ComboFix 11-01-17.04 - Falk 18.01.2011   9:24.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.47.1053.18.1013.361 [GMT 1:00]
Kjører fra: c:\users\Falk\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\mw2mmgr.inc
c:\programdata\mw2mmgr.txt

----- BITS: Mulige infiserte sider -----

hxxp://au.download.windowsupdate.com
.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2010-12-18 til 2011-01-18  )))))))))))))))))))))))))))))))))
.

2011-01-18 08:43 . 2011-01-18 08:44	--------	d-----w-	c:\users\Falk\AppData\Local\temp
2011-01-18 08:43 . 2011-01-18 08:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-01-18 07:56 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6CBA3B8-561F-4735-A018-4D66FF28BAC5}\mpengine.dll
2011-01-18 07:55 . 2011-01-18 07:55	--------	d-----w-	c:\users\Falk\AppData\Roaming\Malwarebytes
2011-01-18 07:54 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-18 07:54 . 2011-01-18 07:54	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-18 07:54 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-18 07:48 . 2011-01-18 07:48	388096	----a-r-	c:\users\Falk\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-18 07:48 . 2011-01-18 07:48	--------	d-----w-	c:\program files\Trend Micro
2011-01-17 21:07 . 2011-01-17 23:55	--------	d-----w-	c:\users\Falk\Tracing
2011-01-17 11:34 . 2011-01-17 11:34	--------	d-----w-	c:\users\Falk\AppData\Local\Pinnacle
2011-01-17 11:21 . 2011-01-17 11:21	--------	d-----w-	c:\programdata\Pinnacle Studio Ultimate Collection
2011-01-17 10:59 . 2011-01-17 10:59	--------	d-----w-	c:\program files\Common Files\Pegasus Imaging
2011-01-17 10:59 . 2011-01-17 10:59	--------	d-----w-	c:\programdata\Studio 14
2011-01-17 10:59 . 2011-01-17 10:59	--------	d-----w-	c:\programdata\Pinnacle Studio Plus
2011-01-17 10:15 . 2011-01-17 10:47	--------	d-----w-	c:\programdata\Studio14Trial
2011-01-17 09:02 . 2011-01-17 09:03	--------	d-----w-	c:\users\Falk\AppData\Roaming\Download Manager
2011-01-17 07:45 . 2011-01-17 08:24	--------	d-----w-	c:\users\Falk\AppData\Roaming\WinFF
2011-01-17 07:45 . 2011-01-17 07:45	--------	d-----w-	c:\program files\WinFF
2011-01-11 23:01 . 2010-12-28 14:57	409600	----a-w-	c:\windows\system32\odbc32.dll
2011-01-11 23:01 . 2010-12-28 14:56	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 23:01 . 2010-12-28 14:56	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 23:01 . 2010-12-28 14:56	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 23:01 . 2010-12-28 14:56	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 23:01 . 2010-12-28 14:56	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 23:00 . 2010-12-14 15:49	1169408	----a-w-	c:\windows\system32\sdclt.exe
2011-01-09 21:14 . 2011-01-09 21:14	--------	d-----w-	c:\windows\Sun
2011-01-08 10:21 . 2011-01-08 10:21	--------	d-----w-	c:\program files\Common Files\Pinnacle
2011-01-08 09:50 . 2008-04-18 02:33	2560	----a-w-	c:\windows\system32\msimsg.dll
2011-01-08 09:50 . 2008-04-18 02:33	73216	----a-w-	c:\windows\system32\msiexec.exe
2011-01-08 09:50 . 2008-04-18 05:30	332800	----a-w-	c:\windows\system32\msihnd.dll
2011-01-08 09:50 . 2008-04-18 05:30	2241536	----a-w-	c:\windows\system32\msi.dll
2011-01-08 09:16 . 2011-01-08 09:17	--------	d-----w-	C:\Videospin
2010-12-26 21:37 . 2010-12-26 21:37	--------	d-----w-	c:\program files\Common Files\Yahoo!
2010-12-26 21:37 . 2011-01-17 10:59	--------	d-----w-	c:\program files\Pinnacle
2010-12-26 21:37 . 2010-12-26 21:44	--------	d-----w-	c:\programdata\Pinnacle VideoSpin
2010-12-26 21:33 . 2011-01-17 11:19	--------	d-----w-	c:\programdata\Pinnacle
2010-12-26 21:32 . 2011-01-08 10:16	--------	d-----w-	c:\users\Falk\AppData\Local\Downloaded Installations
2010-12-26 19:12 . 2011-01-17 23:54	--------	d-----w-	c:\program files\Common Files\Akamai
2010-12-25 17:35 . 2010-12-25 19:58	--------	d-----w-	c:\users\Falk\.dvdcss
2010-12-25 17:30 . 2010-12-25 17:30	--------	d-----w-	c:\users\Falk\AppData\Roaming\AnvSoft
2010-12-25 16:50 . 2010-12-25 16:50	--------	d-----w-	c:\users\Falk\AppData\Roaming\NeroDigital(TM)
2010-12-25 16:39 . 2010-01-03 20:59	--------	d-----w-	C:\Plugin
2010-12-25 16:39 . 2010-01-03 20:59	--------	d-----w-	C:\Contrib
2010-12-25 15:54 . 2010-12-25 15:54	--------	d--h--w-	c:\programdata\CanonIJSolutionMenuEX
2010-12-25 15:54 . 2010-12-25 15:54	--------	d--h--w-	c:\programdata\CanonIJEPPEX2
2010-12-25 15:54 . 2010-12-25 15:54	--------	d--h--w-	c:\programdata\CanonEPP
2010-12-25 15:54 . 2010-12-25 15:54	--------	d--h--w-	c:\programdata\CanonIJMyPrinter
2010-12-25 13:48 . 2010-03-29 04:00	290816	----a-w-	c:\windows\system32\CNMXLMA9.DLL
2010-12-25 13:47 . 2011-01-08 00:52	--------	d-----w-	c:\programdata\CanonIJPLM
2010-12-25 13:43 . 2010-12-25 13:43	--------	d-----w-	c:\programdata\Canon IJ Network Tool
2010-12-25 13:34 . 2010-12-25 13:34	--------	d-----w-	c:\programdata\CanonIJMSetup
2010-12-25 13:29 . 2010-12-25 13:29	--------	d-----w-	c:\program files\Common Files\CANON
2010-12-25 13:29 . 2010-12-25 13:29	--------	d-----w-	c:\programdata\CanonIJWSpt
2010-12-25 13:21 . 2010-12-25 13:21	--------	d--h--w-	c:\programdata\CanonBJ
2010-12-25 13:20 . 2010-04-07 04:00	73216	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA9.DLL
2010-12-25 13:20 . 2010-04-07 04:00	27648	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA9.DLL
2010-12-25 13:18 . 2010-12-25 13:18	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2010-12-25 13:13 . 2010-03-18 16:12	114688	----a-w-	c:\windows\system32\CNC495I.dll
2010-12-25 13:13 . 2010-03-18 18:25	307200	----a-w-	c:\windows\system32\CNC495L.dll
2010-12-25 13:13 . 2010-03-18 16:12	1335296	----a-w-	c:\windows\system32\CNC495C.dll
2010-12-25 13:13 . 2010-03-18 16:11	106496	----a-w-	c:\windows\system32\CNC495U.dll
2010-12-25 13:13 . 2008-08-25 17:02	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2010-12-25 13:08 . 2010-04-07 04:00	290816	----a-w-	c:\windows\system32\CNMLMA9.DLL
2010-12-25 13:08 . 2010-01-13 14:03	94208	----a-w-	c:\windows\system32\CNC495O.dll
2010-12-25 13:08 . 2010-03-11 08:56	180224	----a-w-	c:\windows\system32\CNMIUA9.DLL
2010-12-25 13:07 . 2010-12-25 13:07	--------	d-----w-	c:\windows\system32\STRING
2010-12-25 13:07 . 2010-02-05 10:37	34816	----a-w-	c:\windows\system32\CNMNPUI.DLL
2010-12-25 13:05 . 2010-12-25 15:54	--------	d-----w-	c:\program files\Canon

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 21:07 . 2010-03-11 19:44	420920	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-11-06 11:10 . 2010-12-18 22:51	345088	----a-w-	c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:10 . 2010-12-18 22:51	357376	----a-w-	c:\windows\system32\taskschd.dll
2010-11-06 11:10 . 2010-12-18 22:51	270336	----a-w-	c:\windows\system32\taskcomp.dll
2010-11-06 11:09 . 2010-12-18 22:51	603648	----a-w-	c:\windows\system32\schedsvc.dll
2010-11-05 00:53 . 2010-12-18 22:51	171520	----a-w-	c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-18 22:45	916480	----a-w-	c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-18 22:45	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-18 22:45	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-18 22:45	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-11-02 05:57 . 2010-12-18 22:45	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-11-02 05:01 . 2010-12-18 22:45	385024	----a-w-	c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-18 22:45	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-18 22:45	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-10-28 15:02 . 2010-12-18 22:46	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-10-28 13:03 . 2010-12-18 22:46	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-10-28 12:56 . 2010-12-18 22:50	2048	----a-w-	c:\windows\system32\tzres.dll
2007-03-12 17:59 . 2007-03-12 17:59	299008	----a-w-	c:\program files\navigram_register.exe
.

------- Sigcheck -------

[-] 2008-01-27 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 10:18	451808	----a-w-	c:\program files\RadioBar\toolbar.ni.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2009-09-23 1598760]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-11-11 570688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 135664]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-09 420920]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
Akamai	REG_MULTI_SZ   	Akamai
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 15:23]

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 15:23]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.no/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: navigram.com\www
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\RadioBar\toolbar.ni.dll
FF - ProfilePath - c:\users\Falk\AppData\Roaming\Mozilla\Firefox\Profiles\97gjzx1l.default\
FF - prefs.js: browser.search.selectedEngine - QXL
FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
.
- - - - TOMME PEKERE FJERNET - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-Sys32V2Contoller - c:\windows\mw2mmgr32\mw2mmgr32.exe
AddRemove-AC3File_is1 - c:\program files\AC3File\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-18 09:44
Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ... 

skanner skjulte filer ...  


c:\windows\TEMP\TMP0000002D8BE5934812AF3C5A 524288 bytes

skanning vellykket
skjulte filer: 1

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tidspunkt ferdig: 2011-01-18  09:51:18
ComboFix-quarantined-files.txt  2011-01-18 08:50

Pre-Run: 13 987 135 488 byte ledigt
Post-Run: 28 809 809 920 byte ledigt

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 7D8418FB9FC71E6501F6D7616BAD7EFB