ComboFix 09-01-21.04 - Thomas 2009-01-24 21:33:17.3 - NTFSx86 Kjører fra: c:\documents and settings\Thomas\Skrivebord\ComboFix.exe ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Forrige skanning ------- . c:\windows\ijmonn.ini c:\windows\mopqss.ini c:\windows\orqrss.ini c:\windows\system\oeminfo.ini c:\windows\xbeehk.ini c:\windows\xyxwwa.ini C:\xcrashdump.dat D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Legacy_DOMAINSERVICE -------\Service_Boonty Games -------\Legacy_BOONTY_GAMES -------\Legacy_DOMAINSERVICE ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-24 til 2009-01-24 ))))))))))))))))))))))))))))))))) . 2009-01-24 20:41 . 2009-01-24 20:41 d-------- c:\programfiler\Trend Micro 2009-01-24 20:33 . 2009-01-24 20:33 dr-h----- c:\documents and settings\Thomas\Siste 2009-01-21 17:58 . 2009-01-21 17:58 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-21 17:58 . 2009-01-21 17:58 1,409 --a------ c:\windows\QTFont.for 2009-01-16 15:29 . 2009-01-16 15:29 d-------- c:\programfiler\Fellesfiler\Adobe Systems Shared 2009-01-16 15:29 . 2009-01-16 15:29 d-------- c:\documents and settings\All Users\Programdata\Adobe Systems 2008-12-30 17:44 . 2009-01-01 15:05 21,840 --a----t- c:\windows\system32\SIntfNT.dll 2008-12-30 17:44 . 2009-01-01 15:05 17,212 --a----t- c:\windows\system32\SIntf32.dll 2008-12-30 17:44 . 2009-01-01 15:05 12,067 --a----t- c:\windows\system32\SIntf16.dll 2008-12-30 17:43 . 2008-12-30 17:43 94,208 --a------ c:\windows\DIIUnin.exe 2008-12-30 17:43 . 2008-12-30 17:48 33,993 --a------ c:\windows\DIIUnin.dat 2008-12-30 17:43 . 2008-12-30 17:43 2,829 --a------ c:\windows\DIIUnin.pif 2008-12-30 17:28 . 2009-01-01 00:43 d-------- c:\programfiler\Diablo II 2008-12-28 21:45 . 2008-12-28 21:45 d-------- c:\documents and settings\Thomas\Programdata\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 20:30 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2009-01-24 19:34 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-01-24 19:32 --------- d-----w c:\programfiler\World of Warcraft 2009-01-22 15:52 --------- d-----w c:\documents and settings\All Users\Programdata\TrackMania 2009-01-17 16:06 34 ----a-w c:\documents and settings\Thomas\jagex_runescape_preferences.dat 2009-01-16 14:31 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-01 17:48 --------- d-----w c:\programfiler\Telenor 2009-01-01 17:48 --------- d-----w c:\documents and settings\All Users\Programdata\Telenor 2008-12-29 00:09 --------- d-----w c:\programfiler\Steam 2008-12-19 22:07 --------- d-----w c:\programfiler\THQ 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-25 22:08 --------- d-----w c:\documents and settings\All Users\Programdata\Emotum . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------w 27,337 2008-08-06 18:21:48 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\FuelGauge.gfx ------w 27,337 2008-08-13 11:59:50 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\FuelGauge.gfx ------w 80,292 2008-08-06 18:21:48 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\Hud_new.gfx ------w 80,737 2008-08-15 14:40:16 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\Hud_new.gfx ------w 1,975 2008-08-06 18:21:50 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\LapTime.gfx ------w 1,975 2008-08-13 11:59:50 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\LapTime.gfx ------w 1,734 2008-08-06 18:21:50 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\Leaderboard.gfx ------w 1,734 2008-08-13 11:59:50 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\Leaderboard.gfx ------w 133,253 2008-08-06 18:21:50 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\Notification.gfx ------w 143,549 2008-08-20 13:49:50 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\Notification.gfx ------w 11,029 2008-08-06 18:21:50 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\PosBar.gfx ------w 11,029 2008-08-13 11:59:52 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\PosBar.gfx ------w 13,253 2008-08-06 18:21:52 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\Preload.gfx ------w 13,253 2008-08-13 11:59:52 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\Preload.gfx ------w 831 2008-08-04 16:20:38 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\Qualify.gfx ------w 831 2008-08-06 20:25:48 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\Qualify.gfx ------w 40,015 2008-08-06 18:21:52 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\ThrillBar.gfx ------w 36,884 2008-08-15 14:40:16 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\ThrillBar.gfx ------w 89,935 2008-06-16 11:22:56 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\TrickHud.gfx ------w 89,935 2008-08-13 11:59:52 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\TrickHud.gfx ------w 33,081 2008-08-06 18:21:52 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\bak\Trickname.gfx ------w 33,081 2008-08-13 11:59:52 c:\programfiler\Disney Interactive Studios\Pure\Data\UI\HUD\Trickname.gfx ------w 12,548 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\Dutch.txt ------w 12,548 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\Dutch.txt ------w 6,890 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\English_UK.txt ------w 6,890 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\English_UK.txt ------w 11,352 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\English_USA.txt ------w 11,352 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\English_USA.txt ------w 7,700 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\French.txt ------w 7,700 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\French.txt ------w 5,806 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\German.txt ------w 5,806 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\German.txt ------w 41,922 2008-08-04 14:49:54 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\Global.txt ------w 41,922 2008-08-14 09:39:10 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\Global.txt ------w 9,234 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\Italian.txt ------w 9,234 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\Italian.txt ------w 2,420 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\Japanese.txt ------w 2,420 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\Japanese.txt ------w 1,525 2008-08-13 13:47:34 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\Polish.txt ------w 3,052 2008-08-18 15:00:40 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\Polish.txt ------w 14,532 2008-08-13 13:47:34 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\Russian.txt ------w 16,118 2008-08-18 15:00:42 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\Russian.txt ------w 2,400 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\bak\Spanish.txt ------w 2,400 2008-06-16 11:23:00 c:\programfiler\Disney Interactive Studios\Pure\Data\UrbanDictionary\Spanish.txt ----a-w 40,960 2006-05-02 08:36:18 c:\programfiler\Hewlett-Packard\Default Settings\bak\cpqset.exe ----a-w 49,152 2005-02-16 21:11:42 c:\programfiler\HP\HP Software Update\bak\HPWuSchd2.exe ----a-w 102,400 2006-04-11 19:54:16 c:\programfiler\HP\QuickPlay\bak\QPService.exe ----a-w 49,263 2006-10-12 02:10:54 c:\programfiler\Java\jre1.5.0_09\bin\bak\jusched.exe ----a-w 761,946 2006-04-01 05:01:48 c:\programfiler\Synaptics\SynTP\bak\SynTPEnh.exe ----a-w 1,269,760 2007-01-09 14:33:30 c:\programfiler\Valve\Steam\bak\Steam.exe ----a-w 1,187,840 2005-10-11 08:23:50 c:\windows\SMINST\bak\RecGuard.exe ----a-w 15,360 2004-08-04 12:00:00 c:\windows\system32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 12:00:00 c:\windows\system32\ctfmon.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC88E206-2B2E-4308-894A-89C736D1D818}] 2007-01-13 13:45 159744 --a------ c:\windows\system32\test_bhog.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_09\bin\jusched.exe" [N/A] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-04-25 53408] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [N/A] "QPService"="c:\programfiler\HP\QuickPlay\QPService.exe" [N/A] "HP Software Update"="c:\programfiler\Hp\HP Software Update\HPWuSchd2.exe" [N/A] "QlbCtrl"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072] "Cpqset"="c:\programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [N/A] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [N/A] "QuickTime Task"="c:\programfiler\quicktime\qttask.exe" [2007-02-04 282624] "Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] "nwiz"="nwiz.exe" [2006-04-26 c:\windows\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 c:\windows\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Thomas\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Pavilion Webcam Tray Icon.lnk - c:\programfiler\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-09-21 98304] HP Photosmart Premier Hurtigstart.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-26 14:53 1410296 c:\programfiler\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Programfiler\\World of Warcraft\\WoW.exe"= "c:\\Programfiler\\Steam\\steamapps\\sebbe1122\\counter-strike\\hl.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "c:\\Programfiler\\Steam\\steamapps\\thecrims90\\counter-strike\\hl.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-05-23 902424] R2 avg8wd;AVG8 WatchDog; [x] R3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\DRIVERS\z530bus.sys [2006-02-17 58288] R3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z530mdfl.sys [2006-02-17 8336] R3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\DRIVERS\z530mdm.sys [2006-02-17 94064] R3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\z530mgmt.sys [2006-02-17 85408] R3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\z530obex.sys [2006-02-17 83344] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-23 96520] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032] S2 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2008-05-23 75272] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2006-11-15 102760] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-14 38496] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MBAMSWISSARMY *Deregistered* - AFD *Deregistered* - ALG *Deregistered* - AliIde *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - Automatisk LiveUpdate-planlegging *Deregistered* - AvgLdx86 *Deregistered* - AvgTdiX *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - ccEvtMgr *Deregistered* - ccProxy *Deregistered* - ccSetMgr *Deregistered* - Cdfs *Deregistered* - Compbatt *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmio *Deregistered* - dmload *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - eabfiltr *Deregistered* - eeCtrl *Deregistered* - EraserUtilRebootDrv *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - Fastfat *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - hpqwmiex *Deregistered* - HTTP *Deregistered* - HTTPFilter *Deregistered* - i2omgmt *Deregistered* - ImapiService *Deregistered* - IntelIde *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LightScribeService *Deregistered* - LiveUpdate *Deregistered* - LmHosts *Deregistered* - MBAMSwissArmy *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - navapsvc *Deregistered* - NAVENG *Deregistered* - NAVEX15 *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - NSCService *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - NVSvc *Deregistered* - PartMgr *Deregistered* - Pcmcia *Deregistered* - PnkBstrA *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - rdpdr *Deregistered* - RemoteRegistry *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - SAVRT *Deregistered* - SAVRTPEL *Deregistered* - Schedule *Deregistered* - Secdrv *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - Serial *Deregistered* - sfdrv01 *Deregistered* - sfhlp02 *Deregistered* - sfvfs02 *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - SNDSrvc *Deregistered* - SPBBCDrv *Deregistered* - SPBBCSvc *Deregistered* - Spooler *Deregistered* - sptd *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - swenum *Deregistered* - Symantec Core LC *Deregistered* - SYMDNS *Deregistered* - SymEvent *Deregistered* - SYMFW *Deregistered* - SYMIDS *Deregistered* - SYMIDSCO *Deregistered* - symlcbrd *Deregistered* - SYMNDIS *Deregistered* - SYMREDRV *Deregistered* - SYMTDI *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - upnphost *Deregistered* - VgaSave *Deregistered* - ViaIde *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WMPNetworkSvc *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WudfPf *Deregistered* - WudfSvc *Deregistered* - WZCSVC . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-23 c:\windows\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - Thomas.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-02-05 08:03] 2009-01-24 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = iexplore IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: Åpne i ny bakgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?7c6a75024e8c43368fd2f1bb8401964b IE: Åpne i ny forgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?7c6a75024e8c43368fd2f1bb8401964b DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx FF - ProfilePath - c:\documents and settings\Thomas\Programdata\Mozilla\Firefox\Profiles\2d67620m.default\ FF - component: c:\programfiler\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\programfiler\Java\jre1.5.0_09\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_09\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_09\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_09\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_09\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_09\bin\NPJPI150_09.dll FF - plugin: c:\programfiler\Java\jre1.5.0_09\bin\NPOJI610.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 21:36:57 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programfiler\Hewlett-Packard\Default Settings\cpqset.exe?????????????,?@??????U??????R?@?????,?@ skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-4220502894-340635101-1155017347-1006\Software\SecuROM\License information*] "datasecu"=hex:9b,4b,7a,b5,2f,fe,b6,9a,6b,f0,43,ad,17,08,38,ca,e8,5c,5f,10,70, 85,4b,54,3e,26,8d,5f,8b,cd,52,df,eb,b8,ba,38,c1,b9,a9,82,e6,45,95,83,04,41,\ "rkeysecu"=hex:12,0b,d7,bb,e7,ca,22,87,bf,d1,a0,90,54,42,fe,a6 . Tidspunkt ferdig: 2009-01-24 21:40:00 ComboFix-quarantined-files.txt 2009-01-24 20:39:57 Pre-Run: 25,527,750,656 byte ledig Post-Run: 25,511,030,784 byte ledig 392 --- E O F --- 2009-01-15 14:02:24