The thing that got me real worried was going trough my spam box on yahoo mail, and finding viagraspam i send myself (ore correct that was been send form my account !!)!!
kinda nervous now, starting by posting this:
ComboFix 10-07-18.03 - jedychan 19.07.2010 17:37:37.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.47.1044.18.2046.905 [GMT 2:00]
Kjører fra: c:\users\jedychan\Downloads\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Opprettet nytt gjenopprettingspunkt
.
.
c:\windows\hide.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\SHELLLNK.TLB
D:\install.exe
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-19 til 2010-07-19 )))))))))))))))))))))))))))))))))
.
2010-07-19 15:53 . 2010-07-19 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-19 14:53 . 2010-07-19 14:53 -------- d-----w- c:\program files\Trend Micro
2010-06-24 01:00 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 01:00 . 2009-11-08 08:55 297808 begin_of_the_skype_highlighting 55 297808 end_of_the_skype_highlighting ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 01:00 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 01:00 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 01:00 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 15:56 . 2010-06-07 18:33 -------- d-----w- c:\program files\ClamAV for Windows
2010-07-19 15:05 . 2010-06-07 18:45 -------- d-----w- c:\program files\Thoosje
2010-07-19 11:04 . 2006-11-21 05:16 76478 ----a-w- c:\windows\system32\perfc014.dat
2010-07-19 11:04 . 2006-11-21 05:16 452334 ----a-w- c:\windows\system32\perfh014.dat
2010-07-19 11:00 . 2008-05-02 22:34 -------- d-----w- c:\users\jedychan\AppData\Roaming\WTablet
2010-07-16 18:03 . 2008-03-14 19:04 3204 ----a-w- c:\windows\bthservsdp.dat
2010-07-16 16:46 . 2008-04-09 02:04 -------- d-----w- c:\users\jedychan\AppData\Roaming\gtk-2.0
2010-07-16 14:33 . 2009-12-30 21:02 -------- d-----w- c:\users\jedychan\AppData\Roaming\Spotify
2010-07-13 22:25 . 2008-06-21 04:22 7592 ----a-w- c:\users\jedychan\AppData\Local\d3d9caps.dat
2010-07-03 15:02 . 2008-09-19 15:12 -------- d-----w- c:\users\jedychan\AppData\Roaming\Skype
2010-07-03 14:04 . 2008-09-19 15:15 -------- d-----w- c:\users\jedychan\AppData\Roaming\skypePM
2010-06-14 16:30 . 2008-08-26 13:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-14 16:29 . 2008-03-15 22:56 -------- d-----w- c:\program files\CCleaner
2010-06-12 14:34 . 2008-11-09 11:05 -------- d-----w- c:\users\jedychan\AppData\Roaming\dvdcss
2010-06-11 22:01 . 2010-06-11 20:40 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-11 22:01 . 2010-06-11 20:38 -------- d-----w- c:\program files\AVS4YOU
2010-06-11 21:42 . 2010-06-11 21:16 -------- d-----w- c:\program files\Agogo 3GP Video Converter
2010-06-11 20:45 . 2010-06-11 20:45 -------- d-----w- c:\users\jedychan\AppData\Roaming\AVS4YOU
2010-06-11 20:45 . 2010-06-11 20:38 -------- d-----w- c:\programdata\AVS4YOU
2010-06-11 11:53 . 2010-06-11 11:53 -------- d-----w- c:\users\jedychan\AppData\Roaming\Template
2010-06-11 11:53 . 2010-06-11 11:53 0 ----a-w- c:\users\jedychan\AppData\Roaming\wklnhst.dat
2010-06-08 14:27 . 2008-08-27 17:27 -------- d-----w- c:\program files\Common Files\Java
2010-06-08 14:25 . 2010-06-08 14:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-08 14:25 . 2008-08-27 17:27 -------- d-----w- c:\program files\Java
2010-06-07 19:26 . 2010-06-07 19:26 -------- d-----w- c:\program files\SIW
2010-06-07 19:19 . 2008-08-26 13:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-07 19:08 . 2007-12-22 02:02 -------- d-----w- c:\program files\Acer GameZone
2010-06-07 19:07 . 2010-03-26 14:02 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-07 18:45 . 2010-06-07 18:45 -------- d-----w- c:\program files\Conduit
2010-06-07 18:33 . 2010-06-07 18:33 29640 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2010-06-07 18:33 . 2010-06-07 18:33 20040 ----a-w- c:\windows\system32\drivers\ImmunetMonitor.sys
2010-06-07 18:33 . 2010-06-07 18:33 38856 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2010-06-07 15:52 . 2009-04-25 14:29 -------- d-----w- c:\users\jedychan\AppData\Roaming\FileZilla
2010-05-26 17:06 . 2010-06-11 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 20:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 18:20 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-10 21:35 . 2008-04-02 15:48 122980 ----a-w- c:\users\jedychan\AppData\Roaming\nvModes.dat
2010-05-04 05:59 . 2010-06-11 20:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 20:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 20:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 20:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 20:43 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-25 19:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-24 01:49 . 2009-12-10 18:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-06-05 13:01 . 2008-06-05 13:01 8 --sh--r- c:\windows\System32\4E71548D00.sys
2010-02-01 00:37 . 2008-06-05 13:01 952 --sha-w- c:\windows\System32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 174616]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-12-14 707080]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-24 30192]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Immunet Protect"="c:\program files\ClamAV for Windows\1.0.26\iptray.exe" [2010-06-07 1338184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\acaptuser32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^jedychan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\users\jedychan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Tour Reminder"=c:\acer\AcerTour\Reminder.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(

R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2007-07-10 26368]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-07-10 42240]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-24 30192]
R3 netr73;Gigabyte RT73 Wireless Driver for Vista for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]
S1 ImmunetMonitorDriver;ImmunetMonitorDriver;c:\windows\system32\DRIVERS\ImmunetMonitor.sys [2010-06-07 20040]
S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [2010-06-07 38856]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [2010-06-07 29640]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-12-05 41456]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ImmunetProtect;ClamAV for Windows;c:\program files\ClamAV for Windows\1.0.26\agent.exe [2010-06-07 717552]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-08 5010288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 179712]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-12-14 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2434356
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://no.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{907A768D-DD74-476d-8487-FD27DF7AD7FF} - c:\casino\Club Dice Casino\casino.exe
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\PartyGaming\PartyCasino\RunApp.exe
IE: {{B723B1B8-9788-4684-ADA7-D1DB02E1D516} - c:\poker\Noble Poker\casino.exe
Trusted Zone: vandalsquad.com\multiuser
FF - ProfilePath - c:\users\jedychan\AppData\Roaming\Mozilla\Firefox\Profiles\ybmkdhor.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://no.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_no&p=
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\jedychan\AppData\Roaming\Mozilla\Firefox\Profiles\ybmkdhor.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\users\jedychan\AppData\Roaming\Mozilla\Firefox\Profiles\ybmkdhor.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - TOMME PEKERE FJERNET - - - -
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-eRecoveryService - (no file)
HKU-Default-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKU-Default-Run-Internet Antivirus Pro - c:\program files\Internet Antivirus Pro\IAPro.exe
AddRemove-Inkscape - c:\users\jedychan\Desktop\Inkscape\Uninstall.exe
AddRemove-Noble Poker - c:\poker\Noble Poker\_SetupPoker_5acc_EN.exe
AddRemove-Steam App 300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 17:53
Windows 6.0.6002 Service Pack 2 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{02c133eb-9375-4f97-a12e-436885ba9338}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001b77
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{22211638-c489-4076-8cf3-d0d3b8209996}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:19028037
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{29805d6b-69be-46fb-99f4-337535170280}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:20000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2b11bfd2-b862-4209-8e77-f94074eee70f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2f361317-b21a-411a-b5dc-497c9954f78d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001cbf
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{30494549-0857-4c61-87e8-7e98d9ec720e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{4354ca6f-d40e-4f1b-8ed1-088eba5b7958}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{4bfa02f0-a1de-4546-9c2f-342b6a9adf7c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{58a510d7-578b-40ff-b153-4c3a88568b17}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1d000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{639f948d-b478-4749-a9f5-138c55f25b3b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11001e4c
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{733014f3-6044-4626-9eca-da7373557e5d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{80a3514f-fbb5-44a9-bc54-da45752350bb}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{961c77d5-2d54-43d3-907d-11a2658b890f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:18000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9fb00639-3bab-4a18-988d-a0dde29693cb}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001b24
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b49fe4ff-c0d0-483f-aeb4-5417e7be1c2a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:15000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{dfed6d53-dfe3-43f8-8c52-cb0be2ff691f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:19000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Tidspunkt ferdig: 2010-07-19 18:05:58
ComboFix-quarantined-files.txt 2010-07-19 16:05
Pre-Run: 2 341 392 384 byte ledig
Post-Run: 2 575 265 792 byte ledig
- - End Of File - - D8357CADAC9022F2F2560BEE33356841