ComboFix 09-08-10.06 - Privat 18.08.2009 20:45.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1535.1043 [GMT 2:00] Kjører fra: c:\documents and settings\Privat\Skrivebord\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\WinPCap c:\programfiler\WinPCap\rpcapd.exe c:\windows\Installer\5a5a5.msp c:\windows\Installer\5a5a7.msp c:\windows\system32\_002797_.tmp.dll c:\windows\system32\_002798_.tmp.dll c:\windows\system32\_002799_.tmp.dll c:\windows\system32\_002800_.tmp.dll c:\windows\system32\_002807_.tmp.dll c:\windows\system32\_002808_.tmp.dll c:\windows\system32\_002809_.tmp.dll c:\windows\system32\_002810_.tmp.dll c:\windows\system32\_002812_.tmp.dll c:\windows\system32\_002813_.tmp.dll c:\windows\system32\_002814_.tmp.dll c:\windows\system32\_002816_.tmp.dll c:\windows\system32\_002817_.tmp.dll c:\windows\system32\_002819_.tmp.dll c:\windows\system32\_002820_.tmp.dll c:\windows\system32\_002821_.tmp.dll c:\windows\system32\_002823_.tmp.dll c:\windows\system32\_002826_.tmp.dll c:\windows\system32\_002827_.tmp.dll c:\windows\system32\_002831_.tmp.dll c:\windows\system32\_002832_.tmp.dll c:\windows\system32\_002834_.tmp.dll c:\windows\system32\_002837_.tmp.dll c:\windows\system32\_002839_.tmp.dll c:\windows\system32\_002840_.tmp.dll c:\windows\system32\_002841_.tmp.dll c:\windows\system32\_002842_.tmp.dll c:\windows\system32\_002843_.tmp.dll c:\windows\system32\_002846_.tmp.dll c:\windows\system32\_002847_.tmp.dll c:\windows\system32\_002848_.tmp.dll c:\windows\system32\_002849_.tmp.dll c:\windows\system32\_002850_.tmp.dll c:\windows\system32\_002855_.tmp.dll c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACPI32 -------\Legacy_KSI32SK -------\Legacy_NPF -------\Service_npf ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-18 til 2009-08-18 ))))))))))))))))))))))))))))))))) . 2009-08-12 15:01 . 2008-04-14 08:22 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-08-12 03:25 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-09 15:04 . 2009-08-09 15:04 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2009-08-09 15:04 . 2009-08-09 15:04 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-09 15:04 . 2009-08-09 15:04 -------- d-----w- c:\programfiler\MSBuild 2009-08-09 15:04 . 2009-08-09 15:04 -------- d-----w- c:\programfiler\Reference Assemblies 2009-08-09 15:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-09 15:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-09 15:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-09 15:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-09 15:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-09 15:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-09 15:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-05 11:07 . 2009-08-05 11:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-28 13:12 . 2009-08-05 11:08 3942048 ----a-w- c:\documents and settings\All Users\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-09 15:07 . 2001-10-09 12:00 82518 ----a-w- c:\windows\system32\perfc014.dat 2009-08-09 15:07 . 2001-10-09 12:00 448708 ----a-w- c:\windows\system32\perfh014.dat 2009-08-05 19:25 . 2009-04-13 09:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 11:08 . 2002-01-01 00:15 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-08-05 09:01 . 2008-12-22 19:59 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 11:36 . 2002-01-01 00:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 11:36 . 2002-01-01 00:15 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-17 19:04 . 2008-12-22 19:59 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 10:21 . 2008-12-22 19:59 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-06 09:26 . 2008-12-22 23:43 -------- d-----w- c:\programfiler\Fellesfiler\Adobe 2009-07-03 17:01 . 2008-12-22 19:59 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-24 17:58 . 2009-06-24 16:33 -------- d-----w- c:\programfiler\AskBarDis 2009-06-24 16:27 . 2009-06-24 16:27 -------- d-----w- c:\programfiler\Fellesfiler\Logitech 2009-06-24 16:17 . 2008-12-22 13:01 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2009-06-24 16:16 . 2009-06-24 16:16 -------- d-----w- c:\programfiler\Buypass 2009-06-16 14:43 . 2008-12-22 19:59 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:43 . 2008-12-22 19:59 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:45 . 2008-12-22 19:59 76800 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:45 . 2008-12-22 19:59 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:16 . 2008-12-22 19:59 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:22 . 2008-12-22 19:59 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2008-12-22 19:59 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-07 19:32 . 2009-04-13 09:21 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-06-03 19:11 . 2008-12-22 19:59 1294336 ----a-w- c:\windows\system32\quartz.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2009-07-20 10:28 2215960 ----a-w- c:\programfiler\ToggleEN\tbTog0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}] 2009-07-20 10:28 2215960 ----a-w- c:\programfiler\P2P_Energy\tbP2P0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}] 2009-07-20 10:28 2215960 ----a-w- c:\programfiler\ToggleNO\tbTog0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\programfiler\ToggleEN\tbTog0.dll" [2009-07-20 2215960] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\programfiler\P2P_Energy\tbP2P0.dll" [2009-07-20 2215960] "{af543a13-f8e6-4423-a4ac-1cc0475ecb44}"= "c:\programfiler\ToggleNO\tbTog0.dll" [2009-07-20 2215960] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\programfiler\ToggleEN\tbTog0.dll" [2009-07-20 2215960] "{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\programfiler\P2P_Energy\tbP2P0.dll" [2009-07-20 2215960] "{AF543A13-F8E6-4423-A4AC-1CC0475ECB44}"= "c:\programfiler\ToggleNO\tbTog0.dll" [2009-07-20 2215960] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208] "Steam"="c:\programfiler\Valve\Steam\Steam.exe" [2009-06-10 1217784] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885400] "Advanced SystemCare 3"="c:\programfiler\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SoundMAXPnP"="c:\programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-04-02 342312] "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768] "UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-03-26 16859136] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2008-03-20 53248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-12-22 805392] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-12-22 262144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Valve\\Steam\\SteamApps\\hitler_the_beast\\condition zero\\hl.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [13.04.2009 10:36 108289] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [03.03.2009 16:48 55152] R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [13.04.2009 10:54 157696] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [24.12.2008 17:28 84608] S3 fsssvc;Windows Live Tryggere for familien;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [06.02.2009 19:08 533360] S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;c:\windows\system32\drivers\sccmusbm.sys [22.12.2008 14:46 23936] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-08-15 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-08-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-08-12 c:\windows\Tasks\SmartDefrag.job - c:\programfiler\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-13 16:15] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.sol.no/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\programfiler\PokerStars.NET\PokerStarsUpdate.exe Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-18 20:49 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(904) c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2672) c:\programfiler\Logitech\SetPoint\lgscroll.dll c:\windows\system32\webcheck.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\scardsvr.exe c:\programfiler\Avira\AntiVir Desktop\avguard.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe c:\programfiler\CDBurnerXP\NMSAccessU.exe c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\programfiler\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\WgaTray.exe c:\programfiler\Microsoft Office\Office10\MSOFFICE.EXE c:\programfiler\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe c:\programfiler\Logitech\SetPoint\LU\LULnchr.exe c:\programfiler\Logitech\SetPoint\LU\LogitechUpdate.exe . ************************************************************************** . Tidspunkt ferdig: 2009-08-18 20:52 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-08-18 18:52 Pre-Run: 116 250 374 144 byte ledig Post-Run: 116 221 669 376 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 247 --- E O F --- 2002-01-01 11:10