ComboFix 09-03-06.02 - Eier 2009-03-08 20:27:18.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.2046.1291 [GMT 1:00] Kjører fra: c:\documents and settings\Eier\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Eier\Skrivebord\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\windows\big_dog_snuppy.imageshack.com.zip c:\windows\bulla41.imageshack.com.zip c:\windows\enur_o.imageshack.com.zip c:\windows\friendgoldsmaria.imageshack.com.zip c:\windows\hotwired70.imageshack.com.zip c:\windows\jean_gronvik.imageshack.com.zip c:\windows\jimmi_wow89.imageshack.com.zip c:\windows\kelgan_tehpwner.imageshack.com.zip c:\windows\kjetil_deer.imageshack.com.zip c:\windows\luffy_liao.imageshack.com.zip c:\windows\okusagi.imageshack.com.zip c:\windows\pic0382.MSNFix c:\windows\pic0382.zip c:\windows\sparco__1990.imageshack.com.zip c:\windows\Tasks\AD6EE54895F9601C.job c:\windows\xerroxi90.imageshack.com.zip c:\windows\yoowedy.imageshack.com.zip . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\save time iso data c:\documents and settings\All Users\Programdata\save time iso data\Support meta.dat c:\documents and settings\All Users\Programdata\save time iso data\Support meta.exe c:\documents and settings\Eier\Programdata\DRAW AXIS WAVE c:\documents and settings\Eier\Programdata\DRAW AXIS WAVE\[u]0[/u] c:\documents and settings\Eier\Programdata\DRAW AXIS WAVE\modeencbind.exe c:\documents and settings\Eier\Programdata\DRAW AXIS WAVE\Show 4.exe c:\documents and settings\Eier\Programdata\DRAW AXIS WAVE\tqtxxmiq.exe c:\programfiler\DRAW AXIS WAVE c:\windows\big_dog_snuppy.imageshack.com.zip c:\windows\bulla41.imageshack.com.zip c:\windows\enur_o.imageshack.com.zip c:\windows\friendgoldsmaria.imageshack.com.zip c:\windows\hotwired70.imageshack.com.zip c:\windows\jean_gronvik.imageshack.com.zip c:\windows\jimmi_wow89.imageshack.com.zip c:\windows\kelgan_tehpwner.imageshack.com.zip c:\windows\kjetil_deer.imageshack.com.zip c:\windows\luffy_liao.imageshack.com.zip c:\windows\okusagi.imageshack.com.zip c:\windows\pic0382.MSNFix c:\windows\sparco__1990.imageshack.com.zip c:\windows\Tasks\AD6EE54895F9601C.job c:\windows\xerroxi90.imageshack.com.zip c:\windows\yoowedy.imageshack.com.zip . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-08 til 2009-03-08 ))))))))))))))))))))))))))))))))) . 2009-03-08 18:55 . 2009-03-08 18:55 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-03-08 18:55 . 2009-03-08 18:55 d-------- c:\documents and settings\Eier\Programdata\Malwarebytes 2009-03-08 18:55 . 2009-03-08 18:55 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-03-08 18:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-08 18:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-06 11:27 . 2009-03-06 11:33 d-------- c:\programfiler\Xfire 2009-03-06 11:27 . 2009-03-06 19:57 d-------- c:\documents and settings\Eier\Programdata\Xfire 2009-03-04 17:51 . 2009-03-04 17:51 d-------- c:\programfiler\Bethesda Softworks 2009-03-04 16:01 . 2009-03-08 18:39 d-------- C:\Python25 2009-03-04 16:01 . 2008-07-28 00:27 339,968 --a------ c:\windows\system32\pythoncom25.dll 2009-03-04 16:01 . 2008-07-28 00:23 114,688 --a------ c:\windows\system32\pywintypes25.dll 2009-03-04 09:31 . 2009-03-04 09:31 d-------- c:\windows\system32\xlive 2009-03-04 09:31 . 2009-03-04 09:41 d-------- c:\programfiler\Microsoft Games for Windows - LIVE 2009-03-03 13:59 . 2009-03-03 13:59 d-------- c:\programfiler\Atari 2009-03-02 19:51 . 2009-03-08 18:27 d-------- c:\programfiler\Steam 2009-03-02 16:42 . 2009-03-02 16:42 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-28 15:32 . 2009-02-28 15:32 d-------- c:\programfiler\Download Manager 2009-02-27 18:46 . 2009-02-27 19:28 d-------- c:\programfiler\TVEps.net Chat 2009-02-26 19:47 . 2009-02-26 19:47 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-02-24 05:08 . 2009-03-08 13:19 5 --a------ c:\windows\sbacknt.bin 2009-02-24 05:06 . 2009-02-24 05:06 d-------- c:\programfiler\vghd 2009-02-24 05:06 . 2009-02-24 05:06 d-------- c:\documents and settings\Eier\Programdata\vghd 2009-02-24 05:06 . 2009-02-24 05:06 152,904 --a------ c:\windows\system32\vghd.scr 2009-02-23 17:25 . 2009-03-06 13:15 23 --a------ c:\windows\BlendSettings.ini 2009-02-13 23:40 . 2009-02-13 23:40 8,192 --ahs---- c:\windows\Thumbs.db 2009-02-13 18:31 . 2009-02-13 18:31 222 --a------ c:\windows\system32\spupdsvc.inf 2009-02-13 13:29 . 2009-02-13 14:46 d-------- c:\windows\SxsCaPendDel 2009-02-13 13:07 . 2009-02-13 13:07 d-------- c:\programfiler\Microsoft IntelliPoint 2009-02-13 13:07 . 2008-06-10 21:04 31,048 --a------ c:\windows\system32\drivers\point32.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-08 15:30 --------- d-----w c:\documents and settings\Eier\Programdata\Skype 2009-03-08 12:19 --------- d-----w c:\documents and settings\Eier\Programdata\skypePM 2009-03-07 18:29 --------- d-----w c:\documents and settings\Eier\Programdata\uTorrent 2009-03-04 10:56 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-03-02 15:42 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-28 14:39 --------- d-----w c:\documents and settings\Eier\Programdata\IGN_DLM 2009-02-26 18:04 --------- d-----w c:\programfiler\Electronic Arts 2009-02-26 18:04 --------- d-----w c:\documents and settings\All Users\Programdata\Electronic Arts 2009-02-26 17:46 --------- d-----w c:\programfiler\Crazy Machines II 2009-02-26 17:45 --------- d-----w c:\programfiler\GameShadow 2009-02-18 14:42 --------- d-----w c:\programfiler\BitLord 2009-02-15 12:39 --------- d-----w c:\programfiler\Windows Live 2009-02-15 12:39 --------- d-----w c:\documents and settings\All Users\Programdata\WLInstaller 2009-02-13 13:59 --------- d-----w c:\documents and settings\All Users\Programdata\TrackMania 2009-02-13 12:25 --------- d-----w c:\programfiler\the white chamber 2009-02-10 19:37 --------- d-----w c:\programfiler\uTorrent 2009-02-02 14:00 --------- d-----w c:\documents and settings\Eier\Programdata\Uniblue 2009-02-02 14:00 --------- d-----w c:\documents and settings\All Users\Programdata\DriverScanner 2009-01-30 13:22 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-30 13:22 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-30 13:22 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-30 13:21 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2009-01-30 02:17 --------- d-----w c:\programfiler\QuickTime 2009-01-30 01:48 --------- d-----w c:\programfiler\Windows Live Toolbar 2009-01-30 01:45 --------- d-----w c:\programfiler\Windows Live SkyDrive 2009-01-30 01:40 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2009-01-26 03:09 --------- d-----w c:\programfiler\TmNationsForever 2009-01-15 10:59 7,134 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-01-08 01:54 --------- d-----w c:\documents and settings\Eier\Programdata\LimeWire 2009-01-01 13:13 3,532 ----a-w C:\drmHeader.bin 2008-12-28 20:13 315,392 ----a-w c:\windows\HideWin.exe 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-04-15 12:00 412,791 --sh--r c:\windows\system32\wmisrv32.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programfiler\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "CurseClient"="d:\wow\Curse\CurseClient.exe" [2008-10-10 4789760] "Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2008-11-18 21633320] "Google Update"="c:\documents and settings\Eier\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-12-23 133104] "igndlm.exe"="c:\programfiler\Download Manager\DLM.exe" [2008-08-01 1103216] "Steam"="c:\programfiler\steam\steam.exe" [2009-03-02 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-01-05 413696] "IntelliPoint"="c:\programfiler\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-02 148888] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Eier\Start-meny\Programmer\Oppstart\ DesktopVideoPlayer.LNK - c:\programfiler\vghd\vghd.exe [2009-02-24 370000] Xfire.lnk - c:\programfiler\Xfire\Xfire.exe [2009-02-26 3017040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-30 14:22 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\DECCHECK\\DECCHECK.exe"= "d:\\WoW\\World of Warcraft\\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe"= "d:\\WoW\\Curse\\CurseClient.exe"= "c:\\Programfiler\\Tortun\\gui.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\last remnant - demo sel\\Binaries\\TLRDemo.exe"= "c:\\Programfiler\\Atari\\Neverwinter Nights 2\\nwn2main.exe"= "c:\\Programfiler\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"= "c:\\Programfiler\\Atari\\Neverwinter Nights 2\\nwupdate.exe"= "c:\\Programfiler\\Atari\\Neverwinter Nights 2\\nwn2server.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"= "c:\\Programfiler\\Xfire\\Xfire.exe"= "c:\\Programfiler\\Steam\\steamapps\\stighalvorsen123\\counter-strike source\\hl2.exe"= "c:\\Programfiler\\Steam\\steamapps\\stighalvorsen123\\team fortress 2\\hl2.exe"= "c:\\WINDOWS\\system32\\wmisrv32.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-29 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-29 107272] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-29 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-29 298264] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0358cc1-b20e-11dd-89cb-0022155bafa2}] \Shell\AutoRun\command - wd_windows_tools\setup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1425521274-1417001333-1003.job - c:\documents and settings\Eier\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-12-23 09:11] . . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Settings,ProxyOverride = *.local IE: &Winamp Search - c:\documents and settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html LSP: %SYSTEMROOT%\system32\nvappfilter.dll Trusted Zone: trymedia.com\gamestop TCP: {6FDB063B-A49A-48C3-B601-86A00298CD02} = 192.168.1.1,192.168.1.66 FF - ProfilePath - c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f32upp1y.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/ FF - plugin: c:\documents and settings\Eier\Lokale innstillinger\Programdata\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\programfiler\Download Manager\npfpdlm.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-08 20:27:55 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1993962763-1425521274-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{499BBC3F-79D1-8574-667C-FE299E94A176}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abibeejnlaljfecojndlcllnpiagmhhlgm"=hex:61,61,00,00 "bbibeejnlaljfecojnoknmhennlhbpapfbfk"=hex:61,61,00,00 [HKEY_USERS\S-1-5-21-1993962763-1425521274-1417001333-1003\Software\SecuROM\License information*] "datasecu"=hex:d5,28,99,6c,83,1c,e1,7c,95,c6,d7,45,ec,05,27,bf,ec,61,6d,9c,b3, 64,e6,f3,bc,d7,d6,63,8a,41,fb,9c,2a,95,ca,0d,7d,b7,7b,23,7a,34,1f,3d,74,64,\ "rkeysecu"=hex:f9,90,ca,cc,a5,ab,53,de,a4,4e,ce,81,c3,1e,1d,9c . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(816) c:\windows\system32\nvappfilter.dll . Tidspunkt ferdig: 2009-03-08 20:28:38 ComboFix-quarantined-files.txt 2009-03-08 19:28:36 ComboFix2.txt 2009-03-08 18:40:51 ComboFix3.txt 2009-03-08 17:32:03 Pre-Run: 37 884 231 680 byte ledig Post-Run: 37,868,728,320 byte ledig 252 --- E O F --- 2009-02-25 01:49:57