ComboFix 10-06-20.01 - Eier 20.06.2010 23:22:36.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1014.593 [GMT 2:00] Kjører fra: c:\documents and settings\Eier\Mine dokumenter\Nedlastinger\ComboFix.exe Command switches brukt :: c:\documents and settings\Eier\Skrivebord\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . Infisert kopi av c:\windows\system32\drivers\acpiec.sys ble funnet og desinfisert Gjenopprettet kopi fra - Kitty had a snack :p . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-05-20 til 2010-06-20 ))))))))))))))))))))))))))))))))) . 2010-06-19 21:13 . 2010-06-19 21:13 63488 ----a-w- c:\documents and settings\Eier\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-19 21:13 . 2010-06-19 21:13 52224 ----a-w- c:\documents and settings\Eier\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-19 21:13 . 2010-06-19 21:13 117760 ----a-w- c:\documents and settings\Eier\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-19 21:12 . 2010-06-19 21:12 -------- d-----w- c:\documents and settings\Eier\Programdata\SUPERAntiSpyware.com 2010-06-19 21:12 . 2010-06-19 21:12 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2010-06-19 21:12 . 2010-06-19 21:12 -------- d-----w- c:\programfiler\SUPERAntiSpyware 2010-06-19 19:25 . 2010-06-19 19:25 -------- d-----w- c:\documents and settings\Eier\Programdata\Malwarebytes 2010-06-19 19:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-19 19:25 . 2010-06-19 21:20 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-06-19 19:25 . 2010-06-19 19:25 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-06-19 19:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 19:04 . 2010-06-17 19:04 -------- d-----r- c:\documents and settings\NetworkService\Favoritter 2010-05-23 18:14 . 2010-05-23 18:14 61440 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4f0a54e0-n\decora-sse.dll 2010-05-23 18:14 . 2010-05-23 18:14 503808 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50461e34-n\msvcp71.dll 2010-05-23 18:14 . 2010-05-23 18:14 499712 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50461e34-n\jmc.dll 2010-05-23 18:14 . 2010-05-23 18:14 348160 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50461e34-n\msvcr71.dll 2010-05-23 18:14 . 2010-05-23 18:14 12800 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4f0a54e0-n\decora-d3d.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-20 13:36 . 2010-06-17 15:03 112 ----a-w- c:\documents and settings\All Users\Programdata\3tDiVc2eC.dat 2010-06-19 20:44 . 2010-04-09 10:08 -------- d-----w- c:\programfiler\QuickTime 2010-06-19 20:44 . 2010-04-09 10:10 -------- d-----w- c:\programfiler\iTunes 2010-06-13 21:52 . 2009-12-27 14:17 -------- d-----w- c:\documents and settings\Eier\Programdata\uTorrent 2010-06-10 11:00 . 2009-06-26 15:19 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help 2010-06-10 10:49 . 2009-06-25 21:10 76354 ----a-w- c:\windows\system32\perfc014.dat 2010-06-10 10:49 . 2009-06-25 21:10 436554 ----a-w- c:\windows\system32\perfh014.dat 2010-06-04 19:00 . 2010-05-20 14:55 -------- d-----w- c:\programfiler\Microsoft Silverlight 2010-05-24 16:14 . 2010-04-26 16:11 1 ----a-w- c:\documents and settings\Eier\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-24 08:30 . 2010-05-24 08:30 3706235 ----a-w- c:\documents and settings\Eier\Programdata\Katy Perry ft Snoop Dogg - California Girls.zip 2010-05-23 15:24 . 2010-03-23 13:32 -------- d-----w- c:\documents and settings\Eier\Programdata\vlc 2010-05-23 14:04 . 2009-12-28 13:15 -------- d-----w- c:\documents and settings\Eier\Programdata\dvdcss 2010-05-20 22:41 . 2010-05-20 22:41 -------- d-----w- c:\documents and settings\Eier\Programdata\Multimedia Player 2010-05-19 11:18 . 2010-05-19 11:18 16384 ----a-w- c:\documents and settings\Eier\Programdata\Windowz.exe 2010-05-19 11:18 . 2010-05-19 11:18 16384 ----a-w- c:\documents and settings\Eier\Programdata\Windowz.exe 2010-05-18 10:17 . 2010-05-18 10:13 -------- d-----w- c:\documents and settings\Eier\Programdata\Samsung 2010-05-18 10:17 . 2010-05-18 10:14 -------- d-----w- c:\documents and settings\Eier\Programdata\PC Suite 2010-05-18 10:16 . 2010-05-18 10:14 -------- d-----w- c:\documents and settings\All Users\Programdata\PC Suite 2010-05-18 10:13 . 2010-05-18 10:13 -------- d-----w- c:\programfiler\Fellesfiler\PCSuite 2010-05-18 10:13 . 2010-05-18 10:12 -------- d-----w- c:\programfiler\Samsung 2010-05-18 10:13 . 2010-05-18 10:13 -------- d-----w- c:\programfiler\DIFX 2010-05-18 10:12 . 2010-05-18 10:12 -------- d-----w- c:\programfiler\PC Connectivity Solution 2010-05-18 10:11 . 2010-05-18 10:11 -------- d-----w- c:\documents and settings\All Users\Programdata\Installations 2010-05-18 10:09 . 2010-05-18 10:12 27107508 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{2958B04A-0905-4689-B8D8-2F511E03AEBA}\Samsung_PC_Studio_7_7.1.40.8.exe 2010-05-18 09:01 . 2010-04-09 10:08 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple Computer 2010-05-04 17:21 . 2009-06-25 21:10 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:21 . 2009-06-25 21:10 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:21 . 2009-06-25 21:10 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 08:11 . 2009-06-25 21:10 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-26 16:11 . 2010-04-26 16:11 -------- d-----w- c:\documents and settings\Eier\Programdata\OpenOffice.org 2010-04-26 15:14 . 2010-04-26 15:14 61440 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-772f06da-n\decora-sse.dll 2010-04-26 15:14 . 2010-04-26 15:14 12800 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-772f06da-n\decora-d3d.dll 2010-04-26 15:14 . 2010-04-26 15:14 503808 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168c9cb9-n\msvcp71.dll 2010-04-26 15:14 . 2010-04-26 15:14 499712 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168c9cb9-n\jmc.dll 2010-04-26 15:14 . 2010-04-26 15:14 348160 ----a-w- c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168c9cb9-n\msvcr71.dll 2010-04-26 15:06 . 2009-06-26 15:03 45240 ----a-w- c:\documents and settings\Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2010-04-26 13:05 . 2010-04-26 13:05 7424000 ----a-r- c:\documents and settings\Eier\Programdata\Microsoft\Installer\{B603B288-E64E-40D0-97EF-6EC8FF154329}\soffice.exe 2010-04-26 13:03 . 2010-04-26 13:03 -------- d-----w- c:\programfiler\JRE 2010-04-26 13:03 . 2010-04-26 13:03 -------- d-----w- c:\programfiler\OpenOffice.org 3 2010-04-26 13:02 . 2010-04-26 13:02 -------- d-----w- c:\programfiler\Fellesfiler\Java 2010-04-26 13:01 . 2009-12-26 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-26 12:11 . 2010-04-26 12:10 19492 ----a-w- c:\windows\hpqins13.dat 2010-04-26 12:11 . 2010-04-26 12:11 -------- d-----w- c:\programfiler\Fellesfiler\HP 2010-04-26 12:11 . 2010-04-26 12:11 -------- d-----w- c:\documents and settings\All Users\Programdata\HP 2010-04-20 05:34 . 2009-06-25 21:09 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-30 11:23 . 2010-03-30 11:23 0 ----a-w- c:\documents and settings\Eier\Programdata\wklnhst.dat 2010-03-29 07:59 . 2010-04-02 19:30 52224 ----a-w- c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll 2010-03-29 07:59 . 2010-04-02 19:30 101376 ----a-w- c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll 2010-03-26 19:45 . 2010-03-26 19:45 766 ----a-r- c:\documents and settings\Eier\Programdata\Microsoft\Installer\{77D9C954-1EB4-49FE-857F-3F5FB2524DBD}\_DE0367E2D93D53695386C6.exe 2010-03-26 19:45 . 2010-03-26 19:45 10134 ----a-r- c:\documents and settings\Eier\Programdata\Microsoft\Installer\{77D9C954-1EB4-49FE-857F-3F5FB2524DBD}\_6124E718E8D6748400F5A3.exe 2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe . ((((((((((((((((((((((((((((( SnapShot@2010-06-20_20.14.27 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-20 21:20 . 2010-06-20 21:20 16384 c:\windows\Temp\Perflib_Perfdata_270.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2008-07-25 10:16 282112 ----a-w- c:\windows\system32\mscoree.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2008-07-25 10:16 282112 ----a-w- c:\windows\system32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SRS Premium Sound"="c:\programfiler\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\programfiler\QuickTime\QTTask .exe -atboottime" [X] "RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600] "EasyMode"="c:\programfiler\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280] "EeeStorageBackup"="c:\programfiler\ASUS\Eee Storage\BackupService.exe" [2009-06-08 935184] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-06-26 3054136] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512] "AsusACPIServer"="c:\programfiler\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-18 696320] "AsusEPCMonitor"="c:\programfiler\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304] "LiveUpdate"="c:\programfiler\Asus\LiveUpdate\LiveUpdate.exe" [2009-08-27 735208] "SynAsusAcpi"="c:\programfiler\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-14 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-14 354840] "PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-12-14 96792] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-03-25 142120] "hpqSRMon"="c:\programfiler\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-01-11 246504] "SamsungPCSuiteTrayApplication"="c:\programfiler\Samsung\Samsung PC Studio 7\LaunchApplication.exe" [2008-08-07 278016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "Samsung.PCSync"="c:\programfiler\Samsung\Samsung PC Studio 7\PcSync2.exe" [2007-12-04 1241088] c:\documents and settings\Eier\Start-meny\Programmer\Oppstart\ OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ SuperHybridEngine.lnk - c:\programfiler\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-26 376832] BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-5 604776] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin] 2009-12-03 04:31 65536 ----a-w- c:\windows\system32\igdlogin.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\programfiler\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 06:45 169312] R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\programfiler\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19.05.2009 18:29 107744] R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [23.07.2009 04:37 583360] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04.06.2009 03:54 38912] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [26.06.2009 18:02 233512] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [04.06.2009 03:54 39040] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.06.2009 16:24 1684736] S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [18.05.2010 12:12 135680] S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [18.05.2010 12:12 8320] S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [18.05.2010 12:12 12288] S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [18.05.2010 12:12 12288] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send til Bluetooth - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://nb-NO.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nb-NO:official FF - prefs.js: keyword.URL - FF - component: c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - component: c:\programfiler\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-20 23:33 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8649DEC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7634f28 \Driver\ACPI -> ACPI.sys @ 0xf74c7cb8 \Driver\atapi -> atapi.sys @ 0xf747f852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 user & kernel MBR OK ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(768) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL . Tidspunkt ferdig: 2010-06-20 23:38:49 ComboFix-quarantined-files.txt 2010-06-20 21:38 ComboFix2.txt 2010-06-20 20:19 ComboFix3.txt 2010-06-20 15:12 Pre-Run: 63 525 203 968 byte ledig Post-Run: 63 514 615 808 byte ledig WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - DD3778434B94EF91ED6B85C84805D60E