Trojanske hester, virus? Igjen!

[nilieh]

Takk for at du tar deg tid

 

Ny combofix log

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-11-02.05 - Nina 2008-11-03 17:07:29.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1759 [GMT 1:00]

Running from: c:\users\Nina\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-10-03 to 2008-11-03 )))))))))))))))))))))))))))))))

.

 

2008-10-29 14:49 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-29 14:49 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-29 14:49 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-27 05:48 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll

2008-10-27 05:48 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll

2008-10-27 05:48 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax

2008-10-27 05:48 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax

2008-10-27 05:48 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax

2008-10-24 21:01 . 2008-10-24 21:01 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-24 21:01 . 2008-10-24 21:01 <DIR> d-------- c:\program files\iTunes

2008-10-24 21:01 . 2008-10-24 21:01 <DIR> d-------- c:\program files\iPod

2008-10-24 21:01 . 2008-10-24 21:01 <DIR> d-------- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-22 04:44 . 2008-10-22 04:44 <DIR> d-------- c:\users\Nina\Option

2008-10-21 12:45 . 2008-10-21 12:45 <DIR> d-------- c:\users\All Users\ConeXware

2008-10-21 12:45 . 2008-10-21 12:45 <DIR> d-------- c:\progra~2\ConeXware

2008-10-21 12:32 . 2008-10-22 11:26 <DIR> d-------- c:\program files\PowerArchiver

2008-10-21 10:37 . 2008-10-21 10:37 <DIR> d-------- c:\users\Nina\AppData\Roaming\BSplayer Pro

2008-10-21 10:37 . 2008-10-30 16:31 <DIR> d-------- c:\users\Nina\AppData\Roaming\BSplayer

2008-10-21 10:37 . 2008-10-21 10:37 <DIR> d-------- c:\program files\Webteh

2008-10-19 12:39 . 2008-10-31 07:26 <DIR> d--h----- C:\$AVG8.VAULT$

2008-10-19 11:29 . 2008-11-03 08:01 <DIR> d-------- c:\windows\System32\drivers\Avg

2008-10-19 11:29 . 2008-10-19 11:29 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys

2008-10-19 11:29 . 2008-10-19 11:29 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys

2008-10-19 11:29 . 2008-10-19 11:29 10,520 --a------ c:\windows\System32\avgrsstx.dll

2008-10-15 07:44 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

2008-10-15 07:44 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

2008-10-15 07:44 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys

2008-10-15 07:44 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-10-15 07:44 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll

2008-10-15 07:44 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys

2008-10-05 17:48 . 2008-10-05 17:48 <DIR> d-------- c:\users\All Users\Avira

2008-10-05 17:48 . 2008-10-05 17:48 <DIR> d-------- c:\program files\Avira

2008-10-05 17:48 . 2008-10-05 17:48 <DIR> d-------- c:\progra~2\Avira

2008-10-05 08:21 . 2008-10-05 08:21 <DIR> d-------- c:\program files\Lavasoft

2008-10-04 19:10 . 2008-10-04 19:10 <DIR> d-------- c:\users\All Users\Yahoo! Companion

2008-10-04 19:10 . 2008-10-04 19:10 <DIR> d-------- c:\progra~2\Yahoo! Companion

2008-10-04 18:58 . 2008-10-04 18:58 <DIR> d-------- c:\program files\CCleaner

2008-10-04 10:47 . 2008-07-31 02:13 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-04 10:47 . 2008-07-31 04:32 28,160 --a------ c:\windows\System32\Apphlpdm.dll

2008-10-04 09:21 . 2008-10-04 09:21 <DIR> d-------- c:\users\Nina\viruslogg

2008-10-04 09:08 . 2008-10-04 09:08 <DIR> d-------- c:\users\Nina\AppData\Roaming\Malwarebytes

2008-10-04 09:08 . 2008-10-04 09:08 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-10-04 09:08 . 2008-10-04 09:08 <DIR> d-------- c:\progra~2\Malwarebytes

2008-10-04 09:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-10-04 09:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-10-04 08:35 . 2008-10-04 08:35 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com

2008-10-04 08:35 . 2008-10-04 08:35 <DIR> d-------- c:\progra~2\SUPERAntiSpyware.com

2008-10-04 08:34 . 2008-10-04 08:34 <DIR> d-------- c:\users\Nina\AppData\Roaming\SUPERAntiSpyware.com

2008-10-04 08:34 . 2008-10-04 08:34 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-10-04 05:52 . 2008-11-01 16:22 <DIR> d-------- c:\program files\The Cleaner Demo

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-03 16:09 --------- d-----w c:\users\Nina\AppData\Roaming\Skype

2008-11-03 15:00 --------- d-----w c:\users\Nina\AppData\Roaming\skypePM

2008-11-02 14:14 128,616 ----a-w c:\users\All Users\nvModes.dat

2008-11-02 14:14 128,616 ----a-w c:\progra~2\nvModes.dat

2008-11-02 11:52 876 ----a-w c:\program files\ofqrtdc.txt

2008-11-02 10:45 794 ----a-w c:\program files\qgbtnkre.txt

2008-11-01 15:32 794 ----a-w c:\program files\fzkfxl.txt

2008-11-01 15:00 794 ----a-w c:\program files\nong.txt

2008-10-28 20:06 --------- d-----w c:\users\Nina\AppData\Roaming\BitTorrent

2008-10-20 04:57 --------- d-----w c:\users\Nina\AppData\Roaming\LimeWire

2008-10-19 10:29 --------- d-----w c:\progra~2\avg8

2008-10-16 01:09 --------- d-----w c:\program files\Windows Mail

2008-10-16 01:01 --------- d-----w c:\progra~2\Microsoft Help

2008-10-05 07:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-10-04 17:58 --------- d-----w c:\program files\Yahoo!

2008-10-04 17:54 --------- d-----w c:\progra~2\McAfee

2008-10-04 15:55 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2008-10-04 15:55 --------- d-----w c:\program files\Acer GameZone

2008-10-03 22:15 --------- d-----w c:\progra~2\SiteAdvisor

2008-09-27 13:28 --------- d-----w c:\users\Nina\AppData\Roaming\dvdcss

2008-09-26 10:19 --------- d-----w c:\program files\BitTorrent

2008-09-25 12:46 --------- d-----w c:\program files\Windows Live

2008-09-25 12:45 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2008-09-25 12:43 --------- d-----w c:\program files\Microsoft

2008-09-25 12:32 --------- d-----w c:\program files\Common Files\Windows Live

2008-09-11 05:29 --------- d-----w c:\program files\Bonjour

2008-09-11 05:27 --------- d-----w c:\program files\QuickTime

2008-09-11 05:27 --------- d-----w c:\program files\Common Files\Apple

2008-09-11 01:01 --------- d-----w c:\program files\Microsoft Works

2008-09-10 06:00 --------- d-----w c:\progra~2\Office Genuine Advantage

2008-09-08 22:03 51,712 ----a-w c:\windows\System32\sirenacm.dll

2008-09-06 09:01 --------- d-----w c:\progra~2\WLInstaller

2008-09-05 14:04 288,256 ----a-w c:\windows\WLXPGSS.SCR

2008-09-04 20:02 56,344 ----a-w c:\windows\system32\drivers\fssfltr.sys

2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll

2008-07-16 17:51 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-16 17:51 56 ---ha-w c:\progra~2\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-16 171448]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-19 1234712]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 c:\windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-11-21 c:\windows\SkyTel.exe]

 

c:\users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-07-16 1216512]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496]

 

c:\users\Nina\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{E22A63B7-9EE9-4636-8B2C-81D1E5FDFBC4}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{D5FFF589-E133-43EA-BCB4-1D833AAB57B2}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM

"{BF4C1693-D0D9-4558-8AA9-21727ADB9C59}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{0EE929FD-8402-44EC-9710-80B632B3F4F1}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{A09D5013-1476-45F6-BC5E-237E875A406B}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{650F69A9-294B-4D16-B998-BF092F8D9D33}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{3AC00292-B1A5-41AA-927F-84D0D0A2C8DE}"= UDP:c:\program files\DNA\btdna.exe:DNA

"{362698E3-1A68-4F97-955D-F5AE5C07D86D}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{410C84BA-DAA4-4540-A608-460A44DDCD4E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent

"{7F37C677-1179-48D1-B048-402B4C3201B5}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent

"{7D2F2EEB-E511-4B4A-A716-28EA02022B91}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{2C119D0C-C262-4311-98C3-6B10A9B3DAFA}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{AC7198E3-6A67-4628-911D-07C014DAC08F}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{706C5643-CD74-4E42-99E3-86F40EE04024}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{57AE5BA5-9747-4783-BA8E-A672E762FA2B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{BA5621D2-9014-4A01-B96F-943A30492E5C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{F96DD639-0EB8-4674-8D1F-0C8B950F1E4F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{DA4CE108-1468-4CF1-B158-6255D6670DAE}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{9C48B35D-B815-423F-AAB8-5EC81DCAEA25}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{02B5FB68-DE3A-46ED-BCB7-963973CEB3BA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{B7FACF3F-F0D6-4095-8105-171FBB8BDC6D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{76A53AFE-CC09-4E43-A4EC-2710DB8993E8}"= UDP:c:\users\Nina\Desktop\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

"{0F39BBC3-30B9-4216-B1D5-33A57CAB7686}"= TCP:c:\users\Nina\Desktop\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-19 97928]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 14:01 61424]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-19 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-19 231704]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-10-19 69128]

R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-03 43552]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

S3 btwaudio;Bluetooth-lydenhet;c:\windows\system32\drivers\btwaudio.sys [2008-02-14 80424]

S3 btwavdt;Bluetooth AVDT;c:\windows\system32\drivers\btwavdt.sys [2007-07-16 80936]

S3 btwrchid;btwrchid;c:\windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]

S3 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]

S3 fsssvc;Windows Live Tryggere for familien;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]

S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c50e0bd-774b-11dd-9f7e-ede8d416130c}]

\shell\AutoRun\command - F:\setupSNK.exe

 

*Newly Created Service* - CATCHME

.

.

------- Supplementary Scan -------

.

R0 -: HKLM-Main,Start Page = hxxp://no.intl.acer.yahoo.com

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O8 -: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 -: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 -: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-03 17:10:38

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-03 17:12:27

ComboFix-quarantined-files.txt 2008-11-03 16:12:22

ComboFix2.txt 2008-11-02 00:16:43

ComboFix3.txt 2008-10-31 01:15:05

ComboFix4.txt 2008-10-04 08:52:06

 

Pre-Run: 99 257 352 192 byte ledig

Post-Run: 99,238,281,216 byte ledig

 

259 --- E O F --- 2008-10-31 22:22:45

 

 

Hva mener du med å stoppe programmene? Jeg har prøvd å avslutte dem, men det holder kanskje ikke?

[norbat]

Combofix-loggen ser fin ut. Vi kan prøve et annet prog. som lager en tilsvarende logg. Kanskje den kan si noe mer.

 

Kan du sjekke hva som står i disse tekst-filene?

c:\program files\ofqrtdc.txt

c:\program files\qgbtnkre.txt

c:\program files\fzkfxl.txt

c:\program files\nong.txt

 

Last ned OTViewIt.exe til skrivebordet

Kjør fil ved å dobbeltklikke på den (har du Vista, høyreklikker du på fila og velger Kjør som Administrator)

Sett merke for Scan All Users, la Use Whitelist være merket, sett File Age til 30 days.

Klikk Run Scan

Etter få strakser vil det åpnes en logg, OTView.txt, i notisblokk. Det vil også åpnes en minimert logg (vil ligge på oppgavelinja) som heter Extra.txt

Post begge loggene. De kan være noe lange, så legg de mellom skjul-tagger (Spoiler).

 

Forsøk å oppdater MBAM og kjør en rask scan.

[nilieh]

Det står det samme i alle filene du nevnte;

Klikk for å se/fjerne innholdet nedenfor

Files to delete:

C:\Windows\System32\drivers\fkrtamg.sys

C:\Users\Default\My Documents\My Music\New Song.lagu

C:\Users\Default\My Documents\My Music\Video.vidz

C:\Users\Default\My Documents\My Pictures\aweks.pikz

C:\Users\Default\My Documents\My Pictures\seram.pikz

C:\Users\Default\My Documents\My Music\My Music.url

C:\Users\Default\My Documents\My Pictures\My Pictures.url

C:\Users\Default\My Documents\My Videos\My Video.url

 

Enda flere logger ;

OTViewIt.txt

Klikk for å se/fjerne innholdet nedenfor

OTViewIt logfile created on: 04.11.2008 00:07:48 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,70% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): ?:\pagefile.sys;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142,65 Gb Total Space | 92,16 Gb Free Space | 64,60% Space Free | Partition Type: NTFS

Drive D: | 142,67 Gb Total Space | 81,41 Gb Free Space | 57,06% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: NINA-PC

Current User Name: Nina

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008.01.21 03:23:42 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe

[2008.01.21 03:23:44 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe

[2008.04.03 21:56:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

[2008.01.21 03:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe

[2008.10.05 08:22:07 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

[2006.11.02 10:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe

[2008.10.24 17:52:24 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

[2008.01.21 03:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2008.01.21 03:24:44 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe

[2008.02.22 20:50:44 | 01,037,608 | ---- | M] (Synaptics, Inc.) -- C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

[2008.04.06 21:42:36 | 00,034,040 | ---- | M] () -- C:\Programfiler\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[2006.11.02 10:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe

[2008.04.25 02:25:52 | 06,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2008.01.21 03:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2008.03.18 20:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

[2008.10.24 17:52:20 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

[2008.10.01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Programfiler\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008.10.19 11:29:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgwdsvc.exe

[2008.08.29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programfiler\Bonjour\mDNSResponder.exe

[2008.03.03 12:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programfiler\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

[2008.01.16 17:35:02 | 00,081,504 | ---- | M] () -- C:\Programfiler\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

[2008.03.04 22:38:34 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Programfiler\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

[2008.03.21 12:22:52 | 00,024,576 | ---- | M] () -- C:\Programfiler\Acer\Empowering Technology\Service\ETService.exe

[2007.01.17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programfiler\Common Files\LightScribe\LSSrvc.exe

[2007.12.06 15:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

[2008.04.06 21:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programfiler\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

[2008.04.04 02:03:14 | 00,131,072 | ---- | M] () -- C:\Programfiler\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

[2007.01.09 19:25:30 | 00,272,024 | ---- | M] () -- C:\Programfiler\Cyberlink\Shared files\RichVideo.exe

[2008.01.10 16:03:00 | 00,233,472 | ---- | M] (Acer Incorporated) -- C:\Programfiler\Acer\Acer VCM\RS_Service.exe

[2008.05.27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe

[2008.01.21 03:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

[2008.01.21 03:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe

[2008.10.19 11:29:14 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgrsx.exe

[2008.10.19 11:29:13 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgemc.exe

[2008.01.21 03:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

[2008.04.01 02:01:58 | 00,793,096 | ---- | M] (Dritek System Inc.) -- C:\Programfiler\Launch Manager\LManager.exe

[2008.03.07 02:36:12 | 00,544,768 | ---- | M] (Acer Incorporated) -- C:\Programfiler\Acer\Empowering Technology\eAudio\eAudio.exe

[2008.03.04 22:38:28 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Programfiler\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[2008.04.30 18:02:40 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Programfiler\Acer\Empowering Technology\ePower\ePower_DMC.exe

[2008.04.10 15:30:14 | 00,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programfiler\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

[2008.04.10 15:30:20 | 00,167,936 | ---- | M] (CyberLink) -- C:\Programfiler\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[2008.04.18 14:18:02 | 00,167,936 | ---- | M] (Acer Corp.) -- C:\Programfiler\Acer Arcade Deluxe\PlayMovie\PMVService.exe

[2008.06.10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

[2008.06.12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[2008.10.19 11:29:14 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgtray.exe

[2008.10.01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Programfiler\iTunes\iTunesHelper.exe

[2008.01.21 03:23:29 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Sidebar\sidebar.exe

[2008.01.21 03:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe

[2008.07.16 16:12:16 | 00,171,448 | ---- | M] (Google Inc.) -- C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[2008.05.30 14:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.) -- C:\Programfiler\Skype\Phone\Skype.exe

[2008.01.21 03:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe

[2008.01.21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnscfg.exe

[2008.09.03 13:07:12 | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

[2008.03.05 10:56:30 | 01,216,512 | ---- | M] (Acer Incorporated) -- C:\Programfiler\Acer\Acer VCM\AcerVCM.exe

[2008.02.12 12:19:52 | 00,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe

[2007.12.07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE

[2008.01.21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe

[2008.10.01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe

[2008.05.30 14:54:16 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Programfiler\Skype\Plugin Manager\skypePM.exe

[2007.03.27 11:00:32 | 00,196,608 | ---- | M] (Acer Inc.) -- C:\Programfiler\Acer\Acer VCM\acp2HID.exe

[2008.02.22 20:50:54 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Programfiler\Synaptics\SynTP\SynTPHelper.exe

[2008.01.21 03:24:13 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

[2008.01.21 03:23:50 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Internet Explorer\iexplore.exe

[2008.02.22 14:30:38 | 00,120,384 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe

[2008.09.08 23:03:36 | 03,513,344 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

[2008.09.08 22:47:00 | 00,030,752 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Contacts\wlcomm.exe

[2008.05.27 06:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe

[2008.11.04 00:05:57 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTViewIt.exe

[2008.05.27 06:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe

 

========== (O23) Win32 Services ==========

 

[2008.10.05 08:22:07 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])

[2008.03.18 20:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])

[2008.10.24 17:52:24 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])

[2008.10.24 17:52:20 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])

[2008.10.01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Programfiler\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2008.10.19 11:29:13 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])

[2008.10.19 11:29:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

[2008.08.29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programfiler\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2008.03.03 12:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programfiler\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])

File not found -- -- (CertPropSvc [unknown | Stopped])

[2008.01.16 17:35:02 | 00,081,504 | ---- | M] () -- C:\Programfiler\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService [Auto | Running])

[2008.01.21 03:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

File not found -- -- (DcomLaunch [unknown | Running])

[2008.01.21 03:23:41 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])

[2008.01.21 03:24:35 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [unknown | Running])

[2008.03.04 22:38:34 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Programfiler\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running])

[2008.01.21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])

[2006.11.02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

[2008.03.21 12:22:52 | 00,024,576 | ---- | M] () -- C:\Programfiler\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running])

[2008.01.21 03:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008.09.04 21:03:04 | 00,512,536 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])

[2008.01.21 03:24:55 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [unknown | Running])

[2008.07.16 16:12:15 | 00,138,168 | ---- | M] (Google) -- C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2008.10.01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Programfiler\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2007.01.17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programfiler\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

[2007.12.06 15:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])

[2006.11.02 14:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [unknown | Stopped])

[2008.01.21 03:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2008.04.06 21:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programfiler\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])

[2008.04.04 02:03:14 | 00,131,072 | ---- | M] () -- C:\Programfiler\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])

[2008.04.03 21:56:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])

[2007.08.24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006.10.26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2007.01.09 19:25:30 | 00,272,024 | ---- | M] () -- C:\Programfiler\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])

[2008.01.21 03:24:06 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [unknown | Running])

[2008.01.10 16:03:00 | 00,233,472 | ---- | M] (Acer Incorporated) -- C:\Programfiler\Acer\Acer VCM\RS_Service.exe -- (RS_Service [Auto | Running])

[2008.01.21 03:24:20 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [unknown | Stopped])

File not found -- -- (Schedule [unknown | Running])

File not found -- -- (SCPolicySvc [unknown | Stopped])

[2008.01.21 03:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])

[2006.11.02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])

[2008.01.21 03:24:08 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])

[2008.01.21 03:25:00 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])

File not found -- -- (WdiServiceHost [unknown | Stopped])

File not found -- -- (WdiSystemHost [unknown | Running])

[2008.01.21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

[2008.05.27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

 

========== Driver Services ==========

 

[2008.01.21 03:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

[2008.01.21 03:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

[2008.01.21 03:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

[2008.01.21 03:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

[2008.03.01 00:13:38 | 01,202,560 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

[2006.11.02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

[2008.01.21 03:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

[2008.01.21 03:23:01 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])

[2008.01.21 03:23:00 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])

[2008.01.21 03:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])

[2008.01.21 03:23:00 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])

[2008.01.21 03:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])

[2008.01.21 03:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

[2007.02.27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running])

[2008.10.19 11:29:36 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

[2008.10.19 11:29:35 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

[2008.05.20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])

[2008.10.19 11:29:40 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys -- (AvgWfpX [On_Demand | Running])

[2008.06.27 14:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [system | Running])

[2008.01.21 03:23:20 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])

[2008.01.21 03:23:01 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])

[2008.01.21 03:23:53 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])

[2006.11.02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])

[2006.11.02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])

[2006.11.02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])

[2006.11.02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])

[2006.11.02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])

[2006.11.02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2008.01.21 03:23:25 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])

[2006.11.02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])

[2008.01.21 03:23:20 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])

[2008.04.29 02:42:23 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])

[2008.04.29 02:42:21 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])

[2008.02.14 17:17:10 | 00,080,424 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Stopped])

[2007.07.16 16:20:24 | 00,080,936 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Stopped])

[2007.07.16 16:20:26 | 00,016,168 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid [On_Demand | Stopped])

[2008.01.21 03:23:26 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])

[2008.01.21 03:23:54 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [unknown | Running])

[2008.01.21 03:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

[2008.01.21 03:23:22 | 00,024,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [boot | Running])

[2008.01.21 03:23:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])

[2008.01.21 03:24:55 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [system | Running])

[2006.11.03 06:29:38 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr [On_Demand | Running])

[2008.08.02 02:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])

[2008.01.21 03:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

[2008.01.21 03:23:39 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [boot | Running])

[2008.01.21 03:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

[2008.01.21 03:23:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev [Disabled | Stopped])

[2008.01.21 03:25:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])

[2008.01.21 03:24:04 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [boot | Running])

[2008.01.21 03:24:21 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])

[2008.09.04 21:02:58 | 00,056,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr [On_Demand | Stopped])

[2008.01.21 03:23:22 | 00,061,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])

[2008.04.17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2006.11.02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

[2008.01.21 03:23:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006.11.02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])

[2006.11.02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])

[2008.01.21 03:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])

[2008.01.21 03:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])

[2008.01.21 03:23:22 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV [On_Demand | Stopped])

[2008.01.21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])

[2006.11.02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

[2008.03.21 09:48:24 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])

[2008.04.25 03:20:44 | 02,126,688 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])

[2008.01.21 03:23:22 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])

[2008.01.21 03:23:01 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])

[2006.11.02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

[2006.11.02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

[2008.04.12 02:55:04 | 00,084,240 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR [On_Demand | Stopped])

[2008.01.21 03:23:23 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008.01.21 03:24:37 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])

[2008.01.21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

[2008.01.21 03:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

[2008.01.21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

[2008.01.21 03:24:37 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])

[2008.01.21 03:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

[2008.01.21 03:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR [Disabled | Stopped])

[2008.01.21 03:23:22 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])

[2008.01.21 03:23:20 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])

[2008.01.21 03:24:47 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])

[2006.11.02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])

[2008.05.08 20:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])

[2008.01.21 03:24:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])

[2008.07.17 04:07:04 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [boot | Running])

[2008.01.21 03:23:21 | 00,094,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])

[2008.01.21 03:23:01 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [boot | Running])

[2008.01.21 03:24:26 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])

[2008.05.20 03:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])

[2008.04.28 15:29:26 | 03,658,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])

[2006.11.02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

[2008.01.21 03:23:23 | 00,030,720 | ---- | M] (National Semiconductor Corporation) -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])

[2008.01.21 03:24:47 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [system | Running])

[2008.01.31 02:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])

[2008.01.16 17:35:08 | 00,122,368 | ---- | M] (Cyberlink Corp.) -- C:\Programfiler\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel [Auto | Running])

[2006.11.02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

[2008.04.03 21:56:00 | 00,043,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA [On_Demand | Running])

[2008.04.03 21:56:00 | 07,444,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])

[2008.01.21 03:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])

[2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])

[2008.01.21 03:23:01 | 00,109,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])

[2006.11.02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])

[2008.04.05 02:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [system | Running])

[2008.03.04 22:38:42 | 00,018,992 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\psdfilter.sys -- (PSDFilter [boot | Running])

[2008.03.04 22:38:44 | 00,016,944 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ [Auto | Running])

[2008.03.04 22:38:44 | 00,060,464 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk [Auto | Running])

[2008.01.21 03:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

[2006.11.02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

[2008.01.21 03:23:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])

[2008.01.21 03:25:05 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])

[2008.01.21 03:24:50 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [system | Running])

[2008.01.21 03:23:03 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])

[2008.01.21 03:24:37 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])

[2008.09.03 13:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running])

[2008.09.03 13:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])

[2008.09.03 13:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running])

[2006.11.02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])

[2008.01.21 03:23:21 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Stopped])

[2006.11.02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

[2008.01.21 03:23:20 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])

[2008.01.21 03:23:23 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])

[2008.01.21 03:23:23 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])

[2008.01.21 03:23:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])

[2008.01.21 03:23:01 | 00,055,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])

[2008.01.21 03:23:26 | 00,041,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])

[2008.01.21 03:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

[2008.01.21 03:25:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [system | Running])

[2008.01.21 03:24:11 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [boot | Running])

[2008.01.21 03:24:59 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])

[2008.01.21 03:23:45 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])

[2007.03.01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [system | Running])

[2006.11.02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

[2006.11.02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

[2006.11.02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

[2008.02.22 20:50:48 | 00,198,064 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])

[2008.01.21 03:23:43 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])

[2008.01.21 03:24:53 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [system | Running])

[2008.01.21 03:24:59 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])

[2008.01.21 03:24:25 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])

[2008.01.21 03:24:25 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])

[2008.01.21 03:23:22 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])

[2008.01.31 02:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [boot | Running])

[2008.01.21 03:23:01 | 00,060,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])

[2008.01.21 03:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

[2006.11.02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

[2008.01.21 03:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

[2008.01.21 03:23:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])

[2008.07.10 08:35:22 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

[2006.11.02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])

[2008.01.21 03:23:26 | 00,134,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])

[2008.01.21 03:23:02 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])

[2008.01.21 03:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])

[2008.01.21 03:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

[2008.01.21 03:23:01 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [boot | Running])

[2008.01.21 03:24:27 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [boot | Running])

[2008.01.21 03:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

[2006.11.02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])

[2008.01.21 03:23:24 | 00,022,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])

[2008.01.21 03:23:51 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [boot | Running])

[2008.01.21 03:23:23 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf [On_Demand | Stopped])

[2008.01.21 03:23:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])

[2008.01.21 03:24:47 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

[2008.02.21 10:55:00 | 00,299,008 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Running])

[2008.04.18 14:01:24 | 00,061,424 | ---- | M] (Cyberlink Corp.) -- C:\Programfiler\Acer Arcade Deluxe\PlayMovie0.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://no.intl.acer.yahoo.com

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

"StartPageCache"=

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\Windows\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

"StartPageCache"=

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (27 bytes) - C:\Windows\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Programfiler\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programfiler\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.)

{C08DF07A-3E49-4E25-9AB0-D3882835F153} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" (HKLM) -- C:\Programfiler\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" (HKLM) -- C:\Programfiler\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.)

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" (HKLM) -- C:\Programfiler\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Programfiler\Google\GoogleToolbar2.dll (Google Inc.)

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" (CyberLink Corp.)

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" ()

"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" (CyberLink)

"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" (Acer Incorporated)

"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)

"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)

"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)

"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" (Acer Corp.)

"PLFSetI"=C:\Windows\PLFSetI.exe ()

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)

"Skytel"=Skytel.exe (Realtek Semiconductor Corp.)

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=227

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"ConsentPromptBehaviorAdmin"=2

"ConsentPromptBehaviorUser"=1

"EnableInstallerDetection"=1

"EnableSecureUIAPaths"=1

"EnableVirtualization"=1

"PromptOnSecureDesktop"=1

"ValidateAdminCodeSignatures"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"scforceoption"=0

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=0

"EnableUIADesktopToggle"=0

"DisableRegistryTools"=0

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

"HideStartupScripts"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=1

"CF_BITMAP"=2

"CF_OEMTEXT"=7

"CF_DIB"=8

"CF_PALETTE"=9

"CF_UNICODETEXT"=13

"CF_DIBV5"=17

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDrives"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"HideStartupScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDrives"=0

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"HideStartupScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&ksporter til Microsoft Excel: C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE [2008.07.30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

Send bilde til &Bluetooth-enhet...: C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007.01.23 10:57:50 | 00,001,199 | ---- | M] ()

Send side til &Bluetooth-enhet...: C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007.01.23 10:57:52 | 00,002,758 | ---- | M] ()

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\Software\Microsoft\Internet Explorer\MenuExt\]

E&ksporter til Microsoft Excel: C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE [2008.07.30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

Send bilde til &Bluetooth-enhet...: C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007.01.23 10:57:50 | 00,001,199 | ---- | M] ()

Send side til &Bluetooth-enhet...: C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007.01.23 10:57:52 | 00,002,758 | ---- | M] ()

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %SystemDrive%\Programfiler\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008.06.10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blogg dette -- %SystemDrive%\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll [2008.09.04 21:23:12 | 00,155,152 | ---- | M] (Microsoft Corporation)

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blogg dette i Windows Live Writer -- %SystemDrive%\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll [2008.09.04 21:23:12 | 00,155,152 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send til OneNote -- %SystemDrive%\Programfiler\Microsoft Office\Office12\ONBttnIE.dll [2007.12.13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end til OneNote -- %SystemDrive%\Programfiler\Microsoft Office\Office12\ONBttnIE.dll [2007.12.13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %SystemDrive%\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008.05.30 14:54:16 | 01,410,344 | ---- | M] (Skype Technologies S.A.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL [2006.10.26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %SystemDrive%\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007.01.23 10:57:52 | 00,002,758 | ---- | M] ()

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %SystemDrive%\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007.01.23 10:57:52 | 00,002,758 | ---- | M] ()

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

skandiabanken.no\www: https in Computer

1 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

skandiabanken.no\www: https in Computer

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5

{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab -- Java Plug-in 1.6.0_07

{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

 

========== (O17) DNS Name Servers ==========

 

{886B7765-52EC-4E97-B916-204FA5C4C5A6} (Servers: | Description: )

{F77CD4BA-A5DA-4355-B09C-21EF9B296B92} (Servers: | Description: Intel® Wireless WiFi Link 5100)

{FC07990F-B523-4A86-8ACF-9A81CF2A0BEE} (Servers: | Description: Generic Marvell Yukon 88E8071 based Ethernet Controller)

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=avgrsstx.dll

>[2008.10.19 11:29:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

 

========== HKLM *SecurityProviders* ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]

"SecurityProviders"=credssp.dll

>[2008.01.21 03:24:37 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

 

========== LSA *Security Packages* ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,

>[2008.01.21 03:24:37 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

autoexec.bat [REM Dummy file for NTVDM | ]

[2006.09.18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

 

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c50e0bd-774b-11dd-9f7e-ede8d416130c}\Shell\AutoRun\command]

""=F:\setupSNK.exe -- File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2008.11.04 00:05:56 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTViewIt.exe

[2008.11.03 17:12:30 | 00,000,000 | ---D | C] -- C:\Windows\temp

[2008.11.03 17:10:30 | 00,053,248 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2008.11.03 17:06:10 | 00,000,000 | ---D | C] -- C:\ComboFix

[2008.11.01 17:22:37 | 00,001,590 | ---- | C] () -- C:\Users\Nina\Documents\cc_20081101_172234.reg

[2008.11.01 10:33:26 | 32,158,59712 | -HS- | C] () -- C:\hiberfil.sys

[2008.10.30 16:13:23 | 00,001,058 | ---- | C] () -- C:\Users\Nina\Documents\cc_20081030_161320.reg

[2008.10.30 16:09:43 | 00,000,568 | ---- | C] () -- C:\Users\Nina\Documents\cc_20081030_160941.reg

[2008.10.30 16:08:56 | 00,006,312 | ---- | C] () -- C:\Users\Nina\Documents\cc_20081030_160853.reg

[2008.10.29 14:49:21 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll

[2008.10.29 14:49:21 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll

[2008.10.29 14:49:19 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll

[2008.10.27 05:48:03 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2008.10.27 05:48:03 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2008.10.27 05:48:02 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2008.10.27 05:48:02 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2008.10.27 05:48:02 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2008.10.25 14:48:23 | 00,013,251 | ---- | C] () -- C:\Users\Nina\Documents\sea.docx

[2008.10.24 21:01:56 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2008.10.24 21:01:35 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

[2008.10.24 21:01:33 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008.10.24 21:01:33 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes

[2008.10.24 11:25:01 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll

[2008.10.21 12:45:14 | 00,000,000 | ---D | C] -- C:\Users\Nina\Documents\Backups

[2008.10.21 12:45:14 | 00,000,000 | ---D | C] -- C:\ProgramData\ConeXware

[2008.10.21 12:32:36 | 00,001,837 | ---- | C] () -- C:\Users\Public\Desktop\PowerArchiver.lnk

[2008.10.21 12:32:24 | 00,000,000 | ---D | C] -- C:\Program Files\PowerArchiver

[2008.10.21 10:37:45 | 00,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\BSplayer Pro

[2008.10.21 10:37:45 | 00,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\BSplayer

[2008.10.21 10:37:44 | 00,000,000 | ---D | C] -- C:\Program Files\Webteh

[2008.10.20 10:31:39 | 04,008,079 | ---- | C] () -- C:\Users\Nina\Documents\marketing ikea.pptx

[2008.10.19 12:39:32 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$

[2008.10.19 11:29:41 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2008.10.19 11:29:41 | 00,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.0.lnk

[2008.10.19 11:29:40 | 00,069,128 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys

[2008.10.19 11:29:36 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2008.10.19 11:29:35 | 29,557,967 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2008.10.19 11:29:35 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg

[2008.10.19 11:29:35 | 00,307,238 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg

[2008.10.19 11:29:35 | 00,093,321 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg

[2008.10.19 11:29:35 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2008.10.19 11:29:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg

[2008.10.17 04:51:37 | 00,000,162 | -H-- | C] () -- C:\Users\Nina\Documents\~$logg.docx

[2008.10.16 21:31:55 | 00,013,985 | ---- | C] () -- C:\Users\Nina\Documents\Se på hele samtaleloggen for denne kontakten.docx

[2008.10.16 17:59:23 | 00,065,915 | ---- | C] () -- C:\Users\Nina\Documents\logg.docx

[2008.10.15 07:44:48 | 03,601,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2008.10.15 07:44:47 | 03,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2008.10.15 07:44:43 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2008.10.15 07:44:41 | 02,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2008.10.15 07:44:27 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2008.10.15 07:44:25 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll

[2008.10.15 07:44:23 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll

[2008.10.15 07:44:23 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll

[2008.10.15 07:44:22 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2008.10.15 07:44:22 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2008.10.15 07:44:22 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll

[2008.10.15 07:44:22 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2008.10.11 15:22:58 | 00,014,804 | ---- | C] () -- C:\Users\Nina\Documents\emilie boat show.docx

[2008.10.09 16:23:47 | 06,301,975 | ---- | C] () -- C:\Users\Nina\Documents\baby.rtf

[2008.10.09 11:56:21 | 00,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\Microsoft Help

[2008.10.05 17:48:10 | 00,001,995 | ---- | C] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk

[2008.10.05 17:48:03 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2008.10.05 17:48:03 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2008.10.05 17:48:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira

[2008.10.05 17:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

[2008.10.05 12:20:21 | 01,718,272 | ---- | C] () -- C:\Users\Nina\Documents\ikea.avi

[2008.10.05 08:21:30 | 00,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Watch.lnk

[2008.10.05 08:21:30 | 00,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2008.10.05 08:21:27 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

 

========== Files - Modified Within 30 Days ==========

 

[2008.11.04 00:05:57 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTViewIt.exe

[2008.11.03 23:09:21 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2008.11.03 23:09:21 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2008.11.03 17:12:29 | 00,053,248 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2008.11.03 17:10:34 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini

[2008.11.03 17:05:53 | 03,023,817 | R--- | M] () -- C:\Users\Nina\Desktop\ComboFix.exe

[2008.11.03 08:01:19 | 29,557,967 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2008.11.02 15:16:55 | 01,206,952 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2008.11.02 15:16:55 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2008.11.02 15:16:55 | 00,452,326 | ---- | M] () -- C:\Windows\System32\perfh014.dat

[2008.11.02 15:16:55 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2008.11.02 15:16:55 | 00,076,478 | ---- | M] () -- C:\Windows\System32\perfc014.dat

[2008.11.02 15:14:44 | 00,128,616 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2008.11.02 15:14:44 | 00,128,616 | ---- | M] () -- C:\ProgramData\nvModes.001

[2008.11.02 15:10:16 | 00,002,299 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\acervcmtmp.ini

[2008.11.02 15:09:52 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2008.11.02 15:09:32 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2008.11.02 15:09:24 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2008.11.02 15:09:10 | 32,158,59712 | -HS- | M] () -- C:\hiberfil.sys

[2008.11.02 15:08:04 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2008.11.02 15:07:59 | 06,291,456 | -H-- | M] () -- C:\Users\Nina\AppData\Local\IconCache.db

[2008.11.02 01:53:58 | 00,053,760 | ---- | M] () -- C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.11.02 01:11:57 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2008.11.01 17:22:46 | 00,001,590 | ---- | M] () -- C:\Users\Nina\Documents\cc_20081101_172234.reg

[2008.11.01 08:51:25 | 00,000,680 | ---- | M] () -- C:\Users\Nina\AppData\Local\d3d9caps.dat

[2008.10.31 02:31:58 | 00,001,458 | ---- | M] () -- C:\Users\Nina\Desktop\HijackThis.lnk

[2008.10.30 16:13:27 | 00,001,058 | ---- | M] () -- C:\Users\Nina\Documents\cc_20081030_161320.reg

[2008.10.30 16:09:44 | 00,000,568 | ---- | M] () -- C:\Users\Nina\Documents\cc_20081030_160941.reg

[2008.10.30 16:09:28 | 00,006,312 | ---- | M] () -- C:\Users\Nina\Documents\cc_20081030_160853.reg

[2008.10.30 10:47:26 | 00,093,321 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg

[2008.10.25 15:11:45 | 00,013,251 | ---- | M] () -- C:\Users\Nina\Documents\Smerter etter abort.docx

[2008.10.24 21:01:56 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2008.10.22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2008.10.22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2008.10.21 12:32:36 | 00,001,837 | ---- | M] () -- C:\Users\Public\Desktop\PowerArchiver.lnk

[2008.10.20 10:31:40 | 04,008,079 | ---- | M] () -- C:\Users\Nina\Documents\marketing ikea.pptx

[2008.10.19 11:31:30 | 00,307,238 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg

[2008.10.19 11:29:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2008.10.19 11:29:41 | 00,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.0.lnk

[2008.10.19 11:29:40 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgwfpx.sys

[2008.10.19 11:29:36 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2008.10.19 11:29:35 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg

[2008.10.19 11:29:35 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2008.10.17 16:06:06 | 00,065,915 | ---- | M] () -- C:\Users\Nina\Documents\logg.docx

[2008.10.17 04:51:37 | 00,000,162 | -H-- | M] () -- C:\Users\Nina\Documents\~$logg.docx

[2008.10.16 21:31:55 | 00,013,985 | ---- | M] () -- C:\Users\Nina\Documents\Se på hele samtaleloggen for denne kontakten.docx

[2008.10.16 05:47:33 | 00,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll

[2008.10.16 02:11:49 | 00,297,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2008.10.11 15:30:07 | 00,014,804 | ---- | M] () -- C:\Users\Nina\Documents\emilie boat show.docx

[2008.10.09 16:23:47 | 06,301,975 | ---- | M] () -- C:\Users\Nina\Documents\baby.rtf

[2008.10.07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

[2008.10.05 17:48:10 | 00,001,995 | ---- | M] () -- C:\Users\Public\Desktop\AntiVir PE Classic.lnk

[2008.10.05 17:46:08 | 01,718,272 | ---- | M] () -- C:\Users\Nina\Documents\ikea.avi

[2008.10.05 08:21:30 | 00,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Watch.lnk

[2008.10.05 08:21:30 | 00,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

< End of report >

 

Extras.txt

Klikk for å se/fjerne innholdet nedenfor

OTViewIt Extras logfile created on: 04.11.2008 00:07:48 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Users\Nina\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,70% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): ?:\pagefile.sys;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142,65 Gb Total Space | 92,16 Gb Free Space | 64,60% Space Free | Partition Type: NTFS

Drive D: | 142,67 Gb Total Space | 81,41 Gb Free Space | 57,06% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: NINA-PC

Current User Name: Nina

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval"=1

"FirewallDisableNotify"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride"=0

"AntiSpywareOverride"=0

"FirewallOverride"=0

"VistaSp1"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008.04.29 18:51:26 | 00,587,568 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[2008.03.04 22:38:26 | 00,651,824 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu

[2008.03.04 22:38:38 | 00,926,256 | ---- | M] ( Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption

[2008.03.04 22:38:22 | 00,932,400 | ---- | M] ( Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption

File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr

[2008.03.04 22:38:34 | 00,485,936 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr

[2008.03.04 22:39:14 | 00,752,688 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu

File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption

File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption

File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr

[2008.03.04 22:39:16 | 00,512,048 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries0000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries0000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries0000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries0000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries0000000007 [bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)

NameSpace_Catalog5\Catalog_Entries0000000008 [mdnsNSP] -- C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)

 

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols

ldap -- 4 = Restricted sites (Not a Default Protocol)

news -- 4 = Restricted sites (Not a Default Protocol)

nntp -- 4 = Restricted sites (Not a Default Protocol)

oecmd -- 4 = Restricted sites (Not a Default Protocol)

snews -- 4 = Restricted sites (Not a Default Protocol)

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

@ivt -- @ivt protocol not assigned

file -- file protocol not assigned

ftp -- ftp protocol not assigned

http -- http protocol not assigned

https -- https protocol not assigned

shell -- shell protocol not assigned

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

@ivt -- @ivt protocol not assigned

file -- file protocol not assigned

ftp -- ftp protocol not assigned

http -- http protocol not assigned

https -- https protocol not assigned

shell -- shell protocol not assigned

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2008.10.19 11:29:20 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Programfiler\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2008.09.09 00:03:44 | 00,064,000 | ---- | M] (Microsoft Corporation) C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2006.10.26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Programfiler\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2008.09.09 00:03:44 | 00,064,000 | ---- | M] (Microsoft Corporation) C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2008.05.30 14:54:14 | 01,942,864 | R--- | M] (Skype Technologies) C:\Programfiler\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [iEProtocolHandler Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2008.09.08 23:04:00 | 00,823,808 | ---- | M] (Microsoft Corporation) C:\Programfiler\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006.10.26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Programfiler\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}"=WIDCOMM Bluetooth Software 6.0.1.6300

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}"=Acer VCM

"{104330E1-D36C-4D76-98C0-EEA541E0AC3F}"=Windows Live Mail

"{11316260-6666-467B-AC34-183FCB5D4335}"=Acer Mobility Center Plug-In

"{12EFA1A4-AC3B-443C-8143-237EDE760403}"=NTI Backup Now Standard

"{13D85C14-2B85-419F-AC41-C7F21E68B25D}"=Acer eSettings Management

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}"=eSobi v2

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}"=NTI Media Maker 8

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Acer Arcade Deluxe

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}"=JMicron JMB38X Flash Media Controller

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{3B28BD10-1B97-4D83-96D0-4061848F066F}"=Windows Live Movie Maker Beta

"{423D44AB-383F-4B15-A9FF-69E4B2DE1322}"=Windows Live Fotogalleri Beta

"{46AEBCCA-2DD0-4F1B-BA29-A2415CFBC338}"=Windows Live Messenger

"{481C4C27-7A05-47D8-BACB-A3FDD3162D1B}"=Acer Crystal Eye Webcam 3.0.3.1

"{4E89B249-770E-4997-ADD5-11BF920F54F0}"=Windows Live Tryggere for familien

"{57265292-228A-41FA-9AEC-4620CBCC2739}"=Acer eAudio Management

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}"=Acer ePower Management

"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}"=Orion

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe-kontrollpanel

"{71029174-1EA5-4E5D-8AC4-CB8413D744EF}"=Windows Live Writer

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}"=Acer ScreenSaver

"{7F811A54-5A09-4579-90E1-C93498E230D9}"=Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}"=Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}"=Bookworm Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}"=Bricks of Egypt

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}"=Big Kahuna Reef

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}"=Chuzzle

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}"=Mystery Case Files - Huntsville

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}"=Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}"=Mahjong Escape Ancient China

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}"=Kick N Rush

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}"=Backspin Billiards

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}"=Mahjongg Artifacts

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}"=Jewel Quest Solitaire

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}"=Mystery Solitaire - Secret Island

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}"=Diner Dash Flo on the Go

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}"=Flip Words 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}"=Chicken Invaders 3

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}"=Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}"=Turbo Pizza

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}"=Azada

"{8984E374-6C93-427C-A3B9-AD92472FDCA0}"=Påloggingsassistent for Windows Live

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour

"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime

"{8F1B6239-FEA0-450A-A950-B05276CE177C}"=Acer Empowering Technology

"{90120000-0016-0414-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007

"{90120000-0016-0414-0000-0000000FF1CE}_HOMESTUDENTR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0414-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007

"{90120000-0018-0414-0000-0000000FF1CE}_HOMESTUDENTR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0414-0000-0000000FF1CE}"=Microsoft Office Word MUI (Norwegian (Bokmål)) 2007

"{90120000-001B-0414-0000-0000000FF1CE}_HOMESTUDENTR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0414-0000-0000000FF1CE}"=Microsoft Office Proof (Norwegian (Bokmål)) 2007

"{90120000-001F-0414-0000-0000000FF1CE}_HOMESTUDENTR_{3FE135E8-2B21-44ED-99CA-87C782C4F5F7}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0814-0000-0000000FF1CE}"=Microsoft Office Proof (Norwegian (Nynorsk)) 2007

"{90120000-001F-0814-0000-0000000FF1CE}_HOMESTUDENTR_{63BBC1EA-E390-403D-BFDE-B53E1D23FF46}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0414-0000-0000000FF1CE}"=Microsoft Office Proofing (Norwegian (Bokmål)) 2007

"{90120000-006E-0414-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007

"{90120000-006E-0414-0000-0000000FF1CE}_HOMESTUDENTR_{3CC75FEB-8AA6-43F5-958E-0D074633CB2E}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0414-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007

"{90120000-00A1-0414-0000-0000000FF1CE}_HOMESTUDENTR_{7C86509D-1CB7-48BE-813E-6585CD97626B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting

"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support

"{A5633652-3795-4829-BB0B-644F0279E279}"=Acer eDataSecurity Management

"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}"=Acer Crystal Eye Webcam 3.0.3.1

"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2

"{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}"=Contacts

"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector

"{CDBEE8A2-4AE1-40E9-8950-DEE755C08C93}"=PowerArchiver 2009

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition

"{CE386A4E-D0DA-4208-8235-BCE43275C694}"=LightScribe 1.4.142.1

"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow!

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer

"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes

"{DE827E5D-8CEF-4CB8-811D-13855DA46AF5}"=Windows Live Beta (alle programmer)

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware

"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}"=Microsoft Works

"Acer GameZone Console_is1"=Acer GameZone Console 2.0.1.1

"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Shockwave Player"=Adobe Shockwave Player

"Agere Systems Soft Modem"=Agere Systems HDA Modem

"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus

"AVG8Uninstall"=AVG Free 8.0

"CCleaner"=CCleaner (remove only)

"GameCenter"=GameCenter

"GridVista"=Acer GridVista

"HOMESTUDENTR"=Microsoft Office Home and Student 2007

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}"=NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}"=eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}"=NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Acer Arcade Deluxe

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector

"LManager"=Launch Manager

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Marvell Miniport Driver"=Marvell Miniport Driver

"NVIDIA Drivers"=NVIDIA Drivers

"Soulseek"=SoulSeek Client 156c

"SynTPDeinstKey"=Synaptics Pointing Device Driver

"Vega Forlag Engelsk ordbok - Engelsk - norsk /Norsk - engelsk"=Vega Forlag Engelsk ordbok - Engelsk - norsk /Norsk - engelsk

"VLC media player"=VideoLAN VLC media player 0.8.6i

"WinLiveSuite_Wave3"=Windows Live Beta (alle programmer)

"Yahoo! Companion"=Yahoo! Toolbar

"Yahoo! Toolbar"=Yahoo! Toolbar

"YInstHelper"=Yahoo! Install Manager

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent"=BitTorrent

"BitTorrent DNA"=DNA

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1011769781-4257977591-4123251143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent"=BitTorrent

"BitTorrent DNA"=DNA

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 25.10.2008 11:09:59 | Computer Name = Nina-PC | Source = Application Hang | ID = 1002

Description = Programmet iexplore.exe versjon 7.0.6001.18000 sluttet å samhandle

med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig

om problemet, ser du i problemhistorikken i kontrollpanelet for Problemrapportering

og -løsninger. Prosess-ID: 19e0 Starttidspunkt: 01c936aa0a1769a9 Avslutningstidspunkt:

0

 

Error - 25.10.2008 11:26:28 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 26.10.2008 11:53:09 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 27.10.2008 10:01:32 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 27.10.2008 10:39:59 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 28.10.2008 14:45:21 | Computer Name = Nina-PC | Source = Application Hang | ID = 1002

Description = Programmet iexplore.exe versjon 7.0.6001.18000 sluttet å samhandle

med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig

om problemet, ser du i problemhistorikken i kontrollpanelet for Problemrapportering

og -løsninger. Prosess-ID: ce8 Starttidspunkt: 01c93849947c77b4 Avslutningstidspunkt:

410

 

Error - 28.10.2008 16:09:37 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 29.10.2008 09:53:54 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 29.10.2008 20:26:20 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 30.10.2008 11:23:51 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10

Description =

 

[ System Events ]

Error - 21.10.2008 03:50:42 | Computer Name = Nina-PC | Source = HTTP | ID = 15016

Description =

 

Error - 21.10.2008 03:51:04 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 21.10.2008 03:51:04 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 21.10.2008 03:51:16 | Computer Name = Nina-PC | Source = WMPNetworkSvc | ID = 866312

Description =

 

Error - 21.10.2008 03:51:16 | Computer Name = Nina-PC | Source = WMPNetworkSvc | ID = 866312

Description =

 

Error - 21.10.2008 03:53:04 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 21.10.2008 12:36:45 | Computer Name = Nina-PC | Source = disk | ID = 262155

Description = Driveren oppdaget en feil på styreren på \...\DR1.

 

Error - 21.10.2008 12:45:56 | Computer Name = Nina-PC | Source = DCOM | ID = 10000

Description =

 

Error - 24.10.2008 15:58:16 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7031

Description =

 

Error - 24.10.2008 15:59:43 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7031

Description =

 

 

< End of report >

 

mbam

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.30

Database versjon: 1361

Windows 6.0.6001 Service Pack 1

 

04.11.2008 00:18:11

mbam-log-2008-11-04 (00-18-11).txt

 

Skanntype: Rask Skann

Objekter skannet: 45160

Tid tilbakelagt: 2 minute(s), 24 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 7

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.

Klikk for å se/fjerne innholdet nedenfor

Endret 4. november 2008 av nilieh

[nilieh]

hm..Hjelp?

[norbat]

Loggene utennom MBAM ser greie ut, så jeg spekulerer i hvorfor MBAM ikke fjerner disse filene.

Har du noen formening om hvordan du har blitt infisert?

Bruker du minnepenn?

[nilieh]

Jeg vet faktisk ikke! Hadde som nevnt tidligere noe trojanske hester jeg hadde problemer med, jeg vet ikke om dette kan ha noen sammenheng?

 

Jeg har lastet ned litt av en serie fra mininova.org for noen uker siden, jeg vet ikke om det kan ha kommet derfra? Ellers gjør jeg svært lite med laptopen min annet enn helt vanlig internettbruk og veldig lite nedlasting osv.

 

Jeg bruker minnepenn kun til å lagre dokumenter av og til og skrive ut med andre pc'r osv, hvis det var det du mente?

Endret 7. november 2008 av nilieh

[norbat]

Det med minnepenn var en tanke om at det lå smitte på den som førte til reinfiserting når du satte den i pc'n.

 

Uansett, Loggene (foruten mbam) viser ingen tegn på malware. Combofix evner å fjerne disse filene også, men når combofix ikke 'finner' filene, så lurer jeg litt på om mbam roter litt i denne sammenhengen. Det ligger en tilsvarende tråd her med samme type 'infeksjon'.

 

Hvis dette er en reel infeksjon og i mangel på ide om fjerning (om filene ikke lar seg slette manuelt ved å endre tilgangsrettighetene på mappene slik at du kan se hva som ligger i den og evt. fjerne filene derfra), så nærmer det seg kanskje en reinstallering?

 

Du kunne forsøkt å starte opp i sikker modus (tapp F8 under oppstart, velg sikker modus). Kjør mbam-skanningen derfra. Finner den noe da?

Endret 7. november 2008 av norbat

[nilieh]

Ja, jeg så det tilsvarende innlegget, og prøvde å endre rettighetene på mappene, men får opp my documents, men kommer ikke videre. Får at jeg ikke har tillatelse til å se sikkererhetsegenskapene til dette objektet.. Skal prøve å kjøre mbam i sikkerhetsmodus!

[nilieh]

Rask skann i sikkermodus finner 0 infiserte filer..! Den finner på den andre siden de samme filene om jeg kjører den igjen i vanlig modus..

[raWrz]

Kjør combofix igjen. Post loggen så tar vi en ekstra runde for å se om loggen viser noen filer knyttet til dette.

 

Du har noen prog. som jeg tror du bør stoppe da jeg har en mistanke om at disse kan holde på disse filene.

Det gjelder eDataSecurity og NTI Backup Now 5

 

skal bare si at dette er programmer som følger med på acer dataer

NTI Backup Now er et program som hjelper deg med backup (egentlig et unødvendig program)

[nilieh]

Så disse som mbam finner er det ikke noe å gjøre noe med, eller? ..

Endret 10. november 2008 av nilieh

[norbat]

Det finnes en reel infeksjon som gir de filene som MBAM finner på pc'n din. Men, om det er en reel infeksjon du har på pc'n, er jeg usikker på. Spørmålet er om du burde reinstallere eller om det er å ta for hardt i. Både MBAM og Combofix bruker vanligvis å ta disse filene. Hvorfor du stadig får disse filene er MBAM skannen klarer jeg ikke helt å se.

[norbat]

Hvordan går det med problemet?

[nilieh]

Hei!

 

Problemet er dessverre akkurat som før... Jeg er litt usikker på hva jeg skal gjøre, om det er verdt å reinstallere eller ikke, eller om jeg heller burde vente litt å se (?)

[raWrz]

oppdater Mbam til den nyeste og kjør skann

si ifra hvis Mbam ikke finner de lenger

[nilieh]

De finner akkurat det samme med oppdatert versjon..

[nilieh]

Jeg prøvde å gjøre som Submit, - å slette mappene som filene skal ligge i. Nå finner ikke mbam dem på scan, men problemene er fremdeles akkurat det samme (?)

 

jeg fant en link om filene.. vet ikke om det er til noensomhelst hjelp. her..

[raWrz]

Jeg prøvde å gjøre som Submit, - å slette mappene som filene skal ligge i. Nå finner ikke mbam dem på scan, men problemene er fremdeles akkurat det samme (?)

 

jeg fant en link om filene.. vet ikke om det er til noensomhelst hjelp. her..

 

skal ta en titt og se om jeg finner de mappene de nevner

 

edit: har blad igjennom den "guiden" og fant ingen registry som sto der eller mapper.

(lette igjennom regestry manuelt med og skrive regedit i kjør felte men kan hende de er skjult eller no

Endret 15. november 2008 av Submit

[raWrz]

denne metoden er den jeg har brukt for og få de vekk:

først oppdater Mbam og ta en GRUNDIG sjekk IKKE rask sjekk

også går du inn i kontrollpanelet - klassisk visning på venstre sia - mappealternativer - kriss av vis skjulte filer og mapper og kryss av på skjul beskytette operativsystem filer

 

gå inn på C og høyere klikk på brukere mappen - egenskaper - sikkerhet- avangsert - rediger - rediger - der det står bruk på skal de stå: Denne mappen, undermapper og filer pass på at alt står på tillat hvis ikke klikker du tilat på den

 

så går du inn i C disken - Brukere - Default - My Documents og slett My Pictures, My Videos, My Music.

 

hvet ikke om viruset er borte men Mbam finner ikke noe nå lenger

[nilieh]

Ja, jeg prøvde det samme! Og mbam finner ikke filene lenger, men problemet er fremdeles akkurat det samme..