ComboFix 08-12-24.01 - Christer 2008-12-26  9:00:50.13 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1044.18.1022.546 [GMT 1:00]
Kjører fra: c:\documents and settings\Christer\Skrivebord\ComboFix.exe

[COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR]
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2008-11-26 til 2008-12-26  )))))))))))))))))))))))))))))))))
.

2008-12-25 14:39 . 2008-12-25 14:39	<DIR>	d--------	c:\documents and settings\Tore\Programdata\ATI
2008-12-25 11:29 . 2008-12-25 11:29	<DIR>	d--------	c:\programfiler\Winferno
2008-12-25 11:29 . 2008-12-25 14:16	<DIR>	d--------	c:\programfiler\RadarSync
2008-12-25 11:29 . 2008-12-25 11:29	<DIR>	d--------	c:\programfiler\Free Offers from Freeze.com
2008-12-25 11:29 . 2006-10-09 12:28	835,584	--a------	c:\windows\system32\WINCTL4.OCX
2008-12-25 11:29 . 2006-10-09 13:06	495,616	--a------	c:\windows\system32\WINUTIL5.DLL
2008-12-25 11:29 . 2006-05-17 08:40	393,216	--a------	c:\windows\system32\WINLCTL5.DLL
2008-12-25 11:29 . 2006-07-24 08:56	212,240	--a------	c:\windows\system32\Richtx32.ocx
2008-12-25 09:57 . 2008-12-25 09:57	<DIR>	d--------	c:\documents and settings\All Users\Programdata\PC Drivers Headquarters
2008-12-25 09:29 . 2008-12-25 09:29	167,936	--a------	c:\windows\system32\dhofozr.dll
2008-12-25 09:29 . 2008-12-25 09:29	3,097	--a------	c:\windows\ios.dat
2008-12-25 09:20 . 2008-12-25 09:20	2	--a------	C:\-529700065
2008-12-25 09:13 . 2008-12-25 09:13	<DIR>	d--------	c:\programfiler\iXi Tools
2008-12-24 23:06 . 2008-12-24 23:06	<DIR>	d--------	c:\documents and settings\Christer\Programdata\ATI
2008-12-24 20:50 . 2008-12-26 08:56	<DIR>	d--------	c:\programfiler\Steam
2008-12-14 10:23 . 2008-12-14 10:25	<DIR>	d--------	c:\documents and settings\Christer\Programdata\vlc
2008-12-02 20:33 . 2008-12-09 15:20	<DIR>	d--------	c:\documents and settings\All Users\Programdata\TrackMania
2008-12-02 20:28 . 2008-12-02 20:31	<DIR>	d--------	c:\programfiler\TmNationsForever

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 08:05	---------	d-----w	c:\documents and settings\Christer\Programdata\DNA
2008-12-26 07:55	---------	d-----w	c:\programfiler\LogMeIn
2008-12-26 07:55	---------	d-----w	c:\programfiler\DNA
2008-12-25 19:56	---------	d-----w	c:\programfiler\Fellesfiler\Symantec Shared
2008-12-25 13:39	---------	d-----w	c:\documents and settings\All Users\Programdata\Symantec
2008-12-25 10:29	---------	d-----w	c:\programfiler\Common Files
2008-12-25 10:24	---------	d--h--w	c:\programfiler\InstallShield Installation Information
2008-12-24 21:58	---------	d-----w	c:\programfiler\ATI Technologies
2008-12-23 17:52	140,216	----a-w	c:\windows\system32\drivers\PnkBstrK.sys
2008-12-23 17:51	201,352	----a-w	c:\windows\system32\PnkBstrB.exe
2008-12-22 16:18	---------	d-----w	c:\documents and settings\Christer\Programdata\dvdcss
2008-12-22 15:43	---------	d-----w	c:\documents and settings\Christer\Programdata\BitTorrent
2008-12-22 10:23	---------	d-----w	c:\programfiler\Dl_cats
2008-12-13 06:40	3,593,216	----a-w	c:\windows\system32\dllcache\mshtml.dll
2008-12-10 16:08	---------	d-----w	c:\documents and settings\All Users\Programdata\Microsoft Help
2008-12-10 13:46	---------	d-----w	c:\programfiler\Malwarebytes' Anti-Malware
2008-12-03 18:52	38,496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52	15,504	----a-w	c:\windows\system32\drivers\mbam.sys
2008-11-21 17:57	---------	d-----w	c:\documents and settings\Christer\Programdata\FrostWire
2008-11-12 14:02	---------	d-----w	c:\programfiler\Fellesfiler\Ahead
2008-11-12 14:02	---------	d-----w	c:\documents and settings\Christer\Programdata\Unigraphics Solutions
2008-11-12 13:17	---------	d-----w	c:\documents and settings\Christer\Programdata\Ahead
2008-11-09 19:06	---------	d-----w	c:\programfiler\America's Army Deploy Client
2008-11-09 19:00	---------	d-----w	c:\documents and settings\All Users\Programdata\America's Army Deploy Client
2008-11-09 17:46	---------	d-----w	c:\documents and settings\Christer\Programdata\Azureus
2008-11-08 21:33	---------	d-----w	c:\documents and settings\All Users\Programdata\NCH Software
2008-11-03 14:03	---------	d-----w	c:\documents and settings\Christer\Programdata\GeoVid
2008-11-03 14:01	---------	d-----w	c:\programfiler\GeoVid
2008-11-03 13:40	---------	d-----w	c:\documents and settings\All Users\Programdata\DVD Shrink
2008-11-01 10:59	66,872	----a-w	c:\windows\system32\PnkBstrA.exe
2008-10-24 11:21	455,296	------w	c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:43	286,720	----a-w	c:\windows\system32\gdi32.dll
2008-10-23 12:43	286,720	------w	c:\windows\system32\dllcache\gdi32.dll
2008-10-17 17:56	87,352	----a-w	c:\windows\system32\LMIinit.dll
2008-10-17 17:56	83,288	----a-w	c:\windows\system32\LMIRfsClientNP.dll
2008-10-17 17:56	28,984	----a-w	c:\windows\system32\LMIport.dll
2008-10-17 17:56	23,736	----a-w	c:\windows\system32\LMImirr.dll
2008-10-17 17:56	10,040	----a-w	c:\windows\system32\LMImirr2.dll
2008-10-16 13:15	70,656	------w	c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\wuweb.dll
2008-10-16 13:13	202,776	----a-w	c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll
2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\wuapi.dll
2008-10-16 13:12	561,688	----a-w	c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\wucltui.dll
2008-10-16 13:12	323,608	----a-w	c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11	13,824	------w	c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09	92,696	----a-w	c:\windows\system32\cdm.dll
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\wuauclt.exe
2008-10-16 13:09	51,224	----a-w	c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09	43,544	----a-w	c:\windows\system32\wups2.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\wups.dll
2008-10-16 13:08	34,328	----a-w	c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06	268,648	----a-w	c:\windows\system32\mucltui.dll
2008-10-16 13:06	208,744	----a-w	c:\windows\system32\muweb.dll
2008-10-15 16:38	337,408	------w	c:\windows\system32\dllcache\netapi32.dll
2008-10-15 16:11	73,216	----a-w	c:\windows\ST6UNST.EXE
2008-10-15 16:11	249,856	------w	c:\windows\Setup1.exe
2008-10-15 07:06	633,632	------w	c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04	161,792	------w	c:\windows\system32\dllcache\ieakui.dll
2008-10-03 12:34	625,032	----a-w	c:\windows\system32\SymNeti.dll
2008-10-03 12:34	242,056	----a-w	c:\windows\system32\SymRedir.dll
2008-10-03 10:04	247,326	----a-w	c:\windows\system32\strmdll.dll
2008-10-03 10:04	247,326	------w	c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43	1,286,152	----a-w	c:\windows\system32\msxml4.dll
2007-12-17 08:35	60,968	----a-w	c:\documents and settings\Christer\GoToAssistDownloadHelper.exe
2008-09-12 21:47	32,768	--sha-w	c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008091220080913\index.dat
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2008-12-19 342848]
"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"Steam"="c:\programfiler\Steam\Steam.exe" [2008-12-24 1410296]
"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DVDLauncher"="c:\programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"dlccmon.exe"="c:\programfiler\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"ecc"="c:\programfiler\Telenor\ecc\ecc.exe" [2005-12-14 286720]
"LogMeIn GUI"="c:\programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"CamMonitor"="c:\programfiler\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"Share-to-Web Namespace Daemon"="c:\programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\programfiler\Norton Internet Security\osCheck.exe" [2006-10-16 26248]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Symantec PIF AlertEng"="c:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Tore\Start-meny\Programmer\Oppstart\
OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-12-17 09:35 10792 c:\programfiler\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 18:56 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Christer^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk]
path=c:\documents and settings\Christer\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\programfiler\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-02 14:07 68856 c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\BitTorrent\\bittorrent.exe"=
"c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programfiler\\DNA\\btdna.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Programdata\\NexonUS\\NGM\\NGM.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-03-11 198336]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\programfiler\LogMeIn\x86\RaInfo.sys [2007-06-04 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-06-04 47640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-24 99376]
S0 pjooay;pjooay;c:\windows\system32\drivers\sspfn.sys []
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-05-04 32000]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w550obex.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; []

*Newly Created Service* - COMHOST
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-19 c:\windows\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Christer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-10-16 16:17]

2008-12-26 c:\windows\Tasks\PCConfidential.job
- c:\programfiler\Winferno\PC Confidential\PCConfidential.exe [2008-04-01 14:10]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://online.no/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\Fronter_oes_prj.ocx - c:\windows\Downloaded Program Files\fronter_oes2.exe
c:\windows\Downloaded Program Files\fronter_oes2.dll
O16 -: {358DFA15-D48C-4296-8D16-7405F918333B}
hxxps://fronter.com/fredrikstadgs/links/fronter_oes2.cab
c:\windows\Downloaded Program Files\fronter_oes2.inf

c:\windows\Downloaded Program Files\KooPlayer.ocx - O16 -: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79}
hxxp://www.mpw.no/TvNorge/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\Christer\Programdata\Mozilla\Firefox\Profiles\evhgda0d.default\
FF - prefs.js: browser.startup.homepage - www.online.no
FF - plugin: c:\programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programfiler\Viewpoint\Viewpoint Media Player\npViewpoint.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
.
------- Filassosiasjoner -------
.
exefile="%1" %*"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 09:06:13
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ... 

skanner skjulte autostart-oppføringer ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 

skanner skjulte filer ... 

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\programfiler\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Tidspunkt ferdig: 2008-12-26  9:07:16
ComboFix-quarantined-files.txt  2008-12-26 08:07:12
ComboFix2.txt  2008-12-25 13:35:01

Pre-Run: 94 670 524 416 byte ledig
Post-Run: 94,658,899,968 byte ledig

257	--- E O F ---	2008-12-18 16:03:54