ComboFix 09-12-21.08 - per 29.12.2009 15:11:48.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2012.1405 [GMT 1:00] Kjører fra: c:\documents and settings\per\Skrivebord\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . Infisert kopi av c:\windows\system32\drivers\cdrom.sys ble funnet og desinfisert Gjenopprettet kopi fra - c:\windows\ServicePackFiles\i386\cdrom.sys . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-28 til 2009-12-29 ))))))))))))))))))))))))))))))))) . 2009-12-29 14:19 . 2009-12-29 14:19 114656 ----a-w- c:\windows\system32\dllcache\cdrom.sys 2009-12-29 14:06 . 2009-12-29 14:16 118784 ----a-w- c:\windows\system32\chg.exe 2009-12-29 12:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2009-12-29 12:17 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2009-12-29 12:17 . 2009-12-29 14:04 -------- d-----w- c:\documents and settings\per\Lokale innstillinger\Programdata\kvjpaw 2009-12-29 12:17 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2009-12-29 12:17 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys 2009-12-29 12:17 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2009-12-29 12:17 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys 2009-12-29 12:16 . 2009-12-29 12:16 27734 ----a-w- c:\windows\system32\imPlayok.exe 2009-12-29 12:16 . 2009-12-29 12:16 27734 ----a-w- c:\documents and settings\per\imPlayok.exe 2009-12-22 16:12 . 2009-12-22 16:12 -------- d-----w- c:\documents and settings\per\Programdata\Malwarebytes 2009-12-22 16:12 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-22 16:12 . 2009-12-22 16:12 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-12-22 16:12 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-22 16:12 . 2009-12-22 16:12 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-12-22 15:43 . 2009-12-22 16:17 -------- d-----w- c:\documents and settings\per\Lokale innstillinger\Programdata\saiyjx 2009-11-30 12:09 . 2009-11-30 12:09 -------- d--h--w- c:\windows\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-29 14:21 . 2006-05-04 11:28 514884 ----a-w- c:\windows\system32\perfh014.dat 2009-12-29 14:21 . 2006-05-04 11:28 107234 ----a-w- c:\windows\system32\perfc014.dat 2009-12-29 14:19 . 2006-03-02 02:00 114656 ----a-w- c:\windows\system32\drivers\cdrom.sys 2009-12-29 12:26 . 2009-09-03 14:53 -------- d-----w- c:\documents and settings\per\Programdata\Azureus 2009-12-29 12:16 . 2008-04-13 20:07 -------- d-----w- c:\programfiler\ESET 2009-12-21 13:51 . 2008-12-26 01:49 -------- d-----w- c:\programfiler\Vuze 2009-12-17 16:42 . 2007-10-26 02:32 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help 2009-12-16 23:47 . 2007-10-26 02:26 -------- d-----w- c:\programfiler\Google 2009-11-18 09:11 . 2007-10-26 02:25 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2009-11-18 09:11 . 2009-11-18 09:11 -------- d-----w- c:\programfiler\Canon 2009-11-02 12:22 . 2009-11-02 12:22 25214 ----a-r- c:\documents and settings\per\Programdata\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe 2009-11-02 12:22 . 2009-11-02 12:22 25214 ----a-r- c:\documents and settings\per\Programdata\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe 2009-11-02 12:22 . 2009-11-02 12:22 25214 ----a-r- c:\documents and settings\per\Programdata\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe 2009-11-02 12:22 . 2009-11-02 12:22 25214 ----a-r- c:\documents and settings\per\Programdata\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe 2009-11-02 12:22 . 2009-11-02 12:22 25214 ----a-r- c:\documents and settings\per\Programdata\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe 2009-11-02 12:22 . 2009-11-02 12:22 25214 ----a-r- c:\documents and settings\per\Programdata\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe 2009-10-29 07:45 . 2006-03-02 02:00 916480 ------w- c:\windows\system32\wininet.dll 2009-10-21 05:41 . 2006-03-02 02:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:41 . 2006-03-02 02:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2006-03-02 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:38 . 2006-03-02 02:00 270848 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:40 . 2006-03-02 02:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:40 . 2006-03-02 02:00 149504 ----a-w- c:\windows\system32\rastls.dll . ((((((((((((((((((((((((((((( SnapShot@2009-12-22_16.29.22 ))))))))))))))))))))))))))))))))))))))))) . - 2006-05-04 11:28 . 2009-12-22 16:23 89996 c:\windows\system32\perfc009.dat + 2006-05-04 11:28 . 2009-12-29 14:21 89996 c:\windows\system32\perfc009.dat + 2004-08-03 17:29 . 2004-08-03 17:29 19455 c:\windows\system32\dllcache\wvchntxx.sys + 2004-08-03 17:29 . 2004-08-03 17:29 12063 c:\windows\system32\dllcache\wsiintxx.sys + 2004-08-03 17:29 . 2004-08-03 17:29 23615 c:\windows\system32\dllcache\wch7xxnt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 25471 c:\windows\system32\dllcache\watv10nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 22271 c:\windows\system32\dllcache\watv06nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 33599 c:\windows\system32\dllcache\watv04nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 19551 c:\windows\system32\dllcache\watv02nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 29311 c:\windows\system32\dllcache\watv01nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 11871 c:\windows\system32\dllcache\wadv09nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 11295 c:\windows\system32\dllcache\wadv08nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 11807 c:\windows\system32\dllcache\wadv07nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 11775 c:\windows\system32\dllcache\wadv05nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 12127 c:\windows\system32\dllcache\wadv02nt.sys + 2004-08-03 17:29 . 2004-08-03 17:29 12415 c:\windows\system32\dllcache\wadv01nt.sys + 2007-10-26 03:24 . 2008-04-13 18:45 26368 c:\windows\system32\dllcache\usbstor.sys + 2006-03-02 02:00 . 2008-04-14 16:23 12040 c:\windows\system32\dllcache\tdpipe.sys + 2001-08-17 17:00 . 2008-04-13 18:45 56576 c:\windows\system32\dllcache\swmidi.sys + 2006-03-02 02:00 . 2008-04-13 18:40 11392 c:\windows\system32\dllcache\sfloppy.sys + 2006-03-02 02:00 . 2008-04-14 15:55 46592 c:\windows\system32\dllcache\p3.sys + 2006-03-02 02:00 . 2006-03-02 02:00 32512 c:\windows\system32\dllcache\nwlnkfwd.sys + 2006-03-02 02:00 . 2006-03-02 02:00 12416 c:\windows\system32\dllcache\nwlnkflt.sys + 2006-03-02 02:00 . 2008-04-14 15:37 30080 c:\windows\system32\dllcache\modem.sys + 2006-03-02 02:00 . 2008-04-13 18:54 11264 c:\windows\system32\dllcache\irenum.sys + 2006-03-02 02:00 . 2008-04-13 18:57 20864 c:\windows\system32\dllcache\ipinip.sys + 2006-03-02 02:00 . 2006-03-02 02:00 32896 c:\windows\system32\dllcache\ipfltdrv.sys + 2006-03-02 02:00 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\ip6fw.sys + 2006-03-02 02:00 . 2008-04-14 15:45 51840 c:\windows\system32\dllcache\i8042prt.sys + 2006-03-02 02:00 . 2008-04-13 18:40 20480 c:\windows\system32\dllcache\flpydisk.sys + 2004-08-03 18:07 . 2008-04-13 18:45 52864 c:\windows\system32\dllcache\dmusic.sys + 2006-03-02 02:00 . 2006-03-02 02:00 18688 c:\windows\system32\dllcache\cdaudio.sys + 2006-03-02 02:00 . 2008-04-13 18:51 59904 c:\windows\system32\dllcache\atmarpc.sys + 2001-08-17 15:20 . 2001-08-17 15:20 96256 c:\windows\system32\dllcache\ac97intc.sys + 2004-08-03 18:07 . 2008-04-13 18:45 6272 c:\windows\system32\dllcache\splitter.sys + 2004-08-03 17:58 . 2008-04-13 18:39 4992 c:\windows\system32\dllcache\mspqm.sys + 2004-08-03 17:58 . 2008-04-13 18:39 5376 c:\windows\system32\dllcache\mspclock.sys + 2004-08-03 17:58 . 2008-04-13 18:39 7552 c:\windows\system32\dllcache\mskssrv.sys + 2004-08-03 18:07 . 2008-04-13 18:45 2944 c:\windows\system32\dllcache\drmkaud.sys + 2006-05-04 11:28 . 2009-12-29 14:21 491306 c:\windows\system32\perfh009.dat - 2006-05-04 11:28 . 2009-12-22 16:23 491306 c:\windows\system32\perfh009.dat + 2004-08-03 17:29 . 2004-08-03 17:29 161020 c:\windows\system32\dllcache\i81xnt5.sys + 2001-10-06 08:26 . 2001-10-06 08:26 117760 c:\windows\system32\dllcache\e100b325.sys + 2004-08-03 17:39 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys + 2009-12-28 08:30 . 2009-12-28 08:30 817152 c:\windows\Installer\1d397e8a.msi . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 39408] "Google Update"="c:\documents and settings\per\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2009-11-02 133104] "imPlayok"="c:\documents and settings\per\imPlayok.exe" [2009-12-29 27734] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "atchk"="c:\programfiler\Intel\AMT\atchk.exe" [2007-06-07 408344] "PDF Complete"="c:\programfiler\PDF Complete\pdfsty.exe" [2007-04-13 331552] "SDMSSplash"="c:\programfiler\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-09 86016] "SetRefresh"="c:\programfiler\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832] "LayoutM"="KLayMgr.exe" [2004-08-26 45056] "IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1015808] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8523776] "nwiz"="nwiz.exe" [2008-01-09 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920] "nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2008-04-13 949376] "Acrobat Assistant 7.0"="c:\programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-05-26 413696] "PTHOSTTR"="c:\programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "imPlayok"="c:\windows\system32\imPlayok.exe" [2009-12-29 27734] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1044-F000-BA7E-000000000002}\SC_Acrobat.exe [2009-9-3 25214] Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.04.2008 21:08 15424] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [18.04.2007 18:32 39080] R2 pdfcDispatcher;PDF Document Manager;c:\programfiler\PDF Complete\pdfsvc.exe [26.10.2007 03:27 540448] R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programfiler\Intel\AMT\UNS.exe [26.10.2007 08:03 2521880] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [26.10.2007 12:15 41216] S2 gupdate;Google Update Service (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [19.10.2009 13:36 133104] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [28.09.2009 14:39 12672] S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\hpkbccid.sys [26.10.2007 05:15 46976] S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\stc2dfu.sys [24.10.2004 23:04 7796] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 15:34 451872 ----a-w- c:\programfiler\Fellesfiler\LightScribe\LSRunOnce.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.dinside.no/ uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Konverter koblingsmål til Adobe PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Konverter koblingsmål til eksisterende PDF-fil - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konverter til Adobe PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konverter til eksisterende PDF-fil - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konverter valgte koblinger til Adobe PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Konverter valgte koblinger til eksisterende PDF-fil - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Konverterer utvalg til Adobe PDF - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konverterer utvalg til eksisterende PDF-fil - c:\programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\per\Programdata\Mozilla\Firefox\Profiles\fh9rkfpu.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.dinside.no/ FF - plugin: c:\documents and settings\per\Lokale innstillinger\Programdata\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\programfiler\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPOJI610.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-29 15:19 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher] "ImagePath"="c:\programfiler\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\imon.dll - - - - - - - > 'lsass.exe'(768) c:\windows\system32\imon.dll c:\programfiler\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(1648) c:\programfiler\Windows Desktop Search\deskbar.dll c:\programfiler\Windows Desktop Search\nb-no\dbres.dll.mui c:\programfiler\Windows Desktop Search\dbres.dll c:\programfiler\Windows Desktop Search\wordwheel.dll c:\programfiler\Windows Desktop Search\nb-no\msnlExtRes.dll.mui c:\programfiler\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\SCardSvr.exe c:\programfiler\Intel\AMT\atchksrv.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\windows\system32\ifxtcs.exe c:\programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe c:\programfiler\Intel\AMT\LMS.exe c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\programfiler\Nero\Nero8\Nero BackItUp\NBService.exe c:\programfiler\Eset\nod32krn.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\IfxPsdSv.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\SearchIndexer.exe c:\programfiler\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\RUNDLL32.EXE c:\programfiler\Hewlett-Packard\Embedded Security Software\PSDrt.exe c:\programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe c:\programfiler\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe . ************************************************************************** . Tidspunkt ferdig: 2009-12-29 15:22:47 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-12-29 14:22 ComboFix2.txt 2009-12-22 16:30 Pre-Run: 115 843 747 840 byte ledig Post-Run: 115 807 715 328 byte ledig - - End Of File - - 1054E53676984076A40D3827FA59D6E9