ComboFix 09-01-01.02 - Andreas 2009-01-03 16:56:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.2046.1563 [GMT 1:00] Kjører fra: R:\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\dat.txt c:\windows\Downloaded Program Files\setup.inf c:\windows\privacy_danger c:\windows\privacy_danger\images\capt.gif c:\windows\privacy_danger\images\danger.jpg c:\windows\privacy_danger\images\down.gif c:\windows\privacy_danger\images\spacer.gif c:\windows\privacy_danger\index.htm c:\windows\system32\drivers\msqpdxkocvryue.sys c:\windows\system32\drivers\msqpdxwqjborhu.sys c:\windows\system32\msqpdxgdrnysef.dll c:\windows\system32\msqpdxlymxddmq.dll D:\Autorun.inf D:\resycled d:\resycled\boot.com K:\Autorun.inf K:\resycled k:\resycled\boot.com . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSQPDXSERV.SYS ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-03 til 2009-01-03 ))))))))))))))))))))))))))))))))) . 2008-12-25 18:19 . 2008-12-25 18:19 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-25 18:19 . 2008-12-25 18:19 1,409 --a------ c:\windows\QTFont.for 2008-12-20 20:16 . 2008-12-20 20:16 22,328 --a------ c:\documents and settings\Andreas\Programdata\PnkBstrK.sys 2008-12-20 20:16 . 2008-12-20 20:16 314 --a------ c:\windows\game.ini 2008-12-20 20:00 . 2008-12-20 20:00 d-------- c:\programfiler\id Software 2008-12-20 19:59 . 2008-12-20 19:59 d--hs---- c:\windows\ftpcache 2008-12-03 21:19 . 2008-12-03 21:19 540,826 --a------ c:\windows\h_eJay5.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-03 15:51 --------- d-----w c:\documents and settings\Andreas\Programdata\Skype 2009-01-03 15:48 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2009-01-03 00:40 --------- d-----w c:\programfiler\Warcraft III 2009-01-02 20:08 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2009-01-02 20:08 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-02 20:08 107,832 ----a-w c:\windows\system32\PnkBstrB.exe 2009-01-02 17:09 11,328 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-01-02 17:09 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-02 03:45 --------- d-----w c:\documents and settings\Andreas\Programdata\uTorrent 2008-12-25 04:52 --------- d-----w c:\programfiler\Google 2008-12-16 15:55 --------- d-----w c:\programfiler\World of Warcraft 2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-11-19 16:49 --------- d-----w c:\programfiler\Steam 2008-11-09 13:27 --------- d-----w c:\programfiler\FRAPS 2008-11-09 13:04 --------- d-----w c:\documents and settings\Andreas\Programdata\Shareaza 2008-11-04 18:05 --------- d-----w c:\programfiler\DsNET Corp 2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 13:15 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 17:01 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:17 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll 2008-01-13 17:54 35,112 ----a-w c:\documents and settings\Andreas\Programdata\GDIPFONTCACHEV1.DAT 2005-12-08 00:02 5,529,043 ----a-w c:\programfiler\worldedit.exe 2004-09-24 11:41 1,568,211 ----a-w c:\programfiler\war3.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Fraps"="c:\programfiler\FRAPS\FRAPS.EXE" [2006-10-26 2838528] "updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200] "DAEMON Tools Pro Agent"="c:\programfiler\DAEMON Tools Pro\DTProAgent.exe" [2007-12-12 273864] "Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2006-07-21 20036648] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-25 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "HPHUPD06"="c:\programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152] "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Home Theater SchSvr"="c:\programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe" [2005-05-10 106496] "WINREMOTE"="c:\programfiler\InterVideo\Common\Bin\WinRemote.exe" [2005-05-10 233472] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "CTDVDDET"="c:\programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 71304] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-07-28 100056] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2006-10-25 282624] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2006-10-30 256576] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2003-11-14 c:\windows\system32\CTHELPER.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\programfiler\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 c:\windows\MIDIDEF.EXE] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\World of Warcraft\\WoW-1.11.0-enGB-downloader.exe"= "c:\\Programfiler\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Steam\\steamapps\\andreasskrett\\counter-strike\\hl.exe"= "c:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"= "c:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"= "c:\\Programfiler\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enGB-downloader.exe"= "c:\\Programfiler\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"= "c:\\Programfiler\\Wolfenstein - Enemy Territory\\ET.exe"= "c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Warcraft III\\War3.exe"= "c:\\Programfiler\\Warcraft III\\Warcraft III.exe"= "c:\\Programfiler\\Steam\\Steam.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Electronic Arts\\ -\\game.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Fox\\Aliens vs. Predator 2\\lithtech.exe"= "c:\\Programfiler\\Fox\\Aliens versus Predator 2 - Primal Hunt\\lithtech.exe"= "c:\\Programfiler\\Electronic Arts\\ -\\patchget.dat"= "c:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= "c:\\Programfiler\\Sierra\\Empire Earth II\\EE2.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:WOW "6112:TCP"= 6112:TCP:WOW2 "6881:TCP"= 6881:TCP:WOW3 "6999:TCP"= 6999:TCP:WOW4 R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2005-01-01 24544] R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\DRIVERS\wn5401.sys [2005-01-01 449920] *Newly Created Service* - PROCEXP90 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13] 2008-12-26 c:\windows\Tasks\Norton AntiVirus - Søk på min datamaskin - Andreas.job - c:\progra~1\NORTON~1\Navw32.exe [2003-12-10 15:02] 2009-01-03 c:\windows\Tasks\Symantec NetDetect.job - c:\programfiler\Symantec\LiveUpdate\NDETECT.EXE [2003-09-09 13:49] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-CTXFIREG - CTxfiReg.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.vg.no/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=Q305&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=Q305&bd=pavilion&pf=desktop IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-03 17:06:11 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\msqpdxserv.sys] "imagepath"="\systemroot\system32\drivers\msqpdxkocvryue.sys" . Tidspunkt ferdig: 2009-01-03 17:07:22 ComboFix-quarantined-files.txt 2009-01-03 16:07:11 Pre-Run: 48,021,487,616 byte ledig Post-Run: 52,514,439,168 byte ledig 210 --- E O F --- 2008-12-18 14:01:41