ComboFix 11-02-23.01 - Bruker 23.02.2011 19:25:17.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2045.1327 [GMT 1:00] Kjører fra: c:\users\Bruker\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Local . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RKHIT -------\Service_RkHit ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-01-23 til 2011-02-23 ))))))))))))))))))))))))))))))))) . 2011-02-23 18:38 . 2011-02-23 18:38 -------- d-----w- c:\programdata\Local 2011-02-23 18:35 . 2011-02-23 18:39 -------- d-----w- c:\users\Bruker\AppData\Local\temp 2011-02-23 18:35 . 2011-02-23 18:35 -------- d-----w- c:\users\Gjest\AppData\Local\temp 2011-02-23 18:35 . 2011-02-23 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-19 23:04 . 2011-02-19 23:04 -------- d-----w- c:\program files\Steam 2011-02-19 22:59 . 2011-02-19 22:59 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP 2011-02-19 22:36 . 2011-02-19 22:36 -------- d-----w- c:\users\Bruker\AppData\Roaming\SUPERAntiSpyware.com 2011-02-19 22:36 . 2011-02-19 22:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-02-19 22:36 . 2011-02-22 16:05 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-02-19 22:26 . 2011-02-20 09:30 -------- d-----w- c:\windows\BDOSCAN8 2011-02-19 22:19 . 2011-02-19 22:19 -------- d-----w- c:\users\Bruker\AppData\Roaming\f-secure 2011-02-19 22:17 . 2011-02-19 22:17 -------- d-----w- c:\programdata\F-Secure 2011-02-18 22:17 . 2011-02-18 22:17 -------- d-----w- c:\program files\Enigma Software Group 2011-02-18 22:14 . 2011-02-18 22:48 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP 2011-02-18 22:14 . 2011-02-18 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-08 12:55 . 2010-06-21 19:07 16432 ----a-w- c:\windows\system32\lsdelete.exe 2010-12-28 15:55 . 2011-01-11 21:42 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-20 17:09 . 2010-03-25 19:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-03-25 19:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-14 14:49 . 2011-01-11 21:42 1169408 ----a-w- c:\windows\system32\sdclt.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-22 2423752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-14 8433664] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-14 81920] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-14 67584] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-21 37888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Users^Bruker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\users\Bruker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-03-28 20:22 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744] R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968] R3 GTMM Device Service;GTMM Device Service;c:\program files\Telenor\Mobile Broadband\GtmmDeviceService.exe [2008-07-02 106496] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232] R3 NDISKIO;NDISKIO;c:\users\Bruker\AppData\Local\Temp\00000271.nmc\nse\bin\ndiskio.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-02-08 1405384] S2 SesamService;Sesam Control Service;c:\program files\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe [2008-05-09 1216296] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [2008-04-29 39720] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [2008-04-29 272424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2011-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:55] 2010-03-17 c:\windows\Tasks\CreateChoiceProcessTask.job - c:\windows\System32\browserchoice.exe [2010-03-16 10:32] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 14:20] 2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 14:20] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.aftenbladet.no/ uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe AddRemove-bet365poker - c:\poker\Poker at bet365\_SetupPoker_3f8b[1].exe AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 19:43 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\conime.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\STacSV.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\System32\wsqmcons.exe . ************************************************************************** . Tidspunkt ferdig: 2011-02-23 19:48:48 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2011-02-23 18:48 Pre-Run: 44 111 319 040 byte ledig Post-Run: 43 755 044 864 byte ledig - - End Of File - - 299AC57EA870F853767AA5B00CA22946