ComboFix 10-01-21.08 - Vanja 23.01.2010 1:53.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1033.18.2046.1227 [GMT 1:00] Kjører fra: c:\users\Vanja\Downloads\ComboFix.exe SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\components\npclntax.xpt c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk c:\windows\system32\Data c:\windows\system32\Data\CT0060W.DAT c:\windows\system32\Data\ctd20x.dat c:\windows\system32\Data\CTEAPSW.DAT c:\windows\system32\Data\CTEDSP2W.DAT c:\windows\system32\Data\CTEDSPHW.DAT c:\windows\system32\Data\CTEDSPKW.DAT c:\windows\system32\Data\CTEDSPLW.DAT c:\windows\system32\Data\CTEDSPPW.DAT c:\windows\system32\Data\CTEDSPTW.DAT c:\windows\system32\Data\CTEDSPUW.DAT c:\windows\system32\Data\CTEDSPW.DAT c:\windows\system32\Data\CTP0060W.DAT c:\windows\system32\Data\CTP0061W.DAT c:\windows\system32\Data\CTP0070W.DAT c:\windows\system32\Data\CTP0073W.DAT c:\windows\system32\Data\CTP0090W.DAT c:\windows\system32\Data\CTP0091W.DAT c:\windows\system32\Data\CTP0092W.DAT c:\windows\system32\Data\CTP0095W.DAT c:\windows\system32\Data\CTP0100W.DAT c:\windows\system32\Data\CTP0101W.DAT c:\windows\system32\Data\CTP0102W.DAT c:\windows\system32\Data\CTP0103W.DAT c:\windows\system32\Data\CTP0105W.DAT c:\windows\system32\Data\CTP0150W.DAT c:\windows\system32\Data\CTP0161W.DAT c:\windows\system32\Data\CTP0162W.DAT c:\windows\system32\Data\CTP0170W.DAT c:\windows\system32\Data\CTP017AW.DAT c:\windows\system32\Data\CTP017BW.DAT c:\windows\system32\Data\CTP017CW.DAT c:\windows\system32\Data\CTP017DW.DAT c:\windows\system32\Data\CTP017EW.DAT c:\windows\system32\Data\CTP017FW.DAT c:\windows\system32\Data\CTP017GW.DAT c:\windows\system32\Data\CTP017HW.DAT c:\windows\system32\Data\CTP0191W.DAT c:\windows\system32\Data\CTP0192W.DAT c:\windows\system32\Data\CTP0221W.DAT c:\windows\system32\Data\CTP0222W.DAT c:\windows\system32\Data\CTP0230W.DAT c:\windows\system32\Data\CTP0231W.DAT c:\windows\system32\Data\CTP0232W.DAT c:\windows\system32\Data\CTP0238W.DAT c:\windows\system32\Data\CTP0240W.DAT c:\windows\system32\Data\CTP0242W.DAT c:\windows\system32\Data\CTP0243W.DAT c:\windows\system32\Data\CTP0244W.DAT c:\windows\system32\Data\CTP0245W.DAT c:\windows\system32\Data\CTP0246W.DAT c:\windows\system32\Data\CTP0249W.DAT c:\windows\system32\Data\CTP0280W.DAT c:\windows\system32\Data\CTP0320W.DAT c:\windows\system32\Data\CTP0350W.DAT c:\windows\system32\Data\CTP0352W.DAT c:\windows\system32\Data\CTP0355W.DAT c:\windows\system32\Data\CTP0358W.DAT c:\windows\system32\Data\CTP0359W.DAT c:\windows\system32\Data\CTP0360W.DAT c:\windows\system32\Data\CTP0380W.DAT c:\windows\system32\Data\CTP0400W.DAT c:\windows\system32\Data\CTP0460W.DAT c:\windows\system32\Data\CTP0462W.DAT c:\windows\system32\Data\CTP0463W.DAT c:\windows\system32\Data\CTP0464W.DAT c:\windows\system32\Data\CTP0465W.DAT c:\windows\system32\Data\CTP0466W.DAT c:\windows\system32\Data\CTP0468W.DAT c:\windows\system32\Data\CTP0469W.DAT c:\windows\system32\Data\CTP046AW.DAT c:\windows\system32\Data\CTP046BW.DAT c:\windows\system32\Data\CTP046CW.DAT c:\windows\system32\Data\CTP0530L.DAT c:\windows\system32\Data\CTP0530W.DAT c:\windows\system32\Data\CTP0531L.DAT c:\windows\system32\Data\CTP0531W.DAT c:\windows\system32\Data\CTP0550W.DAT c:\windows\system32\Data\CTP055AW.DAT c:\windows\system32\Data\CTP0600W.DAT c:\windows\system32\Data\CTP0610W.DAT c:\windows\system32\Data\CTP0669W.DAT c:\windows\system32\Data\CTP0678W.DAT c:\windows\system32\Data\CTP0679W.DAT c:\windows\system32\Data\CTP0730W.DAT c:\windows\system32\Data\CTP073AW.DAT c:\windows\system32\Data\CTP0760W.DAT c:\windows\system32\Data\CTP0773W.DAT c:\windows\system32\Data\CTP0930W.DAT c:\windows\system32\Data\CTP1140W.DAT c:\windows\system32\Data\CTP4620W.DAT c:\windows\system32\Data\CTP4670W.DAT c:\windows\system32\Data\CTP4760W.DAT c:\windows\system32\Data\CTP4780W.DAT c:\windows\system32\Data\CTP4790W.DAT c:\windows\system32\Data\CTP4820W.DAT c:\windows\system32\Data\CTP4830W.DAT c:\windows\system32\Data\CTP4831W.DAT c:\windows\system32\Data\CTP4832W.DAT c:\windows\system32\Data\CTP4840W.DAT c:\windows\system32\Data\CTP4850W.DAT c:\windows\system32\Data\CTP4870W.DAT c:\windows\system32\Data\CTP4871W.DAT c:\windows\system32\Data\CTP4872W.DAT c:\windows\system32\Data\CTP4875W.DAT c:\windows\system32\Data\CTP4890W.DAT c:\windows\system32\Data\CTP4891W.DAT c:\windows\system32\Data\CTP4893W.DAT c:\windows\system32\Data\CTPDXW.DAT c:\windows\system32\Data\CTPM002W.DAT c:\windows\system32\Data\cts20x.dat c:\windows\system32\Data\CTXFICBM.RFX c:\windows\system32\Data\CTXFICM.RFX c:\windows\system32\Data\CTXFIEM.RFX c:\windows\system32\Data\CTXFIGM.RFX . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-23 til 2010-01-23 ))))))))))))))))))))))))))))))))) . 2010-01-23 01:04 . 2010-01-23 01:07 -------- d-----w- c:\users\Vanja\AppData\Local\temp 2010-01-23 01:04 . 2010-01-23 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-23 00:12 . 2010-01-23 00:12 -------- d-----w- c:\users\Vanja\AppData\Roaming\Malwarebytes 2010-01-23 00:12 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-23 00:12 . 2010-01-23 00:12 -------- d-----w- c:\programdata\Malwarebytes 2010-01-23 00:12 . 2010-01-23 00:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-23 00:12 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-22 23:29 . 2010-01-22 20:08 123022 --sh--r- c:\windows\infocard.exe 2010-01-17 15:23 . 2010-01-22 23:33 -------- d-----w- c:\users\Vanja\AppData\Roaming\vlc 2010-01-13 04:19 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 04:19 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-13 02:31 . 2010-01-23 00:34 -------- d-----w- c:\users\Vanja\AppData\Roaming\IMVU 2010-01-13 02:31 . 2010-01-13 02:31 76774 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\Uninstall.exe 2010-01-13 02:31 . 2010-01-13 02:31 -------- d-----w- c:\users\Vanja\AppData\Roaming\IMVUClient 2010-01-11 21:48 . 2010-01-11 21:48 92192 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\IMVUupdater.exe 2010-01-11 21:48 . 2010-01-11 21:48 52992 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\IMVUClient.exe 2010-01-11 21:48 . 2010-01-11 21:48 21760 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe 2010-01-11 21:45 . 2010-01-11 21:45 121856 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\WriteMiniDump.exe 2010-01-11 21:44 . 2010-01-11 21:44 1251328 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\SceneWindow.dll 2010-01-11 21:44 . 2010-01-11 21:44 54784 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\ui\plugins\nphwndproxy.dll 2010-01-11 21:44 . 2010-01-11 21:44 45568 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\ui\plugins\npvivoxproxy.dll 2010-01-11 21:43 . 2010-01-11 21:43 16896 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\MemoryHook.dll 2010-01-11 21:42 . 2010-01-11 21:42 320000 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\cal3d.dll 2010-01-11 21:42 . 2010-01-11 21:42 198656 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\boost_python.dll 2010-01-11 21:42 . 2010-01-11 21:42 29184 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\CallStack.dll 2010-01-11 21:42 . 2010-01-11 21:42 260096 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\audiere.dll 2010-01-09 20:13 . 2008-02-28 12:26 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll 2010-01-09 19:55 . 2010-01-09 19:55 -------- d-----w- c:\users\Vanja\AppData\Local\Ahead 2010-01-09 19:55 . 2010-01-09 19:55 -------- d-----w- c:\program files\NeroInstall.bak 2010-01-09 19:51 . 2010-01-09 19:51 -------- d-----w- c:\users\Vanja\AppData\Roaming\Nero 2010-01-09 19:44 . 2010-01-09 20:13 -------- d-----w- c:\programdata\Nero 2010-01-09 19:44 . 2010-01-09 20:13 -------- d-----w- c:\program files\Common Files\Nero 2010-01-06 22:32 . 2010-01-06 22:32 7491728 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\1VivoxVoice.exe 2010-01-06 22:32 . 2010-01-06 22:32 353424 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\npvivoxvoiceplugin.dll 2010-01-04 16:56 . 2010-01-04 16:56 83456 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\smime3.dll 2010-01-04 16:56 . 2010-01-04 16:56 66560 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\nssutil3.dll 2010-01-04 16:56 . 2010-01-04 16:56 154112 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\nspr4.dll 2010-01-04 16:56 . 2010-01-04 16:56 12288 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\AccessibleMarshal.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 00:45 . 2009-11-13 11:23 -------- d-----w- c:\programdata\avg9 2010-01-23 00:31 . 2008-08-02 09:57 -------- d-----w- c:\program files\AVG 2010-01-22 10:04 . 2009-06-19 14:59 -------- d-----w- c:\users\Vanja\AppData\Roaming\dvdcss 2010-01-22 07:01 . 2009-02-12 12:22 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-21 17:48 . 2008-08-04 00:17 -------- d-----w- c:\users\Vanja\AppData\Roaming\OpenOffice.org2 2010-01-21 17:47 . 2008-08-04 00:22 1 ----a-w- c:\users\Vanja\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-01-16 17:10 . 2009-04-11 18:36 -------- d-----w- c:\users\Vanja\AppData\Roaming\Spotify 2010-01-13 06:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-09 19:38 . 2008-08-02 10:08 -------- d-----w- c:\users\Vanja\AppData\Roaming\uTorrent 2009-12-19 03:35 . 2009-11-23 20:28 -------- d-----w- c:\program files\Google 2009-12-17 18:05 . 2009-12-17 18:05 4924048 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\vivoxsdk.dll 2009-12-17 18:05 . 2009-12-17 18:05 330896 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\libsndfile-1.dll 2009-12-17 18:05 . 2009-12-17 18:05 275088 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\vivoxoal.dll 2009-12-17 18:05 . 2009-12-17 18:05 246416 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\ortp.dll 2009-12-17 18:05 . 2009-12-17 18:05 1034896 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\dbghelp.dll 2009-12-15 18:51 . 2009-12-15 18:51 -------- d-----w- c:\users\Vanja\AppData\Roaming\AVS4YOU 2009-12-15 18:51 . 2009-12-15 18:51 -------- d-----w- c:\programdata\AVS4YOU 2009-12-15 18:51 . 2009-12-15 18:50 -------- d-----w- c:\program files\AVS4YOU 2009-12-15 18:51 . 2009-12-15 18:50 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-12-15 12:32 . 2009-12-15 12:29 -------- d-----w- c:\users\Vanja\AppData\Roaming\Apple Computer 2009-12-15 12:27 . 2009-12-15 12:26 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-15 12:27 . 2009-12-15 12:26 -------- d-----w- c:\program files\iTunes 2009-12-15 12:26 . 2009-12-15 12:26 -------- d-----w- c:\program files\iPod 2009-12-15 12:26 . 2009-12-15 12:17 -------- d-----w- c:\program files\Common Files\Apple 2009-12-15 12:26 . 2009-12-15 12:22 -------- d-----w- c:\programdata\Apple Computer 2009-12-15 12:25 . 2009-12-15 12:25 -------- d-----w- c:\program files\Bonjour 2009-12-15 12:25 . 2009-12-15 12:22 -------- d-----w- c:\program files\QuickTime 2009-12-15 12:21 . 2009-12-15 12:21 -------- d-----w- c:\program files\Apple Software Update 2009-12-15 12:17 . 2009-12-15 12:17 -------- d-----w- c:\programdata\Apple 2009-12-02 23:30 . 2009-12-02 23:30 -------- d-----w- c:\program files\Teamspeak2_RC2 2009-12-01 02:38 . 2009-12-01 02:38 1006080 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\libeay32.dll 2009-12-01 02:38 . 2009-12-01 02:38 184832 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\ssleay32.dll 2009-11-27 05:20 . 2009-09-25 04:20 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-11-25 06:01 . 2009-11-25 06:01 -------- d-----w- c:\program files\MSXML 4.0 2009-11-21 06:40 . 2009-12-09 03:43 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-09 03:42 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-09 03:42 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-09 03:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-12 23:27 . 2009-11-12 23:27 3771296 ----a-w- c:\users\Vanja\AppData\Roaming\IMVUClient\ui\plugins\NPSWF32.dll 2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-11-09 12:31 . 2009-12-09 04:27 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-11-09 12:30 . 2009-12-09 04:27 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-11-09 10:36 . 2009-12-09 04:27 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-11-06 17:29 . 2008-08-09 12:40 2032 ----a-w- c:\users\Vanja\AppData\Local\d3d9caps.dat 2009-11-02 19:42 . 2009-10-03 05:01 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:17 . 2009-11-25 06:02 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-28 09:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-12 57344] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440] "Firewall Administrating"="infocard.exe" [2010-01-22 123022] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\READREG" [X] c:\users\Vanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IMVU.lnk - c:\users\Vanja\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [2010-1-11 21760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] 2008-06-27 16:24 19456 ----a-w- c:\windows\System32\CtHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LOTRO Launcher] 2008-11-01 00:07 308496 ----a-w- c:\program files\Codemasters\The Lord of the Rings Online\TurbineInvoker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):d6,f6,41,49,59,2c,ca,01 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [27.04.2009 05:21 64160] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [29.04.2009 03:07 176128] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 22:34 1028432] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.sys [27.06.2008 19:21 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.sys [27.06.2008 19:21 555032] R3 ctgame;Game Port;c:\windows\System32\drivers\ctgame.sys [07.07.2008 10:32 18840] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.sys [27.06.2008 19:21 566296] R3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr61.sys [26.11.2008 13:51 333824] R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\System32\drivers\CM108.sys [28.06.2007 06:18 1310720] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [28.10.2008 01:13 717296] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.11.2009 21:28 135664] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [24.08.2008 04:01 84832] S3 COMMONFX;COMMONFX;c:\windows\System32\drivers\COMMONFX.sys [27.06.2008 19:21 99352] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [09.08.2008 13:38 79360] S3 CTAUDFX;CTAUDFX;c:\windows\System32\drivers\CTAUDFX.sys [27.06.2008 19:21 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.sys [27.06.2008 19:21 100888] S3 CTERFXFX;CTERFXFX;c:\windows\System32\drivers\CTERFXFX.sys [27.06.2008 19:21 100888] S3 CTSBLFX;CTSBLFX;c:\windows\System32\drivers\CTSBLFX.sys [27.06.2008 19:21 566296] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504] S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\System32\drivers\se3ebus.sys [08.08.2008 20:18 83080] S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;c:\windows\System32\drivers\se3emdfl.sys [08.08.2008 20:19 15112] S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;c:\windows\System32\drivers\se3emdm.sys [08.08.2008 20:19 108552] S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\se3emgmt.sys [08.08.2008 20:20 100360] S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;c:\windows\System32\drivers\se3eobex.sys [08.08.2008 20:19 98568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-01-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 04:20] 2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-23 20:27] 2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-23 20:27] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.gllod.com FF - ProfilePath - c:\users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\m13f0zy3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/ FF - prefs.js: keyword.URL - hxxp://no.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_no&p= FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\users\Vanja\AppData\Roaming\Mozilla\Firefox\Profiles\m13f0zy3.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe MSConfigStartUp-RestartNeroSetup - c:\users\Vanja\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe AddRemove-PopCap Browser Plugin - c:\program files\PopCap Games\PopCap Browser Plugin\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 02:07 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . Tidspunkt ferdig: 2010-01-23 02:10:02 ComboFix-quarantined-files.txt 2010-01-23 01:09 Pre-Run: 50 083 655 680 bytes free Post-Run: 51 205 115 904 bytes free - - End Of File - - B240D6C73548053050A663F95D980E9A