ComboFix 09-05-05.05 - Jørn 06.05.09 19:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.510.271 [GMT 2:00] Kjører fra: c:\documents and settings\Jørn\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf D:\resycled d:\resycled\boot.com . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-06 til 2009-05-06 ))))))))))))))))))))))))))))))))) . 2009-05-04 18:07 . 2009-05-04 18:08 -------- d-----w c:\programfiler\Personal 2009-04-26 13:54 . 2009-04-26 13:54 -------- d-----w c:\programfiler\Trend Micro 2009-04-16 21:09 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 21:09 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 21:09 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 21:09 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 21:09 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 21:09 . 2009-02-09 10:56 680448 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 21:09 . 2009-02-09 10:56 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 21:09 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 21:09 . 2009-02-09 10:56 710656 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 21:08 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-26 19:29 . 2008-10-28 22:33 -------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-04-25 09:24 . 2008-10-28 22:14 -------- d-----w c:\programfiler\Java 2009-04-25 09:23 . 2004-08-04 20:00 71948 ----a-w c:\windows\system32\perfc014.dat 2009-04-25 09:23 . 2004-08-04 20:00 408396 ----a-w c:\windows\system32\perfh014.dat 2009-04-24 23:45 . 2008-10-30 08:30 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-04-06 13:32 . 2008-10-30 08:30 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2008-10-30 08:30 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-09 03:19 . 2008-12-10 18:00 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:24 . 2004-08-04 20:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2004-08-04 20:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:17 . 2004-08-04 20:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-11 19:23 . 2009-02-11 19:23 48913 ----a-w c:\windows\UninstVeetleTVPlayer.exe 2009-02-10 17:11 . 2004-08-04 00:58 2067840 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:08 . 2004-08-04 20:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2004-08-04 20:00 2190848 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2004-08-04 20:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2004-08-04 20:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2004-08-04 20:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2004-08-04 20:00 710656 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:56 . 2004-08-04 20:00 680448 ----a-w c:\windows\system32\advapi32.dll 2009-02-06 10:39 . 2004-08-04 20:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 08:43 . 2008-10-28 23:01 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-02-06 08:43 . 2008-10-28 23:01 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-06 08:43 . 2008-10-28 23:01 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2008-09-29 21755688] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064] "Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "HP Software Update"="c:\programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "eabconfg.cpl"="c:\programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504] "QPService"="c:\programfiler\HP\QuickPlay\QPService.exe" [2005-12-12 94208] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-29 113664] Mobilt bredb†nd.lnk - c:\programfiler\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-7-27 733184] Personal.lnk - c:\programfiler\Personal\bin\Personal.exe [2009-5-4 939536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-06 08:43 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.10.08 01:01 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.10.08 01:01 107272] R2 GtFlashSwitch;GtFlashSwitch;c:\programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [09.02.07 15:48 176128] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [28.10.08 23:42 231424] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [29.10.08 01:01 903960] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29.10.08 01:01 298264] S3 getPlus(R) Helper;getPlus(R) Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [20.02.09 11:44 33752] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [14.04.07 06:05 122496] S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [14.04.07 06:05 8064] S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [14.04.07 06:06 37120] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{548e45c2-a67b-11dd-b6f9-0014a5ac166f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f: \Shell\Open\command - f:\resycled\boot.com f: . - - - - TOMME PEKERE FJERNET - - - - BHO-{3E802612-6ECB-4E17-B9CE-5AD3F2D6F0E0} - c:\windows\system32\opnNdbcA.dll HKLM-Run-c:\windows\system32\kdhqe.exe - c:\windows\system32\kdhqe.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: interreg-oks.eu\www DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://hembanken.danskebank.se/html/activex/e-Safekey/OEB/e-Safekey.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-06 19:41 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????3?6?3?4??????? ???B?????????????hLC???????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\Ati2evxx.dll c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Tidspunkt ferdig: 2009-05-06 19:42 ComboFix-quarantined-files.txt 2009-05-06 17:42 Pre-Run: 30 256 275 456 byte ledig Post-Run: 31 361 957 888 byte ledig 149 --- E O F --- 2009-04-29 22:00