ComboFix 11-02-15.02 - brukerkonto 16.02.2011 9:07.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1271.976 [GMT 1:00] Kjører fra: h:\nyttige program\ComboFix.exe ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\brukerkonto\Lokale innstillinger\Temporary Internet Files\Ssk.log c:\documents and settings\brukerkonto\Start-meny\Programmer\ucmore - the search accelerator c:\documents and settings\brukerkonto\Start-meny\Programmer\ucmore - the search accelerator\How To Uninstall.lnk c:\documents and settings\brukerkonto\Start-meny\Programmer\ucmore - the search accelerator\UCmore - The Search Accelerator.lnk c:\documents and settings\brukerkonto\Start-meny\Programmer\ucmore - the search accelerator\UCmore Tour.lnk c:\documents and settings\Marit\Lokale innstillinger\Temporary Internet Files\Ssk.log c:\programfiler\FunWebProducts c:\programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\programfiler\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html c:\programfiler\FunWebProducts\Shared\Cache\MailStampBtn.html c:\programfiler\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html c:\programfiler\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html c:\programfiler\FunWebProducts\Shared\Cache\MyStationeryBtn.html c:\programfiler\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\programfiler\FunWebProducts\Shared\Cache\temp.html c:\windows\system32\f3PSSavr.scr . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ZESOFT ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-01-16 til 2011-02-16 ))))))))))))))))))))))))))))))))) . 2011-02-15 10:54 . 2011-02-15 10:54 -------- d-----w- c:\documents and settings\brukerkonto\Programdata\GlarySoft 2011-02-15 10:52 . 2011-02-15 10:53 -------- d-----w- c:\programfiler\Glary Utilities 2011-02-15 10:45 . 2011-02-15 10:45 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2011-02-15 10:45 . 2011-02-15 10:45 -------- d-----w- c:\programfiler\Spybot - Search & Destroy 2011-02-15 10:36 . 2011-02-15 10:36 388096 ----a-r- c:\documents and settings\brukerkonto\Programdata\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-02-15 10:36 . 2011-02-15 10:36 -------- d-----w- c:\programfiler\Trend Micro 2011-02-11 11:09 . 2009-03-25 13:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys 2011-02-11 11:09 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll 2011-02-11 11:09 . 2011-02-11 11:09 -------- d-----w- c:\programfiler\Realtek 2011-02-11 09:40 . 2011-02-11 09:40 -------- d-sh--w- c:\documents and settings\Marit\PrivacIE 2011-02-11 09:38 . 2011-02-11 09:38 -------- d-sh--w- c:\documents and settings\Marit\IETldCache 2011-02-11 08:13 . 2011-02-11 08:13 -------- d-----w- c:\windows\l2schemas 2011-02-11 08:13 . 2011-02-11 08:13 -------- d-----w- c:\windows\system32\no 2011-02-01 10:31 . 2008-04-14 16:22 346112 ------w- c:\windows\system32\windowscodecsext.dll 2011-02-01 10:31 . 2008-04-14 16:22 712704 ------w- c:\windows\system32\windowscodecs.dll 2011-02-01 10:31 . 2008-04-14 16:23 28672 ------w- c:\windows\system32\verclsid.exe 2011-02-01 10:31 . 2008-04-14 16:23 204800 -c----w- c:\windows\system32\dllcache\unregmp2.exe 2011-02-01 10:31 . 2008-04-14 16:22 50688 ------w- c:\windows\system32\tspkg.dll 2011-02-01 10:31 . 2008-04-14 16:22 53248 ------w- c:\windows\system32\tsgqec.dll 2011-02-01 10:30 . 2008-04-14 16:22 152576 -c----w- c:\windows\system32\dllcache\shmedia.dll 2011-02-01 10:30 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys 2011-02-01 10:30 . 2008-04-14 16:23 774144 -c----w- c:\windows\system32\dllcache\setup_wm.exe 2011-02-01 10:30 . 2008-04-14 16:23 32768 ------w- c:\windows\system32\setupn.exe 2011-02-01 10:30 . 2008-04-14 16:22 290304 ------w- c:\windows\system32\rhttpaa.dll 2011-02-01 10:30 . 2008-04-14 16:22 61952 ------w- c:\windows\system32\rasqec.dll 2011-02-01 10:30 . 2008-04-14 16:22 76800 ------w- c:\windows\system32\qutil.dll 2011-02-01 10:30 . 2008-04-14 16:22 62464 ------w- c:\windows\system32\qcliprov.dll 2011-02-01 10:30 . 2008-04-14 16:22 292352 ------w- c:\windows\system32\qagentrt.dll 2011-02-01 10:30 . 2008-04-14 16:22 150528 ------w- c:\windows\system32\qagent.dll 2011-02-01 10:30 . 2008-04-14 16:22 412160 ------w- c:\windows\system32\photometadatahandler.dll 2011-02-01 10:30 . 2008-04-14 16:22 144384 ------w- c:\windows\system32\onex.dll 2011-02-01 10:28 . 2008-04-13 16:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys 2011-02-01 10:13 . 2011-02-01 10:13 -------- d-----w- c:\documents and settings\brukerkonto\Lokale innstillinger\Programdata\Mozilla 2011-02-01 10:08 . 2010-05-06 10:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-02-01 10:08 . 2010-05-06 10:37 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-02-01 10:07 . 2010-05-06 10:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-02-01 10:07 . 2010-05-06 10:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-02-01 10:07 . 2010-05-06 10:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-02-01 10:07 . 2010-05-06 10:37 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-02-01 10:07 . 2010-05-06 10:37 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-04-22 57344] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-09-08 136600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] MyWebSearch Email Plugin.lnk - c:\programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE [N/A] OKI LPR Utility.lnk - c:\programfiler\Okidata\OKI LPR Utility\okilpr.exe [2004-11-9 151552] [HKLM\~\startupfolder\C:^Documents and settings^brukerkonto^Start-meny^Programmer^Oppstart^MyWebSearch Email Plugin.lnk] backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 LogWatch;Event Log Watch;c:\programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [20.09.2002 18:29 53248] S3 CA_LIC_CLNT;CA License Client;c:\programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [20.09.2002 18:27 77824] S3 CA_LIC_SRVR;CA License Server;c:\programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [20.09.2002 18:41 77824] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2011-02-16 c:\windows\Tasks\GlaryInitialize.job - c:\programfiler\Glary Utilities\initialize.exe [2011-02-15 13:13] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\brukerkonto\Programdata\Mozilla\Firefox\Profiles\3677amti.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programfiler\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\programfiler\Java\jre6\lib\deploy\jqs\ff . - - - - TOMME PEKERE FJERNET - - - - Toolbar-Locked - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-16 09:13 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1218547261-3847636510-317846404-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(2328) c:\windows\system32\webcheck.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE . ************************************************************************** . Tidspunkt ferdig: 2011-02-16 09:18:09 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2011-02-16 08:18 Pre-Run: 6 321 680 384 byte ledig Post-Run: 6 723 739 648 byte ledig - - End Of File - - 76AD9CD1BBD9A6A4357C6D82B6A6588D