ComboFix 09-08-18.04 - PRIVAT 19.08.2009 21:13.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.503.293 [GMT 2:00] Kjører fra: c:\documents and settings\PRIVAT\Skrivebord\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\PRIVAT\Programdata\WeatherDPA c:\documents and settings\PRIVAT\Programdata\WeatherDPA\Weather\WeatherStartup.xml c:\windows\system32\mdm.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-19 til 2009-08-19 ))))))))))))))))))))))))))))))))) . 2010-03-21 19:13 . 2010-03-21 19:13 -------- d-----w- c:\windows\system32\KB905474 2010-03-21 19:13 . 2009-03-10 21:26 1432960 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe 2010-03-21 19:13 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe 2010-03-21 19:03 . 2009-03-06 14:24 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-03-21 19:03 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe 2010-03-21 19:03 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-03-21 19:03 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-03-21 19:03 . 2009-02-09 10:56 680448 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-03-21 19:03 . 2009-02-09 10:56 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2010-03-21 19:03 . 2009-02-09 10:56 710656 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-03-21 19:03 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-03-21 18:59 . 2010-03-21 18:59 -------- d--h--r- c:\documents and settings\PRIVAT\Siste 2010-03-16 03:35 . 2010-03-16 03:35 325632 ----a-w- c:\windows\system32\EAREMOVE.EXE 2010-03-16 03:33 . 2010-03-16 03:38 -------- d-----w- C:\NUKEPC 2010-03-04 11:28 . 2010-03-04 11:28 -------- d-----w- c:\documents and settings\PRIVAT\Documents and Settings 2010-03-04 11:12 . 2010-03-04 11:12 -------- d-----w- c:\documents and settings\PRIVAT\report 2010-02-26 01:52 . 2010-02-26 01:52 -------- d-----w- c:\documents and settings\Programdata 2010-02-25 19:29 . 2010-02-25 19:29 -------- d-----w- c:\documents and settings\PRIVAT\cs 2010-02-15 14:19 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2010-02-15 14:19 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2010-02-15 14:19 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2010-02-15 14:19 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2010-02-15 14:19 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2010-02-15 14:19 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2010-02-15 14:19 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2010-02-15 14:19 . 2008-10-10 03:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2010-02-15 14:19 . 2008-10-10 03:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2010-02-15 14:19 . 2008-10-10 03:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2010-02-15 14:19 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll 2010-02-15 14:19 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll 2010-02-15 14:17 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll 2010-02-15 14:10 . 2010-02-15 14:10 -------- d-----w- c:\windows\Logs 2010-02-15 14:09 . 2010-02-15 14:09 -------- d-----w- c:\programfiler\Utherverse Digital Inc 2010-02-14 04:12 . 2010-02-14 04:12 -------- d-----w- c:\documents and settings\All Users\Programdata\NCH Software 2010-02-14 04:12 . 2010-02-14 04:12 -------- d-----w- c:\documents and settings\PRIVAT\Programdata\NCH Software 2010-02-14 04:11 . 2010-02-14 04:20 -------- d-----w- c:\documents and settings\All Users\Programdata\NCH Swift Sound 2010-02-14 04:11 . 2010-02-14 04:19 -------- d-----w- c:\documents and settings\PRIVAT\Programdata\NCH Swift Sound 2010-02-14 04:11 . 2010-02-14 04:18 27136 ----a-w- c:\windows\system32\drivers\nchssvad.sys 2010-02-14 04:11 . 2010-02-14 04:20 -------- d-----w- c:\programfiler\NCH Swift Sound 2010-02-14 04:11 . 2010-02-14 04:12 -------- d-----w- c:\programfiler\NCH Software 2010-02-06 22:54 . 2010-02-06 22:54 -------- d-----w- c:\documents and settings\PRIVAT\Lokale innstillinger\Programdata\WMTools Downloaded Files 2010-01-31 16:46 . 2010-01-31 16:46 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-31 16:26 . 2010-01-31 16:26 -------- d-----w- c:\programfiler\Ubisoft 2009-12-23 15:30 . 2009-12-23 15:30 -------- d-----w- c:\programfiler\PKR 2009-08-19 18:59 . 2008-04-14 16:22 26624 ----a-w- c:\documents and settings\LocalService\Programdata\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-08-19 18:31 . 2009-08-19 18:31 80640 ----a-w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\FontCache3.0.0.0.dat 2009-08-19 18:29 . 2009-08-19 18:29 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-19 18:28 . 2009-08-19 18:28 -------- d-----w- c:\programfiler\MSBuild 2009-08-19 18:28 . 2009-08-19 18:28 -------- d-----w- c:\programfiler\Reference Assemblies 2009-08-19 18:26 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-19 18:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-19 18:26 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-19 18:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-19 18:26 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-19 18:26 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-19 18:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-19 18:26 . 2009-08-19 18:27 -------- d-----w- C:\b34444283d0fd1c7be2ba9be . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-21 17:14 . 2009-03-28 10:32 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-03-21 17:14 . 2009-03-28 10:34 3942048 ----a-w- c:\documents and settings\All Users\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-26 23:41 . 2009-05-20 19:47 -------- d-----w- c:\programfiler\ToggleEN 2010-02-26 05:16 . 2009-04-09 11:58 -------- d-----w- c:\documents and settings\PRIVAT\Programdata\LimeWire 2009-12-24 20:41 . 2009-04-08 22:00 -------- d-----w- c:\programfiler\Windows Live 2009-08-19 19:10 . 2009-03-28 10:30 -------- d-----w- c:\programfiler\Symantec AntiVirus 2009-08-19 19:03 . 2009-05-04 19:15 -------- d-----w- c:\documents and settings\PRIVAT\Programdata\Skype 2009-08-19 18:56 . 2009-05-04 19:17 -------- d-----w- c:\documents and settings\PRIVAT\Programdata\skypePM 2009-08-19 18:56 . 2009-04-09 12:27 -------- d-----w- c:\programfiler\Steam 2009-08-19 18:44 . 2004-08-04 12:00 76354 ----a-w- c:\windows\system32\perfc014.dat 2009-08-19 18:44 . 2004-08-04 12:00 436554 ----a-w- c:\windows\system32\perfh014.dat 2009-08-03 12:36 . 2009-03-28 10:32 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 12:36 . 2009-03-28 10:32 19096 ----a-w- c:\windows\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\programfiler\ToggleEN\tbTog0.dll" [2010-03-20 2215960] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2010-03-20 00:10 2215960 ----a-w- c:\programfiler\ToggleEN\tbTog0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\programfiler\ToggleEN\tbTog0.dll" [2010-03-20 2215960] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\programfiler\ToggleEN\tbTog0.dll" [2010-03-20 2215960] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208] "Steam"="c:\programfiler\steam\steam.exe" [2010-01-15 1217784] "Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2009-04-16 24264488] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-04 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456] "igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760] "igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904] "SoundMAXPnP"="c:\programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "WatchDog"="c:\programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-09 136600] "bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2002-12-17 102400] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2004-06-09 66680] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096] "iKeyWorks"="c:\programfiler\A4Tech\Keyboard\Ikeymain.exe" [2007-06-25 65536] "WheelMouse"="c:\programfiler\A4Tech\Mouse\Amoumain.exe" [2007-12-25 241664] "etMonitor"="c:\windows\etMon.exe" [2007-02-14 102400] "BroadWave"="c:\programfiler\NCH Swift Sound\BroadWave\broadwave.exe" [2010-02-14 499716] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-11-16 88209] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Control Center.lnk - c:\programfiler\VAD\Laplace Webcam\Tools\SystemTray.exe [2009-5-12 114688] DVD Check.lnk - c:\programfiler\InterVideo\DVD Check\DVDCheck.exe [2009-1-9 184320] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Steam\\SteamApps\\hitler_the_beast\\condition zero\\hl.exe"= "c:\\Programfiler\\Steam\\SteamApps\\hitler_the_beast\\counter-strike\\hl.exe"= "c:\\Programfiler\\Steam\\SteamApps\\hitler_the_beast\\condition zero deleted scenes\\hl.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "85:TCP"= 85:TCP:BroadWave Web Server R2 BroadWaveService;BroadWave;c:\programfiler\NCH Swift Sound\BroadWave\broadwave.exe [14.02.2010 06:20 499716] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [09.04.2009 00:07 55152] S3 cmeu0wdm;CardMan 2020;c:\windows\system32\drivers\cmeu0wdm.sys [18.01.2009 16:22 43737] S3 DCamUSBET;VAD Laplace Webcam;c:\windows\system32\drivers\etDevice.sys [12.05.2009 16:00 475392] S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [12.05.2009 16:00 200960] S3 fsssvc;Windows Live Tryggere for familien;"c:\programfiler\Windows Live\Family Safety\fsssvc.exe" --> c:\programfiler\Windows Live\Family Safety\fsssvc.exe [?] S3 SavRoam;SAVRoam;c:\programfiler\Symantec AntiVirus\SavRoam.exe [06.10.2004 18:56 173392] S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [12.05.2009 16:00 6656] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - HTTPFILTER *NewlyCreated* - RASAUTO *NewlyCreated* - UPNPHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-08-19 c:\windows\Tasks\User_Feed_Synchronization-{9B53EDAA-7345-4175-BB01-3A83C657261F}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] 2009-08-19 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-03-21 21:18] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-19 21:17 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\system32\sirenacm.dll . Tidspunkt ferdig: 2009-08-19 21:20 ComboFix-quarantined-files.txt 2009-08-19 19:19 Pre-Run: 39 633 997 824 byte ledig Post-Run: 39 641 231 360 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 206 --- E O F --- 2009-01-18 16:05