ComboFix 11-02-18.05 - Eier 19.02.2011  15:57:01.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.255.102 [GMT 1:00]
Kjører fra: c:\documents and settings\Eier\Skrivebord\ComboFix.exe
 * Opprettet nytt gjenopprettingspunkt

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2011-01-19 til 2011-02-19  )))))))))))))))))))))))))))))))))
.

2011-02-19 14:19 . 2011-02-19 14:37	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2011-02-12 09:03 . 2011-02-12 09:03	--------	d-sh--w-	c:\documents and settings\Default User\IETldCache
2011-02-12 09:02 . 2011-02-12 09:02	--------	d-----w-	c:\windows\system32\XPSViewer
2011-02-10 17:44 . 2011-02-12 08:30	--------	d--h--r-	c:\documents and settings\Eier\Siste
2011-02-10 17:30 . 2011-02-10 17:33	--------	d-----w-	c:\documents and settings\Eier\Lokale innstillinger\Programdata\Temp
2011-02-10 17:30 . 2011-02-10 17:30	--------	d-----w-	c:\documents and settings\Eier\Lokale innstillinger\Programdata\Deployment
2011-02-10 16:54 . 2011-02-10 16:54	--------	d-----w-	c:\programfiler\Defraggler
2011-02-10 15:22 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 15:22 . 2011-02-10 15:22	--------	d-----w-	c:\programfiler\Malwarebytes' Anti-Malware
2011-02-10 15:22 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-02-09 14:57 . 2011-02-09 14:57	--------	d-----w-	c:\documents and settings\Eier\Programdata\SUPERAntiSpyware.com
2011-02-09 14:53 . 2011-02-09 14:53	--------	d-----w-	c:\documents and settings\Eier\Programdata\ElevatedDiagnostics
2011-02-08 16:42 . 2011-02-08 16:42	--------	d-----w-	c:\programfiler\Microsoft CAPICOM 2.1.0.2
2011-02-08 14:52 . 2009-08-06 18:23	274288	----a-w-	c:\windows\system32\mucltui.dll
2011-02-08 14:52 . 2009-08-06 18:23	215920	----a-w-	c:\windows\system32\muweb.dll
2011-02-07 20:30 . 2011-02-07 20:30	--------	d-----w-	c:\documents and settings\All Users\Programdata\HP Product Assistant
2011-02-07 18:26 . 2010-10-19 20:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-02-07 18:04 . 2011-02-07 18:04	--------	d-----w-	c:\programfiler\CCleaner
2011-02-07 17:54 . 2011-02-07 17:55	--------	d-----w-	c:\documents and settings\Administrator
2011-02-04 16:52 . 2011-02-04 16:52	--------	d-----w-	c:\documents and settings\Eier\Programdata\Malwarebytes
2011-02-04 16:52 . 2011-02-04 16:52	--------	d-----w-	c:\documents and settings\All Users\Programdata\Malwarebytes
2011-02-04 16:32 . 2011-01-13 08:47	38848	----a-w-	c:\windows\avastSS.scr
2011-01-21 14:44 . 2011-01-21 14:44	439296	-c----w-	c:\windows\system32\dllcache\shimgvw.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2003-03-18 20:43	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-03-18 21:16	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2003-03-18 20:44	1854976	----a-w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-03-18 21:18	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2003-03-18 21:18	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2003-03-18 21:18	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 23:52 . 2003-03-18 20:44	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 17:25 . 2003-03-18 21:18	730112	----a-w-	c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2005-02-11 09:33	385024	----a-w-	c:\windows\system32\html.iec
2010-12-09 15:15 . 2003-01-29 06:14	714240	----a-w-	c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2002-09-10 04:07	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2002-09-10 04:07	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2003-03-18 21:17	33280	----a-w-	c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KYE_Showicon"="c:\programfiler\USB Storage RW\shwicon.exe -tKYE\USB Storage RW" [X]
"StorageGuard"="c:\programfiler\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^hp center.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\hp center.lnk
backup=c:\windows\pss\hp center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2002-10-16 12:05	114688	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27	49152	----a-w-	c:\programfiler\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54	150016	----a-w-	c:\programfiler\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 22:04	52736	----a-w-	c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-03-31 01:50	61440	----a-w-	c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-25 03:20	28672	----a-w-	c:\programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 16:23	1695232	----a-w-	c:\programfiler\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 13:19	4841472	----a-w-	c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
2003-07-28 13:19	852038	----a-w-	c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 13:19	323584	----a-w-	c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 21:57	81920	----a-w-	c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 03:42	212992	----a-w-	c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenorhjelpen]
2008-12-03 11:37	189168	----a-w-	c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-02-27 16:48	45056	------w-	c:\programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
2002-11-26 23:14	131072	----a-w-	c:\programfiler\Coloreal\COLOREAL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Eier\LOKALE~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Eier\LOKALE~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Eier\LOKALE~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Eier\LOKALE~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S1 MpKslede9862b;MpKslede9862b;\??\c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7144EBB-3309-48ED-AD74-CD9A3FFC7722}\MpKslede9862b.sys --> c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7144EBB-3309-48ED-AD74-CD9A3FFC7722}\MpKslede9862b.sys [?]
S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [20.02.2008 15:35 84608]

--- Andre tjenester/drivere lastet i minnet ---

*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-12-28 c:\windows\Tasks\Enkelt Internett-abonnement.job
- c:\programfiler\Hewlett-Packard\EZ Internet Signup\HPSdpApp.exe [2003-01-28 03:10]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.sol.no/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: buypass.no
Trusted Zone: headit.no
Trusted Zone: norsk-tipping.no
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-swg - c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-swg - c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 16:06
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ... 

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
Tidspunkt ferdig: 2011-02-19  16:11:35
ComboFix-quarantined-files.txt  2011-02-19 15:11

Pre-Run: 59 895 959 552 byte ledig
Post-Run: 60 185 272 320 byte ledig

- - End Of File - - 54E42513134A4AFEF3FE8235DBD94FD7