ComboFix 10-06-20.01 - Eier 26.06.2010   0:08.5.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.47.1044.18.1014.463 [GMT 2:00]
Kjører fra: c:\documents and settings\Eier\Mine dokumenter\Nedlastinger\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dokumenter\Settings
c:\documents and settings\All Users\Dokumenter\Settings\cbss.dll
c:\windows\system32\drivers\gtykstpb.sys
c:\windows\system32\drivers\tcsznnar.sys
c:\windows\system32\susktmh.dll
c:\windows\system32\wokhzma.dll

Infisert kopi av c:\windows\system32\drivers\acpiec.sys ble funnet og desinfisert 
Gjenopprettet kopi fra - Kitty had a snack :p 
.
(((((((((((((((((((((((((((((((((((((((   Drivere/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPMUEFPF
-------\Legacy_TCSZNNAR
-------\Service_ipmuefpf
-------\Service_tcsznnar


(((((((((((((((((((((((((((   Filer Opprettet Fra 2010-05-25 til 2010-06-25  )))))))))))))))))))))))))))))))))
.

2010-06-25 14:31 . 2010-06-25 14:31	--------	d-----w-	c:\programfiler\iPod
2010-06-25 14:30 . 2010-06-25 14:33	--------	d-----w-	c:\programfiler\iTunes
2010-06-25 14:07 . 2010-06-25 14:07	--------	d-----w-	c:\programfiler\Bonjour
2010-06-25 13:59 . 2010-06-25 13:59	72504	----a-w-	c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-23 20:59 . 2010-06-23 20:59	38908	---ha-w-	c:\windows\system32\mlfcache.dat
2010-06-22 10:34 . 2009-07-06 08:48	11448	----a-w-	c:\windows\system32\drivers\AsUpIO.sys
2010-06-19 21:13 . 2010-06-19 21:13	63488	----a-w-	c:\documents and settings\Eier\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-19 21:13 . 2010-06-19 21:13	52224	----a-w-	c:\documents and settings\Eier\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-19 21:13 . 2010-06-19 21:13	117760	----a-w-	c:\documents and settings\Eier\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-19 21:12 . 2010-06-19 21:12	--------	d-----w-	c:\documents and settings\Eier\Programdata\SUPERAntiSpyware.com
2010-06-19 21:12 . 2010-06-19 21:12	--------	d-----w-	c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com
2010-06-19 21:12 . 2010-06-19 21:12	--------	d-----w-	c:\programfiler\SUPERAntiSpyware
2010-06-19 20:45 . 2008-04-15 12:00	96512	----a-w-	c:\windows\system32\drivers\atapi.sys
2010-06-19 19:25 . 2010-06-19 19:25	--------	d-----w-	c:\documents and settings\Eier\Programdata\Malwarebytes
2010-06-19 19:25 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 19:25 . 2010-06-19 21:20	--------	d-----w-	c:\programfiler\Malwarebytes' Anti-Malware
2010-06-19 19:25 . 2010-06-19 19:25	--------	d-----w-	c:\documents and settings\All Users\Programdata\Malwarebytes
2010-06-19 19:25 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-17 19:04 . 2010-06-17 19:04	--------	d-----r-	c:\documents and settings\NetworkService\Favoritter

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 20:30 . 2010-03-23 13:32	--------	d-----w-	c:\documents and settings\Eier\Programdata\vlc
2010-06-25 19:37 . 2009-12-27 14:17	--------	d-----w-	c:\documents and settings\Eier\Programdata\uTorrent
2010-06-25 14:30 . 2010-01-30 11:31	--------	d-----w-	c:\programfiler\Fellesfiler\Apple
2010-06-20 13:36 . 2010-06-17 15:03	112	----a-w-	c:\documents and settings\All Users\Programdata\3tDiVc2eC.dat
2010-06-19 20:44 . 2010-04-09 10:08	--------	d-----w-	c:\programfiler\QuickTime
2010-06-17 08:45 . 2010-06-17 08:45	5185672	----a-w-	c:\documents and settings\Eier\Programdata\Travie McCoy & Bruno Mars - Billionaire.zip
2010-06-10 11:00 . 2009-06-26 15:19	--------	d-----w-	c:\documents and settings\All Users\Programdata\Microsoft Help
2010-06-10 10:49 . 2009-06-25 21:10	76354	----a-w-	c:\windows\system32\perfc014.dat
2010-06-10 10:49 . 2009-06-25 21:10	436554	----a-w-	c:\windows\system32\perfh014.dat
2010-06-04 19:00 . 2010-05-20 14:55	--------	d-----w-	c:\programfiler\Microsoft Silverlight
2010-05-24 16:14 . 2010-04-26 16:11	1	----a-w-	c:\documents and settings\Eier\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-24 08:30 . 2010-05-24 08:30	3706235	----a-w-	c:\documents and settings\Eier\Programdata\Katy Perry ft Snoop Dogg - California Girls.zip
2010-05-23 18:14 . 2010-05-23 18:14	61440	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4f0a54e0-n\decora-sse.dll
2010-05-23 18:14 . 2010-05-23 18:14	503808	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50461e34-n\msvcp71.dll
2010-05-23 18:14 . 2010-05-23 18:14	499712	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50461e34-n\jmc.dll
2010-05-23 18:14 . 2010-05-23 18:14	348160	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-50461e34-n\msvcr71.dll
2010-05-23 18:14 . 2010-05-23 18:14	12800	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4f0a54e0-n\decora-d3d.dll
2010-05-23 14:04 . 2009-12-28 13:15	--------	d-----w-	c:\documents and settings\Eier\Programdata\dvdcss
2010-05-20 22:41 . 2010-05-20 22:41	--------	d-----w-	c:\documents and settings\Eier\Programdata\Multimedia Player
2010-05-19 11:18 . 2010-05-19 11:18	16384	----a-w-	c:\documents and settings\Eier\Programdata\Windowz.exe
2010-05-19 11:18 . 2010-05-19 11:18	16384	----a-w-	c:\documents and settings\Eier\Programdata\Windowz.exe
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-05-18 10:17 . 2010-05-18 10:13	--------	d-----w-	c:\documents and settings\Eier\Programdata\Samsung
2010-05-18 10:17 . 2010-05-18 10:14	--------	d-----w-	c:\documents and settings\Eier\Programdata\PC Suite
2010-05-18 10:16 . 2010-05-18 10:14	--------	d-----w-	c:\documents and settings\All Users\Programdata\PC Suite
2010-05-18 10:13 . 2010-05-18 10:13	--------	d-----w-	c:\programfiler\Fellesfiler\PCSuite
2010-05-18 10:13 . 2010-05-18 10:12	--------	d-----w-	c:\programfiler\Samsung
2010-05-18 10:13 . 2010-05-18 10:13	--------	d-----w-	c:\programfiler\DIFX
2010-05-18 10:12 . 2010-05-18 10:12	--------	d-----w-	c:\programfiler\PC Connectivity Solution
2010-05-18 10:11 . 2010-05-18 10:11	--------	d-----w-	c:\documents and settings\All Users\Programdata\Installations
2010-05-18 10:09 . 2010-05-18 10:12	27107508	----a-w-	c:\documents and settings\All Users\Programdata\Installations\{2958B04A-0905-4689-B8D8-2F511E03AEBA}\Samsung_PC_Studio_7_7.1.40.8.exe
2010-05-18 09:01 . 2010-04-09 10:08	--------	d-----w-	c:\documents and settings\All Users\Programdata\Apple Computer
2010-05-04 17:21 . 2009-06-25 21:10	832512	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 17:21 . 2009-06-25 21:10	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-05-04 17:21 . 2009-06-25 21:10	17408	----a-w-	c:\windows\system32\corpol.dll
2010-05-02 08:11 . 2009-06-25 21:10	1851264	----a-w-	c:\windows\system32\win32k.sys
2010-04-26 15:14 . 2010-04-26 15:14	61440	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-772f06da-n\decora-sse.dll
2010-04-26 15:14 . 2010-04-26 15:14	12800	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-772f06da-n\decora-d3d.dll
2010-04-26 15:14 . 2010-04-26 15:14	503808	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168c9cb9-n\msvcp71.dll
2010-04-26 15:14 . 2010-04-26 15:14	499712	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168c9cb9-n\jmc.dll
2010-04-26 15:14 . 2010-04-26 15:14	348160	----a-w-	c:\documents and settings\Eier\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168c9cb9-n\msvcr71.dll
2010-04-26 15:06 . 2009-06-26 15:03	45240	----a-w-	c:\documents and settings\Eier\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2010-04-26 13:05 . 2010-04-26 13:05	7424000	----a-r-	c:\documents and settings\Eier\Programdata\Microsoft\Installer\{B603B288-E64E-40D0-97EF-6EC8FF154329}\soffice.exe
2010-04-26 13:01 . 2009-12-26 17:37	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-04-26 12:11 . 2010-04-26 12:10	19492	----a-w-	c:\windows\hpqins13.dat
2010-04-20 05:34 . 2009-06-25 21:09	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-03-30 11:23 . 2010-03-30 11:23	0	----a-w-	c:\documents and settings\Eier\Programdata\wklnhst.dat
2010-03-29 07:59 . 2010-04-02 19:30	52224	----a-w-	c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-03-29 07:59 . 2010-04-02 19:30	101376	----a-w-	c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-06-20_20.14.27   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-25 22:25 . 2010-06-25 22:25	16384              c:\windows\Temp\Perflib_Perfdata_16c.dat
+ 2009-06-25 21:10 . 2008-04-15 12:00	39168              c:\windows\system32\wvbjzpkq.dat
+ 2009-06-25 21:10 . 2008-04-15 12:00	47360              c:\windows\system32\qxvdzhrn.dat
+ 2009-06-25 21:10 . 2008-04-15 12:00	50432              c:\windows\system32\gjaetvxh.dat
+ 2010-06-25 14:08 . 2010-04-19 18:47	41984              c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-06-25 14:09 . 2010-04-19 18:29	18432              c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2009-07-23 02:12 . 2010-06-25 13:37	32768              c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-23 02:12 . 2010-06-13 10:26	32768              c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-23 02:12 . 2010-06-13 10:26	32768              c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat
+ 2009-07-23 02:12 . 2010-06-25 13:37	32768              c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat
+ 2010-06-22 15:51 . 2010-06-25 13:37	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-14 11:45 . 2010-06-22 10:34	49152              c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\LiveUpdate.exe_159D431DD2094A75A6EE2B7624A40520.exe
- 2010-01-14 11:45 . 2010-01-14 11:45	49152              c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\LiveUpdate.exe_159D431DD2094A75A6EE2B7624A40520.exe
+ 2010-01-14 11:45 . 2010-06-22 10:34	45056              c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\Help.exe_93534D1C82624E1CB79EB496AFE18AB9.exe
- 2010-01-14 11:45 . 2010-01-14 11:45	45056              c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\Help.exe_93534D1C82624E1CB79EB496AFE18AB9.exe
+ 2010-01-14 11:45 . 2010-06-22 10:34	10134              c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\ARPPRODUCTICON.exe
- 2010-01-14 11:45 . 2010-01-14 11:45	10134              c:\windows\Installer\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}\ARPPRODUCTICON.exe
+ 2009-06-25 21:10 . 2008-04-15 12:00	148224              c:\windows\system32\zmzixovr.dat
+ 2009-06-25 21:10 . 2008-04-15 12:00	196608              c:\windows\system32\libssl32.dll
+ 2009-06-25 21:10 . 2008-04-15 12:00	633600              c:\windows\system32\ipbflasv.dat
+ 2009-06-25 21:10 . 2008-04-15 12:00	149248              c:\windows\system32\cyawpqtm.dat
+ 2009-06-25 21:10 . 2008-04-15 12:00	145152              c:\windows\system32\aehcagcs.dat
+ 2010-06-25 14:03 . 2010-06-25 14:03	807424              c:\windows\Installer\14a0c1.msi
+ 2010-06-25 14:34 . 2010-06-25 14:34	372736              c:\windows\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2009-06-25 21:10 . 2008-04-15 12:00	1015808              c:\windows\system32\libeay32.dll
+ 2009-06-25 21:10 . 2008-04-15 12:00	1659648              c:\windows\system32\hymjnjvj.dat
+ 2010-06-25 14:08 . 2010-04-19 18:47	3062048              c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-06-25 14:09 . 2010-04-19 18:29	1461992              c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-06-25 14:34 . 2010-06-25 14:34	4820480              c:\windows\Installer\14a956.msi
+ 2010-06-25 14:09 . 2010-06-25 14:09	3089408              c:\windows\Installer\14a130.msi
+ 2010-06-25 14:07 . 2010-06-25 14:07	1984000              c:\windows\Installer\14a0fc.msi
+ 2010-06-22 10:34 . 2010-06-22 10:34	7890432              c:\windows\Installer\11bd73.msi
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 10:16	282112	----a-w-	c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 10:16	282112	----a-w-	c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\programfiler\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336]
"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask             .exe -atboottime" [X]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"EasyMode"="c:\programfiler\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"EeeStorageBackup"="c:\programfiler\ASUS\Eee Storage\BackupService.exe" [2009-06-08 935184]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-06-26 3054136]
"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"AsusACPIServer"="c:\programfiler\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-18 696320]
"AsusEPCMonitor"="c:\programfiler\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"LiveUpdate"="c:\programfiler\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"SynAsusAcpi"="c:\programfiler\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-14 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-14 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-12-14 96792]
"hpqSRMon"="c:\programfiler\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SamsungPCSuiteTrayApplication"="c:\programfiler\Samsung\Samsung PC Studio 7\LaunchApplication.exe" [2008-08-07 278016]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
"Samsung.PCSync"="c:\programfiler\Samsung\Samsung PC Studio 7\PcSync2.exe" [2007-12-04 1241088]

c:\documents and settings\Eier\Start-meny\Programmer\Oppstart\
OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
 SuperHybridEngine.lnk - c:\programfiler\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-26 376832]
BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-5 604776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-12-03 04:31	65536	----a-w-	c:\windows\system32\igdlogin.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [22.06.2010 12:34 11448]
R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\programfiler\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 06:45 169312]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\programfiler\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19.05.2009 18:29 107744]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [23.07.2009 04:37 583360]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04.06.2009 03:54 38912]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [26.06.2009 18:02 233512]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [04.06.2009 03:54 39040]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.06.2009 16:24 1684736]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [18.05.2010 12:12 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [18.05.2010 12:12 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [18.05.2010 12:12 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [18.05.2010 12:12 12288]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - TCSZNNAR
*Deregistered* - tcsznnar
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.no/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send til Bluetooth - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nb-NO.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nb-NO:official
FF - prefs.js: keyword.URL - 
FF - component: c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\f6x9vdsa.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\programfiler\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 00:27
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...  

skanner skjulte autostart-oppføringer ... 

skanner skjulte filer ...  

skanning vellykket
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x864D1EC5]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7644f28
\Driver\ACPI -> ACPI.sys @ 0xf74c7cb8
\Driver\atapi -> atapi.sys @ 0xf747f852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS:  -> SendCompleteHandler -> 0x0
 PacketIndicateHandler -> 0x0
 SendHandler -> 0x0
user & kernel MBR OK 

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3364)
c:\programfiler\ASUS\Eee Storage\XPClient.dll
c:\programfiler\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\programfiler\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3446.18361__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\BTNEIG~1.DLL
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programfiler\Samsung\Samsung PC Studio 7\PhoneBrowser.dll
c:\programfiler\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
c:\programfiler\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_eng.nlr
c:\programfiler\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programfiler\Bonjour\mDNSResponder.exe
c:\programfiler\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\programfiler\OpenOffice.org 3\program\soffice.exe
c:\programfiler\OpenOffice.org 3\program\soffice.bin
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\programfiler\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\programfiler\iPod\bin\iPodService.exe
c:\programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programfiler\PC Connectivity Solution\Transports\NclBCBTSrv.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2010-06-26  00:36:48 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt  2010-06-25 22:36
ComboFix2.txt  2010-06-20 21:38
ComboFix3.txt  2010-06-20 20:19
ComboFix4.txt  2010-06-20 15:12

Pre-Run: 63 117 086 720 byte ledig
Post-Run: 63 360 663 552 byte ledig

- - End Of File - - CFF21A07273A068D10C3F2D07945F024