ComboFix 10-05-03.05 - Eline 04.05.2010 22:13:45.2.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.47.1044.18.3062.1876 [GMT 2:00] Kjører fra: c:\users\Eline\Desktop\ComboFix.exe AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} SP: Microsoft Security Essentials *enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE} SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-04-04 til 2010-05-04 ))))))))))))))))))))))))))))))))) . 2010-05-04 20:21 . 2010-05-04 20:21 -------- d-----w- c:\users\Eline\AppData\Local\temp 2010-05-04 20:21 . 2010-05-04 20:21 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-05-04 20:21 . 2010-05-04 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-04 19:54 . 2010-05-04 19:54 -------- d-----w- c:\users\Eline\AppData\Roaming\ZoomBrowser EX 2010-05-04 19:31 . 2010-05-04 19:31 -------- d-----w- c:\users\Eline\AppData\Roaming\Tracker Software 2010-05-04 19:29 . 2010-05-04 19:29 -------- d-----w- c:\program files\Tracker Software 2010-05-04 18:59 . 2010-05-04 19:58 1 ----a-w- c:\users\Eline\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-04 18:59 . 2010-05-04 18:59 -------- d-----w- c:\users\Eline\AppData\Roaming\OpenOffice.org 2010-05-04 18:54 . 2010-05-04 18:54 -------- d-----w- c:\program files\JRE 2010-05-04 18:53 . 2010-05-04 18:54 -------- d-----w- c:\program files\OpenOffice.org 3 2010-05-04 17:53 . 2010-05-04 17:53 -------- d-----w- c:\programdata\TaskMgr 2010-05-04 17:42 . 2010-05-04 17:42 -------- d-----w- c:\users\Eline\AppData\Local\Seven Zip 2010-05-04 16:48 . 2010-05-04 16:48 -------- d-----w- c:\program files\Secunia 2010-05-04 12:53 . 2010-05-04 12:53 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-05-04 11:03 . 2010-05-04 11:03 52224 ----a-w- c:\users\Eline\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-04 11:03 . 2010-05-04 11:03 117760 ----a-w- c:\users\Eline\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-04 11:02 . 2010-05-04 11:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-05-04 11:02 . 2010-05-04 11:02 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-04 11:02 . 2010-05-04 11:02 -------- d-----w- c:\users\Eline\AppData\Roaming\SUPERAntiSpyware.com 2010-05-04 11:01 . 2010-05-04 11:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-03 20:14 . 2010-05-03 20:14 6153352 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-05-03 16:35 . 2010-05-03 16:35 -------- d-----w- c:\windows\Sun 2010-05-03 13:39 . 2010-05-04 17:50 -------- d-----w- c:\program files\Panda Security 2010-05-03 13:35 . 2010-05-03 13:35 -------- d-----w- c:\program files\Windows Live Safety Center 2010-04-30 10:56 . 2010-04-30 10:56 -------- d-----w- c:\program files\AVG 2010-04-30 10:10 . 2010-04-30 10:10 -------- d-----w- c:\programdata\F-Secure 2010-04-30 09:44 . 2010-04-30 09:44 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-29 16:03 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-04-29 16:03 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-04-29 16:02 . 2010-04-29 16:02 -------- d-----w- c:\program files\iPod 2010-04-29 16:02 . 2010-04-29 16:03 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-29 16:02 . 2010-04-29 16:03 -------- d-----w- c:\program files\iTunes 2010-04-29 16:00 . 2010-04-29 16:00 -------- d-----w- c:\program files\QuickTime 2010-04-29 15:54 . 2010-04-29 15:54 -------- d-----w- c:\program files\Bonjour 2010-04-29 15:42 . 2010-04-29 15:42 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-04-29 15:21 . 2010-04-29 15:21 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-04-29 12:35 . 2010-04-29 12:35 1732 ----a-w- C:\tvtpktfilter.dat 2010-04-29 12:21 . 2010-04-29 12:21 -------- d-----w- c:\users\Eline\AppData\Roaming\Malwarebytes 2010-04-29 12:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 12:19 . 2010-04-29 12:19 -------- d-----w- c:\programdata\Malwarebytes 2010-04-29 12:19 . 2010-05-03 20:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 12:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 21:18 . 2010-05-04 18:39 44544 ----a-w- c:\windows\system32\agremove.exe 2010-04-16 06:33 . 2010-04-16 06:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-04-16 06:33 . 2010-04-16 06:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-04 19:49 . 2008-04-10 12:11 105992 ----a-w- c:\users\Eline\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-04 19:48 . 2010-01-08 12:42 -------- d-----w- c:\program files\myBabylon_English 2010-05-04 19:07 . 2008-07-10 18:07 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-04 18:53 . 2008-09-04 12:34 -------- d-----w- c:\program files\OpenOffice.org 2.4 2010-05-04 18:39 . 2008-04-10 12:07 7000 ----a-w- c:\users\Eline\AppData\Local\d3d9caps.dat 2010-05-04 18:34 . 2008-03-04 22:17 2484 ----a-w- c:\windows\bthservsdp.dat 2010-05-04 18:15 . 2008-04-10 13:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-05-04 18:03 . 2008-03-04 23:03 -------- d-----w- c:\programdata\Corel 2010-05-04 18:02 . 2008-03-04 23:03 -------- d-----w- c:\programdata\Borland 2010-05-04 17:57 . 2008-03-04 23:05 -------- d-----w- c:\program files\Corel 2010-05-04 17:53 . 2008-04-11 16:35 -------- d-----w- c:\users\Eline\AppData\Roaming\Corel 2010-05-04 17:53 . 2008-04-11 16:35 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-05-04 17:53 . 2008-04-11 16:35 88 --sh--r- c:\windows\system32\D3DCCF7427.sys 2010-05-04 17:48 . 2008-03-04 23:35 -------- d-----w- c:\program files\Microsoft.NET 2010-05-04 17:48 . 2008-03-05 06:44 83764 ----a-w- c:\windows\system32\perfc014.dat 2010-05-04 17:48 . 2008-03-05 06:44 485052 ----a-w- c:\windows\system32\perfh014.dat 2010-05-04 17:38 . 2008-03-04 23:32 -------- d-----w- c:\programdata\Microsoft Help 2010-05-04 17:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild 2010-05-04 17:10 . 2008-03-04 23:00 -------- d-----w- c:\program files\Java 2010-05-04 16:40 . 2008-06-02 20:36 1 ----a-w- c:\users\Eline\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-05-04 16:40 . 2008-06-02 20:35 -------- d-----w- c:\users\Eline\AppData\Roaming\OpenOffice.org2 2010-05-04 16:35 . 2009-01-28 18:13 -------- d-----w- c:\users\Eline\AppData\Roaming\Azureus 2010-05-03 22:07 . 2008-04-10 13:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-03 12:37 . 2008-04-10 13:05 -------- d-----w- c:\program files\Opera 2010-04-30 09:45 . 2008-03-04 23:00 -------- d-----w- c:\program files\Common Files\Java 2010-04-29 19:11 . 2008-05-21 19:10 -------- d-----w- c:\programdata\Apple 2010-04-29 16:02 . 2008-05-21 19:10 -------- d-----w- c:\program files\Common Files\Apple 2010-04-29 15:31 . 2009-04-20 19:08 -------- d-----w- c:\program files\Safari 2010-04-29 13:31 . 2008-04-10 13:04 -------- d-----w- c:\program files\CCleaner 2010-04-22 10:13 . 2009-05-15 08:51 -------- d-----w- c:\users\Eline\AppData\Roaming\Spotify 2008-03-05 07:04 . 2008-03-05 06:52 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-27 2020592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-28 569344] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-06-05 34352] "TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-04 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-04 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-04 138008] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware] c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher] 2007-08-22 16:26 16384 ------w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] 2007-12-17 09:12 243240 ------w- c:\program files\Windows Live\Tryggere for familien\fssui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-05 21:55 54832 ------w- c:\program files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 14:10 56928 ------w- c:\program files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7] 2007-04-09 18:03 58416 ------w- c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-03-05 06:49 1006264 ------w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-02 12:34 201728 ------w- c:\program files\Windows Media Player\wmpnscfg.exe R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-04-27 61440] S2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TPHKSVC;Visning på skjermen;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-05-04 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://search.babylon.com/home uInternet Settings,ProxyOverride = ;*.local uInternet Settings,ProxyServer = http=localhost:7171 IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-04 22:21 Windows 6.0.6000 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2010-05-04 22:26:04 ComboFix-quarantined-files.txt 2010-05-04 20:26 Pre-Run: 16 876 949 504 byte ledig Post-Run: 16 650 887 168 byte ledig - - End Of File - - 285972450DA2B6EC24BD112171C228F4