ComboFix 10-03-11.02 - Gunnar 11.03.2010 21:45:26.2.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.47.1044.18.3535.2183 [GMT 1:00] Kjører fra: c:\users\Gunnar\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Anti-virus er aktiv . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-11 til 2010-03-11 ))))))))))))))))))))))))))))))))) . 2010-03-11 20:59 . 2010-03-11 20:59 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-03-11 20:59 . 2010-03-11 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-11 19:40 . 2010-03-11 19:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-03-11 19:40 . 2010-03-11 20:25 -------- d-----w- c:\users\Gunnar\AppData\Roaming\SUPERAntiSpyware.com 2010-03-11 19:40 . 2010-03-11 20:25 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-11 18:46 . 2010-03-11 20:59 -------- d-----w- c:\users\Gunnar\AppData\Local\temp 2010-03-11 17:01 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-11 17:01 . 2010-03-11 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-11 17:01 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-11 06:32 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-11 06:32 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-11 06:32 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-03-02 17:20 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-03-01 16:30 . 2010-03-01 16:30 -------- d-----w- c:\program files\Giganews Accelerator 2010-02-27 10:14 . 2010-02-27 10:14 -------- d-----w- c:\programdata\GARMIN 2010-02-27 10:13 . 2010-02-27 10:13 -------- d-----w- c:\program files\Garmin 2010-02-24 19:10 . 2010-02-23 19:59 642560 ----a-w- c:\program files\Common Files\SetupDLL.dll 2010-02-24 19:10 . 2010-02-24 19:10 -------- d-----w- c:\program files\SDExplorer 2010-02-24 06:53 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-24 06:52 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-02-24 06:52 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-02-24 06:52 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-02-24 06:52 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll 2010-02-24 06:52 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-02-24 06:52 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-02-24 06:52 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-24 06:52 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-02-24 06:52 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-02-24 06:51 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-02-24 06:51 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-02-24 06:51 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-02-10 15:42 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-10 15:42 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-02-10 15:41 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-10 15:41 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-10 15:40 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-10 15:40 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-02-10 15:40 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2010-02-10 15:40 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-02-10 15:40 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll 2010-02-10 15:40 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-02-10 15:40 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll 2010-02-10 15:40 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-02-10 15:40 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll 2010-02-10 15:40 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-02-10 15:40 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-02-10 15:39 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-10 15:39 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-11 20:26 . 2008-01-21 05:41 76478 ----a-w- c:\windows\system32\perfc014.dat 2010-03-11 20:26 . 2008-01-21 05:41 452326 ----a-w- c:\windows\system32\perfh014.dat 2010-03-11 20:20 . 2009-03-18 09:03 0 ----a-w- c:\users\Gunnar\AppData\Local\WavXMapDrive.bat 2010-03-11 20:20 . 2009-03-18 09:10 -------- d-----w- c:\program files\Norman 2010-03-11 20:19 . 2009-03-12 13:20 3204 ----a-w- c:\windows\bthservsdp.dat 2010-03-11 19:51 . 2009-10-20 13:46 -------- d-----w- c:\users\Gunnar\AppData\Roaming\vlc 2010-03-11 19:38 . 2009-04-17 13:17 -------- d-----w- c:\users\Gunnar\AppData\Roaming\dvdcss 2010-03-11 16:54 . 2010-01-03 19:29 -------- d-----w- c:\users\Gunnar\AppData\Roaming\Skype 2010-03-11 16:52 . 2009-11-28 18:53 -------- d-----w- c:\program files\NewsBin 2010-03-11 16:48 . 2010-01-03 19:45 -------- d-----w- c:\users\Gunnar\AppData\Roaming\skypePM 2010-03-11 06:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-11 06:34 . 2009-03-18 09:50 -------- d-----w- c:\programdata\Microsoft Help 2010-03-10 22:09 . 2009-03-18 09:53 -------- d-----w- c:\program files\uTorrent 2010-03-10 15:57 . 2009-03-18 10:16 -------- d-----w- c:\users\Gunnar\AppData\Roaming\Spotify 2010-03-04 08:03 . 2009-10-02 06:36 -------- d-----w- c:\program files\Mozilla Thunderbird 3.0 Beta 4 2010-02-28 14:09 . 2009-03-12 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-28 14:09 . 2009-06-17 13:37 -------- d-----w- c:\program files\Paradox Interactive 2010-02-28 12:12 . 2009-03-18 09:55 -------- d-----w- c:\program files\CCleaner 2010-02-27 10:13 . 2009-03-12 13:07 -------- d-----w- c:\program files\DIFX 2010-02-25 05:51 . 2009-03-18 09:03 59464 ----a-w- c:\users\Gunnar\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-04 21:31 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-09 12:50 . 2009-05-01 11:38 -------- d-----w- c:\program files\Google 2010-02-08 21:49 . 2009-03-18 13:46 -------- d-----w- c:\users\Gunnar\AppData\Roaming\InstallShield 2010-01-20 16:11 . 2009-04-03 16:12 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-15 08:29 . 2009-03-18 09:54 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-03 19:45 . 2010-01-03 19:45 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-01-02 06:38 . 2010-01-22 06:52 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 06:52 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-22 06:52 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-22 06:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr 2009-03-12 21:38 . 2009-03-12 21:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2008-11-09 17:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2008-11-09 17:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-21 200704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-11 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-11 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-11 145944] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-09-24 184320] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-09-26 134144] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-11-10 656696] "EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-11-10 91448] "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2008-11-10 24576] "DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-02 483420] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-11-24 189824] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "NPCTray"="c:\program files\Norman\npc\bin\npc_tray.exe" [2009-10-07 103752] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 936224] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):39,8d,ec,7d,a6,04,ca,01 R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S1 ALE_NF;Norman Firewall ALE driver;c:\windows\system32\drivers\ale_nf.sys [2009-10-07 44872] S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-10-07 25032] S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2009-10-07 61512] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_505c1590\aestsrv.exe [2008-12-02 81920] S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232] S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968] S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-09-04 406808] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-11-11 808296] S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-11-11 20840] S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-11-11 451872] S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2009-10-13 24168] S2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\npf\bin\npfsvc32.exe [2009-10-21 566656] S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2009-10-07 103752] S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2009-11-23 97752] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736] S3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\DRIVERS\ccidflt.SYS [2008-11-11 12840] S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [2008-11-11 32808] S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-07-01 224384] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-08-11 112128] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-07 3662848] S3 NPC;Norman Parental Control;c:\program files\Norman\npc\bin\npcsvc32.exe [2009-10-22 255304] S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2009-11-23 283976] S3 NUAA;Norman User Activity Agent;c:\program files\Norman\npc\bin\nuaa.exe [2009-10-07 99656] S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2009-10-14 23392] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2009-10-07 202056] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv *Deregistered* - SASENUM [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Tilleggsskanning ------- . uStart Page = https://mail.veths.no/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Norman\npc\bin\nlf.dll FF - ProfilePath - c:\users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\ukorcvju.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.dyregod.no/ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\ukorcvju.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-11 21:59 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-2694851754-1577031057-1447337770-1000\Software\SecuROM\License information*] "datasecu"=hex:93,6c,7c,4d,4d,53,8d,7b,56,91,a6,b9,a9,ce,76,06,15,a2,3c,b5,00, 50,4c,54,6b,a2,f8,d8,66,b2,05,5d,48,f0,9c,33,52,54,ec,bf,d7,53,d7,93,cb,9b,\ "rkeysecu"=hex:d3,9c,e6,8a,c9,79,53,78,a0,54,e0,ad,a3,9a,5d,8e [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(720) c:\windows\system32\wvauth.dll . Tidspunkt ferdig: 2010-03-11 22:12:09 ComboFix-quarantined-files.txt 2010-03-11 21:12 ComboFix2.txt 2010-03-11 18:58 Pre-Run: 21 177 307 136 byte ledig Post-Run: 21 813 047 296 byte ledig - - End Of File - - C38E1BD8624CAFF1DFEDFEB2F565C9BC