ComboFix 10-04-07.04 - Therese 08.04.2010 15:52:50.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.1014.480 [GMT 2:00] Kjører fra: c:\documents and settings\Therese\My Documents\Nedlastinger\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{3ca795b8-8206-46d7-a834-919bef4b0c87} c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{3ca795b8-8206-46d7-a834-919bef4b0c87}\chrome.manifest c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{3ca795b8-8206-46d7-a834-919bef4b0c87}\chrome\xulcache.jar c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{3ca795b8-8206-46d7-a834-919bef4b0c87}\defaults\preferences\xulcache.js c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{3ca795b8-8206-46d7-a834-919bef4b0c87}\install.rdf c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{4241291e-6f48-4926-83b8-cf729f2e2ea0} c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{4241291e-6f48-4926-83b8-cf729f2e2ea0}\chrome.manifest c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{4241291e-6f48-4926-83b8-cf729f2e2ea0}\chrome\xulcache.jar c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{4241291e-6f48-4926-83b8-cf729f2e2ea0}\defaults\preferences\xulcache.js c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{4241291e-6f48-4926-83b8-cf729f2e2ea0}\install.rdf c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{d8a642d8-5061-4729-96a4-76324ad04d99} c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{d8a642d8-5061-4729-96a4-76324ad04d99}\chrome.manifest c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{d8a642d8-5061-4729-96a4-76324ad04d99}\chrome\xulcache.jar c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{d8a642d8-5061-4729-96a4-76324ad04d99}\defaults\preferences\xulcache.js c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{d8a642d8-5061-4729-96a4-76324ad04d99}\install.rdf c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{e4ef9c1f-13f0-4477-a2df-9eb7cfbc0ddd} c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{e4ef9c1f-13f0-4477-a2df-9eb7cfbc0ddd}\chrome.manifest c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{e4ef9c1f-13f0-4477-a2df-9eb7cfbc0ddd}\chrome\xulcache.jar c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{e4ef9c1f-13f0-4477-a2df-9eb7cfbc0ddd}\defaults\preferences\xulcache.js c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\extensions\{e4ef9c1f-13f0-4477-a2df-9eb7cfbc0ddd}\install.rdf c:\windows\system32\drivers\snusivjp.sys c:\windows\system32\drivers\xlrszbmu.sys c:\windows\system32\ecbhawa.dll c:\windows\system32\fvapawwf.dll c:\windows\system32\snsbbwu.dll c:\windows\system32\sshnas21.dll c:\windows\system32\web.dat c:\windows\system32\websites.html c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job c:\windows\Tasks\At1.job . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OIAUMZQB -------\Legacy_SSHNAS -------\Legacy_XLRSZBMU -------\Service_oiaumzqb -------\Service_SSHNAS -------\Service_xlrszbmu ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-08 til 2010-04-08 ))))))))))))))))))))))))))))))))) . 2010-04-08 11:02 . 2010-04-08 11:02 388096 ----a-r- c:\documents and settings\Therese\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-04-08 11:02 . 2010-04-08 11:02 -------- d-----w- c:\program files\TrendMicro 2010-04-08 10:13 . 2010-04-08 10:13 -------- d-----w- c:\program files\AVG 2010-04-08 10:13 . 2010-04-08 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-07 19:10 . 2010-04-07 19:21 -------- d-----w- c:\documents and settings\Therese\Local Settings\Application Data\ApplicationHistory 2010-04-07 19:10 . 2010-04-07 19:10 -------- d-----w- c:\documents and settings\Therese\Local Settings\Application Data\Broderbund Software 2010-04-07 19:10 . 2010-04-07 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Broderbund Software 2010-04-07 19:07 . 2010-04-07 20:50 -------- d-----w- c:\program files\Web Publish 2010-04-07 19:07 . 2007-07-19 11:07 3186688 ----a-w- c:\windows\system32\acXMLParser.dll 2010-04-07 19:07 . 2007-07-19 11:07 3186688 ----a-w- c:\windows\system32\cdintf300.dll 2010-04-07 19:01 . 2010-04-07 19:02 -------- d-----w- c:\windows\system32\URTTemp 2010-04-07 09:35 . 2010-04-07 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-04-06 21:01 . 2010-04-06 21:01 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-06 21:01 . 2010-04-06 21:01 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-06 21:00 . 2010-04-06 21:00 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-04-06 20:37 . 2010-04-06 20:46 -------- d-----w- c:\program files\Photoshop Elements 8 2010-04-01 09:59 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-25 17:37 . 2010-03-25 17:37 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1 2010-03-25 17:37 . 2005-03-09 19:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe 2010-03-25 17:37 . 2005-03-09 19:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe 2010-03-25 17:37 . 2005-03-09 19:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys 2010-03-25 17:37 . 2005-03-09 19:50 46592 ----a-w- c:\windows\system32\libusb0.dll 2010-03-25 17:31 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-03-25 17:31 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-03-25 17:24 . 2010-03-25 17:27 -------- d-----w- c:\program files\WinUAE 2010-03-24 11:46 . 2010-03-24 11:46 -------- d-----w- c:\documents and settings\Therese\Application Data\Malwarebytes 2010-03-24 11:46 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-24 11:46 . 2010-03-24 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-24 11:46 . 2010-03-24 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-24 11:46 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-20 21:39 . 2010-03-20 21:42 -------- d-----w- C:\digger 2010-03-20 21:38 . 2010-03-20 21:38 -------- d-----w- c:\documents and settings\Therese\Local Settings\Application Data\DOSBox 2010-03-20 21:38 . 2010-03-25 14:13 -------- d-----w- c:\program files\DOSBox-0.73 2010-03-20 21:36 . 2010-03-20 21:36 -------- d--h--w- c:\windows\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-07 19:21 . 2010-01-28 10:14 282240 ----a-w- c:\documents and settings\Therese\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-07 19:03 . 2010-01-20 20:16 -------- d-----w- c:\program files\Common Files\InstallShield 2010-04-07 18:56 . 2010-01-21 20:02 -------- d-----w- c:\documents and settings\Therese\Application Data\uTorrent 2010-04-07 09:34 . 2010-01-28 09:52 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-31 10:32 . 2010-01-21 20:13 -------- d-----w- c:\documents and settings\Therese\Application Data\vlc 2010-03-24 13:05 . 2010-03-08 17:56 24035909 ----a-w- c:\windows\system32\tspcache.dll 2010-03-24 09:35 . 2010-01-21 20:00 -------- d-----w- c:\documents and settings\Therese\Application Data\Spotify 2010-03-23 16:40 . 2010-03-08 17:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-16 20:16 . 2010-01-21 20:03 -------- d-----w- c:\program files\uTorrent 2010-03-11 02:02 . 2010-01-25 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-08 18:00 . 2010-03-08 17:57 91 ----a-w- c:\windows\system32\mspcom.dat 2010-03-08 10:46 . 2010-03-08 10:46 -------- d-----w- c:\program files\Microsoft Silverlight 2010-03-05 20:02 . 2010-03-05 20:02 -------- d-----w- c:\program files\DivX 2010-03-05 20:02 . 2010-03-05 20:02 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-02-27 19:39 . 2010-02-27 18:35 -------- d-----w- c:\program files\NTFS Undelete 2010-02-27 19:06 . 2010-02-27 16:04 -------- d-----w- c:\program files\Heroes of Newerth 2010-02-26 05:43 . 2008-04-14 04:42 667136 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 05:43 . 2008-04-14 04:41 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-11 21:32 . 2010-02-11 21:32 1955624 ----a-w- c:\documents and settings\Therese\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-02-11 21:26 . 2010-01-28 12:08 -------- d-----w- c:\documents and settings\Therese\Application Data\dvdcss 2010-02-03 15:31 . 2010-02-03 15:31 503808 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47fbeb00-n\msvcp71.dll 2010-02-03 15:31 . 2010-02-03 15:31 499712 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47fbeb00-n\jmc.dll 2010-02-03 15:31 . 2010-02-03 15:31 348160 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47fbeb00-n\msvcr71.dll 2010-02-03 15:31 . 2010-02-03 15:31 61440 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e901fb5-n\decora-sse.dll 2010-02-03 15:31 . 2010-02-03 15:31 12800 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e901fb5-n\decora-d3d.dll 2010-02-03 15:30 . 2010-02-03 15:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-25 13:56 . 2010-01-25 13:56 115712 ----a-w- c:\windows\system32\drivers\cxbu0wdm.sys 2010-01-23 02:33 . 2010-01-20 19:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-20 20:49 . 2010-01-20 20:49 0 ----a-w- c:\windows\nsreg.dat 2010-01-20 19:50 . 2010-01-20 19:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-01-08 23:42 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976] "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 88363] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 05:45 169312] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [25.03.2010 19:37 33792] S0 streamex;streamex;c:\windows\system32\drivers\streamex.sys --> c:\windows\system32\drivers\streamex.sys [?] S1 splittnt;splittnt;c:\windows\system32\drivers\splittnt.sys --> c:\windows\system32\drivers\splittnt.sys [?] S1 usb2k;usb2k;c:\windows\system32\drivers\usb2k.sys --> c:\windows\system32\drivers\usb2k.sys [?] S3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [25.01.2010 15:56 115712] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - XLRSZBMU *Deregistered* - xlrszbmu . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-04-08 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-01-25 21:18] . . ------- Tilleggsskanning ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - TOMME PEKERE FJERNET - - - - BHO-{17B839CC-7871-4714-B637-52EB7CBA3BBa} - c:\windows\system32\fvapawwf.dll ShellIconOverlayIdentifiers-{3A85431F-6FF3-46EC-A801-2B1702120CAA} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-08 17:22 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x855CAAC8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7630f28 \Driver\ACPI -> ACPI.sys @ 0xf7493cb8 \Driver\atapi -> atapi.sys @ 0xf7407852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7313bb0 PacketIndicateHandler -> NDIS.sys @ 0xf7320a21 SendHandler -> NDIS.sys @ 0xf72fe87b user & kernel MBR OK ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(2568) c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\libusbd-nt.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\wscntfy.exe c:\windows\AGRSMMSG.exe c:\program files\Apoint2K\Apntex.exe . ************************************************************************** . Tidspunkt ferdig: 2010-04-08 17:27:04 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-04-08 15:27 Pre-Run: 18 773 282 816 bytes free Post-Run: 19 945 529 344 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut - - End Of File - - 66235AD1AAE853056293DFD02C9A6F83