ComboFix 11-02-23.02 - Leif-Rune 23.02.2011 21:27:54.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.47.1044.18.1918.967 [GMT 1:00] Kjører fra: c:\users\Leif-Rune\Nytt Programmer\2011\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common c:\program files\Common\VsoVprev.ax c:\users\Leif-Rune\AppData\Roaming\inst.exe c:\windows\system32\AutoRun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-01-23 til 2011-02-23 ))))))))))))))))))))))))))))))))) . 2011-02-18 10:08 . 2010-12-03 19:35 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2011-02-09 08:39 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys 2011-02-09 08:39 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-02-09 08:39 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-02-09 08:39 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll(102).dll 2011-02-09 08:39 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-02-09 08:39 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-28 15:55 . 2011-01-12 08:45 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-25 11:46 . 2008-04-28 19:42 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys 2010-12-20 17:09 . 2010-08-23 19:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-08-23 19:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-14 14:49 . 2011-01-12 08:45 1169408 ----a-w- c:\windows\system32\sdclt.exe 2010-12-08 03:12 . 2010-12-08 03:12 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DVD43"="c:\progra~1\DVDREG~1\DVDRegionFree.exe" [2006-08-03 259072] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 11:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKLM\~\startupfolder\C:^Users^Leif-Rune^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] backupExtension=.Startup backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\AFB3.tmp [x] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] R3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys [2005-04-29 50532] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x] R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-12-08 251728] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256] S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-01-19 21504] S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-12-25 35296] S3 net5213;3Com 3CRDAG675B Wireless LAN PCI Adapter Service;c:\windows\system32\DRIVERS\net5213xp.sys [2005-06-14 463232] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - AVGLDX86 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LPDService REG_MULTI_SZ LPDSVC rsmsvcs REG_MULTI_SZ ntmssvc ipripsvc REG_MULTI_SZ iprip WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2011-02-23 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-08-22 09:47] 2011-02-23 c:\windows\Tasks\User_Feed_Synchronization-{904B261F-570A-40FE-B058-33CAD9D9ED58}.job - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://swesub.tv/ DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB FF - ProfilePath - c:\users\Leif-Rune\AppData\Roaming\Mozilla\Firefox\Profiles\n9u0q3zn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.hjemme.no/abbyss/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) HKLM_ActiveSetup-ccc-core-static - msiexec ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 21:35 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\AFB3.tmp" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-2550352343-2583530592-3346514116-1000\Software\Sony Ericsson\Disc2Phone] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.adts\OpenWithProgIds] @DACL=(02 0000) "QuickTime.adts"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AMC\OpenWithProgIds] @DACL=(02 0000) "QuickTime.AMC"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdx\shell] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cdda\OpenWithProgIds] @DACL=(02 0000) "QuickTime.cdda"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dif\OpenWithProgIDs] @DACL=(02 0000) "opendocument.CalcDocument.1"=" " "QuickTime.dif"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mac\OpenWithProgIds] @DACL=(02 0000) "QuickTime.mac"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mqv\OpenWithProgIds] @DACL=(02 0000) "QuickTime.mqv"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pct\OpenWithProgIds] @DACL=(02 0000) "QuickTime.pct"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pic\OpenWithProgIds] @DACL=(02 0000) "QuickTime.pic"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pict\OpenWithProgIds] @DACL=(02 0000) "QuickTime.pict"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pnt\OpenWithProgIds] @DACL=(02 0000) "QuickTime.pnt"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pntg\OpenWithProgIds] @DACL=(02 0000) "QuickTime.pntg"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.qht\OpenWithProgIds] @DACL=(02 0000) "QuickTime.qht"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.qhtm\OpenWithProgIds] @DACL=(02 0000) "QuickTime.qhtm"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.qti\OpenWithProgIds] @DACL=(02 0000) "QuickTime.qti"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.qtif\OpenWithProgIds] @DACL=(02 0000) "QuickTime.qtif"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sdp\OpenWithProgIDs] @DACL=(02 0000) "opendocument.ImpressDocument.1"=" " "QuickTime.sdp"=hex(0): [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AcroExch.Sequence\DefaultIcon] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WINWORD.EXE\TaskbarExceptionsIcons] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C5221CB-C1F6-4999-8936-501C2023E4CD}\InprocServer32] @DACL=(02 0000) @=expand:"c:\\Windows\\System32\\fdBth.dll" "ThreadingModel"="Free" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ProgID] @DACL=(02 0000) @="ShellExecuteHook.SABShellExecuteHook.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\TypeLib] @DACL=(02 0000) @="{D01E70E5-2E5A-4EDC-B8A7-84FA45346E34}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\LocalServer32] @DACL=(02 0000) @="\"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32Info.exe\" /PDFShell" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\ProgID] @DACL=(02 0000) @="PDFShellServer.PDFShellInfo.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\TypeLib] @DACL=(02 0000) @="{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\VersionIndependentProgID] @DACL=(02 0000) @="PDFShellServer.PDFShellInfo" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32] @DACL=(02 0000) @="c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\plug_ins\\Accessibility.api" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID] @DACL=(02 0000) @="AcroAccess.AcrobatAccess.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable] @DACL=(02 0000) @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib] @DACL=(02 0000) @="{C523F390-9C83-11D3-9094-00104BD0D535}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID] @DACL=(02 0000) @="AcroAccess.AcrobatAccess" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5599E1B-FC7B-4883-9FF4-581BBAEF8DBA}\InprocServer32] @DACL=(02 0000) @=expand:"c:\\Windows\\System32\\fdBthProxy.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\ProgID] @DACL=(02 0000) @="PDFShellServer.PDFShellInfo2.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\VersionIndependentProgID] @DACL=(02 0000) @="PDFShellServer.PDFShellInfo2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT] @DACL=(02 0000) "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS] @DACL=(02 0000) "msfeedssync.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES] @DACL=(02 0000) "sidebar.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] @DACL=(02 0000) "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] @DACL=(02 0000) "wlmail.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] @DACL=(02 0000) "explorer.exe"=dword:00000004 "sllauncher.exe"=dword:00000006 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] @DACL=(02 0000) "explorer.exe"=dword:00000002 "sllauncher.exe"=dword:00000006 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] @DACL=(02 0000) "outlook.exe"=dword:00000001 "sidebar.exe"=dword:00000001 "mshta.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] @DACL=(02 0000) "communicator.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] @DACL=(02 0000) "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] @DACL=(02 0000) "WindowsLiveWriter.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SECURITYBAND] @DACL=(02 0000) "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] @DACL=(02 0000) "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] @DACL=(02 0000) "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER] @DACL=(02 0000) "iexplore.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] @DACL=(02 0000) @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Extensions] @DACL=(02 0000) "IncludedExtensions"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Mappings] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages] @DACL=(02 0000) "NewStartPageIdentifier"=dword:00000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog] @DACL=(02 0000) "CurrentStreamLog"=dword:00000002 "MaxLogs"=dword:00000005 "StreamLogCount"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\MimeTypes] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\Suffixes] @DACL=(02 0000) "ag"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Nero\Shared\AudioEffects] @DACL=(02 0000) "{71CD24C5-9704-4D1F-86E8-F1E7AE677E43}"="Audio Effects" "{6D32D183-28B4-4253-9858-A3F12C62CE66}"="DirectX Effects" "{F1F60FDD-97EA-43F1-920F-6EE61F32F435}"="VST Effects" [HKEY_LOCAL_MACHINE\SOFTWARE\Nero\Shared\Nero Container] @DACL=(02 0000) "Dir"="c:\\ProgramData\\Nero\\Nero Container\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Windows\CurrentVersion] @DACL=(02 0000) . Tidspunkt ferdig: 2011-02-23 21:37:13 ComboFix-quarantined-files.txt 2011-02-23 20:37 Pre-Run: 181 540 356 096 byte ledig Post-Run: 181 801 340 928 byte ledig - - End Of File - - CBE1F08B445AECBF7C20A9CF56E66624