ComboFix 10-03-06.03 - xxxxxxx 07.03.2010   3:23.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.1471.963 [GMT 1:00]
Kjører fra: c:\documents and settings\xxxxxxx\Skrivebord\ComboFix.exe
AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2010-02-07 til 2010-03-07  )))))))))))))))))))))))))))))))))
.

2010-03-07 02:09 . 2010-03-07 02:09	--------	d--h--r-	c:\documents and settings\xxxxxxx\Siste
2010-03-06 16:43 . 2010-02-03 09:00	84912	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100306.004\NAVENG.SYS
2010-03-06 16:43 . 2010-02-03 09:00	1324720	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100306.004\NAVEX15.SYS
2010-03-06 16:43 . 2010-01-23 11:24	371248	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100306.004\EECTRL.SYS
2010-03-06 16:43 . 2010-01-23 11:24	2747440	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100306.004\CCERASER.DLL
2010-03-06 16:43 . 2010-01-23 11:24	259440	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100306.004\ECMSVR32.DLL
2010-03-06 16:43 . 2010-01-23 11:24	177520	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100306.004\NAVENG32.DLL
2010-03-06 16:43 . 2010-01-23 11:24	1647984	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100306.004\NAVEX32A.DLL
2010-03-06 16:43 . 2010-01-23 11:24	102448	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100306.004\ERASER.SYS
2010-03-06 15:44 . 2010-02-12 16:41	558448	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-03-06 15:44 . 2010-02-01 18:20	165240	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-03-06 15:41 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-02-25 22:01 . 2009-10-28 22:37	343088	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSvix86.sys
2010-02-25 22:01 . 2009-10-28 22:37	329592	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSXpx86.sys
2010-02-25 22:01 . 2009-10-28 22:37	811896	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\Scxpx86.dll
2010-02-25 22:01 . 2009-10-28 22:37	488312	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSxpx86.dll
2010-02-25 22:01 . 2009-10-28 22:37	466992	----a-w-	c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSviA64.sys
2010-02-24 17:32 . 2010-02-24 17:32	--------	d-----w-	c:\documents and settings\All Users\Programdata\F-Secure
2010-02-23 13:59 . 2010-02-23 13:59	12812	---ha-w-	c:\windows\system32\mlfcache.dat
2010-02-23 01:18 . 2010-02-23 10:57	--------	d-----w-	c:\documents and settings\xxxxxxx\Programdata\QuickScan
2010-02-11 21:59 . 2010-02-11 22:02	--------	d-----w-	c:\programfiler\RegistryFix8
2010-02-10 16:11 . 2010-02-10 16:11	--------	d-----w-	c:\documents and settings\xxxxxxx\Programdata\Malwarebytes
2010-02-10 16:11 . 2010-01-07 15:07	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 16:11 . 2010-02-10 16:11	--------	d-----w-	c:\documents and settings\All Users\Programdata\Malwarebytes
2010-02-10 16:11 . 2010-01-07 15:07	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-02-10 16:11 . 2010-02-10 16:11	--------	d-----w-	c:\programfiler\Malwarebytes' Anti-Malware
2010-02-08 03:38 . 2008-04-15 12:00	221184	----a-w-	c:\windows\system32\wmpns.dll
2010-02-06 18:24 . 2010-02-06 18:36	--------	d-----w-	c:\windows\BDOSCAN8

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 11:37 . 2010-01-24 18:07	--------	d-----w-	c:\programfiler\CCleaner
2010-03-03 15:56 . 2010-01-24 19:00	--------	d-----w-	c:\documents and settings\xxxxxxx\Programdata\vlc
2010-02-24 18:38 . 2008-04-15 12:00	76006	----a-w-	c:\windows\system32\perfc014.dat
2010-02-24 18:38 . 2008-04-15 12:00	436214	----a-w-	c:\windows\system32\perfh014.dat
2010-02-03 10:38 . 2010-02-03 10:38	--------	d-----w-	c:\documents and settings\xxxxxxx\Programdata\Gedtreff_2006
2010-02-03 10:37 . 2010-02-03 10:37	--------	d-----w-	c:\programfiler\DISNorge
2010-02-03 10:37 . 2010-02-03 10:37	--------	d-----w-	c:\documents and settings\All Users\Programdata\DISNorge
2010-01-28 09:22 . 2010-01-25 13:19	--------	d-----w-	c:\documents and settings\xxxxxxx\Programdata\LimeWire
2010-01-25 15:56 . 2010-01-24 14:36	17088	----a-w-	c:\documents and settings\xxxxxxx\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2010-01-25 15:55 . 2010-01-25 15:54	--------	d-----w-	c:\programfiler\Windows Live
2010-01-25 15:55 . 2010-01-25 15:55	--------	d-----w-	c:\programfiler\Microsoft
2010-01-25 15:54 . 2010-01-25 15:54	--------	d-----w-	c:\programfiler\Windows Live SkyDrive
2010-01-25 15:48 . 2010-01-25 15:48	--------	d-----w-	c:\programfiler\Fellesfiler\Windows Live
2010-01-25 14:23 . 2010-01-24 14:18	76487	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-24 23:03 . 2010-01-24 23:03	--------	d-----w-	c:\documents and settings\All Users\Programdata\Paragon
2010-01-24 21:14 . 2010-01-24 21:14	--------	d-----w-	c:\programfiler\Fellesfiler\Adobe
2010-01-24 20:49 . 2010-01-24 20:49	--------	d-----w-	c:\documents and settings\All Users\Programdata\Symantec
2010-01-24 20:06 . 2010-01-24 20:06	1	----a-w-	c:\documents and settings\xxxxxxx\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-24 20:05 . 2010-01-24 20:05	--------	d-----w-	c:\documents and settings\xxxxxxx\Programdata\OpenOffice.org
2010-01-24 20:03 . 2010-01-24 20:03	--------	d-----w-	c:\programfiler\OpenOffice.org 3
2010-01-24 20:01 . 2010-01-24 20:01	--------	d-----w-	c:\documents and settings\xxxxxxx\Programdata\Canneverbe_Limited
2010-01-24 20:01 . 2010-01-24 20:01	--------	d-----w-	c:\documents and settings\All Users\Programdata\Canneverbe Limited
2010-01-24 20:01 . 2010-01-24 20:01	--------	d-----w-	c:\programfiler\CDBurnerXP
2010-01-24 19:42 . 2010-01-24 19:42	--------	d-----w-	c:\programfiler\Microsoft Silverlight
2010-01-24 19:36 . 2010-01-24 19:36	0	----a-w-	c:\windows\nsreg.dat
2010-01-24 19:32 . 2010-01-24 19:32	--------	d-----r-	c:\programfiler\Norton Support
2010-01-24 19:27 . 2010-01-24 19:27	152576	----a-w-	c:\documents and settings\xxxxxxx\Programdata\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-24 19:27 . 2010-01-24 19:27	79488	----a-w-	c:\documents and settings\xxxxxxx\Programdata\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-24 19:09 . 2010-01-24 19:09	--------	d-----w-	c:\programfiler\MSBuild
2010-01-24 19:09 . 2010-01-24 19:09	--------	d-----w-	c:\programfiler\Reference Assemblies
2010-01-24 18:59 . 2010-01-24 18:59	--------	d-----w-	c:\programfiler\VideoLAN
2010-01-24 18:55 . 2010-01-24 18:55	--------	d-----w-	c:\programfiler\VS Revo Group
2010-01-24 18:54 . 2010-01-24 18:53	--------	d-----w-	c:\programfiler\LimeWire
2010-01-24 18:54 . 2010-01-24 18:54	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-01-24 18:54 . 2010-01-24 18:54	--------	d-----w-	c:\programfiler\Java
2010-01-24 18:54 . 2010-01-24 18:54	152576	----a-w-	c:\documents and settings\xxxxxxx\Programdata\Sun\Java\jre1.6.0_16\lzma.dll
2010-01-24 18:47 . 2010-01-24 18:47	--------	d-----w-	c:\documents and settings\xxxxxxx\Programdata\IObit
2010-01-24 18:47 . 2010-01-24 18:47	--------	d-----w-	c:\programfiler\IObit
2010-01-24 18:45 . 2010-01-24 18:45	--------	d-----w-	c:\programfiler\Paragon Software
2010-01-24 18:37 . 2010-01-24 18:36	--------	d-----w-	c:\programfiler\Google
2010-01-24 15:57 . 2010-01-24 14:47	--------	d-----w-	c:\programfiler\Fellesfiler\Symantec Shared
2010-01-24 14:48 . 2010-01-24 14:47	--------	d-----w-	c:\documents and settings\All Users\Programdata\Norton
2010-01-24 14:46 . 2010-01-24 14:39	--------	d-----w-	c:\programfiler\NortonInstaller
2010-01-24 14:29 . 2010-01-24 14:29	--------	d-----w-	c:\programfiler\Synaptics
2010-01-24 14:29 . 2010-01-24 14:26	--------	d-----w-	c:\programfiler\Fellesfiler\InstallShield
2010-01-24 14:28 . 2010-01-24 14:28	--------	d-----w-	c:\programfiler\Realtek AC97
2010-01-24 14:28 . 2010-01-24 14:27	--------	d--h--w-	c:\programfiler\InstallShield Installation Information
2010-01-24 14:27 . 2010-01-24 14:27	--------	d-----w-	c:\programfiler\S3
2010-01-24 14:26 . 2010-01-24 14:26	--------	d-----w-	c:\programfiler\VIA
2010-01-24 14:19 . 2010-01-24 14:19	--------	d-----w-	c:\programfiler\microsoft frontpage
2010-01-24 14:17 . 2010-01-24 14:17	--------	d-----w-	c:\programfiler\Elektroniske tjenester
2010-01-24 14:16 . 2010-01-24 14:16	--------	d-----w-	c:\programfiler\Fellesfiler\Tjenester
2010-01-24 14:15 . 2010-01-24 14:15	21704	----a-w-	c:\windows\system32\emptyregdb.dat
2010-01-08 22:42 . 2010-01-08 22:42	3366912	----a-w-	c:\windows\system32\GPhotos.scr
2009-12-31 16:50 . 2008-04-15 12:00	353792	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-22 05:20 . 2009-12-22 05:20	81920	------w-	c:\windows\system32\ieencode.dll
2009-12-21 19:10 . 2008-04-15 12:00	916480	------w-	c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2010-01-24 14:14	344064	----a-w-	c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-15 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2009-12-09 10:12 . 2008-04-15 12:00	2190976	------w-	c:\windows\system32\ntoskrnl.exe
2009-12-09 10:12 . 2008-04-14 08:53	2067840	------w-	c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [24.01.2010 19:46 40560]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [03.02.2010 13:46 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [03.02.2010 13:46 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [03.02.2010 13:46 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSXpx86.sys [25.02.2010 23:01 329592]
R2 N360;Norton 360;c:\programfiler\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [03.02.2010 13:46 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.01.2010 11:50 102448]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.no/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\xxxxxxx\Programdata\Mozilla\Firefox\Profiles\vutwoc5z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/
FF - component: c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\programfiler\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 03:26
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ... 

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\programfiler\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\programfiler\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'explorer.exe'(2468)
c:\windows\system32\webcheck.dll
.
Tidspunkt ferdig: 2010-03-07  03:27:47
ComboFix-quarantined-files.txt  2010-03-07 02:27
ComboFix2.txt  2010-02-10 16:38

Pre-Run: 10 695 970 816 byte ledig
Post-Run: 10 661 576 704 byte ledig

- - End Of File - - 4E2649F4BA3332F967C56D406EBC52B6