ComboFix 09-01-01.02 - Andreas 2009-01-03 20:04:36.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.2046.1572 [GMT 1:00]
Kjører fra: c:\documents and settings\Andreas\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\Andreas\Skrivebord\CFScript.txt
 * Opprettet nytt gjenopprettingspunkt

FILE ::
c:\windows\h_eJay5.inf
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\h_eJay5.inf

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2008-12-03 til 2009-01-03  )))))))))))))))))))))))))))))))))
.

2008-12-25 18:19 . 2008-12-25 18:19	54,156	--ah-----	c:\windows\QTFont.qfn
2008-12-25 18:19 . 2008-12-25 18:19	1,409	--a------	c:\windows\QTFont.for
2008-12-20 20:16 . 2008-12-20 20:16	22,328	--a------	c:\documents and settings\Andreas\Programdata\PnkBstrK.sys
2008-12-20 20:16 . 2008-12-20 20:16	314	--a------	c:\windows\game.ini
2008-12-20 20:00 . 2008-12-20 20:00	<DIR>	d--------	c:\programfiler\id Software
2008-12-20 19:59 . 2008-12-20 19:59	<DIR>	d--hs----	c:\windows\ftpcache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 15:51	---------	d-----w	c:\documents and settings\Andreas\Programdata\Skype
2009-01-03 15:48	---------	d---a-w	c:\documents and settings\All Users\Programdata\TEMP
2009-01-03 00:40	---------	d-----w	c:\programfiler\Warcraft III
2009-01-02 20:08	66,872	----a-w	c:\windows\system32\PnkBstrA.exe
2009-01-02 20:08	22,328	----a-w	c:\windows\system32\drivers\PnkBstrK.sys
2009-01-02 20:08	107,832	----a-w	c:\windows\system32\PnkBstrB.exe
2009-01-02 17:09	11,328	----a-w	c:\windows\system32\ealregsnapshot1.reg
2009-01-02 17:09	---------	d--h--w	c:\programfiler\InstallShield Installation Information
2009-01-02 03:45	---------	d-----w	c:\documents and settings\Andreas\Programdata\uTorrent
2008-12-25 04:52	---------	d-----w	c:\programfiler\Google
2008-12-16 15:55	---------	d-----w	c:\programfiler\World of Warcraft
2008-12-13 06:40	3,593,216	------w	c:\windows\system32\dllcache\mshtml.dll
2008-11-19 16:49	---------	d-----w	c:\programfiler\Steam
2008-11-09 13:27	---------	d-----w	c:\programfiler\FRAPS
2008-11-09 13:04	---------	d-----w	c:\documents and settings\Andreas\Programdata\Shareaza
2008-11-04 18:05	---------	d-----w	c:\programfiler\DsNET Corp
2008-10-24 11:10	453,632	------w	c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01	283,648	----a-w	c:\windows\system32\gdi32.dll
2008-10-23 13:01	283,648	----a-w	c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:15	70,656	------w	c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\wuweb.dll
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\wuapi.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\wucltui.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11	13,824	------w	c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\cdm.dll
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\wuauclt.exe
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09	43,544	----a-w	c:\windows\system32\wups2.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\wups.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06	268,648	----a-w	c:\windows\system32\mucltui.dll
2008-10-16 13:06	208,744	----a-w	c:\windows\system32\muweb.dll
2008-10-15 17:01	332,800	----a-w	c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06	633,632	------w	c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04	161,792	------w	c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:17	247,326	----a-w	c:\windows\system32\strmdll.dll
2008-10-03 10:17	247,326	----a-w	c:\windows\system32\dllcache\strmdll.dll
2008-01-13 17:54	35,112	----a-w	c:\documents and settings\Andreas\Programdata\GDIPFONTCACHEV1.DAT
2005-12-08 00:02	5,529,043	----a-w	c:\programfiler\worldedit.exe
2004-09-24 11:41	1,568,211	----a-w	c:\programfiler\war3.exe
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Fraps"="c:\programfiler\FRAPS\FRAPS.EXE" [2006-10-26 2838528]
"updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"DAEMON Tools Pro Agent"="c:\programfiler\DAEMON Tools Pro\DTProAgent.exe" [2007-12-12 273864]
"Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2006-07-21 20036648]
"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"HPHUPD06"="c:\programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Home Theater SchSvr"="c:\programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe" [2005-05-10 106496]
"WINREMOTE"="c:\programfiler\InterVideo\Common\Bin\WinRemote.exe" [2005-05-10 233472]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"CTDVDDET"="c:\programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 71304]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-07-28 100056]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-11-14 c:\windows\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\programfiler\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 c:\windows\MIDIDEF.EXE]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\World of Warcraft\\WoW-1.11.0-enGB-downloader.exe"=
"c:\\Programfiler\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\Steam\\steamapps\\andreasskrett\\counter-strike\\hl.exe"=
"c:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"c:\\Programfiler\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enGB-downloader.exe"=
"c:\\Programfiler\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"=
"c:\\Programfiler\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Warcraft III\\War3.exe"=
"c:\\Programfiler\\Warcraft III\\Warcraft III.exe"=
"c:\\Programfiler\\Steam\\Steam.exe"=
"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\MSN Messenger\\livecall.exe"=
"c:\\Programfiler\\Electronic Arts\\  -\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Programfiler\\Fox\\Aliens versus Predator 2 - Primal Hunt\\lithtech.exe"=
"c:\\Programfiler\\Electronic Arts\\  -\\patchget.dat"=
"c:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programfiler\\Sierra\\Empire Earth II\\EE2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:WOW
"6112:TCP"= 6112:TCP:WOW2
"6881:TCP"= 6881:TCP:WOW3
"6999:TCP"= 6999:TCP:WOW4

R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2005-01-01 24544]
R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\DRIVERS\wn5401.sys [2005-01-01 449920]

*Newly Created Service* - PROCEXP90
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2008-12-26 c:\windows\Tasks\Norton AntiVirus - Søk på min datamaskin - Andreas.job
- c:\progra~1\NORTON~1\Navw32.exe [2003-12-10 15:02]

2009-01-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\programfiler\Symantec\LiveUpdate\NDETECT.EXE [2003-09-09 13:49]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.vg.no/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=Q305&bd=pavilion&pf=desktop
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 20:08:03
Windows 5.1.2600 Service Pack 2 NTFS

skanner skjulte prosesser ... 

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ... 

skanning vellykket
skjulte filer: 0

**************************************************************************
.
Tidspunkt ferdig: 2009-01-03 20:09:12
ComboFix-quarantined-files.txt  2009-01-03 19:08:46

Pre-Run: 52 493 905 920 byte ledig
Post-Run: 52,479,918,080 byte ledig

188	--- E O F ---	2008-12-18 14:01:41