ComboFix 08-12-26.03 - Christer 2008-12-27 15:59:52.15 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1022.543 [GMT 1:00] Kjører fra: c:\documents and settings\Christer\Skrivebord\ComboFix.exe AV: Norton Internet Security Online *On-access scanning disabled* (Outdated) FW: Norton Internet Security Online *disabled* * Opprettet nytt gjenopprettingspunkt [COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR] . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-27 til 2008-12-27 ))))))))))))))))))))))))))))))))) . 2008-12-27 10:18 . 2008-12-27 11:32 dr-h----- c:\documents and settings\Christer\Siste 2008-12-27 09:43 . 2008-12-27 09:43 d-------- c:\documents and settings\Administrator\Programdata\Share-to-Web-opplastingsmappe 2008-12-26 16:55 . 2008-12-26 16:58 d-------- c:\programfiler\Windows Live Safety Center 2008-12-26 16:02 . 2008-12-27 09:30 d-------- c:\programfiler\Spybot - Search & Destroy 2008-12-26 16:02 . 2008-12-27 10:21 d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2008-12-25 14:39 . 2008-12-25 14:39 d-------- c:\documents and settings\Tore\Programdata\ATI 2008-12-25 11:29 . 2006-07-24 08:56 212,240 --a------ c:\windows\system32\Richtx32.ocx 2008-12-25 09:57 . 2008-12-25 09:57 d-------- c:\documents and settings\All Users\Programdata\PC Drivers Headquarters 2008-12-25 09:29 . 2008-12-25 09:29 167,936 --a------ c:\windows\system32\dhofozr.dll 2008-12-25 09:29 . 2008-12-25 09:29 3,097 --a------ c:\windows\ios.dat 2008-12-25 09:20 . 2008-12-25 09:20 2 --a------ C:\-529700065 2008-12-25 09:13 . 2008-12-25 09:13 d-------- c:\programfiler\iXi Tools 2008-12-24 23:06 . 2008-12-24 23:06 d-------- c:\documents and settings\Christer\Programdata\ATI 2008-12-24 20:50 . 2008-12-27 09:48 d-------- c:\programfiler\Steam 2008-12-14 10:23 . 2008-12-14 10:25 d-------- c:\documents and settings\Christer\Programdata\vlc 2008-12-02 20:33 . 2008-12-09 15:20 d-------- c:\documents and settings\All Users\Programdata\TrackMania 2008-12-02 20:28 . 2008-12-02 20:31 d-------- c:\programfiler\TmNationsForever . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-27 15:03 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2008-12-27 14:58 --------- d-----w c:\documents and settings\Christer\Programdata\DNA 2008-12-27 09:13 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec 2008-12-27 08:47 --------- d-----w c:\programfiler\DNA 2008-12-27 08:31 --------- d-----w c:\programfiler\LogMeIn 2008-12-26 14:49 --------- d-----w c:\programfiler\Common Files 2008-12-26 14:29 --------- d-----w c:\programfiler\CCleaner 2008-12-25 10:24 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-24 21:58 --------- d-----w c:\programfiler\ATI Technologies 2008-12-23 17:52 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-23 17:51 201,352 ----a-w c:\windows\system32\PnkBstrB.exe 2008-12-22 16:18 --------- d-----w c:\documents and settings\Christer\Programdata\dvdcss 2008-12-22 10:23 --------- d-----w c:\programfiler\Dl_cats 2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-10 16:08 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-10 13:46 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-11-21 17:57 --------- d-----w c:\documents and settings\Christer\Programdata\FrostWire 2008-11-12 14:02 --------- d-----w c:\programfiler\Fellesfiler\Ahead 2008-11-12 14:02 --------- d-----w c:\documents and settings\Christer\Programdata\Unigraphics Solutions 2008-11-12 13:17 --------- d-----w c:\documents and settings\Christer\Programdata\Ahead 2008-11-09 19:06 --------- d-----w c:\programfiler\America's Army Deploy Client 2008-11-09 19:00 --------- d-----w c:\documents and settings\All Users\Programdata\America's Army Deploy Client 2008-11-09 17:46 --------- d-----w c:\documents and settings\Christer\Programdata\Azureus 2008-11-08 21:33 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Software 2008-11-03 14:03 --------- d-----w c:\documents and settings\Christer\Programdata\GeoVid 2008-11-03 14:01 --------- d-----w c:\programfiler\GeoVid 2008-11-03 13:40 --------- d-----w c:\documents and settings\All Users\Programdata\DVD Shrink 2008-11-01 10:59 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:43 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-17 17:56 87,352 ----a-w c:\windows\system32\LMIinit.dll 2008-10-17 17:56 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll 2008-10-17 17:56 28,984 ----a-w c:\windows\system32\LMIport.dll 2008-10-17 17:56 23,736 ----a-w c:\windows\system32\LMImirr.dll 2008-10-17 17:56 10,040 ----a-w c:\windows\system32\LMImirr2.dll 2008-10-16 13:15 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 16:11 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-10-15 16:11 249,856 ------w c:\windows\Setup1.exe 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 12:34 625,032 ----a-w c:\windows\system32\SymNeti.dll 2008-10-03 12:34 242,056 ----a-w c:\windows\system32\SymRedir.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:04 247,326 ------w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-12-17 08:35 60,968 ----a-w c:\documents and settings\Christer\GoToAssistDownloadHelper.exe 2008-09-12 21:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008091220080913\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872] "BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2008-12-19 342848] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856] "Steam"="c:\programfiler\Steam\Steam.exe" [2008-12-24 1410296] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DVDLauncher"="c:\programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "DMXLauncher"="c:\programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "dlccmon.exe"="c:\programfiler\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984] "ecc"="c:\programfiler\Telenor\ecc\ecc.exe" [2005-12-14 286720] "LogMeIn GUI"="c:\programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "CamMonitor"="c:\programfiler\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112] "Share-to-Web Namespace Daemon"="c:\programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 115816] "osCheck"="c:\programfiler\Norton Internet Security\osCheck.exe" [2006-10-16 26248] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Symantec PIF AlertEng"="c:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632] "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Tore\Start-meny\Programmer\Oppstart\ OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2007-12-17 09:35 10792 c:\programfiler\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 18:56 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm [HKLM\~\startupfolder\C:^Documents and Settings^Christer^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk] path=c:\documents and settings\Christer\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-10-01 11:57 111936 c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 17:57 289576 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-02 14:07 68856 c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\DNA\\btdna.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\All Users\\Programdata\\NexonUS\\NGM\\NGM.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-03-11 198336] R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\programfiler\LogMeIn\x86\RaInfo.sys [2007-06-04 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-06-04 47640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-24 99376] S0 pjooay;pjooay;c:\windows\system32\drivers\sspfn.sys [] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-05-04 32000] S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w550obex.sys [] S4 LMIRfsClientNP;LMIRfsClientNP; [] *Newly Created Service* - COMHOST . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-26 c:\windows\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Christer.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-10-16 16:17] 2008-12-27 c:\windows\Tasks\PCConfidential.job - c:\programfiler\Winferno\PC Confidential\PCConfidential.exe [] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://online.no/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\Fronter_oes_prj.ocx - c:\windows\Downloaded Program Files\fronter_oes2.exe c:\windows\Downloaded Program Files\fronter_oes2.dll O16 -: {358DFA15-D48C-4296-8D16-7405F918333B} hxxps://fronter.com/fredrikstadgs/links/fronter_oes2.cab c:\windows\Downloaded Program Files\fronter_oes2.inf c:\windows\Downloaded Program Files\KooPlayer.ocx - O16 -: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} hxxp://www.mpw.no/TvNorge/KooPlayer.ocx FF - ProfilePath - c:\documents and settings\Christer\Programdata\Mozilla\Firefox\Profiles\evhgda0d.default\ FF - prefs.js: browser.startup.homepage - www.online.no FF - plugin: c:\programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF - plugin: c:\programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\programfiler\Viewpoint\Viewpoint Media Player\npViewpoint.dll [color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color] FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-27 16:03:29 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(648) c:\programfiler\Citrix\GoToAssist\480\G2AWinLogon.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Tidspunkt ferdig: 2008-12-27 16:04:31 ComboFix-quarantined-files.txt 2008-12-27 15:04:27 Pre-Run: 95,164,293,120 byte ledig Post-Run: 95,152,205,824 byte ledig 254 --- E O F --- 2008-12-18 16:03:54