ComboFix 10-08-12.03 - Kjetil 14.08.2010 2:18.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3069.2371 [GMT 2:00] Kjører fra: c:\users\Kjetil\Downloads\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\vlc-0.9.4-win32.exe c:\users\Kjetil\AppData\Local\gkfhluamk c:\users\Kjetil\AppData\Local\gkfhluamk\lnhqhncshdw.exe c:\users\Kjetil\AppData\Local\vegsapktc c:\users\Kjetil\AppData\Local\vegsapktc\kovqofrshdw.exe c:\users\Kjetil\AppData\Local\xqlsaxxco c:\users\Kjetil\AppData\Local\xqlsaxxco\kfhxgcpshdw.exe c:\users\Kjetil\AppData\Roaming\ohydy.exe D:\install.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-07-14 til 2010-08-14 ))))))))))))))))))))))))))))))))) . 2010-08-13 18:44 . 2010-08-13 18:44 -------- d-----w- c:\users\Kjetil\AppData\Roaming\Malwarebytes 2010-08-13 18:43 . 2010-08-13 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-13 18:43 . 2010-08-13 18:43 -------- d-----w- c:\programdata\Malwarebytes 2010-08-13 18:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-13 18:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-13 15:59 . 2010-08-13 15:59 63488 ----a-w- c:\users\Kjetil\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-08-13 15:59 . 2010-08-13 15:59 52224 ----a-w- c:\users\Kjetil\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-08-13 15:59 . 2010-08-13 15:59 117760 ----a-w- c:\users\Kjetil\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-08-13 15:59 . 2010-08-13 15:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-08-13 15:59 . 2010-08-13 15:59 -------- d-----w- c:\users\Kjetil\AppData\Roaming\SUPERAntiSpyware.com 2010-08-13 15:58 . 2010-08-13 15:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-08-13 15:34 . 2010-08-13 15:34 43008 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwqqll2wqq.exe 2010-08-13 15:34 . 2010-08-13 15:33 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\q7lglggb0.exe 2010-08-13 13:39 . 2010-08-13 13:39 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqll1vvqqla.exe 2010-08-13 13:39 . 2010-08-13 13:39 43008 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f2avkk1vvq.exe 2010-08-12 04:11 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-08-12 04:11 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll 2010-08-12 04:11 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-08-12 04:11 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-08-12 04:11 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-12 04:11 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-12 04:11 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-12 04:11 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-12 04:11 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-12 04:11 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-10 17:51 . 2010-08-10 17:51 -------- d-----w- c:\users\Kjetil\AppData\Local\Geckofx 2010-08-10 17:51 . 2010-08-10 17:51 -------- d-----w- c:\users\Kjetil\AppData\Roaming\Red Kawa 2010-08-10 17:45 . 2010-08-10 17:45 -------- d-----w- c:\program files\Regensoft 2010-08-10 17:45 . 2010-08-10 17:45 -------- d-----w- c:\program files\AviSynth 2.5 2010-08-10 17:45 . 2010-08-10 17:45 -------- d-----w- c:\program files\Red Kawa 2010-08-10 15:39 . 2010-08-10 15:39 43008 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\q0lg0a0v.exe 2010-08-10 15:39 . 2010-08-10 15:39 43008 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvvqf0a0.exe 2010-08-10 15:35 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-08-10 15:35 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-08-10 15:34 . 2010-08-10 15:34 -------- d-----w- c:\program files\iPod 2010-08-10 15:34 . 2010-08-10 15:34 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-10 15:34 . 2010-08-10 15:34 -------- d-----w- c:\program files\iTunes 2010-08-10 15:31 . 2010-08-10 15:31 -------- d-----w- c:\program files\QuickTime 2010-08-10 15:30 . 2010-08-10 15:30 -------- d-----w- c:\program files\Apple Software Update 2010-08-10 14:59 . 2010-08-10 14:59 -------- d-----w- c:\program files\Safari 2010-08-10 14:58 . 2010-08-10 14:58 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe 2010-08-09 18:29 . 2010-08-09 18:29 42496 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a7avakvv2f0.exe 2010-08-09 18:29 . 2010-08-09 18:29 43008 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qq6aavk4.exe 2010-08-09 08:31 . 2010-08-09 08:31 42496 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lvvlb5lbbv.exe 2010-08-09 08:31 . 2010-08-09 08:31 43008 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qg6bbvblgvv.exe 2010-08-08 23:44 . 2010-08-08 23:44 42496 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d2y981ny.exe 2010-08-08 22:58 . 2010-08-08 22:58 42496 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g6bbvl5g1.exe 2010-08-08 22:58 . 2010-08-08 22:58 43008 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6qlgg7b.exe 2010-07-25 07:15 . 2010-07-25 07:15 43008 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vvqffvava76.exe 2010-07-25 07:15 . 2010-07-25 07:15 43008 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qka6qvqvv6.exe 2010-07-25 07:15 . 2010-07-25 07:15 36352 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qffvk6ffqvf.exe 2010-07-22 16:14 . 2010-07-22 16:14 36352 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\av1qkkfv98q.exe 2010-07-22 16:14 . 2010-07-22 16:14 44032 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkaa1kkffaq.exe 2010-07-22 16:14 . 2010-07-22 16:14 36352 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6a7vpkk.exe 2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-07-20 07:42 . 2010-07-20 07:42 44032 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shsshh1c9.exe 2010-07-20 07:42 . 2010-07-20 07:42 44032 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chhnxsx74.exe 2010-07-19 15:08 . 2010-07-19 15:08 36352 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kaav1pkkfv.exe 2010-07-19 15:08 . 2010-07-19 15:08 44032 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffappkkf.exe 2010-07-19 15:08 . 2010-07-19 15:08 36352 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k1vvppkaa.exe 2010-07-18 10:58 . 2010-07-18 10:58 44032 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaa1llggaq.exe 2010-07-18 10:58 . 2010-07-18 10:58 44032 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffvvqf0a0.exe 2010-07-18 10:58 . 2010-07-18 10:58 36352 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a1llffaq.exe 2010-07-16 15:50 . 2010-07-16 15:50 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aqa2kfkfv.exe 2010-07-16 15:50 . 2010-07-16 15:50 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apavppk1akk.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-14 00:20 . 2006-11-21 05:16 76272 ----a-w- c:\windows\system32\perfc014.dat 2010-08-14 00:20 . 2006-11-21 05:16 452096 ----a-w- c:\windows\system32\perfh014.dat 2010-08-13 21:01 . 2008-10-09 17:02 -------- d-----w- c:\users\Kjetil\AppData\Roaming\uTorrent 2010-08-13 16:19 . 2009-08-08 20:37 -------- d-----w- c:\program files\DivX 2010-08-13 16:13 . 2008-11-27 14:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-13 16:03 . 2009-11-22 23:05 -------- d-----w- c:\program files\Ubisoft 2010-08-13 15:46 . 2008-10-09 18:27 -------- d-----w- c:\program files\Bonjour 2010-08-13 15:44 . 2010-04-27 19:01 -------- d-----w- c:\users\Kjetil\AppData\Roaming\Spotify 2010-08-13 15:43 . 2008-10-31 16:14 -------- d-----w- c:\program files\Steam 2010-08-13 13:50 . 2009-01-27 18:10 -------- d-----w- c:\programdata\Microsoft Help 2010-08-13 13:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-11 00:01 . 2008-10-11 14:48 -------- d-----w- c:\users\Kjetil\AppData\Roaming\Apple Computer 2010-08-10 15:42 . 2008-10-11 14:44 -------- d-----w- c:\programdata\Apple 2010-08-10 15:34 . 2008-10-11 14:44 -------- d-----w- c:\program files\Common Files\Apple 2010-08-09 08:31 . 2008-10-31 16:14 -------- d-----w- c:\program files\Common Files\Steam 2010-07-14 16:41 . 2010-07-14 16:41 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fa1auupf98.exe 2010-07-14 06:51 . 2010-07-14 06:51 -------- d-----w- c:\programdata\WindowsSearch 2010-07-14 06:49 . 2010-07-14 06:49 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gbqq1bbvvqg.exe 2010-07-14 06:49 . 2010-07-14 06:49 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6ggbqql.exe 2010-07-13 17:56 . 2010-07-13 17:56 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p82kfkfvvpf.exe 2010-07-13 17:56 . 2010-07-13 17:56 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a6va2f5kv.exe 2010-07-11 11:57 . 2010-07-11 11:57 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kf2ppf7v.exe 2010-07-11 11:57 . 2010-07-11 11:57 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ffaa2f.exe 2010-07-10 08:01 . 2010-07-10 08:01 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6avavak.exe 2010-07-10 08:01 . 2010-07-10 08:01 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6pa5kkf.exe 2010-07-09 12:26 . 2010-07-09 12:26 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1zzuuoe.exe 2010-07-09 11:29 . 2010-07-09 11:29 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iddyn9i0dyy.exe 2010-07-09 11:29 . 2010-07-09 11:29 37888 --sh--r- c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yy7tnii7dyt.exe 2010-06-26 06:05 . 2010-08-12 04:12 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 04:12 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 04:12 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 04:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-26 17:06 . 2010-06-10 00:01 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-10 00:01 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 12:14 . 2009-10-03 12:44 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "Malwarebytes Anti-Malware (reboot)"="c:\users\Kjetil\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Telenorhjelpen"="c:\program files\Telenor\Telenorhjelpen\Telenor.exe" [2008-12-03 189168] c:\users\Kjetil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ 1zzuuoe.exe [2010-7-9 37888] 6a7vpkk.exe [2010-7-22 36352] 6avavak.exe [2010-7-10 37888] 6ggbqql.exe [2010-7-14 37888] 6pa5kkf.exe [2010-7-10 37888] 6qlgg7b.exe [2010-8-9 43008] 7ffaa2f.exe [2010-7-11 37888] a1llffaq.exe [2010-7-18 36352] a6va2f5kv.exe [2010-7-13 37888] a7avakvv2f0.exe [2010-8-9 42496] apavppk1akk.exe [2010-7-16 37888] aqa2kfkfv.exe [2010-7-16 37888] av1qkkfv98q.exe [2010-7-22 36352] chhnxsx74.exe [2010-7-20 44032] d2y981ny.exe [2010-8-9 42496] f2avkk1vvq.exe [2010-8-13 43008] fa1auupf98.exe [2010-7-14 37888] ffvvqf0a0.exe [2010-7-18 44032] fvvqf0a0.exe [2010-8-10 43008] g6bbvl5g1.exe [2010-8-9 42496] gbqq1bbvvqg.exe [2010-7-14 37888] iddyn9i0dyy.exe [2010-7-9 37888] k1vvppkaa.exe [2010-7-19 36352] kaav1pkkfv.exe [2010-7-19 36352] kf2ppf7v.exe [2010-7-11 37888] kkffappkkf.exe [2010-7-19 44032] lvvlb5lbbv.exe [2010-8-9 42496] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] p82kfkfvvpf.exe [2010-7-13 37888] pkaa1kkffaq.exe [2010-7-22 44032] q0lg0a0v.exe [2010-8-10 43008] q7lglggb0.exe [2010-8-13 37888] qffvk6ffqvf.exe [2010-7-25 36352] qg6bbvblgvv.exe [2010-8-9 43008] qka6qvqvv6.exe [2010-7-25 43008] qlaa1llggaq.exe [2010-7-18 44032] qq6aavk4.exe [2010-8-9 43008] shsshh1c9.exe [2010-7-20 44032] vqll1vvqqla.exe [2010-8-13 37888] vvqffvava76.exe [2010-7-25 43008] wwqqll2wqq.exe [2010-8-13 43008] yy7tnii7dyt.exe [2010-7-9 37888] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):2c,2e,bf,37,e3,c0,ca,01 R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-02 721904] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-08-13 c:\windows\Tasks\User_Feed_Synchronization-{B4A5C6DF-205C-4D2D-9723-106AD4F873DA}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.online.no uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:6522 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Kjetil\AppData\Roaming\Mozilla\Firefox\Profiles\pzkqrddc.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll FF - component: c:\users\Kjetil\AppData\Roaming\Mozilla\Firefox\Profiles\pzkqrddc.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-miqypwnp - c:\users\Kjetil\AppData\Local\gkfhluamk\lnhqhncshdw.exe HKCU-Run-secureapp70700.exe - c:\users\Kjetil\AppData\Roaming\69E297EECAAD858E4B0D8FB93557F7CE\secureapp70700.exe AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe AddRemove-AVS4YOU Video Converter 6_is1 - c:\program files\AVS4YOU\AVSVideoConverter6\unins000.exe AddRemove-Deer Hunter 2005_is1 - c:\program files\Atari\Deer Hunter 2005\unins000.exe AddRemove-Deer Hunter Tournament_is1 - c:\program files\Deer Hunter Tournament\unins000.exe AddRemove-Elasto Mania - c:\progra~1\ELASTO~1\UNWISE.EXE AddRemove-Emote-Launcher - c:\program files\emote\launcher\Emote-Launcher-uninst.exe AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-14 02:27 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1865229262-326056904-3124569216-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:cd,72,16,8d,c7,bb,4a,b5,01,5c,7f,a8,13,73,0c,a5,20,9d,18,2c,5f,96,60, a8,19,76,e7,b2,75,8b,f3,81,4b,e9,fe,88,bb,b3,ca,6a,b3,6b,08,2e,94,5f,d8,27,\ "??"=hex:ba,40,87,1b,58,24,e9,0b,86,de,30,1b,e2,66,fe,ba [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2010-08-14 02:29:19 ComboFix-quarantined-files.txt 2010-08-14 00:29 Pre-Run: 19 026 931 712 byte ledig Post-Run: 18 860 515 328 byte ledig - - End Of File - - D51A069BE125339B8C28D8B708EFE73E