ComboFix 10-08-28.02 - Bakken 29.08.2010  17:52:04.2.4 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.47.1044.18.3327.2447 [GMT 2:00]
Kjører fra: c:\users\Bakken\Desktop\ComboFix.exe
Command switches brukt :: c:\users\Bakken\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ndis.sys . . . er infisert!!

.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2010-07-28 til 2010-08-29  )))))))))))))))))))))))))))))))))
.

2010-08-29 15:59 . 2010-08-29 16:01	--------	d-----w-	c:\users\Bakken\AppData\Local\temp
2010-08-29 15:59 . 2010-08-29 15:59	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-08-29 15:59 . 2010-08-29 15:59	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-29 15:59 . 2010-08-29 15:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-21 19:19 . 2010-08-21 19:19	63488	----a-w-	c:\users\Bakken\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 19:18 . 2010-08-21 19:18	52224	----a-w-	c:\users\Bakken\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 19:18 . 2010-08-21 19:18	117760	----a-w-	c:\users\Bakken\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 19:18 . 2010-08-21 19:18	--------	d-----w-	c:\users\Bakken\AppData\Roaming\SUPERAntiSpyware.com
2010-08-21 19:18 . 2010-08-27 15:30	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-08-21 18:17 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 18:17 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-18 14:30 . 2010-08-29 14:59	--------	d-----w-	c:\program files\QuickTime
2010-08-16 16:17 . 2010-08-16 16:17	--------	d-----w-	C:\$AVG
2010-08-16 16:14 . 2010-08-16 16:15	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-08-16 16:14 . 2010-08-16 16:14	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-08-16 16:14 . 2010-08-16 16:14	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-08-16 16:14 . 2010-08-29 12:27	--------	d-----w-	c:\windows\system32\drivers\Avg
2010-08-16 16:14 . 2010-08-16 16:14	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-08-13 04:19 . 2010-08-13 04:24	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-08-13 01:01 . 2010-08-13 01:01	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\WLDM
2010-08-13 01:00 . 2010-08-13 01:00	85392	----a-w-	c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-13 01:00 . 2010-08-13 01:00	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\Logitech
2010-08-10 21:23 . 2010-08-10 21:23	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2010-08-10 00:59 . 2010-08-10 00:59	21584	----a-w-	c:\windows\system32\drivers\ATAPI.SYS
2010-08-06 18:18 . 2010-08-06 18:18	47364	----a-w-	c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 16:00 . 2010-02-08 15:23	--------	d-----w-	c:\programdata\NVIDIA
2010-08-29 14:59 . 2010-02-08 14:01	--------	d-----w-	c:\program files\Microsoft LifeChat
2010-08-29 14:59 . 2010-07-28 14:03	--------	d-----w-	c:\program files\iTunes
2010-08-29 14:34 . 2010-02-08 14:20	--------	d-----w-	c:\users\Bakken\AppData\Roaming\Spotify
2010-08-28 03:57 . 2010-03-20 14:36	--------	d-----w-	c:\users\Bakken\AppData\Roaming\Skype
2010-08-27 22:05 . 2010-03-20 14:36	--------	d-----w-	c:\users\Bakken\AppData\Roaming\skypePM
2010-08-21 18:17 . 2010-04-30 14:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-21 16:56 . 2010-08-21 01:30	112	----a-w-	c:\programdata\sNLaCY8f.dat
2010-08-16 16:12 . 2010-02-08 14:05	--------	d-----w-	c:\programdata\avg9
2010-08-11 22:27 . 2010-03-09 08:00	--------	d-----w-	c:\users\Bakken\AppData\Roaming\vlc
2010-08-06 18:17 . 2010-02-07 14:40	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2010-08-02 00:52 . 2010-02-07 17:13	--------	d-----w-	c:\programdata\Blizzard Entertainment
2010-07-28 14:03 . 2010-07-28 14:03	--------	d-----w-	c:\program files\iPod
2010-07-28 14:03 . 2010-03-17 23:41	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-28 14:01 . 2010-07-28 14:01	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-15 01:01 . 2010-02-27 15:55	--------	d-----w-	c:\programdata\Microsoft Help
2010-07-09 15:06 . 2010-07-09 15:06	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-06-03 19:48 . 2010-06-03 19:48	331776	----a-w-	c:\users\Bakken\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\setup.exe
2010-06-03 19:48 . 2010-06-03 19:48	2010726	----a-w-	c:\users\Bakken\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\ISSetup.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
[code]<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
</pre>[/code]

------- Sigcheck -------

[-] 2009-07-14 01:20 . E947B34A132BABEF8E6A450BF5991D7B . 710720 . . [------] . . c:\windows\System32\drivers\ndis.sys
.
(((((((((((((((((((((((((((((   SnapShot@2010-08-22_10.18.13   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 15:14 . 2010-08-29 15:51	37452              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-08-22 10:19	29916              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-29 16:02	29916              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-07 15:14 . 2010-08-29 16:02	10308              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4093747405-4025984700-1698411581-1000_UserData.bin
- 2010-02-07 13:21 . 2010-08-22 10:16	65536              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-07 13:21 . 2010-08-29 16:00	65536              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-10 01:20 . 2010-08-22 09:49	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-08-10 01:20 . 2010-08-25 22:41	32768              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-08-29 16:00 . 2010-08-29 16:00	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-08-29 16:00	81920              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-08-22 10:16	81920              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-07 14:27 . 2010-08-22 10:18	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-07 14:27 . 2010-08-29 16:00	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 14:27 . 2010-08-22 10:18	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 14:27 . 2010-08-29 16:00	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 14:27 . 2010-08-29 16:00	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-07 14:27 . 2010-08-22 10:18	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-08 14:29 . 2010-08-22 10:16	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-08 14:29 . 2010-08-29 16:00	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-11 05:47 . 2010-08-22 10:05	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-11 05:47 . 2010-08-29 14:58	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-11 05:47 . 2010-08-22 10:05	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-11 05:47 . 2010-08-29 14:58	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-11 05:47 . 2010-08-22 10:05	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-11 05:47 . 2010-08-29 14:58	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-08 14:29 . 2010-08-22 10:16	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-08 14:29 . 2010-08-29 16:00	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-08 14:29 . 2010-08-29 16:00	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-08 14:29 . 2010-08-22 10:16	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-18 02:24 . 2010-08-29 15:59	2924              c:\windows\System32\wdi\ERCQueuedResolutions.dat
- 2010-03-18 02:24 . 2010-08-22 10:15	2924              c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2010-08-29 15:50 . 2010-08-29 16:00	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-22 10:05 . 2010-08-22 10:16	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-29 15:50 . 2010-08-29 16:00	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-22 10:05 . 2010-08-22 10:16	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-02-07 14:27 . 2010-08-22 09:49	245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-07 14:27 . 2010-08-29 12:21	245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:47 . 2010-08-29 15:49	330148              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2010-08-22 10:04	330148              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-08-26 19:03 . 2010-08-26 19:03	371272              c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2010-03-20 14:35 . 2010-03-20 14:35	371272              c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2009-12-11 13:57 . 2009-12-11 13:57	948672              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA74401B7449A0300000010\9.3.0\adobearm.exe
+ 2009-07-14 02:03 . 2010-08-29 14:00	7077888              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-08-19 04:53	7077888              c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-04-27 21:23 . 2010-08-29 15:49	1350480              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4093747405-4025984700-1698411581-1000-12288.dat
+ 2010-08-26 19:03 . 2010-08-26 19:03	2391040              c:\windows\Installer\149145.msi
+ 2010-08-26 19:02 . 2010-08-26 19:02	19846144              c:\windows\Installer\14913d.msi
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"Steam"="e:\spel og fanteri\Steam\Steam.exe" [2010-08-24 1242448]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-08 7711264]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 357384]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 1573384]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 3203080]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-16 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

R1 MpKsla9d085c0;MpKsla9d085c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66185D08-F53F-453B-A17A-C90A6C221FB3}\MpKsla9d085c0.sys [x]
R3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-03-11 60032]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-16 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-16 308136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.startsiden.no/
uInternet Settings,ProxyOverride = <local>;*.local
FF - ProfilePath - c:\users\Bakken\AppData\Roaming\Mozilla\Firefox\Profiles\fzfh2ocj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Bakken\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x866DFEC5]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
 SecurityProcedure -> 0x859704e0
 QueryNameProcedure -> 0x85970670
user & kernel MBR OK 

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-4093747405-4025984700-1698411581-1000\Software\SecuROM\License information*]
"datasecu"=hex:4c,6f,e6,dc,e0,db,87,53,06,2c,ce,eb,44,03,c0,85,a8,b8,63,b3,21,
   25,5d,22,a6,6d,d9,83,37,32,10,91,6e,26,76,37,6b,dc,e0,f7,a6,ce,0a,35,5f,cd,\
"rkeysecu"=hex:69,57,e9,d4,1e,4d,09,ac,2b,a8,b3,bc,11,f4,12,12

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Windows Media Player\WMPSideShowGadget.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2010-08-29  18:04:44 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt  2010-08-29 16:04
ComboFix2.txt  2010-08-22 10:22

Pre-Run: 107 622 703 104 byte ledig
Post-Run: 107 216 764 928 byte ledig

- - End Of File - - 7B4D78DDD91A1E3146970815578E9C37