ComboFix 11-04-15.05 - AndersL 16.04.2011  15:52:25.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.47.1044.18.2046.901 [GMT 2:00]
Kjører fra: c:\users\AndersL\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\idriveeweb\idriveeweb.exe
.
Infisert kopi av c:\windows\system32\userinit.exe ble funnet og desinfisert 
Gjenopprettet kopi fra - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe 
.
.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2011-03-16 til 2011-04-16  )))))))))))))))))))))))))))))))))
.
.
2011-04-16 14:04 . 2011-04-16 14:04	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2F59979-A7C4-4904-9DB3-FA608D88CB3A}\MpKsl46eadae4.sys
2011-04-16 14:01 . 2011-04-16 14:01	--------	d-----w-	c:\users\Sofie admin\AppData\Local\temp
2011-04-16 14:01 . 2011-04-16 14:01	--------	d-----w-	c:\users\Gøril\AppData\Local\temp
2011-04-16 14:01 . 2011-04-16 14:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-16 14:01 . 2011-04-16 14:01	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-04-16 14:01 . 2011-04-16 14:01	--------	d-----w-	c:\users\Gjest\AppData\Local\temp
2011-04-16 14:01 . 2011-04-16 14:01	--------	d-----w-	c:\users\Anders2\AppData\Local\temp
2011-04-16 13:50 . 2011-04-16 13:50	--------	d-----w-	c:\program files\CCleaner
2011-04-16 13:48 . 2011-04-16 13:48	388096	----a-r-	c:\users\AndersL\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-16 13:43 . 2011-04-16 13:46	--------	d-----w-	c:\users\AndersL\AppData\Roaming\BitTorrent
2011-04-16 13:38 . 2011-04-16 13:39	--------	d-----w-	c:\users\AndersL\AppData\Local\{0DC0AEFF-29EA-4C68-9BF7-2F9FBE8B8E0B}
2011-04-16 13:34 . 2011-04-16 13:34	--------	d-----w-	c:\users\Gøril\AppData\Local\Diagnostics
2011-04-16 13:29 . 2011-04-16 13:29	--------	d-----w-	c:\users\Gøril\AppData\Roaming\Malwarebytes
2011-04-16 13:28 . 2011-04-16 13:28	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2F59979-A7C4-4904-9DB3-FA608D88CB3A}\MpKsl05cc4423.sys
2011-04-16 12:39 . 2011-04-16 12:39	--------	d-----w-	c:\users\AndersL\AppData\Roaming\Malwarebytes
2011-04-16 12:37 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 12:37 . 2011-04-16 12:37	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-16 12:37 . 2011-04-16 12:37	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-16 12:37 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-16 12:34 . 2011-04-16 12:34	--------	d-----w-	c:\programdata\MFAData
2011-04-16 12:31 . 2011-04-16 12:31	388096	----a-r-	c:\users\Gøril\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-16 12:31 . 2011-04-16 12:31	--------	d-----w-	c:\program files\Trend Micro
2011-04-16 12:27 . 2011-04-16 12:27	--------	d-----w-	c:\program files\Common Files\Java
2011-04-16 12:27 . 2011-04-16 12:27	0	----a-w-	c:\windows\system32\REN6644.tmp
2011-04-16 12:27 . 2011-04-16 12:27	0	----a-w-	c:\windows\system32\REN6634.tmp
2011-04-16 12:27 . 2011-04-16 12:27	0	----a-w-	c:\windows\system32\REN6633.tmp
2011-04-16 12:27 . 2011-02-02 19:40	472808	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-16 12:27 . 2011-02-02 19:40	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-04-15 16:02 . 2011-04-15 16:02	--------	d-----w-	c:\program files\Conduit
2011-04-15 16:02 . 2011-04-15 16:02	--------	d-----w-	C:\extensions
2011-04-15 16:02 . 2011-04-15 16:02	--------	d-----w-	c:\program files\uTorrent
2011-04-15 16:02 . 2011-04-15 16:02	--------	d-----w-	c:\users\Sofie admin\AppData\Roaming\uTorrent
2011-04-15 16:01 . 2011-04-15 22:48	--------	d-----w-	c:\users\Gjest\AppData\Roaming\uTorrent
2011-04-15 15:44 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2F59979-A7C4-4904-9DB3-FA608D88CB3A}\mpengine.dll
2011-04-15 15:34 . 2011-04-15 15:34	--------	d-----w-	c:\users\Gjest\AppData\Local\{93006AD7-810B-40AE-B890-1A75AD5AC562}
2011-04-13 08:08 . 2011-04-13 20:09	--------	d-----w-	c:\users\Gjest\AppData\Local\{0F92F87A-CD8E-4916-8F17-AB47A59EB401}
2011-04-12 13:22 . 2011-04-12 13:22	--------	d-----w-	c:\users\Gjest\AppData\Local\{5BD16B18-B2F9-4298-997E-3E6A0B8BC63E}
2011-04-11 11:57 . 2011-04-11 11:57	--------	d-----w-	c:\users\Gjest\AppData\Local\{30BC9E00-5DC6-4B16-A1DC-433FFCEC0487}
2011-04-10 08:31 . 2011-04-10 08:32	--------	d-----w-	c:\users\Gjest\AppData\Local\{27DD90C7-E486-40C1-A929-65A0223EE401}
2011-04-08 09:36 . 2011-04-08 09:36	--------	d-----w-	c:\users\AndersL\AppData\Local\{4B51493D-5778-44A7-8B75-3BD8307191DC}
2011-04-08 08:50 . 2011-04-08 08:50	--------	d-----w-	c:\users\AndersL\AppData\Local\{EB13C69E-A004-4754-BD3B-0F7C8EF86787}
2011-04-08 08:50 . 2011-04-08 08:50	--------	d-----w-	c:\users\AndersL\AppData\Local\{8ED5B440-BC6C-4845-BD12-8371AED16FE6}
2011-04-06 19:11 . 2011-02-06 11:12	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56F897F5-2AB6-4AB8-B0EB-7D39E6FA517A}\gapaengine.dll
2011-04-06 12:14 . 2011-04-06 12:14	--------	d-----w-	c:\users\Gjest\AppData\Local\{25CCADB2-0656-4435-906A-4EB3859A39B7}
2011-04-05 13:27 . 2011-04-05 13:27	--------	d-----w-	c:\users\Gjest\AppData\Local\{583855CE-1F30-40AD-9862-D243D7652B07}
2011-04-04 13:43 . 2011-04-04 13:44	--------	d-----w-	c:\users\Gjest\AppData\Local\{7E41649F-22C7-42B3-BAFC-5E0D6B5D5EC2}
2011-03-25 15:52 . 2011-02-06 11:12	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-19 10:43 . 2008-12-04 20:42	815104	----a-w-	c:\windows\system32\xvidcore.dll
2011-03-19 10:43 . 2008-12-13 19:01	77824	----a-w-	c:\windows\system32\xvid.ax
2011-03-19 10:43 . 2008-12-04 20:46	180224	----a-w-	c:\windows\system32\xvidvfw.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 12:31 . 2011-04-16 12:31	388096	----a-r-	c:\users\Gøril\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-16 12:31 . 2011-04-16 12:31	388096	----a-r-	c:\users\Gøril\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-16 12:32 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-15 04:05 . 2009-11-10 16:09	6792528	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-19 05:33 . 2011-03-10 14:52	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-10 14:52	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-10 14:52	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-10 15:24	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
.
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50	1197448	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-27 13781536]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"D-Link Network USB Utility"="c:\program files\D-Link\SharePort\SharePort.exe" [2009-06-25 2585856]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl124a020a;MpKsl124a020a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0B7A4EC-A65E-4F4D-AE65-450615BD75FE}\MpKsl124a020a.sys [x]
R1 MpKsl1c07592f;MpKsl1c07592f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A3D249B-5544-4ED2-B73A-3B0D4CE7BB20}\MpKsl1c07592f.sys [x]
R1 MpKsl278a4158;MpKsl278a4158;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3FBAB69-AB10-441B-AF7F-67164A592DB8}\MpKsl278a4158.sys [x]
R1 MpKsl33568e10;MpKsl33568e10;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEB2EF7E-467F-4872-A00A-F40CF62EA784}\MpKsl33568e10.sys [x]
R1 MpKsl3ee6e5b7;MpKsl3ee6e5b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E432B4-1155-4FE6-8F58-8632FBE88F88}\MpKsl3ee6e5b7.sys [x]
R1 MpKsl4371b54b;MpKsl4371b54b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27A6196B-68CA-4649-86AD-3F1EDCA10EBD}\MpKsl4371b54b.sys [x]
R1 MpKsl43a8a604;MpKsl43a8a604;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8551311C-79B8-477D-BCE4-490E1DBE5965}\MpKsl43a8a604.sys [x]
R1 MpKsl456e19a7;MpKsl456e19a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAD8D48D-39CF-478A-A260-96961B1FA9A1}\MpKsl456e19a7.sys [x]
R1 MpKsl49e3c4cf;MpKsl49e3c4cf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4396926E-E1AC-4C3D-B1EA-20630CCEE189}\MpKsl49e3c4cf.sys [x]
R1 MpKsl4a0f1c68;MpKsl4a0f1c68;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D71CD63-DA80-4E26-B078-FB8BEA1399AE}\MpKsl4a0f1c68.sys [x]
R1 MpKsl558fb131;MpKsl558fb131;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0048B25-08B1-42A2-B2E7-F597D1AEA6EA}\MpKsl558fb131.sys [x]
R1 MpKsl5745b00d;MpKsl5745b00d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D05CB487-CAB6-4EF8-802E-6A77960464E6}\MpKsl5745b00d.sys [x]
R1 MpKsl6c4fbd6c;MpKsl6c4fbd6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94AB52E9-661C-4CC0-97EB-916FAE2E992F}\MpKsl6c4fbd6c.sys [x]
R1 MpKsl8598cbdf;MpKsl8598cbdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2F4B4E3-37C8-4FCC-84FD-E7BE1F27CE94}\MpKsl8598cbdf.sys [x]
R1 MpKsl8667cadd;MpKsl8667cadd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D769195D-E4D8-496A-8D09-5B3640376828}\MpKsl8667cadd.sys [x]
R1 MpKsl95eebe0d;MpKsl95eebe0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26D9A052-B249-4F3D-9D18-AAECA8D94D7E}\MpKsl95eebe0d.sys [x]
R1 MpKslc7457ab2;MpKslc7457ab2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F0DF407-7692-46C2-8CB9-3DACCDFB47A1}\MpKslc7457ab2.sys [x]
R1 MpKslcb3c6dd0;MpKslcb3c6dd0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D71CD63-DA80-4E26-B078-FB8BEA1399AE}\MpKslcb3c6dd0.sys [x]
R1 MpKsld667373e;MpKsld667373e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBAD61D5-9F9A-4547-9E3D-1316BF1DD882}\MpKsld667373e.sys [x]
R1 MpKslee6e7e7c;MpKslee6e7e7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{434BF4BE-853E-4086-BBE2-89A74B0CF08D}\MpKslee6e7e7c.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\Drivers\DlinkUDSTcpBus.sys [2009-06-22 61312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
R3 WSDPrintDevice;WSD-utskriftsstøtte via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 iaNvStor;Intel(R) Turbo Memory  Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-03-10 210432]
S1 MpKsl05cc4423;MpKsl05cc4423;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2F59979-A7C4-4904-9DB3-FA608D88CB3A}\MpKsl05cc4423.sys [2011-04-16 28752]
S1 MpKsl46eadae4;MpKsl46eadae4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2F59979-A7C4-4904-9DB3-FA608D88CB3A}\MpKsl46eadae4.sys [2011-04-16 28752]
S3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\DlinkUDSMBus.sys [2009-06-22 54528]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - MPKSL46EADAE4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 21:53]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 21:53]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289693882-372436364-931969468-1000Core.job
- c:\users\AndersL\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 13:48]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289693882-372436364-931969468-1000UA.job
- c:\users\AndersL\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26 13:48]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289693882-372436364-931969468-1003Core.job
- c:\users\Gjest\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 13:48]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289693882-372436364-931969468-1003UA.job
- c:\users\Gjest\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 13:48]
.
.
------- Tilleggsskanning -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.startsiden.no/nyheter/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
FF - ProfilePath - c:\users\AndersL\AppData\Roaming\Mozilla\Firefox\Profiles\ynme03g6.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
.
- - - - TOMME PEKERE FJERNET - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
AddRemove-mIRC - c:\program files\mIRC\uninstall.exe
AddRemove-Xvid_is1 - c:\program files\Xvid\unins000.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2011-04-16  16:11:18 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt  2011-04-16 14:11
.
Pre-Run: 6 741 061 632 byte ledig
Post-Run: 12 880 248 832 byte ledig
.
- - End Of File - - 76CA2B90562BB5E82E5DC71515941C57