ComboFix 10-02-02.02 - Kristoffer 03.02.2010 0:48.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3066.1946 [GMT 1:00] Kjører fra: c:\users\Kristoffer\Desktop\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-01-02 til 2010-02-02 ))))))))))))))))))))))))))))))))) . 2010-02-03 08:28 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-02-02 23:55 . 2010-02-02 23:56 -------- d-----w- c:\users\Kristoffer\AppData\Local\temp 2010-02-02 23:55 . 2010-02-02 23:55 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-02-02 23:55 . 2010-02-02 23:55 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2010-02-02 23:55 . 2010-02-02 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-02 23:02 . 2009-04-11 06:32 19944 ----a-w- C:\atapi.sys 2010-02-02 20:29 . 2010-02-02 20:29 77312 ----a-w- C:\mbr.exe 2010-02-01 17:50 . 2010-02-01 17:50 -------- d-----w- c:\programdata\Adobe Systems 2010-02-01 16:46 . 2010-02-01 16:46 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-02-01 16:46 . 2010-02-01 16:59 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\DAEMON Tools Lite 2010-02-01 16:45 . 2010-02-01 16:46 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-02-01 16:43 . 2010-02-01 16:43 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\DAEMON Tools Pro 2010-02-01 16:43 . 2010-02-01 16:43 -------- d-----w- c:\programdata\DAEMON Tools Pro 2010-02-01 10:18 . 2010-02-01 10:18 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Malwarebytes 2010-02-01 10:18 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-01 10:18 . 2010-02-01 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-01 10:18 . 2010-02-01 10:18 -------- d-----w- c:\programdata\Malwarebytes 2010-02-01 10:18 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-01 07:19 . 2010-02-01 07:19 52224 ----a-w- c:\users\Kristoffer\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-01 07:19 . 2010-02-01 07:19 117760 ----a-w- c:\users\Kristoffer\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-01 07:18 . 2010-02-01 07:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-02-01 07:18 . 2010-02-02 18:33 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-01 07:18 . 2010-02-01 07:18 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\SUPERAntiSpyware.com 2010-02-01 07:18 . 2010-02-01 07:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-01 01:58 . 2010-02-01 01:59 -------- d-----w- c:\program files\QuickTime 2010-02-01 00:19 . 2010-02-01 00:19 -------- d-----w- c:\program files\Audacity 2010-01-29 22:50 . 2010-01-29 22:50 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\MPEG Streamclip 2010-01-29 22:43 . 2010-01-29 22:43 -------- d-----w- c:\program files\Xvid 2010-01-29 22:43 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll 2010-01-29 22:43 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll 2010-01-29 21:12 . 2010-01-29 21:12 -------- d-----w- c:\programdata\FLEXnet 2010-01-13 11:21 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 11:21 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-02 23:56 . 2009-09-14 10:43 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\uTorrent 2010-02-02 23:51 . 2008-05-13 05:59 77322 ----a-w- c:\windows\system32\perfc014.dat 2010-02-02 23:51 . 2008-05-13 05:59 455230 ----a-w- c:\windows\system32\perfh014.dat 2010-02-02 23:46 . 2009-10-31 16:03 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\LimeWire 2010-02-02 23:43 . 2009-05-30 13:08 77722 ----a-w- c:\programdata\nvModes.dat 2010-02-02 23:42 . 2009-05-30 13:10 12 ----a-w- c:\windows\bthservsdp.dat 2010-02-01 19:06 . 2009-05-30 13:11 103032 ----a-w- c:\users\Kristoffer\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-01 18:48 . 2008-04-30 07:25 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-01 16:46 . 2009-06-03 10:43 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-01 15:37 . 2009-05-31 12:13 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Spotify 2010-02-01 14:33 . 2009-08-01 10:36 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\vlc 2010-02-01 07:10 . 2009-08-02 18:09 -------- d-----w- c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game 2010-02-01 02:02 . 2009-09-02 19:57 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\TuneUpMedia 2010-02-01 00:04 . 2009-05-30 14:44 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Apple Computer 2010-01-31 23:30 . 2008-05-12 20:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-31 23:29 . 2009-05-30 14:42 -------- d-----w- c:\programdata\Apple Computer 2010-01-31 23:26 . 2008-05-12 20:05 -------- d-----w- c:\program files\Common Files\InstallShield 2010-01-29 21:41 . 2009-12-04 19:57 -------- d-----w- c:\program files\WinAVI MP4 Converter 2010-01-22 16:17 . 2009-08-12 00:42 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-14 10:12 . 2009-10-03 09:02 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-13 11:29 . 2008-05-12 20:14 -------- d-----w- c:\programdata\Microsoft Help 2010-01-13 11:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-02 06:38 . 2010-01-21 20:30 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-21 20:30 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-21 20:30 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-21 20:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-01-01 21:04 . 2010-01-01 21:02 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Teleca 2010-01-01 21:04 . 2010-01-01 21:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2010-01-01 21:01 . 2010-01-01 21:01 -------- d-----w- c:\program files\Common Files\Teleca Shared 2010-01-01 21:01 . 2010-01-01 21:01 -------- d-----w- c:\programdata\HTC 2010-01-01 21:01 . 2010-01-01 21:01 -------- d-----w- c:\programdata\Teleca 2010-01-01 21:01 . 2010-01-01 21:00 -------- d-----w- c:\program files\HTC 2010-01-01 21:00 . 2010-01-01 21:00 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2010-01-01 21:00 . 2010-01-01 21:00 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys 2009-12-26 14:40 . 2009-12-26 14:40 -------- d-----w- c:\program files\Vstep 2009-12-21 11:09 . 2009-12-21 11:09 614136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-15 21:44 . 2009-12-15 21:44 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Epson 2009-12-15 21:40 . 2009-12-15 21:12 -------- d-----w- c:\program files\Common Files\EPSON 2009-12-15 21:17 . 2009-11-05 14:12 -------- d-----w- c:\program files\epson 2009-12-15 21:17 . 2009-12-15 21:17 -------- d-----w- c:\programdata\UDL 2009-12-15 21:16 . 2009-12-15 21:14 -------- d-----w- c:\program files\Epson Software 2009-12-15 21:14 . 2009-12-15 21:13 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint 2009-12-15 21:12 . 2009-12-15 21:11 -------- d-----w- c:\program files\EpsonNet 2009-12-07 17:26 . 2009-06-01 15:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-09 12:31 . 2009-12-08 21:17 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-11-09 12:30 . 2009-12-08 21:17 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-11-09 10:36 . 2009-12-08 21:17 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-11-05 13:59 . 2009-11-05 13:59 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-05-30 22:43 . 2009-05-30 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2010-02-01_10.59.02 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2010-02-02 23:45 58330 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2010-02-02 23:45 91730 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-05-30 12:55 . 2010-02-01 10:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-05-30 12:55 . 2010-02-02 23:29 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-05-30 12:55 . 2010-02-01 10:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-05-30 12:55 . 2010-02-02 23:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-05-30 12:55 . 2010-02-01 10:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-05-30 12:55 . 2010-02-02 23:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-06-01 21:21 . 2010-02-02 22:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-06-01 21:21 . 2010-02-01 10:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-01 10:04 . 2010-02-02 21:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat - 2010-02-01 10:04 . 2010-02-01 10:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat + 2010-02-01 18:33 . 2010-02-01 18:33 38912 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\uynm.tmp\svchost.exe + 2009-06-01 21:21 . 2010-02-02 22:55 81920 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-06-01 21:21 . 2010-02-02 22:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-06-01 21:21 . 2010-02-01 10:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-05-30 13:10 . 2010-02-02 23:45 8074 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-422659018-1902692424-1412168192-1000_UserData.bin + 2010-02-02 23:43 . 2010-02-02 23:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-02-01 10:45 . 2010-02-01 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-02-01 10:45 . 2010-02-01 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-02-02 23:43 . 2010-02-02 23:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-05-30 23:37 . 2010-02-02 18:30 328414 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2006-11-02 10:33 . 2010-02-02 23:51 590082 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2010-02-01 10:53 590082 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2010-02-01 10:53 102094 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2010-02-02 23:51 102094 c:\windows\System32\perfc009.dat + 2009-06-01 21:21 . 2010-02-02 22:55 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-06-01 21:21 . 2010-02-01 10:45 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2006-11-02 10:22 . 2010-02-01 09:54 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat + 2006-11-02 10:22 . 2010-02-01 16:47 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat + 2006-11-02 12:47 . 2010-02-01 18:50 1726800 c:\windows\System32\FNTCACHE.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-14 289584] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Google Update"="c:\users\Kristoffer\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-30 135664] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-07 6265376] "Skytel"="Skytel.exe" [2008-08-07 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Jamcast"="c:\program files\Jamcast Beta\jcsvrmgr.exe" [2009-11-03 253952] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-5-30 1216512] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):03,cb,87,12,1b,fb,c9,01 R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [30.05.2009 14:31 61424] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01.06.2009 16:19 108289] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03.03.2008 12:11 16384] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30.05.2009 14:32 81504] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [12.05.2008 21:36 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [06.04.2008 21:42 50424] R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30.05.2009 14:32 122368] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30.05.2009 14:19 233472] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [30.05.2009 23:41 43552] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [03.06.2009 11:43 691696] S2 Jamcast;Jamcast;c:\program files\Jamcast Beta\jamcastsvc.exe [03.11.2009 17:00 61440] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04.04.2008 02:03 131072] S2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe --> c:\program files\NetMeeting\comp.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.01.2008 03:23 179712] S3 FontCache;Windows skriftbuffertjeneste;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504] S3 HTCAND32;HTC Device Driver;c:\windows\System32\drivers\ANDROIDUSB.sys [01.01.2010 22:00 24576] S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [30.05.2009 14:15 84240] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-02-02 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03] 2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-422659018-1902692424-1412168192-1000Core.job - c:\users\Kristoffer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-30 21:44] 2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-422659018-1902692424-1412168192-1000UA.job - c:\users\Kristoffer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-30 21:44] . . ------- Tilleggsskanning ------- . uStart Page = www.google.no mStart Page = hxxp://no.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Kristoffer\AppData\Roaming\Mozilla\Firefox\Profiles\26aef26t.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-03 00:56 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-422659018-1902692424-1412168192-1000\Software\SecuROM\License information*] "datasecu"=hex:9b,ef,15,16,7f,15,de,09,ef,03,76,03,00,5f,e4,39,c5,cc,d1,37,9a, 06,c2,07,68,41,43,7a,44,34,8e,50,c1,c6,82,0c,41,2c,79,5e,94,88,4e,b9,34,82,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(3168) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\system32\btmmhook.dll c:\windows\System32\SysHook.dll . Tidspunkt ferdig: 2010-02-03 00:58:16 ComboFix-quarantined-files.txt 2010-02-02 23:58 ComboFix2.txt 2010-02-02 21:03 ComboFix3.txt 2010-02-01 19:05 ComboFix4.txt 2010-02-01 11:01 Pre-Run: 68 637 569 024 byte ledig Post-Run: 68 602 580 992 byte ledig - - End Of File - - DFE354026D80EDF568A9710D9E943DCD