,,,ComboFix 09-04-22.A23 - A 22.04.2009 16:35.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.47.1044.18.2046.1081 [GMT 2:00] Kjører fra: G:\ComboFix.exe AV: AVG 7.5.557 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-22 til 2009-04-22 ))))))))))))))))))))))))))))))))) . 2009-04-21 21:51 . 2009-04-21 21:51 -------- d-----w C:\91b133c3bcdf32a3f488 2009-04-17 20:57 . 2009-04-17 21:24 -------- d-----w c:\users\A\AppData\Roaming\dvdcss 2009-04-17 06:09 . 2008-12-08 04:34 376832 ----a-w c:\windows\system32\winhttp.dll 2009-04-17 06:09 . 2008-06-05 04:50 30208 ----a-w c:\windows\system32\xolehlp.dll 2009-04-17 06:09 . 2008-06-05 04:50 500736 ----a-w c:\windows\system32\msdtcprx.dll 2009-04-17 06:07 . 2009-03-03 04:20 826368 ----a-w c:\windows\system32\wininet.dll 2009-04-03 22:40 . 2009-04-03 22:41 -------- d-----w c:\users\A\AppData\Roaming\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 14:15 . 2007-07-15 21:23 -------- d-----w c:\users\A\AppData\Roaming\AVG7 2009-04-21 22:02 . 2006-11-21 05:16 79408 ----a-w c:\windows\System32\perfc014.dat 2009-04-21 22:02 . 2006-11-21 05:16 476858 ----a-w c:\windows\System32\perfh014.dat 2009-04-21 21:56 . 2007-05-22 01:11 12837 ----a-w c:\users\A\AppData\Roaming\nvModes.dat 2009-04-18 01:20 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-10 15:50 . 2009-01-16 22:24 -------- d-----w c:\users\A\AppData\Roaming\Spotify 2009-04-04 19:52 . 2007-02-04 09:52 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-03 22:37 . 2008-02-17 23:09 -------- d-----w c:\program files\VideoLAN 2009-03-22 02:08 . 2008-08-01 09:57 7484 ----a-w c:\users\A\AppData\Local\d3d9caps.dat 2009-03-22 00:22 . 2008-05-18 14:00 -------- d-----w c:\program files\Windows Live 2009-03-22 00:19 . 2009-03-22 00:19 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-22 00:16 . 2009-03-22 00:16 -------- d-----w c:\program files\Microsoft 2009-03-22 00:15 . 2009-03-22 00:15 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-22 00:04 . 2009-03-22 00:04 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-21 10:14 . 2008-07-31 17:17 -------- d-----w c:\program files\CCleaner 2009-03-17 03:16 . 2009-04-17 06:08 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:16 . 2009-04-17 06:08 14848 ----a-w c:\windows\System32\apilogen.dll 2009-03-17 03:16 . 2009-04-17 06:08 25600 ----a-w c:\windows\System32\amxread.dll 2009-03-14 02:00 . 2009-03-14 02:00 -------- d-----w c:\programdata\Office Genuine Advantage 2009-03-13 22:29 . 2009-03-13 22:28 594 ----a-w C:\updatedatfix.log 2009-03-13 22:29 . 2007-02-04 10:19 -------- d-----w c:\program files\HP 2009-03-03 04:24 . 2009-04-17 06:08 3503584 ----a-w c:\windows\System32\ntkrnlpa.exe 2009-03-03 04:24 . 2009-04-17 06:08 3469280 ----a-w c:\windows\System32\ntoskrnl.exe 2009-03-03 04:19 . 2009-04-17 06:08 158720 ----a-w c:\windows\System32\sdohlp.dll 2009-03-03 04:19 . 2009-04-17 06:08 549888 ----a-w c:\windows\System32\rpcss.dll 2009-03-03 04:19 . 2009-04-17 06:08 24576 ----a-w c:\windows\System32\printfilterpipelineprxy.dll 2009-03-03 04:16 . 2009-04-17 06:07 56320 ----a-w c:\windows\System32\iesetup.dll 2009-03-03 04:16 . 2009-04-17 06:08 97280 ----a-w c:\windows\System32\iasrecst.dll 2009-03-03 04:16 . 2009-04-17 06:08 53248 ----a-w c:\windows\System32\iasads.dll 2009-03-03 04:16 . 2009-04-17 06:08 37888 ----a-w c:\windows\System32\iasdatastore.dll 2009-03-03 04:16 . 2009-04-17 06:07 78336 ----a-w c:\windows\System32\ieencode.dll 2009-03-03 04:16 . 2009-04-17 06:07 52736 ----a-w c:\windows\AppPatch\iebrshim.dll 2009-03-03 04:15 . 2009-04-17 06:07 72704 ----a-w c:\windows\System32\admparse.dll 2009-03-03 02:40 . 2009-04-17 06:08 654336 ----a-w c:\windows\System32\printfilterpipelinesvc.exe 2009-03-03 02:08 . 2009-04-17 06:07 26624 ----a-w c:\windows\System32\ieUnatt.exe 2009-03-03 00:44 . 2009-04-17 06:07 48128 ----a-w c:\windows\System32\mshtmler.dll 2009-02-13 07:26 . 2009-04-17 06:08 72704 ----a-w c:\windows\System32\secur32.dll 2009-02-13 07:26 . 2009-04-17 06:08 1233408 ----a-w c:\windows\System32\lsasrv.dll 2009-02-13 07:26 . 2009-04-17 06:08 7680 ----a-w c:\windows\System32\lsass.exe 2009-02-09 01:59 . 2009-03-10 23:37 2028032 ----a-w c:\windows\System32\win32k.sys 2009-02-06 18:59 . 2009-02-06 18:59 308104 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll 2008-12-10 02:25 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2008-10-04 22:00 . 2008-10-04 22:00 59800 ----a-w c:\users\A\ia_remove.sh6760.tmp 2008-06-17 01:12 . 2007-05-21 21:35 84904 ----a-w c:\users\A\AppData\Local\GDIPFONTCACHEV1.DAT 2007-05-25 08:12 . 2007-05-25 08:12 0 ----a-w c:\users\A\AppData\Roaming\wklnhst.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-04-04 3885400] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-27 90191] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-25 590848] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] 2007-07-15 21:22 9216 ----a-w c:\windows\System32\avgwlntf.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hurtigstart for Adobe Reader.lnk backup=c:\windows\pss\Hurtigstart for Adobe Reader.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AC00CDE6-3858-460E-B2B0-1F082ECC1861}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP "{1205F5F8-A0DC-4243-828C-2D05D06B7349}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP "{49BA29E7-E1AA-4A17-BDEA-71ED86548333}"= UDP:c:\users\A\temp\DynGate\DynGate.exe:DynGate "{5A204CE7-F21E-406A-8A3A-281FB261FF91}"= TCP:c:\users\A\temp\DynGate\DynGate.exe:DynGate "{59175791-5A71-45BC-9455-C2030D709BFE}"= UDP:c:\program files\TeamViewer\TeamViewer.exe:TeamViewer "{C5B25FD5-282B-4271-8384-43C4FC65954B}"= TCP:c:\program files\TeamViewer\TeamViewer.exe:TeamViewer "{9342748E-FA2C-4F08-9659-C4BBD74E2BB8}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{482D8CD9-696C-4D57-A399-1D4C12E49F6F}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{56F56CE2-A8E2-481D-ACE8-3D5349FEDC3D}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{4A34BA66-5799-42B8-B47F-3B36332542AC}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{02AE6F9D-11E0-4FEF-93B9-E0714F1C6EE8}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{F97DB613-9690-4600-940D-97A8D4B9A656}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "TCP Query User{FECB89AA-A353-41B8-B241-F3270134E490}c:\\program files\\axesstel\\axessmanager\\axessmanager.exe"= UDP:c:\program files\axesstel\axessmanager\axessmanager.exe:AxessManager Application "UDP Query User{39B72F08-9273-4962-A8AF-1998B4D1946B}c:\\program files\\axesstel\\axessmanager\\axessmanager.exe"= TCP:c:\program files\axesstel\axessmanager\axessmanager.exe:AxessManager Application "TCP Query User{F1044003-EB10-4828-A6EE-6C067388483D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{91E78DE9-4FB9-4AE8-AD1E-5CAD67778175}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{8EF633DF-06FC-4E62-85BF-0F6EDC0554BE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{39AB18B9-D5DE-4B0F-B2A4-60A0C12AE4DF}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{1FB03DEF-F241-45DF-9317-E5DC061456E8}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{EE8B5B22-85DE-40D9-B87C-D3BA41B64367}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{EACEFB8B-63BF-4A84-93D8-6CD48AF9F999}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{5135F1A0-8D2F-4CE6-B99B-8E0967108205}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify "{3BACB565-3120-4A28-8CB8-30A956B4A9D1}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904] S0 AFS;AFS; [x] S3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\System32\Drivers\avgwfp.sys [2008-04-24 53768] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-22 c:\windows\Tasks\User_Feed_Synchronization-{419C3BE6-FF70-444B-AF2F-499A3532BEF6}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . - - - - TOMME PEKERE FJERNET - - - - HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\Shockwave 11\SwHelper_1103471.exe -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=71&bd=Pavilion&pf=laptop uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-22 16:42 Windows 6.0.6000 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2009-04-22 16:44 ComboFix-quarantined-files.txt 2009-04-22 14:44 Pre-Run: 78 858 792 960 byte ledig Post-Run: 78 925 545 472 byte ledig 180 --- E O F --- 2009-04-18 01:13