Combofix + HJT logg. Kan noen sjekke?

[emyr]

HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:48:46, on 30.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Documents and Settings\Kristian\Skrivebord\HJT\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB8.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143384409837

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp08.photoprintit.de/microsite/502...IPSUploader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3204C68-51E9-43A1-9494-E52F042F72BF}: NameServer = 192.168.1.254

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

--

End of file - 8442 bytes

 

 

 

Combofix:

 

 

ComboFix 08-06-20.4 - Kristian 2008-06-30 21:42:23.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.169 [GMT 2:00]

Running from: C:\Documents and Settings\Kristian\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\Downloaded Program Files\setup.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))

.

 

2008-06-30 21:38 . 2008-06-30 21:38 <DIR> dr-h----- C:\Documents and Settings\Kristian\Siste

2008-06-30 21:25 . 2008-06-30 21:25 <DIR> d-------- C:\Programfiler\CCleaner

2008-06-30 21:08 . 2008-06-30 21:08 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-06-30 21:08 . 2008-06-30 21:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-06-30 21:08 . 2008-06-30 21:08 <DIR> d-------- C:\Documents and Settings\Kristian\Programdata\SUPERAntiSpyware.com

2008-06-30 21:08 . 2008-06-30 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-06-30 20:24 . 2008-06-30 21:30 <DIR> d-------- C:\Programfiler\Avanquest update

2008-06-30 20:24 . 2008-06-30 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\BVRP Software

2008-06-18 23:06 . 2008-04-23 06:22 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-18 23:06 . 2007-03-08 07:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-18 23:06 . 2008-04-23 06:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-18 23:06 . 2008-04-23 06:22 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-18 23:06 . 2008-04-23 06:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-18 23:06 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-18 23:05 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-18 23:05 . 2008-04-23 06:22 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-18 23:05 . 2008-04-23 06:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-18 23:04 . 2008-06-18 23:06 <DIR> d-------- C:\WINDOWS\system32\nb-no

2008-06-18 22:22 . 2008-06-18 22:22 <DIR> d-------- C:\Documents and Settings\Kristian\Programdata\Joost

2008-06-18 22:21 . 2008-06-18 22:22 <DIR> d-------- C:\Programfiler\Joost

2008-06-18 21:55 . 2008-06-18 21:55 <DIR> d-------- C:\Documents and Settings\Kristian\Programdata\EPSON

2008-06-18 21:55 . 2008-06-18 21:55 29 --a------ C:\WINDOWS\DEBUGSM.INI

2008-06-07 12:53 . 2008-06-07 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\UDL

2008-06-07 12:52 . 2008-06-07 12:52 <DIR> d-------- C:\Programfiler\ABBYY FineReader 6.0 Sprint

2008-06-07 12:50 . 2008-06-07 12:50 <DIR> d-------- C:\Documents and Settings\Kristian\Programdata\InstallShield

2008-06-07 12:49 . 2008-06-07 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\EPSON

2008-06-07 12:49 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCEE.DLL

2008-06-07 12:49 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCEE.DLL

2008-06-07 12:49 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL

2008-06-07 12:43 . 2008-06-07 12:53 <DIR> d-------- C:\Programfiler\epson

2008-06-07 12:43 . 2007-04-18 00:00 67,072 --a------ C:\WINDOWS\system32\escwiad.dll

2008-06-07 12:43 . 2008-06-07 12:43 26 --a------ C:\WINDOWS\CDEDX8400EXPORT.ini

2008-06-07 12:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-06-07 12:41 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-05-18 14:40 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-05-18 14:40 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-05-18 14:40 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-05-18 14:40 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-30 18:24 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-06-30 18:23 --------- d-----w C:\Programfiler\Sony Ericsson

2008-06-30 18:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2008-06-30 18:12 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-06-29 16:00 --------- d-----w C:\Programfiler\Norton Security Scan

2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-07 10:54 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-05-23 11:24 --------- d-----w C:\Programfiler\Picasa2

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]

"Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 08:00 182272]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 15:29 356352]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]

"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []

"Tweak UI"="TWEAKUI.CPL,TweakMeUp" []

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-03-17 17:35 155648]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

"Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax

"msacm.l3fhg"= mp3fhg.acm

"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm

"vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL

"vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

"vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX511.dll

"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll

"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll

"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\BearShare\\BearShare.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Joost\\xulrunner\\tvprunner.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 16:11]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be63f1ce-bcac-11da-aba2-806d6172696f}]

\Shell\AutoRun\command - D:\SETUP.EXE /AUTORUN

\Shell\configure\command - D:\SETUP.EXE

\Shell\install\command - D:\SETUP.EXE

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-06-29 20:40:46 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Programfiler\Norton Security Scan\Nss.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-30 21:44:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-30 21:46:12

ComboFix-quarantined-files.txt 2008-06-30 19:46:06

 

Pre-Run: 89,162,813,440 byte ledig

Post-Run: 89,153,695,744 byte ledig

 

156 --- E O F --- 2008-06-20 22:53:14

 

 

[norbat]

Ser greit ut dette, emyr.

 

Du kan oppdatere Java'en: http://java.com/en/download/index.jsp

 

Avinstaller Liveupdate (symantec/norton) fra legg til fjern programmer. Evt. kjør Norton Removal Tool.

 

Var det bare en sjekk eller har du mistanke om noe?

[emyr]

Ser greit ut dette, emyr.

 

Du kan oppdatere Java'en: http://java.com/en/download/index.jsp

 

Avinstaller Liveupdate (symantec/norton) fra legg til fjern programmer. Evt. kjør Norton Removal Tool.

 

Var det bare en sjekk eller har du mistanke om noe?

 

Tusen takk!

 

Dette er fra maskina til en kompis av meg.

Jeg trodde han hadde fått et virus på MSN, ettersom jeg fikk en slik link av han: click here and get your bonus www.thebonusbar.info.

Men han har oppdatert Avast antivirus, som ikke har varslet noe, + att jeg kjørte en skanning med Superantispyware som bare fant adware.tracking.cookie og noe med Bearshare.

Synes det hele er litt rart.

Han har heller ikke fått beskjed fra noen andre att de har fått noen slike linker av han.

[norbat]

Du kan uansett be vedkommende om å bytte passord på MSN-brukerkontoen sin.