ComboFix 09-05-17.01 - Kenneth 17.05.2009 20:44.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1023.716 [GMT 2:00] Kjører fra: c:\documents and settings\Kenneth\Skrivebord\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton Internet Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} FW: Norton Internet Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\MFC71.dll D:\install.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-17 til 2009-05-17 ))))))))))))))))))))))))))))))))) . 2009-05-17 18:43 . 2009-05-17 18:43 -------- d-----w c:\documents and settings\Kenneth\Lokale innstillinger\Programdata\Symantec 2009-05-17 18:33 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-17 18:33 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-17 18:33 . 2009-05-17 18:33 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-05-14 15:41 . 2009-05-14 15:41 35888 ----a-r c:\windows\system32\drivers\SymIM.sys 2009-05-14 15:41 . 2009-05-17 17:46 60808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-05-14 15:41 . 2009-05-17 17:46 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-14 15:41 . 2009-05-17 17:46 -------- d-----w c:\programfiler\Symantec 2009-05-14 15:40 . 2009-05-17 17:44 -------- d-----w c:\windows\system32\drivers\NIS 2009-05-14 15:40 . 2009-05-14 15:41 -------- d-----w c:\programfiler\Norton Internet Security 2009-05-14 15:40 . 2009-05-14 15:40 -------- d-----w c:\programfiler\Windows Sidebar 2009-05-14 15:40 . 2009-05-14 15:41 -------- d-----w c:\documents and settings\All Users\Programdata\Norton 2009-05-14 15:40 . 2009-05-14 15:40 -------- d-----w c:\programfiler\NortonInstaller 2009-05-14 15:40 . 2009-05-14 15:40 -------- d-----w c:\documents and settings\All Users\Programdata\NortonInstaller 2009-05-06 20:58 . 2009-05-06 20:58 -------- d-----w c:\programfiler\softendo.com 2009-04-28 16:04 . 2009-05-11 13:00 -------- d-----w c:\programfiler\Norton Security Scan 2009-04-27 13:49 . 2009-05-14 21:44 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-27 13:49 . 2009-04-27 13:49 -------- d-----w c:\programfiler\Avira 2009-04-27 13:49 . 2009-04-27 13:49 -------- d-----w c:\documents and settings\All Users\Programdata\Avira 2009-04-27 13:33 . 2009-04-27 13:33 -------- d-----w c:\documents and settings\Kenneth\Programdata\AVG8 . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-17 17:46 . 2009-05-14 15:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-05-17 17:46 . 2009-05-14 15:41 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-05-14 22:36 . 2009-01-22 20:33 -------- d-----w c:\programfiler\Left4Dead 2009-05-14 15:41 . 2007-01-24 21:25 -------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2009-05-11 01:02 . 2002-09-22 15:18 73294 ----a-w c:\windows\system32\perfc014.dat 2009-05-11 01:02 . 2002-09-22 15:18 412636 ----a-w c:\windows\system32\perfh014.dat 2009-04-15 20:46 . 2007-01-22 21:48 36256 ----a-w c:\documents and settings\Kenneth\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-04-14 18:33 . 2009-02-24 15:35 -------- d-----w c:\programfiler\NCH Swift Sound 2009-04-14 18:30 . 2009-04-14 18:30 -------- d-----w c:\programfiler\SoftwarePile.com 2009-04-14 18:29 . 2009-04-14 18:29 -------- d-----w c:\programfiler\Pando Networks 2009-04-14 17:29 . 2009-04-14 17:29 -------- d-----w c:\programfiler\Ventrilo 2009-04-14 17:28 . 2009-01-12 00:47 -------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-03-31 16:02 . 2009-03-31 16:02 -------- d-----w c:\programfiler\AP Tuner 2009-03-26 20:03 . 2009-03-26 20:03 -------- d-----w c:\programfiler\Fellesfiler\PACE Anti-Piracy 2009-03-26 20:01 . 2009-03-26 20:01 -------- d-----w c:\programfiler\InterLok 2009-03-26 20:01 . 2009-03-26 20:01 -------- d-----w c:\programfiler\Propellerhead 2009-03-26 20:01 . 2009-03-26 20:00 -------- d-----w c:\programfiler\UVI Workstation 2009-03-26 20:01 . 2009-03-26 20:01 -------- d-----w c:\programfiler\UVISoundBanks 2009-03-26 20:01 . 2009-03-26 20:01 -------- d-----w c:\programfiler\Fellesfiler\Digidesign 2009-03-26 20:01 . 2008-06-29 14:43 -------- d-----w c:\programfiler\VstPlugins 2009-03-26 20:00 . 2009-03-26 20:00 -------- d-----w c:\programfiler\Fellesfiler\UVI 2009-03-26 19:33 . 2008-11-05 21:37 -------- d-----w c:\programfiler\Steinberg 2009-03-06 14:47 . 2004-08-04 01:03 283648 ----a-w c:\windows\system32\pdh.dll 2009-02-20 08:33 . 2004-08-04 01:03 658944 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:33 . 2004-08-04 01:03 81920 ----a-w c:\windows\system32\ieencode.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\programfiler\Ahead\Nero BackItUp\NBJ.exe" [2005-09-16 1961984] "Steam"="c:\programfiler\valve\steam\steam.exe" [2008-10-12 1410296] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-20 1830128] "mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "Pando"="c:\programfiler\Pando Networks\Pando\Pando.exe" [2008-11-20 3647304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2006-07-20 847872] "Launch PC Probe II"="c:\programfiler\ASUS\PC Probe II\Probe2.exe" [2006-07-28 2129408] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "DeathAdder"="c:\programfiler\Razer\DeathAdder\razerhid.exe" [2006-12-06 159744] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2007-06-01 257088] "Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2007-06-29 286720] "H2O"="c:\programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024] "PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864] "avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Kenneth\Start-meny\Programmer\Oppstart\ Registrering av Logitech-produkt.lnk - c:\programfiler\Fellesfiler\LogiShared\eReg\SetPoint\eReg.exe [2007-4-9 3036688] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ InterVideo WinCinema Manager.lnk - c:\programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-1-24 278528] Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2007-12-3 692224] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Programfiler\\Azureus\\Azureus.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Programfiler\\Valve\\Steam\\Steam.exe"= "c:\\Programfiler\\Valve\\Steam\\SteamApps\\kelle_tidfall\\condition zero\\hl.exe"= "c:\\Programfiler\\GameSpy Arcade\\Aphex.exe"= "c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Programfiler\\Xfire\\xfire.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Left4Dead\\hl2.exe"= "c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Programfiler\\World of Warcraft\\Launcher.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Pando Networks\\Pando\\pando.exe"= "c:\\Documents and Settings\\Kenneth\\Skrivebord\\avg_free_stb_en_8_18.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "57326:TCP"= 57326:TCP:Pando P2P TCP Listening Port "57326:UDP"= 57326:UDP:Pando P2P UDP Listening Port R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [17.05.2009 19:46 310320] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [05.11.2008 23:36 33792] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSxpx86.sys [14.05.2009 21:01 276344] S1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [22.12.2008 12:06 8944] S1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [22.12.2008 12:05 55024] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [27.04.2009 15:49 108289] S2 Norton Internet Security;Norton Internet Security;c:\programfiler\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [17.05.2009 19:45 115560] S3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [14.05.2009 17:41 254512] S3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [14.05.2009 17:41 362544] S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [03.04.2007 20:40 22144] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14.05.2009 21:02 101936] S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [31.10.2007 22:48 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [31.10.2007 23:10 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [31.10.2007 23:10 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [31.10.2007 23:11 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [31.10.2007 23:11 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [31.10.2007 23:10 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [31.10.2007 23:11 98952] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [22.12.2008 12:06 7408] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42] 2009-05-12 c:\windows\Tasks\Norton Security Scan for Kenneth.job - c:\programfiler\Norton Security Scan\Nss.exe [2009-03-13 18:20] 2009-05-17 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 20:18] . . ------- Tilleggsskanning ------- . uInternet Connection Wizard,ShellNext = iexplore IE: &Search - ?p=ZNfox000 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Kenneth\Start-meny\Programmer\IMVU\Run IMVU.lnk DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx FF - ProfilePath - c:\documents and settings\Kenneth\Programdata\Mozilla\Firefox\Profiles\eiyfc73e.default\ FF - component: c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\documents and settings\Kenneth\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll FF - plugin: c:\programfiler\Java\jre1.5.0_05\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_05\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_05\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_05\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_05\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_05\bin\NPJPI150_05.dll FF - plugin: c:\programfiler\Java\jre1.5.0_05\bin\NPOJI610.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npitunes.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npPandoWebInst.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-17 20:46 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\programfiler\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programfiler\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(840) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2009-05-17 20:48 ComboFix-quarantined-files.txt 2009-05-17 18:47 ComboFix2.txt 2009-02-02 16:51 Pre-Run: 14 765 563 904 byte ledig Post-Run: 14 947 033 088 byte ledig 208 --- E O F --- 2009-05-14 12:41