SAS, Combofix og HJT-logg

[Kassablanca]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:59:38, on 17.01.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\eDSMSNfix.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\Kari\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Opera\Opera.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Kari\Desktop\hjt\hjttest.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] C:\Windows\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: eNetHook.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9947 bytes

 

 

ComboFix 08-01-17.5 - Kari 2008-01-17 13:44:36.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.962 [GMT 1:00]

Running from: C:\Users\Kari\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))

.

 

2008-01-17 13:43 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe

2008-01-17 00:33 . 2008-01-17 00:33 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-01-17 00:33 . 2008-01-17 00:33 <DIR> d-------- C:\PROGRA~2\SUPERAntiSpyware.com

2008-01-17 00:31 . 2008-01-17 00:31 <DIR> d-------- C:\Users\Kari\AppData\Roaming\SUPERAntiSpyware.com

2008-01-17 00:31 . 2008-01-17 00:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-01-17 00:31 . 2008-01-17 00:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-15 16:25 . 2008-01-15 16:25 <DIR> d-------- C:\Users\All Users\Hewlett-Packard

2008-01-15 16:25 . 2008-01-15 16:25 <DIR> d-------- C:\PROGRA~2\Hewlett-Packard

2008-01-10 03:07 . 2008-01-10 03:07 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-01-10 03:07 . 2008-01-10 03:07 216,760 --a------ C:\Windows\System32\drivers\netio.sys

2008-01-10 03:07 . 2008-01-10 03:07 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-01-10 03:07 . 2008-01-10 03:07 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-01-10 03:07 . 2008-01-10 03:07 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-01-10 03:04 . 2008-01-10 03:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-01-10 03:04 . 2008-01-10 03:04 1,686,016 --a------ C:\Windows\System32\gameux.dll

2008-01-10 03:04 . 2008-01-10 03:04 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-01-10 03:04 . 2008-01-10 03:04 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys

2008-01-10 03:04 . 2008-01-10 03:04 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-01-10 03:04 . 2008-01-10 03:04 109,624 --a------ C:\Windows\System32\drivers\ataport.sys

2008-01-10 03:04 . 2008-01-10 03:04 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys

2008-01-10 03:04 . 2008-01-10 03:04 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

2008-01-10 03:04 . 2008-01-10 03:04 17,464 --a------ C:\Windows\System32\drivers\intelide.sys

2008-01-10 03:03 . 2008-01-10 03:03 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-01-08 15:18 . 2008-01-08 15:18 <DIR> d-------- C:\Program Files\Norton Security Scan

2008-01-03 13:13 . 2008-01-03 13:13 <DIR> d-------- C:\Program Files\CCleaner

2008-01-03 13:13 . 2008-01-16 13:30 12,922 --a------ C:\Windows\cfgall.ini

2008-01-03 13:09 . 2008-01-03 13:09 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-03 13:00 . 2008-01-03 13:12 <DIR> d-------- C:\Temp

2007-12-23 11:00 . 2008-01-03 11:13 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT

2007-12-23 11:00 . 2008-01-03 11:13 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-17 12:39 12,978 ----a-w C:\Users\Kari\AppData\Roaming\nvModes.dat

2008-01-16 11:29 --------- d-----w C:\Users\Kari\AppData\Roaming\OpenOffice.org2

2008-01-16 10:20 --------- d-----w C:\PROGRA~2\OrdnettPluss

2008-01-14 20:59 --------- d-----w C:\Users\Kari\AppData\Roaming\Azureus

2008-01-10 02:16 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-10 02:16 --------- d-----w C:\Program Files\Windows Mail

2008-01-10 02:05 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-01-10 02:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-01-10 02:04 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-01-10 02:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-01-09 17:22 --------- d-----w C:\Users\Kari\AppData\Roaming\LimeWire

2008-01-03 10:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-03 10:41 --------- d-----w C:\PROGRA~2\Symantec

2007-12-26 18:59 --------- d-----w C:\Users\Kari\AppData\Roaming\BearShare

2007-12-16 10:19 --------- d-----w C:\Users\Kari\AppData\Roaming\dvdcss

2007-12-13 08:37 --------- d-----w C:\PROGRA~2\Microsoft Help

2007-12-13 08:35 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-13 08:34 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-13 08:34 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-13 08:30 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-13 08:30 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-13 08:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-13 08:30 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-13 08:28 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2007-12-13 08:28 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2007-12-13 08:28 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2007-12-13 08:28 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2007-12-13 08:24 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe

2007-12-13 08:24 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe

2007-12-09 19:42 --------- d-----w C:\Program Files\CeWe Color

2007-12-08 18:05 --------- d-----w C:\Users\Kari\AppData\Roaming\Winamp

2007-11-18 10:00 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-15 02:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-15 02:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-15 02:05 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-15 02:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-11-15 02:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-15 02:04 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-15 02:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-15 02:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-15 02:04 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-11-15 02:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-09-19 14:09 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:03 1232896]

"Acer Tour Reminder"="" []

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-19 13:50 1006264]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-20 06:50 90191]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-20 06:50 7766016]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-20 06:50 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 08:38 4390912 C:\Windows\RtHDVCpl.exe]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]

"Acer Tour"="" []

"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 09:40 13312]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-09 04:35 614400]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]

"eRecoveryService"="" []

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 08:01 151552]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02 563984]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06 2027792]

"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2006-06-23 09:39 225280]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]

"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-08 01:43 702072]

 

C:\Users\Kari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54]

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]

Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-06 22:13:06]

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-22 05:05:42]

 

C:\Users\Kari\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=eNetHook.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 10:51]

R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 10:49]

R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 13:34]

R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 10:49]

R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2006-11-02 10:49]

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]

R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]

R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]

R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 10:49]

R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2006-11-02 10:50]

R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 10:51]

R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 09:31]

R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-03 05:27]

R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 09:57]

R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 10:02]

R1 Smb;Meldingsorientert TCP/IP- og TCP/IPv6-protokoll (SMB-økt);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 09:57]

R1 tdx;TDI-støttedriver for eldre NetIO;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 09:57]

R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-09-19 13:54]

R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]

R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 19:07]

R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 18:17]

R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]

R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 09:56]

R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 09:33]

R2 LVPrcSrv;Process Monitor;"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [2007-07-19 23:40]

R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]

R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 10:04]

R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-09-30 15:50]

R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 09:57]

R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 08:33]

R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]

R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 09:31]

R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-09-19 13:54]

R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R3 iScsiPrt;iScsiPort-driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 10:51]

R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 10:45]

R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 09:54]

R3 mpsdrv;Driver for Windows-brannmurgodkjenning;C:\Windows\system32\drivers\mpsdrv.sys [2007-09-19 13:47]

R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 09:31]

R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-13 09:28]

R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2008-01-10 03:04]

R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-24 23:14]

R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-13 09:28]

R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-13 09:28]

R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-09-19 13:47]

R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 09:55]

R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 08:30]

S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 09:24]

S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 09:24]

S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 09:24]

S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 13:36]

S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 08:30]

S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 09:32]

S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 10:51]

S3 NETw3v32;Intel® PRO/trådløs 3945ABG-kortdriver for Windows Vista, 32-bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]

S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 09:51]

S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 14:44]

S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2006-11-02 10:45]

S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 10:02]

S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 10:45]

S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 10:50]

S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 09:53]

S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 10:51]

S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 10:51]

S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys [2006-11-02 10:49]

S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 10:50]

S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 10:50]

S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 09:25]

S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 09:24]

S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 09:24]

S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 09:55]

S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 09:30]

S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 10:51]

S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 10:50]

S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 10:51]

S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 10:50]

S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 09:42]

S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 10:50]

S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 10:50]

S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 10:50]

S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 10:50]

S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 10:49]

S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 10:50]

S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2006-11-02 10:49]

S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 10:50]

S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 10:50]

S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 08:36]

S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 10:50]

S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 10:51]

S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 10:50]

S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys [2006-11-02 10:50]

S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 10:50]

S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 10:51]

S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 10:50]

S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 09:55]

S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 09:30]

S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 10:50]

S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 09:52]

S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 10:49]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart

NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv

WerSvcGroup REG_MULTI_SZ wersvc

swprv REG_MULTI_SZ swprv

LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg

regsvc REG_MULTI_SZ RemoteRegistry

wcssvc REG_MULTI_SZ WcsPlugInService

DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch

wdisvc REG_MULTI_SZ WdiServiceHost

sdrsvc REG_MULTI_SZ sdrsvc

secsvcs REG_MULTI_SZ WinDefend

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

AeLookupSvc

wercplsupport

Themes

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Nla

NWCWorkstation

SRService

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

ProfSvc

EapHost

winmgmt

schedule

SessionEnv

browser

hkmsvc

 

*Newly Created Service* - PROCEXP90

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-17 13:55:21

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-17 13:56:46

.

2008-01-10 02:08:09 --- E O F ---

 

 

ComboFix 08-01-17.5 - Kari 2008-01-17 13:44:36.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.962 [GMT 1:00]

Running from: C:\Users\Kari\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))

.

 

2008-01-17 13:43 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe

2008-01-17 00:33 . 2008-01-17 00:33 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-01-17 00:33 . 2008-01-17 00:33 <DIR> d-------- C:\PROGRA~2\SUPERAntiSpyware.com

2008-01-17 00:31 . 2008-01-17 00:31 <DIR> d-------- C:\Users\Kari\AppData\Roaming\SUPERAntiSpyware.com

2008-01-17 00:31 . 2008-01-17 00:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-01-17 00:31 . 2008-01-17 00:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-15 16:25 . 2008-01-15 16:25 <DIR> d-------- C:\Users\All Users\Hewlett-Packard

2008-01-15 16:25 . 2008-01-15 16:25 <DIR> d-------- C:\PROGRA~2\Hewlett-Packard

2008-01-10 03:07 . 2008-01-10 03:07 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-01-10 03:07 . 2008-01-10 03:07 216,760 --a------ C:\Windows\System32\drivers\netio.sys

2008-01-10 03:07 . 2008-01-10 03:07 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-01-10 03:07 . 2008-01-10 03:07 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-01-10 03:07 . 2008-01-10 03:07 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-01-10 03:04 . 2008-01-10 03:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-01-10 03:04 . 2008-01-10 03:04 1,686,016 --a------ C:\Windows\System32\gameux.dll

2008-01-10 03:04 . 2008-01-10 03:04 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-01-10 03:04 . 2008-01-10 03:04 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys

2008-01-10 03:04 . 2008-01-10 03:04 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-01-10 03:04 . 2008-01-10 03:04 109,624 --a------ C:\Windows\System32\drivers\ataport.sys

2008-01-10 03:04 . 2008-01-10 03:04 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys

2008-01-10 03:04 . 2008-01-10 03:04 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

2008-01-10 03:04 . 2008-01-10 03:04 17,464 --a------ C:\Windows\System32\drivers\intelide.sys

2008-01-10 03:03 . 2008-01-10 03:03 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-01-08 15:18 . 2008-01-08 15:18 <DIR> d-------- C:\Program Files\Norton Security Scan

2008-01-03 13:13 . 2008-01-03 13:13 <DIR> d-------- C:\Program Files\CCleaner

2008-01-03 13:13 . 2008-01-16 13:30 12,922 --a------ C:\Windows\cfgall.ini

2008-01-03 13:09 . 2008-01-03 13:09 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-03 13:00 . 2008-01-03 13:12 <DIR> d-------- C:\Temp

2007-12-23 11:00 . 2008-01-03 11:13 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT

2007-12-23 11:00 . 2008-01-03 11:13 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-17 12:39 12,978 ----a-w C:\Users\Kari\AppData\Roaming\nvModes.dat

2008-01-16 11:29 --------- d-----w C:\Users\Kari\AppData\Roaming\OpenOffice.org2

2008-01-16 10:20 --------- d-----w C:\PROGRA~2\OrdnettPluss

2008-01-14 20:59 --------- d-----w C:\Users\Kari\AppData\Roaming\Azureus

2008-01-10 02:16 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-10 02:16 --------- d-----w C:\Program Files\Windows Mail

2008-01-10 02:05 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-01-10 02:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-01-10 02:04 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-01-10 02:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-01-09 17:22 --------- d-----w C:\Users\Kari\AppData\Roaming\LimeWire

2008-01-03 10:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-03 10:41 --------- d-----w C:\PROGRA~2\Symantec

2007-12-26 18:59 --------- d-----w C:\Users\Kari\AppData\Roaming\BearShare

2007-12-16 10:19 --------- d-----w C:\Users\Kari\AppData\Roaming\dvdcss

2007-12-13 08:37 --------- d-----w C:\PROGRA~2\Microsoft Help

2007-12-13 08:35 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-13 08:34 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-13 08:34 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-13 08:30 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-13 08:30 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-13 08:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-13 08:30 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-13 08:28 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2007-12-13 08:28 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2007-12-13 08:28 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2007-12-13 08:28 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2007-12-13 08:24 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe

2007-12-13 08:24 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe

2007-12-09 19:42 --------- d-----w C:\Program Files\CeWe Color

2007-12-08 18:05 --------- d-----w C:\Users\Kari\AppData\Roaming\Winamp

2007-11-18 10:00 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-15 02:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-15 02:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-15 02:05 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-15 02:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-11-15 02:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-15 02:04 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-15 02:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-15 02:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-15 02:04 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-11-15 02:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-09-19 14:09 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:03 1232896]

"Acer Tour Reminder"="" []

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-19 13:50 1006264]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-20 06:50 90191]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-20 06:50 7766016]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-20 06:50 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 08:38 4390912 C:\Windows\RtHDVCpl.exe]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]

"Acer Tour"="" []

"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 09:40 13312]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-09 04:35 614400]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]

"eRecoveryService"="" []

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 08:01 151552]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02 563984]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06 2027792]

"LVCOMSX"="C:\Windows\system32\LVCOMSX.EXE" [2006-06-23 09:39 225280]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]

"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-05-08 01:43 702072]

 

C:\Users\Kari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54]

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]

Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-06 22:13:06]

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-22 05:05:42]

 

C:\Users\Kari\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=eNetHook.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 10:51]

R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 10:49]

R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 13:34]

R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 10:49]

R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2006-11-02 10:49]

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]

R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]

R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]

R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 10:49]

R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2006-11-02 10:50]

R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 10:51]

R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 09:31]

R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-03 05:27]

R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 09:57]

R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 10:02]

R1 Smb;Meldingsorientert TCP/IP- og TCP/IPv6-protokoll (SMB-økt);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 09:57]

R1 tdx;TDI-støttedriver for eldre NetIO;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 09:57]

R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-09-19 13:54]

R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]

R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 19:07]

R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 18:17]

R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]

R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 09:56]

R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 09:33]

R2 LVPrcSrv;Process Monitor;"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [2007-07-19 23:40]

R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]

R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 10:04]

R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-09-30 15:50]

R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 09:57]

R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 08:33]

R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]

R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 09:31]

R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-09-19 13:54]

R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

R3 iScsiPrt;iScsiPort-driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 10:51]

R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 10:45]

R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 09:54]

R3 mpsdrv;Driver for Windows-brannmurgodkjenning;C:\Windows\system32\drivers\mpsdrv.sys [2007-09-19 13:47]

R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 09:31]

R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-13 09:28]

R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2008-01-10 03:04]

R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-24 23:14]

R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-13 09:28]

R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-13 09:28]

R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-09-19 13:47]

R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 09:55]

R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 08:30]

S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 09:24]

S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 09:24]

S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 09:24]

S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 13:36]

S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 08:30]

S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 09:32]

S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 10:51]

S3 NETw3v32;Intel® PRO/trådløs 3945ABG-kortdriver for Windows Vista, 32-bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]

S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 09:51]

S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 14:44]

S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2006-11-02 10:45]

S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 10:02]

S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 10:45]

S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 10:50]

S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 09:53]

S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 10:45]

S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 10:51]

S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 10:51]

S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys [2006-11-02 10:49]

S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 10:50]

S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 10:50]

S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 09:25]

S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 09:24]

S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 09:24]

S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 09:55]

S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 09:30]

S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 10:51]

S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 10:50]

S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 10:51]

S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 10:50]

S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 09:42]

S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 10:50]

S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 10:50]

S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 10:50]

S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 10:50]

S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]

S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 10:49]

S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 10:50]

S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2006-11-02 10:49]

S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 10:50]

S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 10:50]

S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 08:36]

S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 10:50]

S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 10:51]

S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 10:50]

S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys [2006-11-02 10:50]

S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 10:50]

S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 10:51]

S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 10:50]

S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 09:55]

S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 09:30]

S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 10:50]

S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 09:52]

S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 10:49]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart

NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv

WerSvcGroup REG_MULTI_SZ wersvc

swprv REG_MULTI_SZ swprv

LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg

regsvc REG_MULTI_SZ RemoteRegistry

wcssvc REG_MULTI_SZ WcsPlugInService

DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch

wdisvc REG_MULTI_SZ WdiServiceHost

sdrsvc REG_MULTI_SZ sdrsvc

secsvcs REG_MULTI_SZ WinDefend

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

AeLookupSvc

wercplsupport

Themes

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Nla

NWCWorkstation

SRService

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

ProfSvc

EapHost

winmgmt

schedule

SessionEnv

browser

hkmsvc

 

*Newly Created Service* - PROCEXP90

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-17 13:55:21

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-17 13:56:46

.

2008-01-10 02:08:09 --- E O F ---

 

 

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh

17.01.2008 14:02:38,10

 

The rootkits that are detected by this tool were not found.

 

********************************* ROOTCHK-LOG-end

 

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-17 14:02:40

Windows 6.0.6000

scanning hidden processes ...

 

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:47,22,eb,dc,b6,6a,3f,76,ce,ab,60,c5,47,74,6d,91,83,76,53,9c,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001]

"a0"=hex:20,01,00,00,da,19,01,20,03,cd,97,4f,ae,e9,b7,25,ea,76,2d,71,dc,..

"khjeh"=hex:ae,e5,7c,6f,98,0d,2c,cf,2f,44,d7,56,b0,5b,3d,bf,8c,1e,98,ed,4b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40]

"khjeh"=hex:51,d0,0b,38,3c,ce,ce,76,38,46,68,90,0b,bf,ec,b9,f2,18,ee,73,15,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:47,22,eb,dc,b6,6a,3f,76,ce,ab,60,c5,47,74,6d,91,83,76,53,9c,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001]

"a0"=hex:20,01,00,00,da,19,01,20,03,cd,97,4f,ae,e9,b7,25,ea,76,2d,71,dc,..

"khjeh"=hex:ae,e5,7c,6f,98,0d,2c,cf,2f,44,d7,56,b0,5b,3d,bf,8c,1e,98,ed,4b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40]

"khjeh"=hex:51,d0,0b,38,3c,ce,ce,76,38,46,68,90,0b,bf,ec,b9,f2,18,ee,73,15,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

hidden processes: 0

hidden services: 0

hidden files: 0

[norbat]

Loggen ser greie ut. Var det bare en sjekk eller har du mistanke om noe?

[jojo123]

Det er jeg som gjør det for henne, så jeg kan svare. Det var bare en sjekk, men pcen er ganske treg.

[norbat]

Avinstaller program som ikke brukes.

 

Kjør en rens med CCleaner, om det ikke er gjort

 

Sjekk om pc trenger en diskdefragmentering (tilbehør->systemverktøy->diskdefragmentering)