ComboFix 10-04-12.06 - Therese 13.04.2010 16:30:58.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.1014.631 [GMT 2:00] Kjører fra: c:\documents and settings\Therese\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\Therese\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users.\documents\settings . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SPLITTNT -------\Legacy_STREAMEX -------\Service_splittnt -------\Service_streamex -------\Service_usb2k ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-13 til 2010-04-13 ))))))))))))))))))))))))))))))))) . 2010-04-13 09:36 . 2010-04-13 09:36 -------- d-----w- c:\program files\Common Files\Java 2010-04-13 09:35 . 2010-04-13 09:35 -------- d-----w- c:\program files\Java 2010-04-09 23:38 . 2010-04-09 23:38 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-04-08 11:02 . 2010-04-08 11:02 388096 ----a-r- c:\documents and settings\Therese\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-04-08 11:02 . 2010-04-08 11:02 -------- d-----w- c:\program files\TrendMicro 2010-04-08 10:13 . 2010-04-08 10:13 -------- d-----w- c:\program files\AVG 2010-04-08 10:13 . 2010-04-08 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-07 19:10 . 2010-04-07 19:21 -------- d-----w- c:\documents and settings\Therese\Local Settings\Application Data\ApplicationHistory 2010-04-07 19:10 . 2010-04-07 19:10 -------- d-----w- c:\documents and settings\Therese\Local Settings\Application Data\Broderbund Software 2010-04-07 19:10 . 2010-04-07 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Broderbund Software 2010-04-07 19:07 . 2010-04-07 20:50 -------- d-----w- c:\program files\Web Publish 2010-04-07 19:07 . 2007-07-19 11:07 3186688 ----a-w- c:\windows\system32\acXMLParser.dll 2010-04-07 19:07 . 2007-07-19 11:07 3186688 ----a-w- c:\windows\system32\cdintf300.dll 2010-04-07 19:01 . 2010-04-07 19:02 -------- d-----w- c:\windows\system32\URTTemp 2010-04-07 09:35 . 2010-04-07 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-04-06 21:01 . 2010-04-06 21:01 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-06 21:01 . 2010-04-06 21:01 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-06 21:00 . 2010-04-06 21:00 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-04-06 20:37 . 2010-04-06 20:46 -------- d-----w- c:\program files\Photoshop Elements 8 2010-04-01 09:59 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-25 17:37 . 2010-03-25 17:37 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1 2010-03-25 17:37 . 2005-03-09 19:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe 2010-03-25 17:37 . 2005-03-09 19:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe 2010-03-25 17:37 . 2005-03-09 19:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys 2010-03-25 17:37 . 2005-03-09 19:50 46592 ----a-w- c:\windows\system32\libusb0.dll 2010-03-25 17:31 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-03-25 17:31 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-03-25 17:24 . 2010-03-25 17:27 -------- d-----w- c:\program files\WinUAE 2010-03-24 11:46 . 2010-03-24 11:46 -------- d-----w- c:\documents and settings\Therese\Application Data\Malwarebytes 2010-03-24 11:46 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-24 11:46 . 2010-03-24 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-24 11:46 . 2010-03-24 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-24 11:46 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-20 21:39 . 2010-03-20 21:42 -------- d-----w- C:\digger 2010-03-20 21:38 . 2010-03-20 21:38 -------- d-----w- c:\documents and settings\Therese\Local Settings\Application Data\DOSBox 2010-03-20 21:38 . 2010-03-25 14:13 -------- d-----w- c:\program files\DOSBox-0.73 2010-03-20 21:36 . 2010-03-20 21:36 -------- d--h--w- c:\windows\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-13 14:37 . 2010-01-21 20:02 -------- d-----w- c:\documents and settings\Therese\Application Data\uTorrent 2010-04-13 09:45 . 2010-01-21 20:13 -------- d-----w- c:\documents and settings\Therese\Application Data\vlc 2010-04-13 09:35 . 2010-02-03 15:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-12 19:48 . 2010-01-21 20:00 -------- d-----w- c:\documents and settings\Therese\Application Data\Spotify 2010-04-10 12:14 . 2008-04-13 23:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-04-07 19:21 . 2010-01-28 10:14 282240 ----a-w- c:\documents and settings\Therese\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-07 19:03 . 2010-01-20 20:16 -------- d-----w- c:\program files\Common Files\InstallShield 2010-04-07 09:34 . 2010-01-28 09:52 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-24 13:05 . 2010-03-08 17:56 24035909 ----a-w- c:\windows\system32\tspcache.dll 2010-03-23 16:40 . 2010-03-08 17:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-16 20:16 . 2010-01-21 20:03 -------- d-----w- c:\program files\uTorrent 2010-03-11 02:02 . 2010-01-25 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-08 18:00 . 2010-03-08 17:57 91 ----a-w- c:\windows\system32\mspcom.dat 2010-03-08 10:46 . 2010-03-08 10:46 -------- d-----w- c:\program files\Microsoft Silverlight 2010-03-05 20:02 . 2010-03-05 20:02 -------- d-----w- c:\program files\DivX 2010-03-05 20:02 . 2010-03-05 20:02 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-02-27 19:39 . 2010-02-27 18:35 -------- d-----w- c:\program files\NTFS Undelete 2010-02-27 19:06 . 2010-02-27 16:04 -------- d-----w- c:\program files\Heroes of Newerth 2010-02-26 05:43 . 2008-04-14 04:42 667136 ------w- c:\windows\system32\wininet.dll 2010-02-26 05:43 . 2008-04-14 04:41 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-11 21:32 . 2010-02-11 21:32 1955624 ----a-w- c:\documents and settings\Therese\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-02-03 15:31 . 2010-02-03 15:31 503808 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47fbeb00-n\msvcp71.dll 2010-02-03 15:31 . 2010-02-03 15:31 499712 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47fbeb00-n\jmc.dll 2010-02-03 15:31 . 2010-02-03 15:31 348160 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47fbeb00-n\msvcr71.dll 2010-02-03 15:31 . 2010-02-03 15:31 61440 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e901fb5-n\decora-sse.dll 2010-02-03 15:31 . 2010-02-03 15:31 12800 ----a-w- c:\documents and settings\Therese\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e901fb5-n\decora-d3d.dll 2010-01-25 13:56 . 2010-01-25 13:56 115712 ----a-w- c:\windows\system32\drivers\cxbu0wdm.sys 2010-01-23 02:33 . 2010-01-20 19:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-20 20:49 . 2010-01-20 20:49 0 ----a-w- c:\windows\nsreg.dat 2010-01-20 19:50 . 2010-01-20 19:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat . ((((((((((((((((((((((((((((( SnapShot@2010-04-08_15.22.36 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-13 14:39 . 2010-04-13 14:39 16384 c:\windows\Temp\Perflib_Perfdata_3ec.dat + 2001-08-23 11:00 . 2010-04-13 04:47 54392 c:\windows\system32\perfc009.dat + 2004-07-14 21:34 . 2004-07-14 21:34 16896 c:\windows\system32\mscorier.dll - 2003-02-20 16:43 . 2003-02-20 16:43 16896 c:\windows\system32\mscorier.dll + 2010-01-21 19:58 . 2010-04-13 09:38 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2010-01-21 19:58 . 2010-02-14 12:46 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2003-02-20 18:10 . 2003-02-20 18:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll + 2004-07-15 00:11 . 2004-07-15 00:11 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll + 2004-06-22 11:51 . 2004-06-22 11:51 53248 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe - 2003-02-21 05:24 . 2003-02-21 05:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll + 2004-07-15 12:28 . 2004-07-15 12:28 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll + 2004-07-15 12:28 . 2004-07-15 12:28 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll - 2003-02-21 05:26 . 2003-02-21 05:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll + 2004-07-14 22:35 . 2004-07-14 22:35 66560 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll + 2004-07-15 12:28 . 2004-07-15 12:28 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll - 2003-02-21 05:26 . 2003-02-21 05:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll + 2004-07-15 12:28 . 2004-07-15 12:28 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll + 2004-07-14 22:34 . 2004-07-14 22:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll - 2003-02-20 17:09 . 2003-02-20 17:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll + 2004-07-14 22:33 . 2004-07-14 22:33 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll + 2004-07-14 22:32 . 2004-07-14 22:32 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll - 2003-02-21 05:25 . 2003-02-21 05:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe + 2004-07-15 12:28 . 2004-07-15 12:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe - 2003-02-21 05:25 . 2003-02-21 05:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe + 2004-07-15 12:28 . 2004-07-15 12:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe + 2004-07-15 12:31 . 2004-07-15 12:31 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll - 2003-02-21 05:24 . 2003-02-21 05:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll + 2003-10-08 12:30 . 2003-10-08 12:30 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe + 2004-07-15 09:23 . 2004-07-15 09:23 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe - 2003-02-21 08:20 . 2003-02-21 08:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe + 2004-07-14 22:32 . 2004-07-14 22:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2004-07-14 23:49 . 2004-07-14 23:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2003-02-20 17:19 . 2003-02-20 17:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2003-02-20 17:19 . 2003-02-20 17:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe + 2004-07-14 23:49 . 2004-07-14 23:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - 2003-02-20 17:19 . 2003-02-20 17:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe + 2004-07-14 23:49 . 2004-07-14 23:49 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe + 2010-04-09 01:10 . 2010-04-09 01:10 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fa7ed539\System.Drawing.Design.dll + 2010-04-09 01:09 . 2010-04-09 01:09 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_120d1b8b\CustomMarshalers.dll + 2010-04-09 01:06 . 2010-04-09 01:06 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2010-04-07 19:01 . 2010-04-07 19:01 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2010-04-09 01:06 . 2010-04-09 01:06 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll - 2010-04-07 19:01 . 2010-04-07 19:01 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2010-04-09 01:06 . 2010-04-09 01:06 66560 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll + 2010-04-09 01:06 . 2010-04-09 01:07 90112 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2010-04-07 19:01 . 2010-04-07 19:01 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll + 2010-04-09 01:06 . 2010-04-09 01:06 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll + 2010-04-09 01:06 . 2010-04-09 01:06 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll - 2010-04-07 19:01 . 2010-04-07 19:01 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll + 2004-07-15 12:31 . 2004-07-15 12:31 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll + 2010-04-09 01:06 . 2010-04-09 01:06 8192 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2001-08-23 11:00 . 2010-04-13 04:47 384230 c:\windows\system32\perfh009.dat + 2004-07-14 22:24 . 2004-07-14 22:24 155648 c:\windows\system32\mscoree.dll - 2003-02-20 17:06 . 2003-02-20 17:06 155648 c:\windows\system32\mscoree.dll + 2010-04-13 09:36 . 2010-04-13 09:35 153376 c:\windows\system32\javaws.exe - 2010-02-03 15:31 . 2010-02-03 15:30 153376 c:\windows\system32\javaws.exe - 2010-02-03 15:31 . 2010-02-03 15:30 145184 c:\windows\system32\javaw.exe + 2010-04-13 09:36 . 2010-04-13 09:35 145184 c:\windows\system32\javaw.exe - 2010-02-03 15:31 . 2010-02-03 15:30 145184 c:\windows\system32\java.exe + 2010-04-13 09:36 . 2010-04-13 09:35 145184 c:\windows\system32\java.exe - 2008-04-13 23:49 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys + 2008-04-13 23:49 . 2010-04-10 12:14 138496 c:\windows\system32\dllcache\afd.sys + 2004-07-15 09:23 . 2004-07-15 09:23 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe - 2003-02-21 08:20 . 2003-02-21 08:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe + 2004-07-15 12:31 . 2004-07-15 12:31 573440 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll + 2004-07-15 12:28 . 2004-07-15 12:28 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll - 2003-02-21 05:27 . 2003-02-21 05:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll + 2004-07-15 12:28 . 2004-07-15 12:28 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll - 2003-02-21 05:27 . 2003-02-21 05:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll + 2004-07-15 12:31 . 2004-07-15 12:31 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll - 2003-02-21 05:26 . 2003-02-21 05:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll + 2004-07-15 12:28 . 2004-07-15 12:28 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll - 2003-02-21 05:26 . 2003-02-21 05:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll - 2003-02-21 05:26 . 2003-02-21 05:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll + 2004-07-15 12:31 . 2004-07-15 12:31 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll + 2004-07-15 12:31 . 2004-07-15 12:31 372736 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll - 2003-02-21 05:26 . 2003-02-21 05:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll + 2004-07-15 12:28 . 2004-07-15 12:28 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll + 2004-07-15 12:28 . 2004-07-15 12:28 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll - 2003-02-21 05:26 . 2003-02-21 05:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll + 2004-07-15 12:31 . 2004-07-15 12:31 303104 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll - 2003-02-20 17:09 . 2003-02-20 17:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll + 2004-07-14 22:35 . 2004-07-14 22:35 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll + 2004-08-10 14:20 . 2004-08-10 14:20 106496 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe + 2004-07-14 22:33 . 2004-07-14 22:33 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll - 2003-02-20 17:09 . 2003-02-20 17:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll + 2004-07-14 22:33 . 2004-07-14 22:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2004-07-14 22:25 . 2004-07-14 22:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2004-07-14 22:32 . 2004-07-14 22:32 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll - 2003-02-20 17:09 . 2003-02-20 17:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll - 2003-02-21 05:26 . 2003-02-21 05:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll + 2004-07-15 12:28 . 2004-07-15 12:28 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll + 2004-07-15 12:28 . 2004-07-15 12:28 720896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll + 2004-07-14 22:35 . 2004-07-14 22:35 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe - 2003-02-20 17:09 . 2003-02-20 17:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe - 2003-02-20 17:06 . 2003-02-20 17:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll + 2004-07-14 22:24 . 2004-07-14 22:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll - 2003-02-21 08:21 . 2003-02-21 08:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-07-15 09:23 . 2004-07-15 09:23 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-07-14 23:49 . 2004-07-14 23:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2010-04-13 09:36 . 2010-04-13 09:36 178176 c:\windows\Installer\10b01f9.msi + 2010-04-13 09:35 . 2010-04-13 09:35 576000 c:\windows\Installer\10b01f4.msi + 2010-04-09 01:44 . 2010-04-09 01:44 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ead23675\System.Drawing.dll + 2010-04-09 02:01 . 2010-04-09 02:01 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_5dee70cb\System.Drawing.Design.dll + 2010-04-09 02:00 . 2010-04-09 02:00 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3682f4bf\CustomMarshalers.dll + 2010-04-09 01:06 . 2010-04-09 01:06 573440 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2010-04-07 19:01 . 2010-04-07 19:01 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2010-04-09 01:06 . 2010-04-09 01:06 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2010-04-07 19:01 . 2010-04-07 19:01 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2010-04-09 01:06 . 2010-04-09 01:06 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2010-04-07 19:01 . 2010-04-07 19:01 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-04-09 01:06 . 2010-04-09 01:06 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-04-09 01:06 . 2010-04-09 01:06 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2010-04-07 19:01 . 2010-04-07 19:01 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2010-04-07 19:01 . 2010-04-07 19:01 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll + 2010-04-09 01:07 . 2010-04-09 01:07 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll + 2010-04-09 01:06 . 2010-04-09 01:06 372736 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll + 2010-04-09 01:06 . 2010-04-09 01:06 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2010-04-07 19:01 . 2010-04-07 19:01 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2010-04-09 01:06 . 2010-04-09 01:06 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll - 2010-04-07 19:01 . 2010-04-07 19:01 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll + 2010-04-09 01:06 . 2010-04-09 01:06 303104 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll + 2010-04-09 01:06 . 2010-04-09 01:06 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2010-04-07 19:01 . 2010-04-07 19:01 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2010-04-09 01:07 . 2010-04-09 01:07 720896 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2003-02-21 03:04 . 2003-02-21 03:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll + 2004-07-15 06:15 . 2004-07-15 06:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll + 2004-07-15 12:29 . 2004-07-15 12:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll + 2004-07-15 12:32 . 2004-07-15 12:32 2052096 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll + 2004-07-15 12:29 . 2004-07-15 12:29 1257472 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2004-07-15 12:31 . 2004-07-15 12:31 1224704 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2004-07-15 12:29 . 2004-07-15 12:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll + 2004-07-15 12:32 . 2004-07-15 12:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll + 2004-07-14 22:28 . 2004-07-14 22:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2004-07-14 22:26 . 2004-07-14 22:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2004-07-15 12:29 . 2004-07-15 12:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2010-04-09 01:08 . 2010-04-09 01:08 1953792 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7863af85\System.dll + 2010-04-09 02:00 . 2010-04-09 02:00 4763648 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_30aae5eb\System.dll + 2010-04-09 01:35 . 2010-04-09 01:35 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_80c63829\System.Xml.dll + 2010-04-09 03:05 . 2010-04-09 03:05 5505024 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_65458a49\System.Xml.dll + 2010-04-09 02:36 . 2010-04-09 02:36 7880704 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_df23e591\System.Windows.Forms.dll + 2010-04-09 01:23 . 2010-04-09 01:23 3014656 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7013e538\System.Windows.Forms.dll + 2010-04-09 03:26 . 2010-04-09 03:26 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ac531ec9\System.Drawing.dll + 2010-04-09 01:40 . 2010-04-09 01:40 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3e720e74\System.Design.dll + 2010-04-09 03:18 . 2010-04-09 03:18 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_041c6b4f\System.Design.dll + 2010-04-09 01:52 . 2010-04-09 01:52 3379200 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b4671a0\mscorlib.dll + 2010-04-09 03:51 . 2010-04-09 03:52 8880128 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1756b199\mscorlib.dll + 2010-04-09 01:07 . 2010-04-09 01:07 1224704 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2010-04-09 01:06 . 2010-04-09 01:06 1339392 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll + 2010-04-09 01:06 . 2010-04-09 01:06 2052096 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll + 2010-04-09 01:06 . 2010-04-09 01:06 1257472 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2010-04-09 01:06 . 2010-04-09 01:06 1703936 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll + 2010-04-09 01:06 . 2010-04-09 01:06 1294336 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll + 2010-04-09 01:01 . 2010-04-09 01:01 19210240 c:\windows\Installer\25c6428.msp . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976] "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 88363] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 05:45 169312] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [25.03.2010 19:37 33792] S3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [25.01.2010 15:56 115712] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-04-13 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-01-25 21:18] . . ------- Tilleggsskanning ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Therese\Application Data\Mozilla\Firefox\Profiles\n5wf2gp5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-13 16:39 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x854F5AC8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7620f28 \Driver\ACPI -> ACPI.sys @ 0xf7493cb8 \Driver\atapi -> atapi.sys @ 0xf7407852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7313bb0 PacketIndicateHandler -> NDIS.sys @ 0xf7320a21 SendHandler -> NDIS.sys @ 0xf72fe87b user & kernel MBR OK ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(3700) c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\libusbd-nt.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\AGRSMMSG.exe c:\program files\Apoint2K\Apntex.exe c:\windows\system32\wscntfy.exe c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE . ************************************************************************** . Tidspunkt ferdig: 2010-04-13 16:43:39 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-04-13 14:43 Pre-Run: 32 745 275 392 bytes free Post-Run: 32 745 512 960 bytes free - - End Of File - - D04A787BE3186EA759F7B908BC6DE2F9