ComboFix 09-01-21.04 - Kristian 2009-01-29 21:52:00.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2046.964 [GMT 1:00] Kjører fra: c:\users\Kristian\Desktop\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-28 til 2009-01-29 ))))))))))))))))))))))))))))))))) . 2009-01-29 21:34 . 2009-01-29 21:34 d-------- c:\users\Kristian\AppData\Roaming\Malwarebytes 2009-01-29 21:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-29 21:33 . 2009-01-29 21:33 d-------- c:\users\All Users\Malwarebytes 2009-01-29 21:33 . 2009-01-29 21:33 d-------- c:\programdata\Malwarebytes 2009-01-29 21:33 . 2009-01-29 21:34 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-29 21:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-20 08:50 . 2009-01-20 08:50 d-------- c:\users\Kristian\AppData\Roaming\vlc 2009-01-20 08:49 . 2009-01-20 08:49 d-------- c:\program files\VideoLAN 2009-01-19 11:52 . 2009-01-29 21:18 d-------- c:\users\Kristian\AppData\Roaming\uTorrent 2009-01-19 11:52 . 2009-01-19 11:52 d-------- c:\program files\uTorrent 2009-01-19 10:08 . 2009-01-29 18:36 d-------- c:\users\Kristian\Tracing 2009-01-19 10:03 . 2009-01-19 10:03 d-------- c:\program files\Windows Live SkyDrive 2009-01-19 10:03 . 2009-01-19 10:03 d-------- c:\program files\Microsoft 2009-01-19 10:01 . 2009-01-19 10:01 d-------- c:\program files\Common Files\Windows Live 2009-01-19 09:58 . 2009-01-19 09:58 d-------- c:\program files\ToggleNO 2009-01-19 09:58 . 2009-01-19 09:58 d-------- c:\program files\Conduit 2009-01-16 14:27 . 2009-01-16 14:27 152,904 --a------ c:\windows\System32\vghd.scr 2009-01-16 13:06 . 2009-01-16 15:30 d-------- c:\users\Kristian\AppData\Roaming\vghd 2009-01-14 20:00 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-08 10:11 . 2009-01-08 14:32 d-------- c:\program files\Valve . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-29 20:35 --------- d-----w c:\users\Kristian\AppData\Roaming\Skype 2009-01-29 17:36 --------- d-----w c:\users\Kristian\AppData\Roaming\OpenOffice.org2 2009-01-29 17:02 --------- d-----w c:\users\Kristian\AppData\Roaming\skypePM 2009-01-29 16:35 --------- d-----w c:\program files\Ventelo Sikkerhet 2009-01-29 15:27 49,660 ----a-w c:\users\Kristian\AppData\Roaming\nvModes.dat 2009-01-29 11:17 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-29 11:17 103,736 ----a-w c:\windows\System32\PnkBstrB.exe 2009-01-25 14:54 --------- d-----w c:\users\Kristian\AppData\Roaming\ZoomBrowser EX 2009-01-25 13:14 --------- d-----w c:\programdata\ZoomBrowser 2009-01-22 20:22 33,408 ----a-w c:\windows\system32\drivers\fsbts.sys 2009-01-19 10:49 --------- d-----w c:\program files\Windows Live 2009-01-19 08:57 --------- d-----w c:\programdata\WLInstaller 2009-01-14 20:04 --------- d-----w c:\program files\Windows Mail 2009-01-08 09:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-25 16:38 --------- d-----w c:\program files\Bonjour 2008-12-25 16:37 --------- d-----w c:\program files\Safari 2008-12-21 01:28 --------- d-----w c:\users\Kristian\AppData\Roaming\CyberLink 2008-12-17 20:45 --------- d-----w c:\users\Kristian\AppData\Roaming\Red Alert 3 2008-12-17 20:26 --------- d-----w c:\programdata\Microsoft Help 2008-12-17 17:16 --------- d--h--r c:\users\Kristian\AppData\Roaming\SecuROM 2008-12-17 17:00 --------- d-----w c:\program files\Electronic Arts 2008-12-17 16:59 6,326 ----a-w c:\windows\System32\ealregsnapshot1.reg 2008-12-17 16:59 --------- d-----w c:\programdata\Electronic Arts 2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe 2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll 2008-12-05 11:28 --------- d-----w c:\programdata\F-Secure 2008-12-05 11:25 --------- d-----w c:\programdata\fssg 2008-12-03 18:09 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll 2008-11-29 18:20 22,328 ----a-w c:\users\Kristian\AppData\Roaming\PnkBstrK.sys 2008-11-29 18:04 --------- d-----w c:\program files\Activision 2008-11-28 14:50 --------- d-----w c:\program files\Acer GameZone 2008-11-28 12:13 --------- d-----w c:\program files\SystemRequirementsLab 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-07-30 17:50 174 --sha-w c:\program files\desktop.ini 2008-05-10 20:23 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-05-10 20:23 56 ---ha-w c:\programdata\ezsidmv.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{af543a13-f8e6-4423-a4ac-1cc0475ecb44}"= "c:\program files\ToggleNO\tbTogg.dll" [2008-11-23 1784856] [HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}] 2008-11-23 23:03 1784856 --a------ c:\program files\ToggleNO\tbTogg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{af543a13-f8e6-4423-a4ac-1cc0475ecb44}"= "c:\program files\ToggleNO\tbTogg.dll" [2008-11-23 1784856] [HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{AF543A13-F8E6-4423-A4AC-1CC0475ECB44}"= "c:\program files\ToggleNO\tbTogg.dll" [2008-11-23 1784856] [HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-10 171448] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 174616] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 200704] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8501792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920] "F-Secure Manager"="c:\program files\Ventelo Sikkerhet\Common\FSM32.EXE" [2008-09-23 182936] "F-Secure TNB"="c:\program files\Ventelo Sikkerhet\FSGUI\TNBUtil.exe" [2008-09-23 957024] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-12-14 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552] c:\users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-05-11 1216512] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-22 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{076EC745-F577-417A-9FAD-34F4387961C7}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{EE7C081D-4161-49B8-9C96-1E4960D5DFC1}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{AEAC0F7A-ED71-4430-A83B-218DBA12596D}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{BB5E7DE3-C0BE-4E97-99CA-E55AFAD63DBA}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{AB7579B6-2D46-4EC5-B27A-21B8D3DD542E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4AE25EAC-AE03-4218-B91C-BB46A722CCB6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{92BC0DC1-57C5-4273-A1CF-3DA70D3C21BD}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{D8C299CA-EDAF-4027-9DCD-C5776C9A9C6C}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{AD030076-3DF6-48CD-8C40-829BA01E2E3A}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{52123BD2-8B6E-48BE-8AD0-08DC3040EBE6}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{45AEA892-A80E-4196-9C76-28774E43D95A}"= c:\program files\Skype\Phone\Skype.exe:Skype "{3E61CD17-E9F4-4B08-AC3F-6AE3BDA51469}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II "{FC7CFC50-1BD5-4346-A71F-11E9FCC435E5}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II "{DCC55C4A-E986-4346-BF8B-D5238B6354C9}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{BBA1150C-FE09-4210-A791-2B3A464DFCFE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{BA1C3087-6262-4FD7-AB23-DDCA9DFC72FB}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{4284CF1A-0FC4-49AA-B192-40B7F5541E24}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{7878D76A-7285-4807-8577-700D6B03E93A}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{638C1D2A-B998-4B48-8068-5291B6A0CE04}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{AA12751F-5779-45A1-9563-64C692B2EB64}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{5BBC0981-A0FA-48A0-9197-4011CB96A647}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{B418C9C3-6557-4EC9-A037-0BC3C06E2255}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{80750F33-189E-4B15-8BA2-FEF2F1F0C0DF}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{81FACF6F-D955-4989-8BE8-DAA6C275957F}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{04756528-948E-479A-8018-5DEFA36C2D79}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "TCP Query User{7ABDCD94-6DCD-4CE2-A4B4-78A6CC7DD3E8}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.6.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.6.game:Command & Conquer™ Red Alert™ 3 "UDP Query User{D1268162-898B-4E60-9E5C-365EFE6DA160}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.6.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.6.game:Command & Conquer™ Red Alert™ 3 "TCP Query User{513BBFE5-1465-45C3-882A-9C66EB33F600}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "UDP Query User{4EFBA38A-66E7-46B9-AABF-4340C2526030}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager "{6A760BBF-C792-4D40-8DF9-B3ABB01F5E98}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{277BA65F-D021-45C4-ACDF-766D8475E006}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{8E95328D-7AC6-4876-BC98-DCB9B49CE38D}c:\\users\\kristian\\desktop\\call of duty\\codmp.exe"= UDP:c:\users\kristian\desktop\call of duty\codmp.exe:codmp.exe "UDP Query User{4C1D6BB7-ABF9-4F77-B290-52DE63C8A215}c:\\users\\kristian\\desktop\\call of duty\\codmp.exe"= TCP:c:\users\kristian\desktop\call of duty\codmp.exe:codmp.exe "{744B0911-C172-4CD5-90B0-81EFFBCA5DBF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{DD59C23B-3CA2-4D42-B62D-8E18D7759788}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2008-12-05 33408] R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Ventelo Sikkerhet\HIPS\drivers\fshs.sys [2008-12-05 66720] R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-08-15 35552] R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-08-15 70944] R1 fsvista;F-Secure Vista Support Driver;c:\program files\Ventelo Sikkerhet\Anti-Virus\minifilter\fsvista.sys [2008-08-15 12384] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Ventelo Sikkerhet\Anti-Virus\minifilter\fsgk.sys [2008-08-15 84096] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-12-22 43008] R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0[/u]00.fcl [2008-05-11 15:27:27 41456] S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [2007-12-22 26368] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-12-22 179712] S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [2007-12-22 42240] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Ventelo Sikkerhet\Anti-Virus\win2k\fsfilter.sys [2008-08-15 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Ventelo Sikkerhet\Anti-Virus\win2k\fsrec.sys [2008-08-15 25184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{441d11d3-dd62-11dd-9b5a-001e4cd60f5e}] \shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51bcee29-cb4c-11dd-b473-806e6f6e6963}] \shell\AutoRun\command - E:\dvsplash.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{590c4265-6616-11dd-97e0-f31a3209c880}] \shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ddd3556-dd70-11dd-b372-da22ec052571}] \shell\AutoRun\command - F:\WDSetup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-29 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\VENTEL~1\ANTI-V~1\fsav.exe [2008-09-23 14:35] . - - - - TOMME PEKERE FJERNET - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKCU-Run-Acer Tour Reminder - (no file) HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://no.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Ventelo Sikkerhet\FSPS\program\FSLSP.DLL DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab FF - ProfilePath - c:\users\Kristian\AppData\Roaming\Mozilla\Firefox\Profiles\evpk5shd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088657&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - ToggleNO Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2088657&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088657&SearchSource=2&q= ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 21:54:36 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(7896) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll c:\windows\system32\btmmhook.dll . Tidspunkt ferdig: 2009-01-29 21:56:36 ComboFix-quarantined-files.txt 2009-01-29 20:56:33 Pre-Run: 21 519 601 664 byte ledig Post-Run: 21,654,134,784 byte ledig 259 --- E O F --- 2009-01-29 15:31:23