ComboFix 09-10-11.03 - kim 12.10.2009 19:45.2.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2046.1264 [GMT 2:00] Kjører fra: c:\my shared folder\bilder\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-12 til 2009-10-12 ))))))))))))))))))))))))))))))))) . 2009-10-12 17:50 . 2009-10-12 17:50 -------- d-----w- c:\users\kim\AppData\Local\temp 2009-10-12 17:50 . 2009-10-12 17:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-10-12 17:50 . 2009-10-12 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-12 16:47 . 2009-10-12 16:47 -------- d-----w- c:\users\kim\AppData\Roaming\EA 2009-10-12 13:34 . 2009-10-12 13:34 -------- d-----w- c:\users\kim\AppData\Roaming\Malwarebytes 2009-10-12 13:34 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-12 13:34 . 2009-10-12 14:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-12 13:34 . 2009-10-12 13:34 -------- d-----w- c:\programdata\Malwarebytes 2009-10-12 13:34 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-11 14:45 . 2009-10-11 12:43 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-10-11 12:44 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-11 12:41 . 2009-10-11 12:41 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864} 2009-10-11 12:41 . 2009-10-11 12:41 -------- d-----w- c:\program files\Lavasoft 2009-10-11 09:58 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll 2009-10-11 09:58 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2009-10-11 09:58 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2009-10-11 09:58 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2009-10-11 09:58 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2009-10-11 09:58 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2009-10-11 09:50 . 2009-10-11 09:50 -------- d-----w- c:\program files\Codemasters 2009-10-10 23:03 . 2009-10-10 23:03 -------- d-----w- c:\program files\CS 2009-10-02 21:15 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-02 14:06 . 2009-10-12 16:47 -------- d-----w- c:\users\kim\AppData\Local\Deployment 2009-10-02 14:06 . 2009-10-02 14:06 -------- d-----w- c:\users\kim\AppData\Local\Apps 2009-10-02 13:22 . 2009-10-02 13:22 -------- d-----w- c:\users\kim\AppData\Local\Unity 2009-10-02 13:22 . 2009-10-02 13:22 -------- d-----w- c:\program files\Unity 2009-10-01 03:44 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-01 03:44 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-01 03:44 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-01 03:44 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-01 03:43 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-01 03:43 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-01 03:43 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-01 03:43 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-01 03:43 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-09-24 05:58 . 2009-09-24 05:58 -------- d-----w- c:\program files\iPod 2009-09-24 05:58 . 2009-09-24 05:59 -------- d-----w- c:\program files\iTunes 2009-09-17 23:06 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-09-17 23:06 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-09-17 23:06 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-09-17 23:06 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-09-17 23:06 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-09-17 23:06 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-09-17 23:06 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-09-17 23:06 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2009-09-17 23:06 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2009-09-17 23:06 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-09-17 09:19 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-17 09:19 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-09-17 09:18 . 2009-09-17 09:19 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-17 09:17 . 2009-09-17 09:17 -------- d-----w- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-12 16:35 . 2009-09-02 19:40 -------- d-----w- c:\users\kim\AppData\Roaming\vlc 2009-10-12 15:05 . 2008-01-21 06:14 94778 ----a-w- c:\windows\system32\perfc014.dat 2009-10-12 15:05 . 2008-01-21 06:14 501426 ----a-w- c:\windows\system32\perfh014.dat 2009-10-12 12:31 . 2009-02-03 14:56 -------- d-----w- c:\programdata\Google Updater 2009-10-11 12:41 . 2008-12-04 20:04 -------- d-----w- c:\programdata\Lavasoft 2009-10-11 09:50 . 2008-12-01 20:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-02 22:25 . 2008-12-16 19:47 -------- d-----w- c:\program files\Betsson 2009-09-24 05:58 . 2008-11-29 13:27 -------- d-----w- c:\program files\Common Files\Apple 2009-09-18 00:57 . 2009-01-27 23:14 -------- d-----w- c:\program files\Electronic Arts 2009-09-17 23:02 . 2009-01-27 22:55 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-17 10:33 . 2008-11-29 13:29 -------- d-----w- c:\users\kim\AppData\Roaming\Apple Computer 2009-09-10 13:08 . 2009-03-26 15:21 -------- d-----w- c:\program files\Java 2009-09-10 13:01 . 2009-09-10 13:01 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-09-10 01:07 . 2009-03-26 22:40 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-10 01:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-09 19:53 . 2008-11-29 12:28 131880 ----a-w- c:\users\kim\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-09 19:12 . 2008-10-30 10:29 -------- d-----w- c:\programdata\Microsoft Help 2009-09-09 19:11 . 2008-10-30 10:31 -------- d-----w- c:\program files\Microsoft Works 2009-09-09 13:13 . 2009-09-09 13:13 -------- d-----w- c:\programdata\FNET 2009-08-28 12:39 . 2009-09-02 21:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-02 21:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-25 18:29 . 2008-11-29 14:01 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-25 16:16 . 2008-12-22 22:46 -------- d-----w- c:\programdata\TrackMania 2009-08-14 17:07 . 2009-09-09 19:06 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 16:29 . 2009-09-09 19:06 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 16:29 . 2009-09-09 19:06 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 14:16 . 2009-09-09 19:06 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 14:16 . 2009-09-09 19:06 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 14:16 . 2009-09-09 19:06 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 14:16 . 2009-09-09 19:06 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 14:16 . 2009-09-09 19:06 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 14:16 . 2009-09-09 19:06 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 14:16 . 2009-09-09 19:06 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 01:00 . 2009-08-14 01:00 -------- d-----w- c:\program files\MSXML 4.0 2009-08-10 19:26 . 2008-12-01 20:17 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-08-10 19:26 . 2008-12-01 20:17 139152 ----a-w- c:\users\kim\AppData\Roaming\PnkBstrK.sys 2009-08-10 19:26 . 2008-12-01 20:16 111928 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-08-10 19:25 . 2008-12-01 20:16 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll 2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-25 03:23 . 2009-03-26 15:22 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-21 21:52 . 2009-09-09 19:15 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-09-09 19:15 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-09-09 19:15 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-09-09 19:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-07-17 14:35 . 2009-08-13 09:59 71680 ----a-w- c:\windows\system32\atl.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-12_14.21.14 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-10-12 15:03 42162 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-10-12 15:03 82098 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-11-29 12:25 . 2009-10-12 13:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-11-29 12:25 . 2009-10-12 17:44 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-11-29 12:25 . 2009-10-12 17:44 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-11-29 12:25 . 2009-10-12 13:47 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-11-29 12:25 . 2009-10-12 13:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-11-29 12:25 . 2009-10-12 17:44 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-10-12 14:30 . 2009-10-12 14:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-10-12 14:30 . 2009-10-12 14:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-10-12 14:30 . 2009-10-12 14:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-11-29 12:29 . 2009-10-12 15:03 5278 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1250557465-2325670122-1582592571-1003_UserData.bin + 2009-10-12 15:01 . 2009-10-12 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-10-12 13:43 . 2009-10-12 13:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-10-12 13:43 . 2009-10-12 13:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-10-12 15:01 . 2009-10-12 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 10:33 . 2009-10-12 15:05 636592 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-10-12 13:47 636592 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-10-12 13:47 119418 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-10-12 15:05 119418 c:\windows\System32\perfc009.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"="" "FirewallOverride"="" "UpdatesDisableNotify"="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BFD8F36A-4BE3-439F-BDA1-D60954BEA232}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{6BB79812-5BCC-4F58-998C-0D608EF6034F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{1A352B0C-2970-4A0E-AD82-33FB2FF479FA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{CCA482FC-6222-4D5D-9FE4-24177AA19F76}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{EBE5A160-EBD1-4908-8C24-84F970A1EE3F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{FEA2E149-0930-465A-95D2-B7A93E6E3770}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{3B365755-EAD9-4913-BAB5-9B3ED11A62BA}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{671608FC-5195-4637-9FF0-851CB2DC25AB}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{31214221-EB31-463B-AE2E-9E8D421FB428}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{E677B94F-3B29-449A-9B1A-05831CD0DCCD}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™ "{2DA877E9-01C2-4FC8-A361-32349AF62360}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™ "TCP Query User{3A78BDBE-1CDF-4C7D-BC16-8DE573D9207D}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{200381D0-1216-4804-BB17-E0D32DAE0DAA}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{AD6AC08D-E18B-42DD-BBA8-1C09274EE190}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{6FBAA5D1-6ED4-4EE4-9E91-504C1B6FD7CB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{43CF5734-98F6-4983-9F19-DAE2C22A1746}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{38C2D26C-A0E8-4DDC-BC27-C47C5B6D22DA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{E4576C73-7D4B-4966-9F16-EAA89687DF24}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{9983F734-9D5E-45EE-A9BB-999C7C0F9BE3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{6C70DB3A-7504-4D86-BFDF-5A6E7499DB46}"= UDP:c:\my shared folder\spill\Call_Of_Juarez_Bound_In_Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood "{DDB74D96-FFB2-4F89-BC98-5E08FC68F04A}"= TCP:c:\my shared folder\spill\Call_Of_Juarez_Bound_In_Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood "TCP Query User{0FF0342E-7D6D-4137-B8BB-082346BB2E46}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{CE4C72D9-C433-41AE-83CB-6A9190E249BB}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{A59539DE-48D3-4EA8-B19D-8499A6806476}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{104EC2B3-E51F-448A-929D-4A8826C525D8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{36DCA794-79EE-43FC-BC63-79009BDEF6E0}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{111005E1-B11D-475F-AF29-B420E6B4FC56}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever "TCP Query User{FF52BA3A-AA93-4ABA-B71F-ED85DC310118}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{B60AC4E0-8562-4B93-8316-B5DA190C2AB5}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "{FE144D6E-1B59-4B30-BE74-50EB0D8F7616}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box "{D6B328CD-EECE-40CC-8696-3A93380FA49F}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box "{4A99594A-D4C2-4077-91E3-82224E2EE85D}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box "{B1BC7822-D492-41EA-9B2F-BEB880A6AF9A}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box "{96D633AB-A876-4CAF-B26F-14E729B83335}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box "{899FFFDA-557E-4385-AC34-9D189FC27194}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box "{4B48E9CB-D4A2-4606-848A-DECAD1F03AA0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{7F976AAC-E00F-42A6-86A0-ADBD9ACA30C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{49BFC9BC-31C8-48FC-8083-B01B50C11495}"= UDP:c:\program files\Codemasters\OF Dragon Rising\OFDR.exe:OF Dragon Rising "{38014E67-0EF7-4C42-A75B-28E0BED1546F}"= TCP:c:\program files\Codemasters\OF Dragon Rising\OFDR.exe:OF Dragon Rising R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11.10.2009 14:44 64160] R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [27.11.2008 23:26 150568] R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16.01.2008 12:21 30312] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 16:49 1028432] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [22.01.2009 11:31 185640] R3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [15.01.2008 12:39 97792] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [27.11.2008 23:25 47616] S2 gupdate1c9860f9c75b140;Google Update Service (gupdate1c9860f9c75b140);c:\program files\Google\Update\GoogleUpdate.exe [03.02.2009 16:56 133104] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712] S4 DAHIDI;DAHIDI;c:\windows\System32\drivers\iMON_SS.sys [27.11.2008 23:26 24714] S4 mv64xx;mv64xx;c:\windows\System32\drivers\mv64xx.sys [27.11.2008 23:26 272424] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [27.11.2008 23:26 110128] S4 UGURU;UGURU;c:\windows\System32\drivers\uGuru.sys [27.11.2008 23:26 21048] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-10-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 12:43] 2009-10-12 c:\windows\Tasks\CS.job - c:\program files\CS\cs.exe [2009-10-10 23:03] 2009-10-12 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 13:44] 2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 14:56] 2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 14:56] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://vg.no/ uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ma9yrdog.default\ FF - prefs.js: browser.startup.homepage - www.vg.no FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ma9yrdog.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ma9yrdog.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\ma9yrdog.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-12 19:50 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\users\kim\AppData\Local\Temp\catchme.dll 53248 bytes executable skanning vellykket skjulte filer: 1 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2009-10-12 19:51 ComboFix-quarantined-files.txt 2009-10-12 17:51 ComboFix2.txt 2009-10-12 14:23 Pre-Run: 575 108 591 616 byte ledig Post-Run: 575 070 650 368 byte ledig 283 --- E O F --- 2009-10-06 00:09