ComboFix 10-09-06.02 - Ann Cathrine 06.09.2010  19:54:53.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.2047.1021 [GMT 2:00]
Kjører fra: c:\documents and settings\Ann Cathrine\Skrivebord\ComboFix.exe
AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\settings.reg
c:\windows\system32\Data
G:\Autorun.inf

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2010-08-06 til 2010-09-06  )))))))))))))))))))))))))))))))))
.

2010-09-06 17:38 . 2010-09-06 17:38	388096	----a-r-	c:\documents and settings\Ann Cathrine\Programdata\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-06 17:38 . 2010-09-06 17:38	--------	d-----w-	c:\programfiler\Trend Micro
2010-09-06 17:36 . 2010-09-06 17:36	--------	d-----w-	c:\programfiler\Fellesfiler\Java
2010-09-06 17:36 . 2010-09-06 17:36	503808	----a-w-	c:\documents and settings\Ann Cathrine\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69dbceec-n\msvcp71.dll
2010-09-06 17:36 . 2010-09-06 17:36	499712	----a-w-	c:\documents and settings\Ann Cathrine\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69dbceec-n\jmc.dll
2010-09-06 17:36 . 2010-09-06 17:36	348160	----a-w-	c:\documents and settings\Ann Cathrine\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-69dbceec-n\msvcr71.dll
2010-09-06 17:36 . 2010-09-06 17:36	61440	----a-w-	c:\documents and settings\Ann Cathrine\Programdata\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-50e60ab4-n\decora-sse.dll
2010-09-06 17:36 . 2010-09-06 17:36	12800	----a-w-	c:\documents and settings\Ann Cathrine\Programdata\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-50e60ab4-n\decora-d3d.dll
2010-09-06 17:36 . 2010-07-17 03:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-06 17:15 . 2010-09-06 17:15	63488	----a-w-	c:\documents and settings\Ann Cathrine\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-06 17:15 . 2010-09-06 17:15	52224	----a-w-	c:\documents and settings\Ann Cathrine\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-06 17:15 . 2010-09-06 17:15	117760	----a-w-	c:\documents and settings\Ann Cathrine\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-06 17:15 . 2010-09-06 17:15	--------	d-----w-	c:\documents and settings\Ann Cathrine\Programdata\SUPERAntiSpyware.com
2010-09-06 17:15 . 2010-09-06 17:15	--------	d-----w-	c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com
2010-09-06 17:15 . 2010-09-06 17:15	--------	d-----w-	c:\programfiler\SUPERAntiSpyware
2010-09-06 17:06 . 2010-09-06 17:06	--------	d-----w-	c:\documents and settings\Ann Cathrine\Programdata\Malwarebytes
2010-09-06 17:05 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 17:05 . 2010-09-06 17:05	--------	d-----w-	c:\documents and settings\All Users\Programdata\Malwarebytes
2010-09-06 17:05 . 2010-09-06 17:06	--------	d-----w-	c:\programfiler\Malwarebytes' Anti-Malware
2010-09-06 17:05 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-06 16:46 . 2010-09-06 16:46	--------	d--h--r-	c:\documents and settings\Ann Cathrine\Siste
2010-09-06 16:37 . 2010-09-06 16:37	--------	d-----w-	c:\programfiler\CCleaner

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 17:36 . 2009-11-28 16:50	--------	d-----w-	c:\programfiler\Java
2010-09-05 17:32 . 2009-11-28 18:27	20	---h--w-	c:\documents and settings\All Users\Programdata\PKP_DLdu.DAT
2010-08-13 09:10 . 2009-11-12 00:36	443884	----a-w-	c:\windows\system32\perfh014.dat
2010-08-13 09:10 . 2009-11-12 00:36	79854	----a-w-	c:\windows\system32\perfc014.dat
2010-07-16 09:38 . 2010-05-30 17:05	1	----a-w-	c:\documents and settings\Ann Cathrine\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-11 17:48 . 2009-11-28 17:01	--------	d-----w-	c:\documents and settings\Ann Cathrine\Programdata\Spotify
2010-07-02 13:16 . 2010-06-10 16:16	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-06-30 12:33 . 2009-11-12 00:36	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-29 23:27 . 2010-06-29 23:27	1	----a-w-	c:\documents and settings\Lene\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-24 12:19 . 2009-11-12 00:36	832512	----a-w-	c:\windows\system32\wininet.dll
2010-06-24 12:19 . 2009-11-12 00:36	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-06-24 12:19 . 2009-11-12 00:36	17408	----a-w-	c:\windows\system32\corpol.dll
2010-06-24 09:03 . 2009-11-12 00:36	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2009-11-12 00:36	354304	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-21 12:54 . 2010-05-26 19:32	48272	----a-w-	c:\windows\system32\drivers\nnetsec.sys
2010-06-17 14:03 . 2009-11-12 00:36	80384	----a-w-	c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-11-11 06:51	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2009-11-12 00:36	1172480	----a-w-	c:\windows\system32\msxml3.dll
2010-06-10 15:12 . 2010-01-04 16:37	26896	----a-w-	c:\documents and settings\Lene\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2010-06-10 10:10 . 2009-11-11 06:51	76487	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"P17Helper"="P17.dll" [2005-05-03 64512]
"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]
"NPCTray"="c:\programfiler\Norman\npc\bin\npc_tray.exe" [2010-02-22 93616]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\Lene\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\Ann Cathrine\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Hurtigstart.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Nikon Monitor.lnk - c:\programfiler\Fellesfiler\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Ann Cathrine\\Skrivebord\\Spotify Installer.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=

P2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [17.06.2010 14:06 286328]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.11.2009 20:56 64288]
R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [26.05.2010 21:32 26744]
R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [26.05.2010 21:32 72392]
R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [26.05.2010 21:32 376136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 17:52 1314704]
R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [28.11.2009 19:56 22880]
R2 NNFSVC;Norman Network Filtering service;c:\programfiler\Norman\Ngs\Bin\nnf.exe [26.05.2010 21:32 219904]
R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [26.05.2010 21:32 103016]
R2 nregsec;Norman Registry Security driver;c:\programfiler\Norman\Ngs\Bin\nregsec.sys [26.05.2010 21:32 40384]
R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [28.11.2009 19:56 98776]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [26.05.2010 21:32 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\programfiler\Norman\Ngs\Bin\nnetsecc.sys [27.05.2010 20:35 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [18.06.2010 23:07 282624]
R3 NUAA;Norman User Activity Agent;c:\programfiler\Norman\Npc\Bin\nuaa.exe [28.11.2009 19:56 99656]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [28.11.2009 19:55 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [16.08.2010 18:15 210248]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [28.11.2009 19:56 133272]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12.11.2009 02:38 1684736]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - mchInjDrv
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:27]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
LSP: c:\programfiler\Norman\ngs\bin\nlf.dll
FF - ProfilePath - c:\documents and settings\Ann Cathrine\Programdata\Mozilla\Firefox\Profiles\clxn5o0m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 19:58
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ... 

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2010-09-06  19:59:39
ComboFix-quarantined-files.txt  2010-09-06 17:59

Pre-Run: 484 954 673 152 byte ledig
Post-Run: 485 015 150 592 byte ledig

- - End Of File - - CB0B572F2E637D5BCF0A994F267AB57E