02-09 11:03	32,768	---------	c:\windows\system32\MWLPS.dll
2009-02-09 11:01 . 2009-02-09 11:01	<DIR>	d--------	c:\programfiler\Yahoo!
2009-02-09 11:01 . 2009-02-09 11:01	<DIR>	d--------	c:\programfiler\commercial
2009-02-09 11:01 . 2009-02-09 11:01	49	--a------	c:\windows\commercial.ini
2009-02-09 11:00 . 2006-09-18 23:21	1,165,312	--a------	c:\windows\system32\ERUpdateHidden.EXE
2009-02-09 11:00 . 2006-03-23 12:02	258,048	--a------	c:\windows\system32\Uninstall_eRecovery.exe
2009-02-09 11:00 . 2006-03-30 13:06	258,048	--a------	c:\windows\system32\CheckD2DSystem.exe
2009-02-09 11:00 . 2004-11-03 09:06	159,744	--a------	c:\windows\system32\CloseProcessWindow.dll
2009-02-09 11:00 . 2006-09-19 14:54	69,632	--a------	c:\windows\system32\drivers\int15.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 18:22	---------	d-----w	c:\programfiler\Realtek
2009-02-09 18:22	---------	d-----w	c:\programfiler\Oca History Tool
2009-02-09 18:22	---------	d-----w	c:\programfiler\NewTech Infosystems
2009-02-09 18:22	---------	d-----w	c:\programfiler\microsoft frontpage
2009-02-09 18:22	---------	d-----w	c:\programfiler\Intel
2009-02-09 18:22	---------	d-----w	c:\programfiler\Fellesfiler\Tjenester
2009-02-09 18:22	---------	d-----w	c:\programfiler\Fellesfiler\NewTech Infosystems
2009-02-09 18:22	---------	d-----w	c:\programfiler\Fellesfiler\LightScribe
2009-02-09 18:21	---------	d-----w	c:\programfiler\Fellesfiler\InstallShield
2009-02-09 18:21	---------	d-----w	c:\programfiler\Fellesfiler\Adobe
2009-02-09 18:21	---------	d-----w	c:\programfiler\Elektroniske tjenester
2009-02-09 18:21	---------	d-----w	c:\programfiler\CyberLink
2009-02-09 10:04	---------	d--h--w	c:\programfiler\InstallShield Installation Information
2008-12-20 23:03	826,368	----a-w	c:\windows\system32\wininet.dll
2007-10-04 09:21	2,421,118	----a-w	c:\windows\inf\SET86.tmp
2004-08-04 20:00	1,444,718	----a-w	c:\windows\inf\SETF9.tmp
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-16 09:14 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-16 107272]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-16 325128]
S1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2007-01-03 19783]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-16 298264]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2009-02-09 90112]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\programfiler\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-02-13 47640]
S2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?]
S2 netlimiter;netlimiter;c:\windows\system32\drivers\NetLimiter.sys [2006-10-03 18072]
S2 netlock;netlock;c:\windows\system32\drivers\NetLock.sys [2006-12-11 7680]
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-10-27 6784]
S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-11-08 10944]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-06-28 26488]
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;c:\acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2009-02-09 81920]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.startsiden.no/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 10:06:08
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ... 

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Tidspunkt ferdig: 2009-02-27 10:06:52
ComboFix-quarantined-files.txt  2009-02-27 09:06:51

Pre-Run: 67 005 648 896 byte ledig
Post-Run: 67,447,631,872 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

232	--- E O F ---	2009-02-18 07:23:47