ComboFix 11-06-22.05 - Terje 23.06.2011 17:22:30.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.1024.659 [GMT 2:00] Kjører fra: d:\documents and settings\Terje\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-05-23 til 2011-06-23 ))))))))))))))))))))))))))))))))) . . 2011-06-23 15:13 . 2011-05-10 12:03 441176 ----a-w- d:\windows\system32\drivers\aswSnx.sys 2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- d:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2011-05-26 13:56 . 2011-05-26 13:56 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-10 12:10 . 2010-07-15 16:37 40112 ----a-w- d:\windows\avastSS.scr 2011-05-10 12:10 . 2009-07-08 20:30 199304 ----a-w- d:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2009-07-08 20:31 307928 ----a-w- d:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2009-07-08 20:31 49240 ----a-w- d:\windows\system32\drivers\aswTdi.sys 2011-05-10 12:02 . 2009-07-08 20:31 102616 ----a-w- d:\windows\system32\drivers\aswmon2.sys 2011-05-10 12:02 . 2009-07-08 20:31 96344 ----a-w- d:\windows\system32\drivers\aswmon.sys 2011-05-10 11:59 . 2009-07-08 20:31 25432 ----a-w- d:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2009-07-08 20:31 30808 ----a-w- d:\windows\system32\drivers\aavmker4.sys 2011-05-10 11:59 . 2009-07-08 20:31 19544 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . d:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe [-] 2007-04-13 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . d:\windows\system32\winlogon.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-06-21_15.47.58 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-23 15:16 . 2011-06-23 15:16 16384 d:\windows\temp\Perflib_Perfdata_20c.dat + 2009-07-08 20:31 . 2011-05-10 11:59 30808 d:\windows\system32\drivers\aavmker4.sys + 2011-06-21 16:42 . 2011-06-21 16:42 2302976 d:\windows\Installer\255e33.msi . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- d:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="d:\program files\Clock Tray Skins\ClockTraySkins.exe" [2007-04-16 448768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BootSkin Startup Jobs"="d:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360] . d:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213] NETGEAR WG311T Wireless Assistant.lnk - d:\program files\NETGEAR\WG311T\wlancfg5.exe [2005-5-9 4517888] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "e:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 14:28 352256 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=d:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Hurtigstart for Adobe Reader.lnk backup=d:\windows\pss\Hurtigstart for Adobe Reader.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logiteck Office Run.exe] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Logiteck Office Run.exe backup=d:\windows\pss\Logiteck Office Run.exeCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^Terje^Start Menu^Programs^Startup^Dialog Helper.lnk] path=d:\documents and settings\Terje\Start Menu\Programs\Startup\Dialog Helper.lnk backup=d:\windows\pss\Dialog Helper.lnkStartup . [HKLM\~\startupfolder\D:^Documents and Settings^Terje^Start Menu^Programs^Startup^NVidia Desktop Run.exe] path=d:\documents and settings\Terje\Start Menu\Programs\Startup\NVidia Desktop Run.exe backup=d:\windows\pss\NVidia Desktop Run.exeStartup . [HKLM\~\startupfolder\D:^Documents and Settings^Terje^Start Menu^Programs^Startup^TomTom HOME.lnk] path=d:\documents and settings\Terje\Start Menu\Programs\Startup\TomTom HOME.lnk backup=d:\windows\pss\TomTom HOME.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2008-10-02 22:54 91432 ----a-w- d:\program files\Cyberlink\Shared Files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] 2001-12-07 15:24 1216512 -c--a-r- d:\windows\Mixer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2009-07-27 02:10 1983816 ----a-w- d:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2009-03-18 01:40 767312 ----a-w- d:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization] 2005-10-05 10:00 53248 ----a-w- e:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] 2004-01-14 01:10 409600 -c--a-w- d:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2003-07-25 09:15 536576 ----a-w- e:\program files\Eraser\eraser.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing] 2010-01-19 10:27 3118344 ----a-w- d:\program files\TechSmith\Jing\Jing.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon] 2007-07-17 23:30 1687824 ----a-w- d:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore] 2007-07-18 00:08 2094352 ----a-w- d:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] 2008-02-29 01:12 76304 -c--a-w- d:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 13:39 1090952 ----a-w- e:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 -c--a-w- d:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller] 2005-04-12 09:16 106496 ----a-w- e:\program files\ScanSoft\OmniPage15.0\PDFConverter3\registrycontroller.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] 2007-12-14 09:36 50472 ------w- e:\program files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 13:09 413696 ----a-w- e:\program files\QuickTime Alternative\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] 2008-03-20 18:23 83240 ------w- e:\program files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-09-29 23:14 155648 -c--a-r- d:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Opera\\Opera.exe"= "e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "d:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "d:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"= "e:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "e:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "e:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "e:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"= "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "4672:TCP"= 4672:TCP:4662 . R0 WDMCAPI;ISDN PCI CAPI;d:\windows\system32\drivers\WDMCAPI.sys [24.04.2002 10:05 612669] R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [23.06.2011 17:13 441176] R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [08.07.2009 22:31 307928] R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [19.08.2008 23:34 8944] R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [19.08.2008 23:34 55024] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\program files\CyberLink\PowerDVD8\PowerDVD8\000.fcl [15.05.2008 12:07 61424] R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [08.07.2009 22:31 19544] R2 ousbehci;%OWC_USBEHCD.DeviceDesc%;d:\windows\system32\drivers\ousbehci.sys [13.04.2007 04:33 26752] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;d:\windows\system32\drivers\ousb2hub.sys [13.04.2007 04:33 40704] R3 WDMWANMP;NDIS WAN miniport;d:\windows\system32\drivers\wdmwanmp.sys [26.03.2002 04:40 26067] S2 P1C1394;Phase One 1394 Camera Driver;d:\windows\system32\Drivers\p1c1394.sys --> d:\windows\system32\Drivers\p1c1394.sys [?] S3 cxbu0wdm;CardMan 3x21;d:\windows\system32\drivers\cxbu0wdm.sys [04.04.2009 20:24 84608] S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [03.09.2008 15:41 38224] S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [25.01.2007 19:31 42000] S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [19.08.2008 23:34 7408] . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - ASWSNX . . ------- Tilleggsskanning ------- . uStart Page = hxxp://google.mini20.com IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with Scansoft PDF Converter 3.0 - e:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100 IE: Send til &Bluetooth-enhet... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-23 17:32 Windows 5.1.2600 Service Pack 2 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\konfig] "ImagePath"="f:\opt\MBCASE\pm\bin\mcp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\license] "ImagePath"="f:\opt\MBCASE\pm\bin\mcp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mcp] "ImagePath"="f:\opt\MBCASE\pm\bin\mcp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\e:\program files\CyberLink\PowerDVD8\PowerDVD8\000.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\DefaultPreset] @DACL=(02 0000) @="e:\\Program Files\\Adobe\\Premiere Pro 1.5\\Settings\\DV - NTSC\\Standard 48kHz.prpreset" . [HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\Help] @DACL=(02 0000) "AdobeMediaEncoder"="e:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html" "Contents"="e:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html" "ExportToDVD"="e:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_19_2_0.html" "HowToUse"="e:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\0_0_0_0.html" "Keyboard"="e:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_21_0_0.html" "Search"="e:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\search.html" "Support"="http://www.adobe.com/support/products/premiere.html" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'winlogon.exe'(724) e:\program files\SUPERAntiSpyware\SASWINLO.dll d:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2104) d:\windows\system32\WININET.dll d:\windows\system32\btmmhook.dll d:\windows\system32\ieframe.dll d:\windows\system32\webcheck.dll d:\windows\system32\WPDShServiceObj.dll d:\windows\system32\PortableDeviceTypes.dll d:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2011-06-23 17:36:00 ComboFix-quarantined-files.txt 2011-06-23 15:35 ComboFix2.txt 2011-06-21 16:27 ComboFix3.txt 2011-06-21 15:51 ComboFix4.txt 2008-09-04 09:39 . Pre-Run: 7 264 464 896 bytes free Post-Run: 7 248 297 984 bytes free . - - End Of File - - ACACA391632BFF46BFA97651118EF40C