ComboFix 09-04-22.A23 - Freke88 22.04.2009 18:18.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.3326.2928 [GMT 2:00] Kjører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-22 til 2009-04-22 ))))))))))))))))))))))))))))))))) . 2009-04-22 16:18 . 2009-04-22 16:18 -------- d-----w c:\documents and settings\Administrator\Lokale innstillinger\Programdata\ESET 2009-04-22 16:02 . 2009-04-22 16:02 -------- d-----w c:\documents and settings\Administrator\Programdata\Malwarebytes 2009-04-22 16:02 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-22 16:02 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-22 16:02 . 2009-04-22 16:02 -------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2009-04-22 12:52 . 2009-04-22 12:52 -------- d-----w c:\documents and settings\All Users\Programdata\Blizzard 2009-04-22 12:50 . 2009-04-22 12:50 -------- d-----w c:\documents and settings\Administrator\Programdata\Acreon 2009-04-22 12:50 . 2009-04-22 14:51 -------- d-----w c:\documents and settings\Administrator\Lokale innstillinger\Programdata\._Revolution_ 2009-04-22 12:32 . 2009-04-22 12:32 940794 ----a-w c:\windows\system32\LoopyMusic.wav 2009-04-22 12:32 . 2009-04-22 12:32 146650 ----a-w c:\windows\system32\BuzzingBee.wav 2009-04-22 12:32 . 2009-04-22 12:32 -------- d-----w c:\windows\system32\Lang 2009-04-22 12:20 . 2009-04-22 12:20 315392 ----a-w c:\windows\HideWin.exe 2009-04-22 12:20 . 2009-04-22 12:19 520192 ----a-w c:\windows\RtlExUpd.dll 2009-04-22 12:16 . 2009-04-22 12:21 -------- d-----w c:\documents and settings\Administrator\Programdata\Spotify 2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\documents and settings\Administrator\Lokale innstillinger\Programdata\Spotify 2009-04-22 03:35 . 2009-04-22 16:14 -------- d-----w c:\documents and settings\Administrator\Tracing . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 16:17 . 2009-04-22 02:10 2821 --sha-w c:\windows\CDA63.exe 2009-04-22 16:14 . 2009-04-22 02:31 -------- d-----w c:\documents and settings\LocalService\Programdata\VMware 2009-04-22 16:14 . 2009-04-22 02:30 -------- d-----w c:\documents and settings\All Users\Programdata\VMware 2009-04-22 16:13 . 2009-04-22 02:35 -------- d-----w c:\documents and settings\Administrator\Programdata\VMware 2009-04-22 16:02 . 2009-04-22 16:02 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-04-22 13:45 . 2009-04-22 01:59 -------- d-----w c:\programfiler\SpeedFan 2009-04-22 12:51 . 2009-04-22 12:51 -------- d-----w c:\programfiler\Fellesfiler\Blizzard Entertainment 2009-04-22 12:38 . 2009-04-22 02:14 2821 --sha-w c:\windows\EC170.exe 2009-04-22 12:16 . 2009-04-22 12:16 -------- d-----w c:\programfiler\Spotify 2009-04-22 03:34 . 2009-04-22 02:28 9824 ----a-w c:\documents and settings\Administrator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-04-22 03:34 . 2009-04-22 03:33 -------- d-----w c:\programfiler\Windows Live 2009-04-22 03:34 . 2009-04-22 03:34 -------- d-----w c:\programfiler\Microsoft 2009-04-22 03:34 . 2009-04-22 03:34 -------- d-----w c:\programfiler\Windows Live SkyDrive 2009-04-22 03:31 . 2009-04-22 03:31 -------- d-----w c:\programfiler\Fellesfiler\Windows Live 2009-04-22 02:48 . 2009-04-22 02:48 -------- d-----w c:\programfiler\ESET 2009-04-22 02:48 . 2009-04-22 02:48 -------- d-----w c:\documents and settings\All Users\Programdata\ESET 2009-04-22 02:30 . 2009-04-22 02:30 1024 ----a-w C:\.rnd 2009-04-22 02:30 . 2001-10-09 18:00 45724 ----a-w c:\windows\system32\perfc014.dat 2009-04-22 02:30 . 2001-10-09 18:00 318536 ----a-w c:\windows\system32\perfh014.dat 2009-04-22 02:30 . 2009-04-22 02:30 -------- d-----w c:\programfiler\VMware 2009-04-22 02:28 . 2009-04-22 02:28 -------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet 2009-04-22 02:26 . 2009-04-22 02:26 -------- d-----w c:\documents and settings\All Users\Programdata\ALM 2009-04-22 02:23 . 2009-04-22 02:04 -------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-04-22 02:20 . 2009-04-22 02:20 -------- d-----w c:\programfiler\Adobe Media Player 2009-04-22 02:19 . 2009-04-22 02:19 -------- d-----w c:\programfiler\Fellesfiler\Adobe AIR 2009-04-22 02:17 . 2009-04-22 02:17 -------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared 2009-04-22 01:46 . 2009-04-22 01:46 -------- d-----w c:\documents and settings\All Users\Programdata\nView_Profiles 2009-04-22 01:04 . 2009-04-22 01:04 -------- d-----w c:\documents and settings\Administrator\Programdata\vlc 2009-04-22 01:03 . 2009-04-22 01:03 -------- d-----w c:\programfiler\VideoLAN 2009-04-22 00:55 . 2009-04-22 00:55 -------- d-----w c:\programfiler\AGEIA Technologies 2009-04-22 00:55 . 2009-04-22 00:55 -------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-04-22 00:41 . 2009-04-22 00:41 -------- d-----w c:\programfiler\microsoft frontpage 2009-04-22 00:40 . 2009-04-22 00:40 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-22 00:40 . 2009-04-22 00:40 -------- d-----w c:\programfiler\Fellesfiler\Tjenester 2009-04-22 00:39 . 2009-04-22 00:39 21704 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-27 06:14 . 2009-04-22 00:54 453152 ----a-w c:\windows\system32\NVUNINST.EXE 2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll . ------- Sigcheck ------- [-] 2008-05-09 05:49 1573376 B5CA3F53CDB66E69804255F149B01E03 c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Administrator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2009-04-22 133104] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "vmware-tray"="c:\programfiler\VMware\VMware Workstation\vmware-tray.exe" [2008-09-18 84528] "egui"="c:\programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2009-04-22 16855552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 100352] c:\documents and settings\Administrator\Start-meny\Programmer\Oppstart\ 2B5A0.exe.exe [2009-3-31 82724] 68071.exe.exe [2009-3-31 82724] 7460E.exe.exe [2009-3-31 82724] 8A725.exe.exe [2009-3-31 82724] C9C17.exe.exe [2009-3-31 82724] kill.bat [2009-4-22 42] mel.bat044015.bat [2009-4-22 137] mel.bat140521.bat [2009-4-22 137] mel.bat143858.bat [2009-4-22 137] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Programfiler\\VMware\\VMware Workstation\\vmware-authd.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "d:\\Spill\\World of Warcraft\\Launcher.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programfiler\Fellesfiler\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824] S2 ekrn;Eset Service;c:\programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-09-18 54960] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d4bed42-2ee6-11de-a32a-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1563985344-1801674531-500.job - c:\documents and settings\Administrator\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-04-22 00:59] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ LSP: c:\programfiler\VMware\VMware Workstation\vsocklib.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-22 18:18 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-04-22 18:19 ComboFix-quarantined-files.txt 2009-04-22 16:19 Pre-Run: 135 744 360 448 byte ledig Post-Run: 135 746 449 408 byte ledig 149 --- E O F --- 2009-04-22 03:49