ComboFix 12-12-12.01 - stua 13.12.2012  13:22:13.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.47.1044.18.2015.1123 [GMT 1:00]
Kjører fra: c:\documents and settings\stua\Mine dokumenter\Nedlastinger\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\stua\Lokale innstillinger\Temporary Internet Files\simpleadblock.msi
c:\documents and settings\stua\WINDOWS
c:\windows\IsUn0414.exe
.
.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2012-11-13 til 2012-12-13  )))))))))))))))))))))))))))))))))
.
.
2012-12-13 10:20 . 2012-12-13 10:20	--------	d-----w-	C:\_OTL
2012-12-11 21:21 . 2012-12-11 21:21	98304	----a-w-	c:\windows\~DF2135.tmp
2012-12-09 08:41 . 2012-12-09 08:41	98304	----a-w-	c:\windows\~DF596D.tmp
2012-12-04 00:19 . 2012-12-04 00:19	98304	----a-w-	c:\windows\~DF5D19.tmp
2012-12-03 08:23 . 2012-12-03 08:23	114688	--sha-r-	c:\windows\system32\CNC5200CL.dll
2012-12-03 01:17 . 2012-11-08 18:00	6812136	----a-w-	c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9F72052-26A0-40DC-B224-CC82C91261F3}\mpengine.dll
2012-12-02 00:47 . 2012-11-08 18:00	6812136	----a-w-	c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-28 12:38 . 2012-11-28 12:39	98304	----a-w-	c:\windows\~DFDDC0.tmp
2012-11-20 09:22 . 2012-11-20 09:22	98304	----a-w-	c:\windows\~DFE109.tmp
2012-11-14 21:42 . 2012-11-14 21:42	98304	----a-w-	c:\windows\~DFCD5F.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 12:12 . 2011-07-28 00:52	22528	----a-w-	c:\windows\system32\drivers\nhcDriver.sys
2012-12-12 16:09 . 2012-09-05 06:04	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 16:09 . 2011-07-17 11:49	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2004-08-04 12:00	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2004-08-04 12:00	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-11-02 02:03 . 2004-08-04 12:00	375296	----a-w-	c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-10-30 14:52 . 2012-10-30 14:52	98304	----a-w-	c:\windows\~DF31AD.tmp
2012-10-02 18:04 . 2004-08-04 12:00	58368	----a-w-	c:\windows\system32\synceng.dll
2012-12-02 13:14 . 2012-12-02 13:14	262112	----a-w-	c:\programfiler\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VoipDiscount"="c:\programfiler\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2012-10-05 23119272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-08-25 49152]
"NotebookHardwareControl"="c:\programfiler\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\programfiler\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"ControlCenter2.0"="c:\programfiler\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\stua\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.3.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
BlueSoleil.lnk - c:\programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-9-20 1200128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Utility Tray.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^stua^Start-meny^Programmer^Oppstart^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\stua\Start-meny\Programmer\Oppstart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless N DWA-140]
2010-06-30 08:32	1024000	----a-w-	c:\programfiler\D-Link\DWA-140 revB\AirNCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-24 07:29	206240	----a-w-	c:\programfiler\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
2011-07-16 17:45	106496	----a-w-	c:\windows\SiSUSBrg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WZCSLDR2]
2010-06-03 11:36	122880	----a-w-	c:\programfiler\D-Link\DWA-140 revB\WZCSLDR2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Programfiler\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programfiler\\Mozilla Firefox\\plugin-container.exe"=
.
R0 Ramdisk;Ramdisk [ QSoft ];c:\windows\system32\drivers\ramdisk.sys [16.07.2011 16:19 8192]
R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [16.07.2011 19:37 29411]
R2 D-Link Wireless N DWA-140;D-Link Wireless N DWA-140 Service;c:\programfiler\D-Link\DWA-140 revB\ANIWZCSdS.exe [16.07.2011 19:41 126976]
R2 D-Link Wireless N DWA-140_WPS;D-Link Wireless N DWA-140_WPS Service;c:\programfiler\D-Link\DWA-140 revB\ANIWConnService.exe [16.07.2011 19:41 53248]
R2 MBAMScheduler;MBAMScheduler;c:\programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.12.2012 17:41 399432]
R2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [12.12.2012 17:41 676936]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [16.07.2011 18:48 191092]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.12.2012 17:41 22856]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [16.07.2011 18:48 6100]
R3 RAMDiskXP;RAMDiskXP;c:\windows\system32\drivers\RAMDiskXP.sys [05.05.2011 20:57 58368]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [01.09.2003 06:33 179968]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 16:09]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2011-08-20 01:54]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2011-08-20 01:54]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-261903793-839522115-1003Core.job
- c:\documents and settings\stua\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2012-04-29 16:41]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-261903793-839522115-1003UA.job
- c:\documents and settings\stua\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2012-04-29 16:41]
.
2012-12-12 c:\windows\Tasks\photostageDowngrade.job
- c:\programfiler\NCH Software\PhotoStage\photostage.exe [2012-03-06 19:39]
.
2012-08-31 c:\windows\Tasks\photostageShakeIcon.job
- c:\programfiler\NCH Software\PhotoStage\photostage.exe [2012-03-06 19:39]
.
2012-12-13 c:\windows\Tasks\sxpquiv.job
- c:\windows\system32\CNC5200CL.dll [2012-12-03 08:23]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.no/
TCP: Interfaces\{AC3EB6CC-0AF0-4501-B731-3BCD50A161A3}: NameServer = 192.168.50.57
TCP: Interfaces\{B9E862DA-9AA7-4DD9-9FAF-CD413917D155}: NameServer = 192.168.1.100
FF - ProfilePath - c:\documents and settings\stua\Programdata\Mozilla\Firefox\Profiles\j25vkwrj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 54fa255d00000000000014d64d3ba4e9
FF - user.js: extensions.BabylonToolbar_i.hardId - 54fa255d00000000000014d64d3ba4e9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15320
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100600
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 54fa255d0000000000000011675c407e
FF - user.js: extensions.softonic_i.instlDay - 15404
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.522:27
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - en11DECdefault
FF - user.js: extensions.softonic_i.instlRef - MON00005
FF - user.js: extensions.softonic_i.dfltLng - 
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - TOMME PEKERE FJERNET - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-13 13:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skanner skjulte prosesser ...  
.
skanner skjulte autostart-oppføringer ... 
.
skanner skjulte filer ...  
.
skanning vellykket
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tidspunkt ferdig: 2012-12-13  13:30:32
ComboFix-quarantined-files.txt  2012-12-13 12:30
.
Pre-Run: 13 062 410 240 byte ledig
Post-Run: 13 358 923 776 byte ledig
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2E1055715756B8E4F46F9A70766DC3D6