Hello again, I think I had a problem when I first run the combofix. Now I have the complete log:
ComboFix 11-04-19.02 - Christian 2011-04-20 8:09.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2038.1465 [GMT 2:00]
Körs från: c:\documents and settings\Christian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\npf.sys
.
---- Föregående körning -------
.
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((( Filer Skapade från 2011-03-20 till 2011-04-20 ))))))))))))))))))))))))))))))
.
.
2011-04-19 14:54 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8DA7A6F1-60E9-4F6A-AAE8-A22DBE966989}\mpengine.dll
2011-04-19 14:08 . 2011-03-14 19:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-18 01:34 . 2011-04-18 01:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-18 01:30 . 2011-04-18 01:30 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-18 01:21 . 2011-04-18 01:21 -------- d-----w- c:\program files\Common Files\McAfee
2011-04-18 01:20 . 2011-04-18 01:20 -------- d-----w- c:\program files\McAfee
2011-04-18 01:20 . 2011-04-18 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-04-17 23:30 . 2011-04-17 23:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-17 23:30 . 2011-04-17 23:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-17 22:25 . 2011-04-17 22:26 388096 ----a-r- c:\documents and settings\Christian\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-17 22:25 . 2011-04-17 22:25 -------- d-----w- c:\program files\Trend Micro
2011-04-17 22:22 . 2011-04-17 22:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-17 22:22 . 2011-04-17 22:22 -------- d-----w- c:\program files\Java
2011-04-17 21:59 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-17 21:59 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-17 19:06 . 2011-04-17 19:06 -------- d-----w- c:\documents and settings\Christian\Application Data\SUPERAntiSpyware.com
2011-04-17 19:06 . 2011-04-17 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-17 19:06 . 2011-04-17 19:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-17 18:54 . 2011-04-17 18:54 -------- d-----w- c:\program files\CCleaner
2011-04-17 18:07 . 2011-04-17 18:07 -------- d-----w- c:\documents and settings\Christian\Application Data\OnlineArmor
2011-04-17 18:07 . 2011-04-17 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-17 18:07 . 2011-04-06 11:02 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-04-17 18:07 . 2011-04-06 11:01 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-04-17 18:07 . 2011-04-06 11:01 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-04-17 18:07 . 2011-04-06 11:01 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-04-17 18:07 . 2011-04-17 18:07 -------- d-----w- c:\program files\Online Armor
2011-04-14 14:29 . 2011-04-14 14:29 -------- d-----w- C:\FOUND.005
2011-04-13 22:35 . 2011-04-13 22:35 -------- d--h--w- c:\documents and settings\Christian\Local Settings\Application Data\Threat Expert
2011-04-13 21:24 . 2011-04-13 21:24 -------- d--h--w- c:\program files\Spyware Doctor
2011-04-13 21:08 . 2011-04-13 21:08 -------- d--h--w- c:\program files\Panda Security
2011-04-13 20:59 . 2011-04-13 20:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\TEMP
2011-04-13 20:42 . 2011-04-13 20:42 -------- d--h--w- c:\program files\Loaris
2011-04-13 17:44 . 2011-04-13 17:44 -------- d-----w- C:\FOUND.004
2011-04-13 17:14 . 2011-04-13 17:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-04-13 16:18 . 2011-04-13 16:18 -------- d-----w- C:\FOUND.003
2011-04-13 14:35 . 2011-04-13 14:35 -------- d--h--w- c:\windows\Sun
2011-04-13 14:35 . 2011-04-17 22:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-13 14:35 . 2011-04-17 22:22 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-13 14:22 . 2011-04-13 14:22 529052 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-13 13:05 . 2011-04-13 13:05 -------- d--h--w- c:\program files\Enigma Software Group
2011-04-13 13:04 . 2011-04-13 13:04 -------- d--h--w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-04-13 13:04 . 2011-04-13 13:04 -------- d--h--w- c:\program files\Common Files\Wise Installation Wizard
2011-04-13 12:39 . 2011-04-13 12:39 -------- d--h--w- c:\program files\GridinSoft Trojan Killer
2011-04-13 12:10 . 2011-04-13 12:10 380 ---ha-w- c:\windows\system32\drivers\sunkdkym.dat
2011-04-13 05:14 . 2011-04-13 05:14 -------- d--h--w- c:\documents and settings\Christian\Local Settings\Application Data\WMTools Downloaded Files
2011-04-05 21:33 . 2011-04-05 21:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\WinZip
2011-04-05 21:21 . 2011-04-05 21:21 -------- d--h--w- c:\program files\7-Zip
2011-03-21 12:26 . 2010-10-19 19:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-21 11:37 . 2011-03-21 11:37 -------- d--h--w- c:\documents and settings\Christian\Application Data\Malwarebytes
2011-03-21 11:37 . 2011-03-21 11:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-21 11:37 . 2011-03-21 11:37 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-03-21 10:50 . 2011-03-21 10:50 -------- d-----w- C:\FOUND.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 18:36 . 2009-08-18 09:30 564632 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-09 18:36 . 2009-08-18 09:24 18328 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 07:31 . 2011-02-20 14:55 57344 ---ha-r- c:\documents and settings\Christian\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-03-07 07:30 . 2003-03-18 19:05 106496 ---ha-w- c:\windows\system32\ATL71.DLL
2011-03-07 05:33 . 2004-08-10 18:00 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 18:00 420864 ---ha-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 18:00 1857920 ---ha-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-01-09 18:02 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 18:00 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 18:00 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42 . 2004-08-10 18:00 385024 ---ha-w- c:\windows\system32\html.iec
2011-02-20 14:55 . 2011-02-20 14:55 49152 ---ha-r- c:\documents and settings\Christian\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2011-02-17 13:18 . 2004-08-10 18:00 455936 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-10 18:00 357888 ---ha-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2011-02-15 21:22 5120 ---ha-w- c:\windows\system32\xpsp4res.dll
2011-02-15 19:19 . 2011-02-15 19:19 21275 ---ha-w- c:\windows\system32\drivers\AegisP.sys
2011-02-15 19:17 . 2004-09-27 15:15 1003 ---ha-w- c:\windows\CLEANUP.CMD
2011-02-15 16:49 . 2004-09-21 12:28 62 ---ha-w- c:\windows\HotFix.bat
2011-02-15 12:56 . 2004-08-10 18:00 290432 ---ha-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-10 18:00 229888 ---ha-w- c:\windows\system32\fxscover.exe
2011-02-08 13:33 . 2004-08-10 18:00 978944 ---ha-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-10 18:00 974848 ---ha-w- c:\windows\system32\mfc42u.dll
2011-02-04 15:48 . 2005-08-05 12:01 456192 ---ha-w- c:\windows\system32\encdec.dll
2011-02-04 15:48 . 2005-08-05 12:01 291840 ---ha-w- c:\windows\system32\sbe.dll
2011-02-02 06:58 . 2004-08-10 18:00 2067456 ---ha-w- c:\windows\system32\mstscax.dll
2011-01-27 10:57 . 2004-08-10 18:00 677888 ---ha-w- c:\windows\system32\mstsc.exe
2011-01-21 13:44 . 2004-08-10 18:00 439296 ---ha-w- c:\windows\system32\shimgvw.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]
"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-04-06 2477032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-16 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R1 MpKsldb63392e;MpKsldb63392e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8DA7A6F1-60E9-4F6A-AAE8-A22DBE966989}\MpKsldb63392e.sys [2011-04-20 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-04-17 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-04-17 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-04-17 29464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [2011-04-17 381512]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-06-19 1097728]
S1 MpKsl2e392492;MpKsl2e392492;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66815DCA-BA1A-432E-A86F-78E9E6A34E64}\MpKsl2e392492.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66815DCA-BA1A-432E-A86F-78E9E6A34E64}\MpKsl2e392492.sys [?]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-04-17 39048]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2011-04-17 4326472]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - INT15.SYS
*NewlyCreated* - MPKSLDB63392E
.
Innehållet i mappen 'Schemalagda aktiviteter':
.
2011-04-18 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 14:07]
.
2011-04-17 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 14:07]
.
2011-04-19 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 14:07]
.
2011-04-18 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14 14:07]
.
2011-04-20 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-04-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.aftonbladet.se/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
Trusted Zone: farman.se
Trusted Zone: farman.se\www
Trusted Zone: one.com\www
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.farman.se/auth/controls/IlosoftImageUpload.dll
FF - ProfilePath - c:\documents and settings\Christian\Application Data\Mozilla\Firefox\Profiles\60wvxkr8.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
AddRemove-{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A} - c:\program files\McAfee\SiteAdvisor\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-04-20 08:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Sluttid: 2011-04-20 08:14:28
ComboFix-quarantined-files.txt 2011-04-20 06:14
.
Före genomsökningen: 31 309 070 336 bytes free
Efter genomsökningen: 31 332 728 832 byte ledigt
.
- - End Of File - - 15F08D1679DF294086BCE21D9CA5D97F