ComboFix 09-04-22.02 - Vegard 21.04.2009 22:44.5 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3066.1959 [GMT 2:00] Kjører fra: c:\users\Vegard\Desktop\ComboFix.exe AV: Panda Antivirus 2008 *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Vegard\AppData\Roaming\Microsoft\SystemCertificates\Request . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-22 til 2009-04-22 ))))))))))))))))))))))))))))))))) . 2009-04-20 01:17 . 2009-04-20 01:17 0 ----a-w c:\windows\b-mkv-to-x-converter.INI 2009-04-19 17:39 . 2009-04-19 17:39 -------- d-----w c:\users\All Users\NtiDvdCopy 2009-04-19 17:39 . 2009-04-19 17:39 -------- d-----w c:\programdata\NtiDvdCopy 2009-04-19 00:12 . 2009-04-19 00:12 -------- d-----w C:\EGIS_Drive 2009-04-19 00:07 . 2009-04-19 00:07 -------- d-----w c:\users\Vegard\AppData\Roaming\PeerNetworking 2009-04-18 15:44 . 2009-04-18 15:44 -------- d-----w c:\users\All Users\WindowsSearch 2009-04-18 15:44 . 2009-04-18 15:44 -------- d-----w c:\programdata\WindowsSearch 2009-04-18 12:08 . 2009-04-18 13:03 -------- d-----w c:\users\Vegard\AppData\Local\GameSpy 2009-04-17 23:07 . 2009-04-17 23:59 -------- d-----w c:\users\Vegard\AppData\Local\My Games 2009-04-17 22:33 . 2009-04-17 22:33 -------- d-----w c:\users\Vegard\AppData\Roaming\InstallShield Installation Information 2009-04-17 22:33 . 2009-04-17 22:33 -------- d-----w c:\users\Vegard\AppData\Roaming\2K Games 2009-04-16 21:55 . 2009-04-16 21:56 -------- d-----w c:\users\All Users\Sports Interactive 2009-04-16 21:55 . 2009-04-16 21:56 -------- d-----w c:\programdata\Sports Interactive 2009-04-16 21:40 . 2009-04-16 21:40 -------- d--h--w c:\users\Vegard\InstallAnywhere 2009-04-16 21:39 . 2009-04-16 21:56 -------- d-----w c:\users\Vegard\AppData\Roaming\Sports Interactive 2009-04-16 20:26 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll 2009-04-16 20:26 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll 2009-04-16 20:26 . 2009-03-03 03:01 389632 ----a-w c:\windows\system32\html.iec 2009-04-16 20:26 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-04-16 20:26 . 2009-03-03 02:27 1383424 ----a-w c:\windows\system32\mshtml.tlb 2009-04-15 19:42 . 2009-04-15 19:42 -------- d-----w c:\users\All Users\Disk Cleaner 2009-04-15 19:42 . 2009-04-15 19:42 -------- d-----w c:\programdata\Disk Cleaner 2009-04-15 19:41 . 2009-04-18 12:59 -------- d-----w c:\users\All Users\Registry Helper 2009-04-15 19:41 . 2009-04-18 12:59 -------- d-----w c:\programdata\Registry Helper 2009-04-15 19:21 . 2009-04-19 22:02 -------- d-----w c:\users\Vegard\AppData\Roaming\uTorrent 2009-04-10 21:54 . 1998-10-06 17:03 327168 ----a-w c:\windows\IsUn0414.exe 2009-03-30 19:30 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-03-30 19:30 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-03-30 19:30 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-03-30 19:30 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl 2009-03-30 19:30 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll 2009-03-30 19:30 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe 2009-03-30 19:30 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-03-30 19:30 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-03-30 19:22 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll 2009-03-30 19:22 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll 2009-03-30 19:22 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll 2009-03-30 19:22 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll 2009-03-30 19:22 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll 2009-03-29 23:53 . 2009-04-20 12:19 -------- d-----w c:\users\Vegard\Tracing 2009-03-25 19:17 . 2009-03-25 19:17 372736 ----a-w c:\windows\system32\DiskCleanerLM.ocx 2009-03-25 19:13 . 2009-03-25 19:13 372736 ----a-w c:\windows\system32\RegistryHelperLM.ocx 2009-03-25 14:28 . 2009-03-25 14:28 -------- d-----w c:\users\Vegard\AppData\Roaming\CoSoSys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-21 20:43 . 2008-09-23 13:32 -------- d-----w c:\users\Vegard\AppData\Roaming\DNA 2009-04-21 20:43 . 2008-09-21 17:54 76694 ----a-w c:\users\All Users\nvModes.dat 2009-04-21 20:43 . 2008-09-21 17:54 76694 ----a-w c:\programdata\nvModes.dat 2009-04-21 20:29 . 2008-05-13 05:59 94094 ----a-w c:\windows\System32\perfc014.dat 2009-04-21 20:29 . 2008-05-13 05:59 489498 ----a-w c:\windows\System32\perfh014.dat 2009-04-21 20:27 . 2008-10-24 10:07 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-21 20:22 . 2009-04-21 20:22 794 ----a-w C:\zxnvkum.txt 2009-04-21 20:08 . 2008-10-24 10:01 -------- d-----w c:\program files\CCleaner 2009-04-21 18:56 . 2009-01-27 21:25 -------- d-----w c:\programdata\Google Updater 2009-04-19 18:03 . 2009-04-19 18:03 -------- d-----w c:\program files\Bluefox Studio 2009-04-19 00:50 . 2009-04-19 00:50 292 ---ha-w C:\YukonInstall.log 2009-04-18 14:11 . 2008-10-03 16:15 680 ----a-w c:\users\Vegard\AppData\Local\d3d9caps.dat 2009-04-18 14:05 . 2008-09-21 17:56 107552 ----a-w c:\users\Vegard\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-17 01:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-17 01:04 . 2008-05-12 20:14 -------- d-----w c:\programdata\Microsoft Help 2009-04-16 21:45 . 2009-04-16 21:42 -------- d--h--w c:\program files\Zero G Registry 2009-04-16 21:42 . 2009-04-16 21:42 -------- d-----w c:\program files\Sports Interactive 2009-04-15 19:42 . 2009-04-15 19:41 -------- d-----w c:\program files\Disk Cleaner 2009-04-15 19:21 . 2009-04-15 19:21 -------- d-----w c:\program files\uTorrent 2009-04-15 01:25 . 2009-02-12 18:23 -------- d-----w c:\users\Vegard\AppData\Roaming\LimeWire 2009-04-10 22:57 . 2009-04-10 21:54 -------- d-----w c:\program files\Championship Manager 01-02 2009-04-06 13:32 . 2008-10-24 10:07 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2008-10-24 10:07 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-30 19:41 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat 2009-03-30 19:41 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat 2009-03-30 19:41 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat 2009-03-29 23:52 . 2008-09-28 17:10 -------- d-----w c:\program files\Windows Live 2009-03-29 23:50 . 2009-03-29 23:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-29 23:49 . 2009-03-29 23:48 -------- d-----w c:\program files\Microsoft 2009-03-29 23:48 . 2009-03-29 23:48 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-29 23:43 . 2009-03-29 23:43 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-25 14:56 . 2008-11-02 16:28 -------- d-----w c:\program files\Java 2009-03-18 16:24 . 2009-03-18 16:24 -------- d-----w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-18 16:24 . 2009-03-18 16:24 -------- d-----w c:\program files\iTunes 2009-03-18 16:24 . 2009-03-18 16:24 -------- d-----w c:\program files\iPod 2009-03-18 16:24 . 2008-10-19 16:38 -------- d-----w c:\program files\Common Files\Apple 2009-03-18 16:22 . 2009-03-18 16:21 -------- d-----w c:\program files\QuickTime 2009-03-17 03:38 . 2009-04-16 20:27 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-16 20:27 13824 ----a-w c:\windows\System32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 20:27 24064 ----a-w c:\windows\System32\amxread.dll 2009-03-15 19:50 . 2009-03-15 19:50 -------- d-----w c:\users\Vegard\AppData\Roaming\OpenOffice.org 2009-03-15 19:45 . 2009-03-15 19:45 -------- d-----w c:\program files\JRE 2009-03-15 19:45 . 2009-03-15 19:45 -------- d-----w c:\program files\OpenOffice.org 3 2009-03-15 19:44 . 2009-03-15 19:44 -------- d-----w c:\program files\Common Files\Java 2009-03-09 04:19 . 2008-11-02 16:28 410984 ----a-w c:\windows\System32\deploytk.dll 2009-03-06 21:30 . 2008-05-12 20:05 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-06 21:16 . 2009-03-06 21:16 -------- d-----w c:\program files\Firaxis Games 2009-03-06 21:16 . 2008-05-12 20:05 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-05 22:59 . 2009-03-05 22:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-05 22:59 . 2009-03-05 22:59 1900544 ----a-w c:\windows\System32\usbaaplrc.dll 2009-03-05 02:18 . 2009-03-05 02:18 -------- d-----w c:\users\Vegard\AppData\Roaming\Camfrog 2009-03-05 02:18 . 2009-03-05 02:18 -------- d-----w c:\program files\Camfrog 2009-03-03 04:46 . 2009-04-16 20:27 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 20:27 3547632 ----a-w c:\windows\System32\ntoskrnl.exe 2009-03-03 04:39 . 2009-04-16 20:27 183296 ----a-w c:\windows\System32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 20:27 551424 ----a-w c:\windows\System32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 20:27 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 20:27 98304 ----a-w c:\windows\System32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 20:27 54784 ----a-w c:\windows\System32\iasads.dll 2009-03-03 04:37 . 2009-04-16 20:27 44032 ----a-w c:\windows\System32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-16 20:27 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 20:27 17408 ----a-w c:\windows\System32\iashost.exe 2009-03-02 14:31 . 2008-09-28 13:28 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-13 08:49 . 2009-04-16 20:27 72704 ----a-w c:\windows\System32\secur32.dll 2009-02-13 08:49 . 2009-04-16 20:27 1255936 ----a-w c:\windows\System32\lsasrv.dll 2009-02-09 03:10 . 2009-03-11 13:36 2033152 ----a-w c:\windows\System32\win32k.sys 2009-02-06 17:59 . 2009-02-06 17:59 308104 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\System32\sirenacm.dll 2009-01-28 17:06 . 2009-01-28 17:06 13785 ----a-w c:\windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat 2009-01-28 17:05 . 2009-01-28 17:06 5068152 ----a-w c:\windows\System32\SpoonUninstall.exe 2008-10-03 23:06 . 2008-10-03 23:06 94 ----a-w c:\users\Vegard\AppData\Local\fusioncache.dat 2008-09-27 17:34 . 2008-09-27 17:34 71280 ----a-w c:\users\Gjest\AppData\Local\GDIPFONTCACHEV1.DAT 2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2008-09-22 09:34 . 2008-09-22 09:32 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "Google Update"="c:\users\Vegard\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-21 133104] "BitTorrent DNA"="c:\users\Vegard\Program Files\DNA\btdna.exe" [2008-12-19 342848] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-21 185896] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 455984] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-07 6265376] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-08-07 1833504] c:\users\Vegard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-9-21 1216512] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2007-02-15 18:02 50736 ----a-w c:\windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{E22A63B7-9EE9-4636-8B2C-81D1E5FDFBC4}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{61D77CC8-079E-4E63-BF73-A1C97A703764}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{E9F7F002-3272-4193-9C40-1ED990441481}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{F59B2B13-7885-4033-95A9-D334591169D5}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{2B84393C-BCF0-48DF-9418-CCB379B8C38C}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{EC6C02F2-23BE-4842-A1F3-F16F077D6F05}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{06D98909-4431-4F5F-8DA8-B3D9D1A6BEB6}"= UDP:c:\program files\DNA\btdna.exe:DNA "{AF223522-7770-4C57-BB45-889C9FAEC84C}"= TCP:c:\program files\DNA\btdna.exe:DNA "{50DD01AA-5EF8-4FE1-8DC1-C7062B07E35C}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In) "{E2C0CCB0-D696-45D9-BC2A-496A5AF23F22}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In) "TCP Query User{C8896AFE-D748-4DC1-9C12-DB8A0DFFAE9E}c:\\users\\vegard\\program files\\dna\\btdna.exe"= UDP:c:\users\vegard\program files\dna\btdna.exe:btdna.exe "UDP Query User{235B69F3-7E2E-49D1-88CF-4D6F0BD274E5}c:\\users\\vegard\\program files\\dna\\btdna.exe"= TCP:c:\users\vegard\program files\dna\btdna.exe:btdna.exe "TCP Query User{4669EE9A-611A-4B54-A28C-30C882E07B04}c:\\users\\vegard\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\vegard\appdata\local\google\chrome\application\chrome.exe:chrome.exe "UDP Query User{DDF9CB1F-FEF5-4C72-9107-878FE1BBB666}c:\\users\\vegard\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\vegard\appdata\local\google\chrome\application\chrome.exe:chrome.exe "{25397A33-9723-4F15-9FBE-B431E77B4CB3}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{4ACA3B67-99AC-4BE5-8E41-611EE490FE67}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{D637408C-147B-446B-8AF2-BBF7D85CF977}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{3D6461F4-F4C3-4D09-843C-690B5DD10DF2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{8E0C2FE0-DA47-4487-946C-52052DDC1617}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{C4B506B7-3C00-4BCA-84CA-E869D4C2292A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{314F2A32-1837-4D93-996C-ECD21573CAF0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "TCP Query User{50921183-E3FE-4361-8004-4FD6CB8BCD39}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{9D1E8BE7-49E8-4FE4-BE34-9BF0E173A066}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{D3F5DA1D-6E82-4B3A-8FFC-1C0018EDD96D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{0B4B662C-F5E0-476A-AC69-357BF16921E6}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{180C67B1-2FAA-46CD-A839-3370DBC43189}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module "UDP Query User{9CFBD3AB-B109-4C84-8DE8-03BFFB68C933}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module "TCP Query User{41A3CA3A-3955-4CBD-9578-4694DF1C143A}c:\\program files\\firaxis games\\civilization iii complete\\conquests\\civ3conquests.exe"= UDP:c:\program files\firaxis games\civilization iii complete\conquests\civ3conquests.exe:Civ3Complete "UDP Query User{DA6F9EFF-FA5E-4432-9B9F-854374548D00}c:\\program files\\firaxis games\\civilization iii complete\\conquests\\civ3conquests.exe"= TCP:c:\program files\firaxis games\civilization iii complete\conquests\civ3conquests.exe:Civ3Complete "{972184F9-F776-4F9E-900C-705F0994C977}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{2FA0C8C9-635A-4EC2-B34F-9318FCC77472}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{CC2406D7-C8CB-4295-B7EA-C31076D3E52B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{C335F907-A134-485A-8C30-13BCA89350C1}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "UDP Query User{90B9F17D-728E-41AD-AF76-454A4931009A}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "{A4F57A6B-741B-4A90-A736-DFEB977A0A9E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{69E0F89F-3387-4F89-BCFC-D8C57205C3CF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{307B3FF5-3D80-4C1A-87A1-0E1C03B3CFD6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{09A40A49-3197-4E58-B8E1-3E9C4A96117C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{E26EADD0-1962-4F62-B631-9D8D8BCCBF81}c:\\users\\vegard\\program files\\dna\\btdna.exe"= UDP:c:\users\vegard\program files\dna\btdna.exe:btdna.exe "UDP Query User{240C6A22-5DFD-483C-A4B4-308323E4B6C5}c:\\users\\vegard\\program files\\dna\\btdna.exe"= TCP:c:\users\vegard\program files\dna\btdna.exe:btdna.exe "{044585FB-14A5-4776-8AEE-CC62DF0387E1}"= UDP:16661:UTorrent "{188B1041-432C-4B15-AE8D-690330C9DBE0}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "{8D7D9A46-1208-4DC5-81EF-14F9C47BF0EF}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "{78B4A908-DCAF-49DE-8046-2F2C8747373D}"= UDP:c:\users\Vegard\AppData\Roaming\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete "{B938D195-AC19-44D1-AE40-65DC0AEA712F}"= TCP:c:\users\Vegard\AppData\Roaming\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete "{44ACAC37-98BD-4276-B8B9-E59BA4049DD8}"= UDP:c:\users\Vegard\AppData\Roaming\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords "{FE71337D-92BF-44D2-A1FA-5D485E33E102}"= TCP:c:\users\Vegard\AppData\Roaming\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords "{6782FC47-1611-4549-B3FB-9EF441D9B84C}"= UDP:c:\users\Vegard\AppData\Roaming\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword "{FA70F0DA-A300-4567-800C-2CF207CCEBCA}"= TCP:c:\users\Vegard\AppData\Roaming\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr R0 qfxcv;qfxcv; [x] R0 tljdlwb;tljdlwb; [x] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-09-22 38968] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl [2008-04-18 13:01 61424] S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2007-09-28 46648] S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] S2 Disk Cleaner Service;Disk Cleaner Service;c:\program files\Disk Cleaner\DiskCleanerService.exe [2009-03-25 79160] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-09-22 178872] S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus 2008\PskSvc.exe [2007-03-21 27696] S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-03 43552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ rsmsvcs REG_MULTI_SZ ntmssvc . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-27 21:53] 2009-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443142323-2617257544-3122356939-1000.job - c:\users\Vegard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-21 20:23] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://no.intl.acer.yahoo.com mStart Page = hxxp://no.intl.acer.yahoo.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Panda Security\Panda Antivirus 2008\pavlsp.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-21 22:47 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(17236) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\system32\btmmhook.dll c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . Tidspunkt ferdig: 2009-04-21 22:50 ComboFix-quarantined-files.txt 2009-04-21 20:49 ComboFix2.txt 2008-10-30 23:18 ComboFix3.txt 2008-10-24 10:32 Pre-Run: 21 582 893 056 byte ledig Post-Run: 21 559 066 624 byte ledig 331 --- E O F --- 2009-04-17 01:12