ComboFix 10-03-05.01 - Karoline 05.03.2010  23:24:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.47.1044.18.2037.1023 [GMT 1:00]
Kjører fra: c:\users\Karoline\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((   Filer Opprettet Fra 2010-02-05 til 2010-03-05  )))))))))))))))))))))))))))))))))
.

2010-03-05 22:56 . 2010-03-05 22:58	--------	d-----w-	c:\users\Karoline\AppData\Local\temp
2010-03-05 22:56 . 2010-03-05 22:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-03-05 22:23 . 2010-03-05 22:23	12568	----a-w-	c:\windows\system32\drivers\PROCEXP113.SYS
2010-03-05 19:17 . 2010-03-05 19:17	--------	d-----w-	c:\program files\Trend Micro
2010-03-05 19:13 . 2010-03-05 19:13	58872	----a-w-	c:\users\Karoline\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-03 19:16 . 2010-03-03 19:16	--------	d-----w-	c:\users\Karoline\AppData\Roaming\Malwarebytes
2010-03-03 19:16 . 2010-01-07 15:07	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-03 19:16 . 2010-03-03 19:16	--------	d-----w-	c:\programdata\Malwarebytes
2010-03-03 19:16 . 2010-03-03 19:16	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-03-03 19:16 . 2010-01-07 15:07	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-03-03 17:03 . 2010-03-03 17:03	--------	d-----w-	c:\users\Karoline\AppData\Local\O&O
2010-03-03 11:46 . 2010-03-03 11:46	--------	d-----w-	c:\program files\CCleaner
2010-03-03 01:04 . 2010-03-02 23:42	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-03-02 23:39 . 2010-03-02 23:39	--------	dc-h--w-	c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-02 23:39 . 2010-02-04 15:53	2954656	-c--a-w-	c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-02 23:36 . 2010-03-02 23:39	--------	d-----w-	c:\program files\Lavasoft
2010-03-02 23:36 . 2010-03-02 23:42	--------	d-----w-	c:\programdata\Lavasoft
2010-02-23 23:45 . 2010-01-23 09:26	2048	----a-w-	c:\windows\system32\tzres.dll
2010-02-23 23:44 . 2010-01-25 12:00	471552	----a-w-	c:\windows\system32\secproc_isv.dll
2010-02-23 23:44 . 2010-01-25 12:00	471552	----a-w-	c:\windows\system32\secproc.dll
2010-02-23 23:44 . 2010-01-25 08:21	526336	----a-w-	c:\windows\system32\RMActivate_isv.exe
2010-02-23 23:44 . 2010-01-25 08:21	346624	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 23:44 . 2010-01-25 08:21	347136	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2010-02-23 23:44 . 2010-01-25 12:00	152576	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 23:44 . 2010-01-25 12:00	152064	----a-w-	c:\windows\system32\secproc_ssp.dll
2010-02-23 23:44 . 2010-01-25 11:58	332288	----a-w-	c:\windows\system32\msdrm.dll
2010-02-23 23:44 . 2010-01-25 08:21	518144	----a-w-	c:\windows\system32\RMActivate.exe
2010-02-23 23:44 . 2010-01-06 15:39	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-02-23 23:44 . 2010-01-06 15:38	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-02-23 23:44 . 2010-01-06 13:30	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-10 19:35 . 2009-12-11 11:43	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-02-10 19:35 . 2009-12-11 11:43	98816	----a-w-	c:\windows\system32\drivers\srvnet.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 19:09 . 2009-10-24 22:47	12	----a-w-	c:\windows\bthservsdp.dat
2010-03-02 01:03 . 2009-10-25 15:11	--------	d-----w-	c:\users\Karoline\AppData\Roaming\Spotify
2010-03-01 23:53 . 2009-10-25 08:40	76478	----a-w-	c:\windows\system32\perfc014.dat
2010-03-01 23:53 . 2009-10-25 08:40	452326	----a-w-	c:\windows\system32\perfh014.dat
2010-02-27 19:35 . 2009-10-27 10:35	--------	d-----w-	c:\users\Karoline\AppData\Roaming\vlc
2010-02-23 16:31 . 2009-11-09 14:00	--------	d-----w-	c:\users\Karoline\AppData\Roaming\dvdcss
2010-02-22 22:10 . 2009-10-25 12:56	1	----a-w-	c:\users\Karoline\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-16 20:20 . 2010-02-16 20:20	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-02-11 16:12 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-02-10 15:36 . 2009-10-25 09:16	--------	d-----w-	c:\users\Karoline\AppData\Roaming\Skype
2010-02-04 15:53 . 2010-03-02 23:42	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-01-27 11:32 . 2009-10-25 01:39	--------	d-----w-	c:\program files\Common Files\Adobe
2010-01-26 09:47 . 2010-01-26 09:47	--------	d-----w-	c:\programdata\Office Genuine Advantage
2010-01-22 10:05 . 2009-11-02 20:29	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-01-17 16:07 . 2009-10-25 01:46	--------	d-----w-	c:\users\Karoline\AppData\Roaming\Apple Computer
2010-01-17 15:47 . 2010-01-17 15:46	--------	d-----w-	c:\program files\iTunes
2010-01-17 15:46 . 2010-01-17 15:46	--------	d-----w-	c:\program files\iPod
2010-01-17 15:46 . 2009-10-25 01:41	--------	d-----w-	c:\program files\Common Files\Apple
2010-01-17 15:45 . 2010-01-17 15:44	--------	d-----w-	c:\program files\QuickTime
2010-01-17 15:42 . 2010-01-17 15:42	79144	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-06 15:38 . 2010-02-23 23:44	173056	----a-w-	c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 23:44	2159616	----a-w-	c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-23 23:44	542720	----a-w-	c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 23:44	458752	----a-w-	c:\windows\AppPatch\AcSpecfc.dll
2009-12-18 13:01 . 2010-01-22 12:47	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-12-16 11:44 . 2010-01-22 12:47	834048	----a-w-	c:\windows\system32\wininet.dll
2009-12-08 20:01 . 2010-02-10 19:34	904776	----a-w-	c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 19:34	3600456	----a-w-	c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 19:34	3548216	----a-w-	c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 19:34	30720	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-10-24 23:02 . 2009-10-24 23:02	76	--sh--r-	c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-25 149280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Karoline^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Karoline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08	935288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 14:43	118784	------w-	c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33	141600	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883856	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 13:39	189736	------w-	c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08	417792	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 14:01	25626408	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b9,bb,04,34,d5,57,ca,01

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-25 333192]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-10 360584]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2009-10-25 906520]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-10-25 285392]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1229232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
.
------- Tilleggsskanning -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Karoline\AppData\Roaming\Mozilla\Firefox\Profiles\6k9egy4i.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 23:57
Windows 6.0.6002 Service Pack 2 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ... 

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="D91033040B51DDF4AA48683D07D8FC929790CE8863CAC05FB1E944BC5DB1540B558AC94A30267B0CD4CE52EA9267E0B442E5111BBDB7F318BEE76468880BDA3E5CA14D8E968B68A61144735F0CE9369EBCDD3B055C7AB8E8B520708C2227F22A6EF5F6400E3337B6A97216D6DB456E9F3804CBEF61CD7D1BD18136DCA4B6AF3970FC86C38ADEB864C8710B0310F03D3B4AB7C279130178B1B05187862EFA678628813E6FA368048880B0258958FB9A286BABA433DA74A35F55A939A782CC326542A0651196BCF43243F33D810A07C3D2796AFAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DC038D530D6EB3452A6A0AC4980AC7933FC7459B56FBFD89B6184A1D3813515C5CB8B3A6C3DFB3F069FE02302088C7766FC709F1CD111D464AEFB0B52656DD411E564F26A134C2B2D43018E8720C557E63B0DF86C0D108E1DB7A2C5432B41F03720C25E027FA4188B9D7037D2761AE8D2B95D4A19EA0A40B44EA36CFC78E76A59BA8B6B88A3C4EA1279EE7FD848EF958CF39A8A59E22FF71F3650AB172478129C664B9B19D34C5AB5935F5ED407139AF9522048A825939AD4A89D46EBB8F111A7C82E058F19C373F2A148E04459B28A8637ECA1C59330DCCFD2248F9E7635E329FC85530CAE1599C34954A46A18E2CB217525CB34C5E04A1056A1F1115286D95090C8C3F4078D7E2D25D25DCB5199173B56918E3A8466C11BC7F5EAEC70111653059129F245E02C33463652B3C5B27A4B159D47E34FE575F5B0A78B9CAF6190E8501D68F4C1A500DEAD165F2FEAED57CDE059E400D9E5EDAD8D5DF8D19D69164FDDCD7DA88955AABED32EF2136A6F6540DE786C22085583524F656B00FE7DC4468AAAF606DDCE30E422DA9072A2BCAB2527D376A1768166775AB0B15F4AD79213A9DA744532D3E8E5F8A14FA8A4C38904C4652F98F3A199348953ACEBAB16C47E7EAD2F64300C045CAB27DB54B451AF67B94ED6E580CB7323A887D16681B8F854C515702233807FE4FE38F3D6CE9AA5DBF65240AFD47E9DE578A82A5361A59E66AD289507CBA0B1A23042EBD69DB6C377E6D956D8DB19989F2EB8527991A67987559E9159BE3EC139EE5929BE06A0384EE56F1310B15F36F673DCFBE58D6921925558EA2885112F54DA3429BB1AB6857CC1C408C22BFA1E9866DC6D68857D0162B7553CC34B3148210E2DF940A5BE801FC0ACD7A3CDF7CAB31525FE155CD9D8D8F83D3340F01F33509243BF03A55E535A1A1E3D2BD4C60B7C86C81E44AA583D5A0C5991790C3BE797E799317ECB22FAD3F8370394AD3B80A9337BCC9239B4954FD7162E8AE34EB43200F6986F7D784AB6FDB689DD7B8E23F709969EDF0B121D233408F3D4F480B8DCC246D659D3"
.
Tidspunkt ferdig: 2010-03-06  00:12:43
ComboFix-quarantined-files.txt  2010-03-05 23:12

Pre-Run: 94 775 377 920 byte ledig
Post-Run: 94 813 736 960 byte ledig

- - End Of File - - AA6381D1A52A854AC97216A6F7244AC1