ComboFix 10-02-06.03 - Stian 07.02.2010 15:15:31.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1022.492 [GMT 1:00] Kjører fra: c:\documents and settings\Stian\Lokale innstillinger\Programdata\Opera\Opera\temporary_downloads\ComboFix.exe AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\AdwareFilter\adwarefilter.exe c:\programfiler\av c:\programfiler\Fellesfiler\Uninstall C:\setup.exe E:\Autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-01-07 til 2010-02-07 ))))))))))))))))))))))))))))))))) . 2010-02-07 13:42 . 2010-02-07 13:42 -------- d-----w- c:\documents and settings\Stian\Programdata\Malwarebytes 2010-02-07 13:23 . 2010-02-07 13:23 -------- d-----w- c:\documents and settings\Stian\Programdata\AVG8 2010-01-16 17:30 . 2010-02-07 14:15 -------- d-----w- c:\documents and settings\All Users\Programdata\Norton 2010-01-16 17:30 . 2010-02-07 14:15 -------- d-----w- c:\programfiler\NortonInstaller 2010-01-16 17:30 . 2010-01-16 17:30 -------- d-----w- c:\documents and settings\All Users\Programdata\NortonInstaller 2010-01-13 20:35 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-07 14:25 . 2006-07-17 08:58 -------- d-----w- c:\programfiler\AdwareFilter 2010-02-07 13:42 . 2009-05-26 14:54 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-02-06 16:58 . 2007-01-24 14:52 -------- d-----w- c:\documents and settings\Elisabeth\Programdata\Apple Computer 2010-02-06 08:33 . 2006-04-24 22:08 -------- d-----w- c:\programfiler\Fellesfiler\Symantec Shared 2010-02-04 12:54 . 2009-12-23 18:58 69 ----a-w- c:\documents and settings\Stian\jagex_runescape_preferences2.dat 2010-02-04 12:34 . 2009-04-04 14:21 39 ----a-w- c:\documents and settings\Stian\jagex_runescape_preferences.dat 2010-02-01 18:10 . 2007-02-28 13:46 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-21 19:57 . 2009-09-03 19:38 -------- d-----w- c:\programfiler\Microsoft Silverlight 2010-01-19 15:57 . 2009-03-23 17:15 -------- d-----w- c:\programfiler\Vuze 2010-01-16 17:30 . 2006-04-24 22:08 -------- d-----w- c:\documents and settings\All Users\Programdata\Symantec 2010-01-16 17:14 . 2009-03-23 17:16 -------- d-----w- c:\documents and settings\Stian\Programdata\Azureus 2010-01-16 17:01 . 2009-03-23 20:37 10686001 ----a-w- c:\documents and settings\Stian\Programdata\Azureus\plugins\azump\mplayer.exe 2010-01-14 19:37 . 2004-09-20 09:02 81020 ----a-w- c:\windows\system32\perfc014.dat 2010-01-14 19:37 . 2004-09-20 09:02 447232 ----a-w- c:\windows\system32\perfh014.dat 2010-01-07 15:07 . 2009-05-26 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-05-26 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 10:00 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 09:59 . 2009-06-11 06:44 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 09:59 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-29 23:27 . 2009-12-29 23:27 -------- d-----w- c:\programfiler\Opera 2009-12-29 23:23 . 2009-12-29 23:23 0 ----a-w- c:\windows\nsreg.dat 2009-12-27 17:05 . 2009-12-27 17:04 17241584 ----a-w- c:\documents and settings\Elisabeth\Programdata\Real\Update\setup\rp\RealPlayerSPGold.exe 2009-12-27 17:04 . 2009-12-27 17:04 8406648 ----a-w- c:\documents and settings\Elisabeth\Programdata\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2009-12-27 17:04 . 2009-12-27 17:04 10309448 ----a-w- c:\documents and settings\Elisabeth\Programdata\Real\Update\setup\chr\ChromeInstaller.exe 2009-12-27 17:03 . 2009-12-27 17:03 64000 ----a-w- c:\documents and settings\Elisabeth\Programdata\Real\Update\setup\RUP\inst_config\gcapi_dll.dll 2009-12-27 17:03 . 2009-12-27 17:03 52288 ----a-w- c:\documents and settings\Elisabeth\Programdata\Real\Update\setup\RUP\inst_config\gtapi.dll 2009-12-27 17:03 . 2009-12-27 17:03 50688 ----a-w- c:\documents and settings\Elisabeth\Programdata\Real\Update\setup\RUP\inst_config\fftbapi.dll 2009-12-27 17:03 . 2009-12-27 17:03 114688 ----a-w- c:\documents and settings\Elisabeth\Programdata\Real\Update\setup\RUP\inst_config\compat.dll 2009-12-25 11:45 . 2006-12-25 15:48 -------- d-----w- c:\documents and settings\Stian\Programdata\Apple Computer 2009-12-25 11:34 . 2009-02-08 12:20 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple 2009-12-25 11:33 . 2009-12-25 11:31 -------- d-----w- c:\programfiler\iTunes 2009-12-25 11:33 . 2009-12-25 11:31 -------- d-----w- c:\documents and settings\All Users\Programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-25 11:32 . 2009-12-25 11:32 -------- d-----w- c:\programfiler\iPod 2009-12-25 11:32 . 2009-02-08 12:20 -------- d-----w- c:\programfiler\Fellesfiler\Apple 2009-12-25 11:31 . 2009-12-25 11:29 -------- d-----w- c:\programfiler\QuickTime 2009-12-24 23:32 . 2009-12-24 23:32 -------- d-----w- c:\documents and settings\Stian\Programdata\Symantec 2009-12-23 11:21 . 2007-06-10 09:08 -------- d-----w- c:\programfiler\Windows Live 2009-12-22 17:21 . 2006-09-08 18:02 -------- d-----w- c:\programfiler\Microsoft ActiveSync 2009-12-21 08:52 . 2006-04-24 21:41 -------- d-----w- c:\programfiler\Java 2009-12-21 08:50 . 2009-12-21 08:50 152576 ----a-w- c:\documents and settings\Roger Handeland\Programdata\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-21 08:50 . 2009-12-21 08:50 79488 ----a-w- c:\documents and settings\Roger Handeland\Programdata\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-21 16:03 . 2004-08-04 08:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-11-10 417792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "QPService"="c:\programfiler\HP\QuickPlay\QPService.exe" [2005-12-12 94208] "eabconfg.cpl"="c:\programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504] "Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904] "PCSuiteTrayApplication"="c:\programfiler\Nokia\Nokia PC Suite 6\Launch Application 2.exe" [2004-11-25 143360] "Connect Update Agent"="c:\programfiler\Telenor\Mobilt Kontor\AutoUpdateSrv.exe" [2006-03-30 462848] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-31 58728] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-07-30 100056] "HP Software Update"="c:\programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "CANON DR2080C SVC"="DR2KSVC.dll" [2006-07-28 230952] "PaperPort PTD"="c:\programfiler\ScanSoft\PaperPort\pptd40nt.exe" [2003-05-04 57393] "IndexSearch"="c:\programfiler\ScanSoft\PaperPort\IndexSearch.exe" [2003-05-04 40960] "Adobe Photo Downloader"="c:\programfiler\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 67488] "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-10-31 185872] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-11-10 417792] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-11-12 141600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "ALUAlert"="c:\programfiler\Symantec\LiveUpdate\ALUNotify.exe" [2006-08-03 67264] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Vuze\\Azureus.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Opera\\opera.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "53:TCP"= 53:TCP:websrvx R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe [03.10.2006 07:03 100032] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22.08.2005 10:06 231424] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [08.02.2009 13:21 40448] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-872264303-2978608380-947199574-1007Core.job - c:\documents and settings\Elisabeth\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-12-27 17:30] 2010-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-872264303-2978608380-947199574-1007UA.job - c:\documents and settings\Elisabeth\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-12-27 17:30] 2010-01-01 c:\windows\Tasks\Norton AntiVirus - Søk på min datamaskin - Roger Handeland.job - c:\progra~1\NORTON~1\Navw32.exe [2004-09-21 13:24] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://liverpool.no/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} - hxxp://www.liquidlab.se/smupdate/stallet/SetupInf.cab DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.euchannels.net/update/KooPlayer.ocx DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} - hxxps://fastsend.com/products/Fsplugin.cab . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-msnmsgr - c:\programfiler\Windows Live\Messenger\msnmsgr.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-07 15:36 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????????n??|?p???? ???B?????????????hLC???????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1980) c:\windows\system32\Ati2evxx.dll c:\progra~1\Telenor\MOBILT~1\Funk\odLogin.dll . Tidspunkt ferdig: 2010-02-07 15:40:08 ComboFix-quarantined-files.txt 2010-02-07 14:39 Pre-Run: 4 125 159 424 byte ledig Post-Run: 6 517 317 632 byte ledig - - End Of File - - 8AAA7FB1F537B3D6E2ECF5EF75FEC3BB