[Løst]Noe skitt her?

[IcedInsanity]

Combofix logg:

 

 

ComboFix 09-08-10.06 - Acer 13.08.2009 23:27.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3036.1350 [GMT 2:00]

Kjører fra: c:\users\Acer\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\186d46.msi

 

 

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

 

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-13 til 2009-08-13 )))))))))))))))))))))))))))))))))

.

 

2009-08-13 21:17 . 2009-08-13 21:17 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes

2009-08-13 21:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-13 21:17 . 2009-08-13 21:17 -------- d-----w- C:\Malwarebytes' Anti-Malware

2009-08-13 21:17 . 2009-08-13 21:17 -------- d-----w- c:\programdata\Malwarebytes

2009-08-13 21:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-12 03:19 . 2009-08-12 03:19 86016 ----a-w- c:\windows\system32\OpenAL32.dll

2009-08-12 03:19 . 2009-08-12 03:19 262144 ----a-w- c:\windows\system32\wrap_oal.dll

2009-08-12 02:15 . 2008-02-13 06:07 393216 ----a-w- c:\users\Acer\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe

2009-08-12 02:13 . 2007-08-29 13:36 167424 ----a-w- c:\users\Acer\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe

2009-08-12 02:13 . 2009-08-12 02:13 -------- d-----w- c:\programdata\NCH Swift Sound

2009-08-12 02:13 . 2009-01-29 09:13 42003 ----a-w- c:\users\Acer\AppData\Roaming\NCH Software\Components\ffmpeg4\avutil-49.dll

2009-08-12 02:13 . 2009-01-29 09:13 2660371 ----a-w- c:\users\Acer\AppData\Roaming\NCH Software\Components\ffmpeg4\avcodec-52.dll

2009-08-12 02:13 . 2009-01-29 09:13 5632 ----a-w- c:\users\Acer\AppData\Roaming\NCH Software\Components\ffmpeg4\avdevice-52.dll

2009-08-12 02:13 . 2009-01-29 09:13 444435 ----a-w- c:\users\Acer\AppData\Roaming\NCH Software\Components\ffmpeg4\avformat-52.dll

2009-08-12 02:09 . 2009-08-12 06:42 -------- d-----w- c:\programdata\NCH Software

2009-08-12 02:08 . 2009-08-13 14:42 -------- d-----w- c:\users\Acer\AppData\Roaming\NCH Software

2009-08-12 02:08 . 2009-08-13 14:42 -------- d-----w- c:\program files\NCH Software

2009-08-12 00:26 . 2009-08-12 00:26 -------- d-----w- c:\windows\Downloaded Installations

2009-08-10 02:36 . 2009-08-10 02:36 -------- d-----w- c:\users\Acer\AppData\Local\Apple Computer

2009-08-09 15:48 . 2009-08-09 15:48 -------- d-----w- c:\program files\SopCast

2009-08-02 21:28 . 2009-08-02 21:28 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2009-08-02 21:28 . 2009-08-02 22:24 -------- d-----w- c:\users\Acer\AppData\Roaming\Winamp

2009-08-02 21:28 . 2009-08-02 21:29 -------- d-----w- c:\program files\Winamp

2009-08-01 18:25 . 2009-08-01 18:25 -------- d-----w- c:\program files\QuickTime

2009-08-01 18:25 . 2009-08-01 18:25 -------- d-----w- c:\programdata\Apple Computer

2009-08-01 18:24 . 2009-08-01 18:24 -------- d-----w- c:\users\Acer\AppData\Local\Apple

2009-08-01 18:24 . 2009-08-01 18:24 -------- d-----w- c:\program files\Apple Software Update

2009-08-01 18:24 . 2009-08-01 18:24 -------- d-----w- c:\programdata\Apple

2009-08-01 18:12 . 2009-08-01 18:12 0 ----a-w- c:\users\Acer\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe

2009-08-01 17:50 . 2009-08-13 16:26 -------- d-----w- c:\users\Acer\AppData\Roaming\FrostWire

2009-08-01 17:47 . 2009-08-01 17:48 -------- d-----w- c:\program files\Java

2009-08-01 17:47 . 2009-08-01 17:47 -------- d-----w- c:\program files\Common Files\Java

2009-08-01 17:45 . 2009-08-01 17:50 -------- d-----w- c:\program files\FrostWire

2009-07-26 17:21 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll

2009-07-21 22:29 . 2009-07-27 14:25 -------- d-----w- c:\users\Acer\AppData\Local\Microsoft Games

2009-07-20 14:38 . 2009-07-20 14:38 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-07-20 13:44 . 2009-07-20 13:44 -------- d-----w- c:\program files\CCleaner

2009-07-20 12:46 . 2009-07-20 12:46 -------- d-----w- c:\users\Public\Roaming

2009-07-20 12:46 . 2009-07-20 12:46 -------- d-----w- c:\users\Default\Roaming

2009-07-20 12:46 . 2009-07-20 12:46 -------- d-----w- c:\users\Acer\Roaming

2009-07-20 12:46 . 2009-07-20 12:46 -------- d-----w- c:\users\Acer\AppData\Roaming\Intel

2009-07-20 12:46 . 2009-07-20 12:46 -------- d-----w- c:\programdata\Roaming

2009-07-20 12:45 . 2009-07-20 12:45 -------- d-----w- c:\program files\Cisco

2009-07-20 12:45 . 2009-07-20 12:45 -------- d-----w- c:\programdata\Intel

2009-07-20 12:45 . 2009-07-20 12:45 -------- d-----w- c:\program files\Common Files\Intel

2009-07-20 12:44 . 2009-07-20 12:44 -------- d-----w- c:\users\Acer\AppData\Local\Microsoft Help

2009-07-20 10:20 . 2009-08-13 10:19 -------- d--h--w- C:\$AVG8.VAULT$

2009-07-19 22:01 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe

2009-07-19 19:38 . 1998-01-23 10:22 304128 ----a-w- c:\windows\IsUninst.exe

2009-07-18 22:48 . 2009-07-18 22:49 -------- d-----w- c:\users\Acer\AppData\Local\Adobe

2009-07-18 09:46 . 2009-07-18 09:46 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2009-07-17 15:07 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-07-17 15:07 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

2009-07-17 11:03 . 2008-09-03 03:59 468992 ----a-w- c:\windows\system32\newdev.dll

2009-07-17 11:03 . 2008-09-03 03:58 74752 ----a-w- c:\windows\system32\newdev.exe

2009-07-16 16:35 . 2009-08-11 11:40 -------- d-----w- c:\users\Acer\Tracing

2009-07-16 13:35 . 2009-07-16 13:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-16 13:35 . 2009-07-16 13:35 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-16 13:35 . 2009-07-17 10:56 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-16 13:35 . 2009-08-13 15:57 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-16 13:35 . 2009-07-16 13:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-16 13:35 . 2009-07-16 13:35 -------- d-----w- c:\programdata\avg8

2009-07-16 13:35 . 2009-07-16 13:35 -------- d-----w- c:\program files\AVG

2009-07-16 13:25 . 2009-07-16 13:25 0 ----a-w- c:\windows\nsreg.dat

2009-07-16 13:25 . 2009-07-16 13:25 -------- d-----w- c:\users\Acer\AppData\Local\Mozilla

2009-07-16 13:02 . 2009-03-03 04:40 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll

2009-07-16 12:55 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll

2009-07-16 12:55 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe

2009-07-16 12:55 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll

2009-07-16 12:55 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll

2009-07-16 12:55 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll

2009-07-16 12:55 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll

2009-07-16 12:55 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll

2009-07-16 12:55 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll

2009-07-16 12:55 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-12 20:58 . 2009-07-16 12:52 62804 ----a-w- c:\programdata\nvModes.dat

2009-08-11 11:44 . 2008-01-21 06:14 76478 ----a-w- c:\windows\system32\perfc014.dat

2009-08-11 11:44 . 2008-01-21 06:14 452326 ----a-w- c:\windows\system32\perfh014.dat

2009-07-24 15:16 . 2009-07-13 11:46 192504809 ----a-w- c:\windows\DUMP4681.tmp

2009-07-24 15:15 . 2009-07-13 11:46 194208745 ----a-w- c:\windows\DUMP45f4.tmp

2009-07-21 21:52 . 2009-07-29 20:26 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 20:26 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 20:26 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 20:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-20 12:49 . 2009-07-13 11:02 70104 ----a-w- c:\users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT

2009-07-20 12:45 . 2009-01-24 05:35 -------- d-----w- c:\program files\Intel

2009-07-20 12:45 . 2009-01-24 06:00 -------- d-----w- c:\programdata\Microsoft Help

2009-07-20 12:44 . 2009-01-24 06:03 -------- d-----w- c:\program files\Microsoft Works

2009-07-17 22:00 . 2009-01-24 06:29 -------- d-----w- c:\program files\Windows Live

2009-07-16 16:57 . 2009-01-24 05:41 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-16 16:55 . 2009-01-24 06:40 -------- d-----w- c:\program files\Acer GameZone

2009-07-16 16:54 . 2009-01-24 06:59 -------- d-----w- c:\program files\eSobi

2009-07-16 16:53 . 2009-07-13 11:22 -------- d-----w- c:\programdata\CyberLink

2009-07-16 16:52 . 2009-07-13 11:22 36864 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe

2009-07-16 16:33 . 2009-07-16 16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-07-16 16:31 . 2009-01-24 06:33 -------- d-----w- c:\programdata\McAfee

2009-07-16 16:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-16 16:28 . 2009-01-24 06:17 -------- d-----w- c:\program files\Google

2009-07-13 11:28 . 2009-07-13 11:28 -------- d-----w- c:\program files\Acer Incorporated

2009-07-13 11:21 . 2009-07-13 11:22 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe

2009-07-13 11:08 . 2009-07-13 11:08 -------- d-----w- c:\program files\Acer Inc

2009-07-13 11:08 . 2009-07-13 11:07 -------- d-----w- c:\program files\Launch Manager

2009-07-13 11:05 . 2009-07-13 11:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2009-07-13 11:05 . 2009-07-13 11:05 -------- d-----w- c:\program files\Synaptics

2009-07-13 11:04 . 2009-07-13 11:04 -------- d-----w- c:\users\Acer\AppData\Roaming\InstallShield

2009-07-13 11:03 . 2009-07-13 11:03 -------- d-----w- c:\programdata\NVIDIA

2009-07-13 11:01 . 2009-01-24 06:16 -------- d-----w- c:\program files\Acer

2009-07-13 10:57 . 2009-07-13 10:57 -------- d-sh--we c:\programdata\Start-meny

2009-07-13 10:57 . 2009-07-13 10:57 -------- d-sh--we c:\programdata\Skrivebord

2009-07-13 10:57 . 2009-07-13 10:57 -------- d-sh--we c:\programdata\Programdata

2009-07-13 10:57 . 2009-07-13 10:57 -------- d-sh--we c:\programdata\Maler

2009-07-13 10:57 . 2009-07-13 10:57 -------- d-sh--we c:\programdata\Favoritter

2009-07-13 10:57 . 2009-07-13 10:57 -------- d-sh--we c:\programdata\Dokumenter

2009-07-13 10:57 . 2009-07-13 10:57 -------- d-sh--we c:\program files\Fellesfiler

2009-06-15 15:24 . 2009-07-16 13:03 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 15:20 . 2009-07-16 13:03 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 15:20 . 2009-07-16 13:03 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-06-15 12:52 . 2009-07-16 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-16 1948440]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-09-18 6294048]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{FF44981C-5BEB-475E-B32B-4A44A5D09103}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{13FFC6B2-7FE5-43D5-860F-F9B4AC881EA7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{EE7B0943-DF3D-4F87-AAD9-D5F00A6081A5}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{B0F43B28-F351-4A92-8A2F-96EC504E473B}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{DC463910-24BA-4615-82F5-1535E3B9E778}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{3FBE0040-17D1-4B90-BB84-8BC1AF7C7DB4}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{FD971492-4028-4F99-9FB9-4454FAE7A607}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{49094A3A-697F-47B2-BCAC-E57AF11D09DC}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{1806AE6E-0741-4DD1-8599-22BED285DEDD}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"{B9DCA78B-D440-44E9-8D1F-FE5297995615}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{FC73CCA2-0977-4005-9A77-9BD7AD07EBA0}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire

"UDP Query User{73CF18C5-4D29-483F-A2C7-40BA0E632062}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire

"TCP Query User{7344B555-9E5C-4CD3-90CA-9C0A8ADC9C91}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{19A979A6-9359-4A1E-BD6E-E57272E244A8}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{9CAAC43E-A665-4625-80C8-E0882406EC69}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{83493E24-F99C-4B3E-ADD6-213C35E8BA79}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"{56AD4615-9750-423A-AE19-FB0988D46279}"= UDP:86:BroadCam Video Streaming Server Web Server

"{5C2F488B-135C-4CB7-A938-6B8E9BC221B4}"= TCP:4100:uPNP Router Control Port

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [16.07.2009 15:35 335752]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [16.07.2009 15:35 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [16.07.2009 15:35 907032]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16.07.2009 15:35 298776]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [24.01.2009 08:16 24576]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23.09.2008 15:11 144632]

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [24.01.2009 14:07 47104]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 07:40 3668480]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [08.01.2009 07:55 45600]

R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28.03.2007 08:51 43008]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23.09.2008 15:11 50424]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-eRecoveryService - (no file)

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0709&m=aspire_6930g

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0709&m=aspire_6930g

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\l3v5fxy9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.diskusjon.no/index.php?autocom=my_forum

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-13 23:32

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'Explorer.exe'(3120)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\wlanext.exe

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\acer\Mobility Center\MobilityService.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\System32\conime.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-08-13 23:36 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-08-13 21:35

 

Pre-Run: 184 870 129 664 byte ledig

Post-Run: 184 507 850 752 byte ledig

 

317 --- E O F --- 2009-08-11 11:45

 

 

 

MBam logg:

 

 

Malwarebytes' Anti-Malware 1.40

Databaseversjon: 2616

Windows 6.0.6001 Service Pack 1

 

13.08.2009 23:43:27

mbam-log-2009-08-13 (23-43-27).txt

 

Skanntype: Rask Skann

Objekter skannet: 80207

Tid tilbakelagt: 4 minute(s), 31 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

[snippsat]

Ser bra ut dette,combofix litt grums.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Sjekk om software er oppdatert Secunia

 

Surf trygt.

[IcedInsanity]

Thank you.