ComboFix 08-08-26.02 - himmel 2008-08-27 11:46:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.45 [GMT 2:00] Running from: C:\Documents and Settings\himmel\Skrivebord\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\__c004BD32.dat C:\WINDOWS\system32\~.exe . ((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))) . 2008-08-27 11:28 . 2008-08-27 11:28 dr-h----- C:\Documents and Settings\himmel\Siste 2008-08-23 12:08 . 2008-08-23 12:08 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-23 12:07 . 2008-08-27 11:17 d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-23 12:07 . 2008-08-23 12:07 d-------- C:\Documents and Settings\himmel\Programdata\SUPERAntiSpyware.com 2008-08-23 12:01 . 2008-08-23 12:01 d-------- C:\Programfiler\CCleaner 2008-08-19 07:39 . 2008-08-22 07:47 d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-27 09:50 --------- d-----w C:\Programfiler\Microsoft AntiSpyware 2008-08-23 10:32 --------- d-----w C:\Programfiler\Java 2008-08-23 10:07 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 09:51 68856] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-27 11:17 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="C:\Programfiler\Logitech\iTouch.exe" [2004-03-18 10:33 892928] "gcasServ"="C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" [2004-12-31 14:14 469824] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\himmel\Start-meny\Programmer\Oppstart\ NaturalColorLoad.lnk - C:\Programfiler\SEC\Natural Color\NaturalColorLoad.exe [2004-11-26 10:13:35 155715] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] NaturalColorLoad.lnk - C:\Programfiler\SEC\Natural Color\NaturalColorLoad.exe [2004-11-26 10:13:35 155715] TouchWare Monitor.lnk - C:\Programfiler\MicroTouch\TouchWare\MtsTsMon.exe [2004-11-26 10:12:45 90112] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-08-27 11:17 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:08] R3 MtsTch;MicroTouch touch screen;C:\WINDOWS\system32\DRIVERS\MtsTch.sys [2003-05-19 14:06] . - - - - ORPHANS REMOVED - - - - Notify-cc0428b2382 - C:\WINDOWS\system32\__c004BD32.dat . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\himmel\Programdata\Mozilla\Firefox\Profiles\cao77bzi.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.eadmin.no/default.asp?fid=1000 . . ------- File Associations (Beta) ------- . . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-27 11:50:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Logitech\system\EM_EXEC.EXE C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe . ************************************************************************** . Completion time: 2008-08-27 11:54:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-27 09:54:43 Pre-Run: 14,331,805,696 byte ledig Post-Run: 14,322,827,264 byte ledig 96 --- E O F --- 2008-08-21 11:45:17