ComboFix 08-12-07.04 - Martin Storhaug Gran 2008-12-10  1:21:18.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1044.18.224 [GMT 0:00]
Kjører fra: d:\downloads (firefox)\ComboFix.exe
 * Opprettet nytt gjenopprettingspunkt

[COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR]
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2008-11-10 til 2008-12-10  )))))))))))))))))))))))))))))))))
.

2009-01-13 20:52 . 2009-01-13 20:52	<DIR>	d--------	c:\programfiler\Fellesfiler\Adobe AIR
2009-01-13 20:50 . 2008-11-23 15:18	<DIR>	d--------	c:\programfiler\Fellesfiler\Adobe
2009-01-13 20:50 . 2009-01-13 20:50	<DIR>	d--------	c:\programfiler\Adobe 9 Reader Installat›rer
2009-01-13 20:47 . 2008-10-14 22:36	<DIR>	d--------	c:\programfiler\NOS
2009-01-13 20:47 . 2008-10-14 22:36	<DIR>	d--------	c:\documents and settings\All Users\Programdata\NOS
2009-01-13 19:09 . 2008-09-08 10:41	333,824	-----c---	c:\windows\system32\dllcache\srv.sys
2009-01-13 19:08 . 2008-08-14 13:27	2,190,976	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-13 19:08 . 2008-08-14 13:27	2,147,328	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-13 19:08 . 2008-08-14 13:27	2,067,840	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-13 19:08 . 2008-08-14 13:27	2,025,984	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-13 19:08 . 2008-09-15 15:29	1,846,400	-----c---	c:\windows\system32\dllcache\win32k.sys
2009-01-07 17:38 . 2009-01-07 17:38	268	--ah-----	C:\sqmdata19.sqm
2009-01-07 17:38 . 2009-01-07 17:38	244	--ah-----	C:\sqmnoopt19.sqm
2009-01-07 17:32 . 2009-01-07 17:32	268	--ah-----	C:\sqmdata18.sqm
2009-01-07 17:32 . 2009-01-07 17:32	244	--ah-----	C:\sqmnoopt18.sqm
2009-01-07 09:58 . 2009-01-07 09:58	268	--ah-----	C:\sqmdata17.sqm
2009-01-07 09:58 . 2009-01-07 09:58	244	--ah-----	C:\sqmnoopt17.sqm
2009-01-06 17:39 . 2009-01-06 17:39	268	--ah-----	C:\sqmdata16.sqm
2009-01-06 17:39 . 2009-01-06 17:39	244	--ah-----	C:\sqmnoopt16.sqm
2009-01-06 15:55 . 2008-12-08 18:54	<DIR>	d--------	c:\documents and settings\Martin Storhaug Gran\Programdata\Apple Computer
2009-01-06 15:53 . 2009-01-06 15:53	<DIR>	d--------	c:\programfiler\Bonjour
2009-01-05 09:57 . 2009-01-05 09:57	268	--ah-----	C:\sqmdata15.sqm
2009-01-05 09:57 . 2009-01-05 09:57	244	--ah-----	C:\sqmnoopt15.sqm
2009-01-04 20:44 . 2009-01-04 20:44	268	--ah-----	C:\sqmdata14.sqm
2009-01-04 20:44 . 2009-01-04 20:44	244	--ah-----	C:\sqmnoopt14.sqm
2009-01-02 23:16 . 2009-01-02 23:16	268	--ah-----	C:\sqmdata13.sqm
2009-01-02 23:16 . 2009-01-02 23:16	244	--ah-----	C:\sqmnoopt13.sqm
2008-12-31 19:25 . 2008-11-14 00:13	244	--ah-----	C:\sqmnoopt12.sqm
2008-12-31 19:25 . 2008-11-14 00:13	232	--ah-----	C:\sqmdata12.sqm
2008-12-30 18:01 . 2009-01-13 19:12	268	--ah-----	C:\sqmdata11.sqm
2008-12-30 18:01 . 2009-01-13 19:12	244	--ah-----	C:\sqmnoopt11.sqm
2008-12-30 13:47 . 2009-01-13 16:57	268	--ah-----	C:\sqmdata10.sqm
2008-12-30 13:47 . 2009-01-13 16:57	244	--ah-----	C:\sqmnoopt10.sqm
2008-12-29 23:09 . 2009-01-12 20:47	268	--ah-----	C:\sqmdata09.sqm
2008-12-29 23:09 . 2009-01-12 20:47	244	--ah-----	C:\sqmnoopt09.sqm
2008-12-29 13:24 . 2009-01-12 18:33	268	--ah-----	C:\sqmdata08.sqm
2008-12-29 13:24 . 2009-01-12 18:33	244	--ah-----	C:\sqmnoopt08.sqm
2008-12-29 13:14 . 2008-12-29 13:14	<DIR>	d--------	c:\programfiler\Lexmark 640 Series
2008-12-29 13:14 . 2006-04-17 17:42	311,296	--a------	c:\windows\system32\LEXBCES.EXE
2008-12-29 13:14 . 2006-04-17 17:41	201,216	--a------	c:\windows\system32\LEXP2P32.DLL
2008-12-29 13:14 . 2006-04-17 17:48	200,704	--a------	c:\windows\system32\lexlmpm.dll
2008-12-29 13:14 . 2006-04-17 17:42	198,144	--a------	c:\windows\system32\LEX2KUSB.DLL
2008-12-29 13:14 . 2006-04-17 17:41	174,592	--a------	c:\windows\system32\LEXPPS.EXE
2008-12-29 13:14 . 2006-04-17 17:41	147,456	--a------	c:\windows\system32\LEXBCE.DLL
2008-12-29 13:14 . 2006-05-11 04:14	73,728	--a------	c:\windows\system32\lxdapwr.dll
2008-12-29 13:14 . 2008-04-13 20:47	25,856	--a------	c:\windows\system32\drivers\usbprint.sys
2008-12-29 13:14 . 2008-04-13 20:47	25,856	--a--c---	c:\windows\system32\dllcache\usbprint.sys
2008-12-29 13:14 . 2008-12-09 19:59	284	--a------	c:\windows\LEXSTAT.INI
2008-12-29 13:11 . 2008-12-29 13:11	<DIR>	d--------	c:\documents and settings\Martin Storhaug Gran\WINDOWS
2008-12-29 13:11 . 1997-04-18 11:52	297,472	--a------	c:\windows\unin0414.exe
2008-12-29 00:34 . 2009-01-12 14:01	268	--ah-----	C:\sqmdata07.sqm
2008-12-29 00:34 . 2009-01-12 14:01	244	--ah-----	C:\sqmnoopt07.sqm
2008-12-29 00:27 . 2008-12-09 14:41	<DIR>	d--------	c:\documents and settings\Martin Storhaug Gran\Programdata\U3
2008-12-28 23:44 . 2008-12-09 01:31	69	--a------	c:\windows\NeroDigital.ini
2008-12-28 20:16 . 2009-01-12 11:51	268	--ah-----	C:\sqmdata06.sqm
2008-12-28 20:16 . 2009-01-12 11:51	244	--ah-----	C:\sqmnoopt06.sqm
2008-12-27 18:47 . 2009-01-11 23:05	268	--ah-----	C:\sqmdata05.sqm
2008-12-27 18:47 . 2009-01-11 23:05	244	--ah-----	C:\sqmnoopt05.sqm
2008-12-27 16:46 . 2009-01-11 00:49	268	--ah-----	C:\sqmdata04.sqm
2008-12-27 16:46 . 2009-01-11 00:49	244	--ah-----	C:\sqmnoopt04.sqm
2008-12-27 13:58 . 2008-12-08 18:54	<DIR>	d--------	c:\documents and settings\Martin Storhaug Gran\Programdata\dvdcss
2008-12-26 22:39 . 2009-01-10 20:08	268	--ah-----	C:\sqmdata03.sqm
2008-12-26 22:39 . 2009-01-10 20:08	244	--ah-----	C:\sqmnoopt03.sqm
2008-12-26 16:47 . 2009-01-10 13:45	268	--ah-----	C:\sqmdata02.sqm
2008-12-26 16:47 . 2009-01-10 13:45	244	--ah-----	C:\sqmnoopt02.sqm
2008-12-26 11:36 . 2009-01-09 22:32	268	--ah-----	C:\sqmdata01.sqm
2008-12-26 11:36 . 2009-01-09 22:32	244	--ah-----	C:\sqmnoopt01.sqm
2008-12-26 11:33 . 2009-01-09 19:32	268	--ah-----	C:\sqmdata00.sqm
2008-12-26 11:33 . 2009-01-09 19:32	244	--ah-----	C:\sqmnoopt00.sqm
2008-12-26 11:32 . 2008-12-26 11:32	<DIR>	d--------	c:\programfiler\Fellesfiler\LightScribe
2008-12-26 11:20 . 2008-12-08 18:54	<DIR>	d--------	c:\documents and settings\Martin Storhaug Gran\Programdata\Ahead
2008-12-26 11:18 . 2008-12-26 11:18	<DIR>	d--------	c:\programfiler\Nero
2008-12-26 11:18 . 2008-12-26 11:31	<DIR>	d--------	c:\programfiler\Fellesfiler\Ahead
2008-12-26 11:18 . 2008-12-26 11:18	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Nero
2008-12-10 01:04 . 2008-12-10 01:04	<DIR>	d--------	c:\programfiler\Malwarebytes' Anti-Malware
2008-12-10 01:04 . 2008-12-10 01:04	<DIR>	d--------	c:\documents and settings\Martin Storhaug Gran\Programdata\Malwarebytes
2008-12-10 01:04 . 2008-12-10 01:04	<DIR>	d--------	c:\documents and settings\All Users\Programdata\Malwarebytes
2008-12-10 01:04 . 2008-12-03 19:52	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 01:04 . 2008-12-03 19:52	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2008-12-05 21:10 . 2008-12-05 21:25	<DIR>	d--------	c:\programfiler\Fellesfiler\Real
2008-11-23 15:30 . 2008-11-23 15:30	<DIR>	d--------	c:\documents and settings\All Users\Programdata\FLEXnet
2008-11-23 15:06 . 2008-11-23 15:06	<DIR>	d--------	c:\programfiler\Fellesfiler\Macrovision Shared
2008-11-23 14:54 . 1998-10-29 16:45	306,688	--a------	c:\windows\IsUninst.exe
2008-11-17 16:08 . 2008-12-09 14:09	<DIR>	d--------	c:\programfiler\Steam
2008-11-15 15:20 . 2008-04-13 20:39	5,504	--a------	c:\windows\system32\drivers\MSTEE.sys
2008-11-15 15:20 . 2008-04-13 20:39	5,504	--a--c---	c:\windows\system32\dllcache\mstee.sys
2008-11-15 15:18 . 2008-11-15 15:18	<DIR>	d--------	c:\windows\PixArt
2008-11-15 15:18 . 2008-11-15 15:18	<DIR>	d--------	c:\programfiler\Trust
2008-11-15 15:18 . 2008-11-15 15:18	<DIR>	d--------	c:\programfiler\Fellesfiler\PAC207
2008-11-15 15:18 . 2006-11-03 10:59	48,128	--a------	c:\windows\system32\Remove.exe
2008-11-15 15:18 . 2007-01-04 01:20	314	--a------	c:\windows\system32\Remover.ini
2008-11-15 15:17 . 2008-11-15 15:17	<DIR>	d--------	c:\windows\Downloaded Installations
2008-11-12 11:11 . 2008-09-04 17:17	1,106,944	-----c---	c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:11 . 2008-10-24 11:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 20:50	---------	d-----w	c:\programfiler\Adobe 9 Reader Installatører
2009-01-13 19:41	---------	d-----w	c:\programfiler\Windows Live
2009-01-13 19:39	---------	d-----w	c:\documents and settings\All Users\Programdata\WLInstaller
2009-01-06 15:54	---------	d-----w	c:\documents and settings\All Users\Programdata\Apple Computer
2009-01-06 15:52	---------	d-----w	c:\programfiler\Fellesfiler\Apple
2008-12-10 01:23	---------	d-----w	c:\programfiler\Fellesfiler\Symantec Shared
2008-12-09 23:38	---------	d-----w	c:\documents and settings\All Users\Programdata\Symantec
2008-12-08 18:54	---------	d-----w	c:\documents and settings\Martin Storhaug Gran\Programdata\Creative
2008-11-15 15:18	---------	d--h--w	c:\programfiler\InstallShield Installation Information
2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 15:54	---------	d-----w	c:\programfiler\Fellesfiler\SupportSoft
2008-10-16 14:13	202,776	----a-w	c:\windows\system32\wuweb.dll
2008-10-16 14:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll
2008-10-16 14:12	561,688	----a-w	c:\windows\system32\wuapi.dll
2008-10-16 14:12	323,608	----a-w	c:\windows\system32\wucltui.dll
2008-10-16 14:09	92,696	----a-w	c:\windows\system32\cdm.dll
2008-10-16 14:09	51,224	----a-w	c:\windows\system32\wuauclt.exe
2008-10-16 14:09	43,544	----a-w	c:\windows\system32\wups2.dll
2008-10-16 14:08	34,328	----a-w	c:\windows\system32\wups.dll
2008-10-16 14:06	268,648	----a-w	c:\windows\system32\mucltui.dll
2008-10-16 14:06	208,744	----a-w	c:\windows\system32\muweb.dll
2008-09-30 16:43	1,286,152	----a-w	c:\windows\system32\msxml4.dll
2008-09-19 18:20	60,800	----a-w	c:\windows\system32\S32EVNT1.DLL
2008-09-16 12:27	64,146,632	----a-w	c:\programfiler\nis2008.exe
2008-09-16 12:15	319,488	----a-w	c:\windows\system32\AegisI5Installer.exe
2008-09-15 15:29	1,846,400	----a-w	c:\windows\system32\win32k.sys
2008-09-10 01:16	1,307,648	------w	c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTSyncU.exe"="c:\programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"LightScribe Control Panel"="c:\programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
"Steam"="c:\programfiler\steam\steam.exe" [2008-11-17 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IntelZeroConfig"="c:\programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\programfiler\Norton Internet Security\osCheck.exe" [2007-08-25 714608]
"Dell QuickSet"="c:\programfiler\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]
"CTCheck"="c:\programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"NeroFilterCheck"="c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-25 149352]
R3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-16 99376]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programfiler\Fellesfiler\LightScribe\LSRunOnce.exe"
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-MsgCenterExe - c:\programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe


.
------- Tilleggsskanning -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Martin Storhaug Gran\Programdata\Mozilla\Firefox\Profiles\zssqvgsf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bbc.co.uk/weather/24hr.shtml?id=3143
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - c:\programfiler\Mozilla Firefox\plugins\np_gp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 01:23:37
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ... 

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ... 

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2008-12-10  1:24:22
ComboFix-quarantined-files.txt  2008-12-10 01:24:11

Pre-Run: 54ÿ366ÿ863ÿ360 byte ledig
Post-Run: 54,900,252,672 byte ledig

220	--- E O F ---	2008-11-12 11:36:46