ComboFix 09-11-11.02 - VKA 12.11.2009 16:00.8.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2047.1656 [GMT 1:00] Kjører fra: D:\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-12 til 2009-11-12 ))))))))))))))))))))))))))))))))) . 2009-11-12 14:54 . 2009-11-12 14:54 -------- d-----w- c:\documents and settings\All Users\Programdata\NVIDIA Corporation 2009-11-12 14:54 . 2009-11-12 14:54 -------- d-----w- c:\programfiler\NVIDIA Corporation 2009-11-12 14:54 . 2009-11-12 14:54 -------- d-----w- c:\windows\LastGood.Tmp 2009-11-11 14:52 . 2009-11-11 14:52 552 ----a-w- c:\windows\system32\d3d8caps.dat 2009-11-11 14:18 . 2009-11-11 14:19 117760 ----a-w- c:\documents and settings\VKA\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-11 14:03 . 2009-11-11 15:31 -------- d--h--r- c:\documents and settings\VKA\Siste 2009-11-07 11:48 . 2009-11-10 15:54 -------- d-----w- c:\documents and settings\VKA\Tracing 2009-11-07 11:46 . 2009-11-07 11:46 -------- d-----w- c:\programfiler\Microsoft 2009-11-07 11:46 . 2009-11-07 11:46 -------- d-----w- c:\programfiler\Windows Live SkyDrive 2009-11-06 15:14 . 2009-11-06 15:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-06 13:20 . 2009-11-06 13:20 -------- d-----w- c:\windows\system32\no 2009-11-06 13:20 . 2009-11-06 13:20 -------- d-----w- c:\windows\l2schemas 2009-11-06 13:10 . 2009-11-06 13:10 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live 2009-10-31 19:43 . 2009-10-31 19:43 -------- d-----w- c:\programfiler\Microsoft Silverlight 2009-10-24 22:55 . 2009-10-24 22:55 -------- d-----w- c:\programfiler\Lion King 2009-10-24 22:52 . 2009-10-24 22:52 -------- d-----w- C:\Games . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-11 15:20 . 2009-06-29 17:13 4045528 ----a-w- c:\documents and settings\All Users\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-11-11 14:08 . 2007-04-07 09:49 -------- d-----w- c:\documents and settings\VKA\Programdata\SUPERAntiSpyware.com 2009-11-08 12:34 . 2007-06-08 19:39 -------- d-----w- c:\documents and settings\VKA\Programdata\LimeWire 2009-11-07 11:48 . 2007-04-01 15:42 25120 ----a-w- c:\documents and settings\VKA\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-11-07 11:46 . 2008-03-19 10:00 -------- d-----w- c:\programfiler\Windows Live 2009-11-06 15:18 . 2001-10-09 12:00 79648 ----a-w- c:\windows\system32\perfc014.dat 2009-11-06 15:18 . 2001-10-09 12:00 444036 ----a-w- c:\windows\system32\perfh014.dat 2009-11-06 13:22 . 2007-03-09 16:18 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-11-04 20:11 . 2007-09-12 14:08 -------- d-----w- c:\documents and settings\VKA\Programdata\OpenOffice.org2 2009-10-08 18:55 . 2009-10-08 18:55 -------- d-----w- c:\programfiler\DivX 2009-10-08 18:55 . 2009-10-08 18:55 -------- d-----w- c:\programfiler\Fellesfiler\DivX Shared 2009-09-27 17:20 . 2009-09-27 17:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe 2009-09-27 17:20 . 2009-09-27 17:20 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-09-27 17:19 . 2009-09-27 17:19 3166208 ----a-w- c:\windows\system32\nvwss.dll 2009-09-27 17:19 . 2009-09-27 17:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-09-27 17:19 . 2009-09-27 17:19 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-09-27 17:19 . 2009-09-27 17:19 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-09-27 17:19 . 2009-09-27 17:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-09-27 17:19 . 2009-09-27 17:19 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-09-27 17:19 . 2009-09-27 17:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll 2009-09-27 17:19 . 2009-09-27 17:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe 2009-09-27 17:19 . 2009-09-27 17:19 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-09-27 17:19 . 2009-09-27 17:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll 2009-09-27 17:19 . 2009-09-27 17:19 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-09-27 15:12 . 2009-09-27 15:12 888832 ----a-w- c:\windows\system32\nvapi.dll 2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll 2009-09-27 15:12 . 2009-09-27 15:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll 2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcodins.dll 2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcod.dll 2009-09-27 15:12 . 2009-09-27 15:12 1604482 ----a-w- c:\windows\system32\nvdata.bin 2009-09-27 15:12 . 2009-09-27 15:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll 2009-09-27 15:12 . 2008-07-31 00:32 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-09-27 15:12 . 2006-10-21 03:32 5900416 ----a-w- c:\windows\system32\nv4_disp.dll 2009-09-25 12:33 . 2007-12-25 00:44 189104 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-25 12:30 . 2007-12-25 00:45 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-25 12:05 . 2009-04-16 19:43 87104 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-09-25 12:05 . 2009-04-16 19:43 179792 ----a-w- c:\windows\system32\guard32.dll 2009-09-25 12:05 . 2009-04-16 19:43 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-09-25 12:05 . 2009-04-16 19:43 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-09-22 14:39 . 2007-04-27 15:09 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2009-09-11 14:20 . 2007-03-10 11:11 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2009-04-17 21:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2009-04-17 21:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:05 . 2007-03-10 11:11 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:00 . 2007-03-09 21:53 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:02 . 2007-03-10 11:11 247326 ----a-w- c:\windows\system32\strmdll.dll 2008-01-22 19:04 . 2008-01-22 19:02 72 --sh--w- c:\windows\SE6C70D5C.tmp . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igndlm.exe"="d:\programfiler\Download Manager\DLM.exe" [2007-03-05 1103480] "DAEMON Tools Lite"="d:\programfiler\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "SUPERAntiSpyware"="d:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1809648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "amd_dc_opt"="c:\programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "ANIWZCS2Service"="c:\programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "D-Link D-Link Wireless N DWA-140"="d:\programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 1388544] "LVCOMS"="c:\programfiler\Fellesfiler\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022] "PCSuiteTrayApplication"="d:\programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "COMODO Internet Security"="d:\programfiler\Comodo\COMODO Internet Security\cfp.exe" [2009-09-25 1799952] "Malwarebytes Anti-Malware (reboot)"="d:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-05 16126464] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="d:\programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\documents and settings\VKA\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - d:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-8-9 789008] Microsoft Office.lnk - d:\programfiler\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-01-09 10:30 72208 ----a-w- c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf d:\programfiler\iolo\System Mechanic Professional 6\\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Programfiler\\LimeWire\\LimeWire.exe"= "d:\\Programfiler\\World of Warcraft\\Launcher.exe"= "d:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "d:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "d:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "d:\\Programfiler\\BitLord\\BitLord.exe"= "d:\\Programfiler\\Valve\\Steam\\SteamApps\\vegardkjus\\counter-strike\\hl.exe"= "d:\\Programfiler\\GameSpy Arcade\\Aphex.exe"= "d:\\Sierra\\Empire Earth\\Empire Earth.exe"= "d:\\Westwood\\SUN\\game.exe"= "d:\\AoE\\age2_x1.exe"= "d:\\Programfiler\\Valve\\Steam\\SteamApps\\common\\america's army 3\\Binaries\\AA3Game.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16.04.2009 20:43 25160] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [16.04.2009 20:43 132296] S1 SASDIFSV;SASDIFSV;d:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [10.10.2006 11:53 8944] S1 SASKUTIL;SASKUTIL;d:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [27.02.2007 10:39 55024] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [16.04.2009 20:41 108289] S2 LasMan;Local Connection Manager;c:\windows\System32\svchost.exe -k netsvcs [10.03.2007 12:11 14336] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [14.08.2008 16:38 476416] S3 SASENUM;SASENUM;d:\programfiler\SUPERAntiSpyware\SASENUM.SYS [16.02.2006 15:51 4096] S3 T5100_usb;LGE USB driver;c:\windows\system32\drivers\T5100.sys [22.05.2007 20:46 29568] S3 XDva064;XDva064;\??\c:\windows\system32\XDva064.sys --> c:\windows\system32\XDva064.sys [?] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MBR *NewlyCreated* - NVSVC *Deregistered* - mbr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs LasMan wowsystemcode123 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-11-12 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s FF - ProfilePath - c:\documents and settings\VKA\Programdata\Mozilla\Firefox\Profiles\ag6nuw2m.default\ FF - prefs.js: browser.search.selectedEngine - Telefonkatalogen FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - plugin: d:\programfiler\DivX\DivX Web Player\npdivx32.dll FF - plugin: d:\programfiler\Download Manager\npfpdlm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- d:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . . ------- Filassosiasjoner ------- . JSEFile=NOTEPAD.EXE %1 . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-nwiz - c:\programfiler\NVIDIA Corporation\nView\nwiz.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) AddRemove-DAEMON Tools Toolbar - c:\programfiler\DAEMON Tools Toolbar\uninst.exe AddRemove-NVIDIA nView Desktop Manager - c:\programfiler\NVIDIA Corporation\nView\nViewSetup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-12 16:04 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqr.sys >>UNKNOWN [0x8AA40938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7978B40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7978B40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7978B40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7978B40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7978B40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7978B40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1177238915-287218729-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1177238915-287218729-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C14719E4-73E9-54CF-8F90-AF1D58215366}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1177238915-287218729-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f7,e2,56,2e,f2,1f,24,f7,a1,0d,d6,42,db,33,bb,04,4b,26,04,25,5c,6f,ed, e5,6f,65,0c,7c,21,9b,87,03,c7,33,51,52,1c,d0,b7,41,a3,1c,c4,4a,e2,d4,aa,58,\ "??"=hex:0a,ad,90,f0,65,3c,48,de,9a,dd,e5,c4,ed,13,f0,dd . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(444) c:\windows\system32\guard32.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'lsass.exe'(500) c:\windows\system32\guard32.dll . Tidspunkt ferdig: 2009-11-12 16:06 ComboFix-quarantined-files.txt 2009-11-12 15:06 ComboFix2.txt 2009-03-15 14:02 ComboFix3.txt 2008-12-28 18:36 Pre-Run: 86 900 592 640 byte ledig Post-Run: 86 925 279 232 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7 - - End Of File - - 36FAE2A64FB8E15D8F2FD12954561763