Hjelp med logger

[Sixr]

Hei! Kunne noen sett på disse loggene

 

 

HJT-logg

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:20:27, on 18.07.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\System32\rundll32.exe

C:\Users\Anker\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\Explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\asdf.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: HP Smart valgmetode - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10636 bytes

 

SAS-logg

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 07/18/2008 at 05:55 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3507

Trace Rules Database Version: 1498

 

Scan type : Quick Scan

Total Scan Time : 00:35:15

 

Memory items scanned : 342

Memory threats detected : 4

Registry items scanned : 501

Registry threats detected : 20

File items scanned : 34926

File threats detected : 21

 

Adware.Media-Codec/ZLob

C:\PROGRAM FILES\WEB TECHNOLOGIES\WCS.EXE

C:\PROGRAM FILES\WEB TECHNOLOGIES\WCS.EXE

C:\PROGRAM FILES\WEB TECHNOLOGIES\IEBTM.EXE

C:\PROGRAM FILES\WEB TECHNOLOGIES\IEBTM.EXE

C:\PROGRAM FILES\WEB TECHNOLOGIES\WCM.EXE

C:\PROGRAM FILES\WEB TECHNOLOGIES\WCM.EXE

C:\PROGRAM FILES\WEB TECHNOLOGIES\IEBTMM.EXE

C:\PROGRAM FILES\WEB TECHNOLOGIES\IEBTMM.EXE

[some] C:\PROGRAM FILES\WEB TECHNOLOGIES\WCS.EXE

[start] C:\PROGRAM FILES\WEB TECHNOLOGIES\IEBTM.EXE

 

Trojan.FakeAlert-IEBT

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}

HKCR\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}

HKCR\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}#ddd

HKCR\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}\InprocServer32

HKCR\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}\InprocServer32#ThreadingModel

C:\PROGRAM FILES\WEB TECHNOLOGIES\IEBT.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{65742936-8079-408B-9F3C-874B78030A72}

HKCR\CLSID\{65742936-8079-408B-9F3C-874B78030A72}

HKCR\CLSID\{65742936-8079-408B-9F3C-874B78030A72}

HKCR\CLSID\{65742936-8079-408B-9F3C-874B78030A72}\Implemented Categories

HKCR\CLSID\{65742936-8079-408B-9F3C-874B78030A72}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{65742936-8079-408B-9F3C-874B78030A72}\InprocServer32

HKCR\CLSID\{65742936-8079-408B-9F3C-874B78030A72}\InprocServer32#ThreadingModel

C:\PROGRAM FILES\WEB TECHNOLOGIES\IEBR.DLL

HKU\S-1-5-21-643209647-1547239320-2742630195-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{65742936-8079-408B-9F3C-874B78030A72}

HKCR\CLSID\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}

 

Trojan.Smitfraud Variant/IE Anti-Spyware

HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

 

Trojan.DNSChanger-Codec

C:\Program Files\WEB TECHNOLOGIES\iebtu.exe

C:\Program Files\WEB TECHNOLOGIES\iebu.exe

C:\Program Files\WEB TECHNOLOGIES\myd.ico

C:\Program Files\WEB TECHNOLOGIES\mym.ico

C:\Program Files\WEB TECHNOLOGIES\myp.ico

C:\Program Files\WEB TECHNOLOGIES\myv.ico

C:\Program Files\WEB TECHNOLOGIES\ot.ico

C:\Program Files\WEB TECHNOLOGIES\ts.ico

C:\Program Files\WEB TECHNOLOGIES\wcu.exe

C:\Program Files\WEB TECHNOLOGIES

 

Trojan.Media-Codec/V4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\Web Technologies\wcs.exe ]

HKCR\multimediaControls.chl

HKCR\multimediaControls.chl\CLSID

 

Browser Hijacker.Favorites

C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\ANTIVIRUS SCAN.URL

C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\ONLINE SPYWARE TEST.URL

C:\USERS\ALL USERS\MICROSOFT\WINDOWS\START MENU\ANTIVIRUS SCAN.URL

C:\USERS\ALL USERS\MICROSOFT\WINDOWS\START MENU\ONLINE SPYWARE TEST.URL

C:\USERS\ANKER\FAVORITES\ANTIVIRUS SCAN.URL

 

Adware.Tracking Cookie

.adtech.de [ C:\Users\Anker\AppData\Roaming\Mozilla\Firefox\Profiles\riwlvr6j.default\cookies.txt ]

e2.emediate.se [ C:\Users\Anker\AppData\Roaming\Mozilla\Firefox\Profiles\riwlvr6j.default\cookies.txt ]

.mediaplex.com [ C:\Users\Anker\AppData\Roaming\Mozilla\Firefox\Profiles\riwlvr6j.default\cookies.txt ]

track.adform.net [ C:\Users\Anker\AppData\Roaming\Mozilla\Firefox\Profiles\riwlvr6j.default\cookies.txt ]

track.adform.net [ C:\Users\Anker\AppData\Roaming\Mozilla\Firefox\Profiles\riwlvr6j.default\cookies.txt ]

e2.emediate.se [ C:\Users\Anker\AppData\Roaming\Mozilla\Firefox\Profiles\riwlvr6j.default\cookies.txt ]

.telenorstartsiden.112.2o7.net [ C:\Users\Anker\AppData\Roaming\Mozilla\Firefox\Profiles\riwlvr6j.default\cookies.txt ]

.apmebf.com [ C:\Users\Anker\AppData\Roaming\Mozilla\Firefox\Profiles\riwlvr6j.default\cookies.txt ]

.tribalfusion.com [ C:\Users\Anker\AppData\Roaming\Mozilla\Firefox\Profiles\riwlvr6j.default\cookies.txt ]

 

ComboFix

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-07-17.4 - Anker 2008-07-18 18:02:14.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1085 [GMT 2:00]

Running from: C:\Users\Anker\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\Web Technologies

C:\Program Files\Web Technologies\iebr.dll

C:\Program Files\Web Technologies\iebt.dll

C:\Program Files\Web Technologies\iebtm.exe

C:\Program Files\Web Technologies\iebtmm.exe

C:\Program Files\Web Technologies\iebtu.exe

C:\Program Files\Web Technologies\iebu.exe

C:\Program Files\Web Technologies\myd.ico

C:\Program Files\Web Technologies\mym.ico

C:\Program Files\Web Technologies\myp.ico

C:\Program Files\Web Technologies\myv.ico

C:\Program Files\Web Technologies\ot.ico

C:\Program Files\Web Technologies\ts.ico

C:\Program Files\Web Technologies\wcm.exe

C:\Program Files\Web Technologies\wcs.exe

C:\Program Files\Web Technologies\wcu.exe

C:\Users\Anker\Documents\My Documents.url

C:\Windows\system32\ACER.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))

.

 

2008-07-18 17:18 . 2008-07-18 17:18 <DIR> d-------- C:\Users\Anker\AppData\Roaming\SUPERAntiSpyware.com

2008-07-18 17:18 . 2008-07-18 17:18 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-07-18 17:18 . 2008-07-18 17:18 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-07-18 17:18 . 2008-07-18 17:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-07-18 16:26 . 2008-07-18 16:27 <DIR> d-------- C:\Users\All Users\Lavasoft

2008-07-18 16:26 . 2008-07-18 16:27 <DIR> d-------- C:\ProgramData\Lavasoft

2008-07-18 16:26 . 2008-07-18 16:26 <DIR> d-------- C:\Program Files\Lavasoft

2008-07-18 16:26 . 2008-07-18 17:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-07-15 17:09 . 2008-07-15 17:09 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-07-15 17:07 . 2008-07-15 17:07 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-07-15 17:05 . 2008-07-15 17:05 <DIR> dr-h----- C:\MSOCache

2008-07-15 16:49 . 2008-07-15 16:49 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-07-15 16:45 . 2008-07-15 16:45 <DIR> d-------- C:\Users\Anker\AppData\Roaming\DAEMON Tools

2008-07-15 16:45 . 2008-07-15 16:45 717,296 --a------ C:\Windows\System32\drivers\sptd.sys

2008-07-13 22:53 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-13 22:53 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-13 22:53 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-07-07 09:39 . 2008-07-07 17:46 <DIR> d-------- C:\Users\Gjest 1\AppData\Roaming\Command & Conquer 3 Kane's Wrath

2008-07-06 22:10 . 2008-07-06 23:31 <DIR> d-------- C:\Users\Anker\AppData\Roaming\Command & Conquer 3 Kane's Wrath

2008-07-06 22:09 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll

2008-07-06 22:09 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-07-06 22:09 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll

2008-07-06 22:09 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll

2008-07-06 22:09 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll

2008-07-06 22:09 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll

2008-06-29 20:06 . <DIR> C:\Users\Gjest 1\AppData\Roaming\Mine Kampen om MidgardT II-filer

2008-06-29 14:09 . <DIR> C:\Users\Anker\AppData\Roaming\Mine Kampen om MidgardT II-filer

2008-06-23 12:47 . 2008-06-23 12:47 <DIR> d-------- C:\Users\Anker\AppData\Roaming\Template

2008-06-23 12:47 . 2008-06-23 12:47 0 --a------ C:\Users\Anker\AppData\Roaming\wklnhst.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-18 15:08 --------- d-----w C:\ProgramData\Microsoft Help

2008-07-18 15:08 --------- d-----w C:\ProgramData\HP Product Assistant

2008-07-18 15:08 --------- d-----w C:\Program Files\Microsoft Works

2008-07-18 15:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-07-18 15:08 --------- d-----w C:\Program Files\CCleaner

2008-07-18 00:18 --------- d-----w C:\ProgramData\Symantec

2008-07-15 15:12 --------- d-----w C:\Program Files\MSBuild

2008-07-10 09:16 --------- d-----w C:\Program Files\Windows Mail

2008-07-09 16:47 --------- d-----w C:\Users\Anker\AppData\Roaming\Mine Kampen om Midgard™ II-filer

2008-07-09 16:45 28,029 ----a-w C:\Users\Gjest 1\AppData\Roaming\nvModes.dat

2008-07-07 17:37 --------- d-----w C:\Users\Gjest 1\AppData\Roaming\Mine Kampen om Midgard™ II-filer

2008-07-06 21:30 27,839 ----a-w C:\Users\Anker\AppData\Roaming\nvModes.dat

2008-07-05 19:02 --------- d-----w C:\Users\Gjest 1\AppData\Roaming\CyberLink

2008-06-28 10:43 --------- d-----w C:\Users\Anker\AppData\Roaming\uTorrent

2008-06-15 16:31 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-06-12 13:19 --------- d-----w C:\Users\Anker\AppData\Roaming\HP

2008-06-12 13:18 --------- d-----w C:\ProgramData\WEBREG

2008-06-12 13:18 --------- d-----w C:\ProgramData\HP

2008-06-12 13:17 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-06-12 13:17 --------- d-----w C:\ProgramData\Hewlett-Packard

2008-06-12 13:09 --------- d-----w C:\Program Files\HP

2008-06-12 13:08 --------- d-----w C:\Program Files\Hewlett-Packard

2008-06-12 13:08 --------- d-----w C:\Program Files\Common Files\HP

2008-06-12 13:08 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2008-06-09 10:06 --------- d-----w C:\ProgramData\NVIDIA

2008-06-09 10:02 174 --sha-w C:\Program Files\desktop.ini

2008-06-09 09:54 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-09 09:54 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-09 09:54 --------- d-----w C:\Program Files\Windows Journal

2008-06-09 09:54 --------- d-----w C:\Program Files\Windows Defender

2008-06-09 09:54 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-09 09:54 --------- d-----w C:\Program Files\Windows Calendar

2008-06-09 09:32 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-09 09:32 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-02 10:09 --------- d-----w C:\Program Files\Norton Internet Security

2008-06-01 17:41 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-06-01 17:41 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-06-01 17:41 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-06-01 17:41 --------- d-----w C:\Program Files\Symantec

2008-05-28 19:29 --------- d-----w C:\Users\Anker\AppData\Roaming\vlc

2008-05-28 19:29 --------- d-----w C:\Users\Anker\AppData\Roaming\dvdcss

2008-05-28 19:28 --------- d-----w C:\Program Files\VideoLAN

2008-05-21 20:24 --------- d-----w C:\ProgramData\Yahoo! Companion

2008-05-21 13:09 --------- d-----w C:\Users\Gjest 1\AppData\Roaming\Acer

2008-05-19 13:54 --------- d-----w C:\Users\Anker\AppData\Roaming\Acer

2008-05-18 17:49 --------- d-----w C:\Program Files\Windows Live

2008-05-18 17:46 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-18 17:43 --------- d-----w C:\ProgramData\WLInstaller

2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe

2008-05-12 10:58 27,839 ----a-w C:\Users\Gjest\AppData\Roaming\nvModes.dat

2008-05-11 14:07 988,216 ----a-w C:\Windows\System32\winload.exe

2008-05-11 14:07 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-05-11 14:07 615,992 ----a-w C:\Windows\System32\ci.dll

2008-05-11 14:07 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-05-11 14:07 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-05-11 14:07 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-05-11 14:07 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-05-11 14:07 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-05-11 14:07 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-05-11 14:07 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-05-11 14:07 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-05-11 14:06 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-05-11 00:48 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-05-11 00:48 315,392 ----a-w C:\Windows\HideWin.exe

2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll

2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll

2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll

2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll

2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll

2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe

2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe

2008-05-04 10:28 7,680 ----a-w C:\Windows\System32\ff_vfw.dll

2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe

2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll

2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 10:55 102400]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 17:33 457216]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 06:44 107112]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:42 22696]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 10:55 174616]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 15:17 707080]

"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 13:47 45056]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-14 10:55 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-14 10:54 8501792]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-14 10:55 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 10:56 4702208 C:\Windows\RtHDVCpl.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 18:30 151552]

 

C:\Users\Gjest 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Orion.lnk - C:\Convesoft\Orion\Messenger.exe [2007-08-31 19:42:22 2482176]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{076EC745-F577-417A-9FAD-34F4387961C7}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{EE7C081D-4161-49B8-9C96-1E4960D5DFC1}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{AEAC0F7A-ED71-4430-A83B-218DBA12596D}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{BB5E7DE3-C0BE-4E97-99CA-E55AFAD63DBA}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{3BD749C3-BFD4-48B5-B81A-20FE41F1D3DC}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{F8698A43-E445-493E-A832-D2545CA28F26}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{92199C02-B345-4D21-8771-DEE93EE64C7E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{2AFC701E-15AD-4EA7-9D02-93E275B81A39}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM

"TCP Query User{986E734C-9924-4E8F-BD4D-D69633F2A22D}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{F4C3C7B2-D476-452B-98D5-D94ED209DCAD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{27187307-A308-45A3-928F-3E13BF62BA15}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{9740C47C-A98F-4F8E-AFD1-3D32681E677E}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{782B48B9-E30C-453A-A152-84D1B2792EEA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{78A6CDF8-4D54-4F36-9135-A8B73AB71F85}"= Disabled:UDP:F:\setup\HPZNUI01.EXE:hpznui01.exe

"{74370735-153A-4545-9406-2F417E315005}"= Disabled:TCP:F:\setup\HPZNUI01.EXE:hpznui01.exe

"{4FDDF0BE-39E3-4D3A-80B0-461EBC73AAEC}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{8586B46B-ED80-4152-B83B-B495E7339A6A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{7D5761B1-BCDF-494B-A073-5D0BEE3419FB}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{9A055981-FAD5-4429-8581-306844EEF4B8}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{6350D667-FD05-4F6E-8DB8-78F00A18DF58}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{6FCB3E41-1A38-47E8-8719-952A9AD479CD}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{444F6684-E6EE-4759-9ABF-1226FB5A503C}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{C6FB538A-670A-499C-B800-2AA57E1DFD39}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{DA6012C7-09C1-4F4C-9A35-B13A9EB2D80E}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{A6F1AD06-F3EC-45A7-89DD-FEB6DD20EABC}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{D8DC38B8-FFCF-4F43-8EA6-748634EB524F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{6E8D58A3-1F11-4786-B49E-50F1370861E0}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{AB6EDFB9-95DF-46CF-9578-9D7EFD5C92EE}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{4C7682CE-ECB4-4694-BF0C-DA28B5707EB7}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{17E00B0C-283D-4F3E-B82F-C835EDBDB303}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{4E3B9C9E-1C3B-434C-9BFC-85FD9BFEC65B}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{E40A96FC-E0D2-4BAB-83E0-9A4821C74202}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{14C75875-8597-4D41-A3EB-9BB3279B3483}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{7BA5CC36-5FCB-4A33-8508-B68BD343893A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{1CEADEAC-9B40-4359-A7BB-658A28E3A513}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{C0119806-5037-4079-8FD4-D1AD0DAC0CBD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{6849CA34-CBC6-41E7-A375-7902BCC4CEC8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6B317AB5-CED8-4A10-A9AE-069FCCEE78C6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080716.002\IDSvix86.sys [2008-04-04 17:47]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-12-05 10:48]

R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2007-09-28 19:18]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 10:56]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 06:45]

R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-12-14 10:56]

S3 A310;AVerMedia A310 DVB-T;C:\Windows\system32\DRIVERS\AVerA310USB.sys [2007-07-10 04:16]

S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;C:\Windows\system32\drivers\AVerA310Cap.sys [2007-07-10 04:16]

S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-12-14 10:56]

S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-12-14 10:56]

S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-14 10:56]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cf678f6-1ef3-11dd-9f32-806e6f6e6963}]

\shell\AutoRun\command - F:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d997b8ec-527c-11dd-9dec-001e683543e0}]

\shell\AutoRun\command - E:\SETUP.EXE

\shell\configure\command - E:\SETUP.EXE

\shell\install\command - E:\SETUP.EXE

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-06-27 18:08:21 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Anker.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:

"2008-07-16 13:53:47 C:\Windows\Tasks\WebReg Photosmart C4380 series.job"

- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-eRecoveryService - (no file)

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-18 18:12:30

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Windows\System32\conime.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\System32\wbem\WMIADAP.exe

C:\Windows\System32\rundll32.exe

C:\Users\Anker\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Completion time: 2008-07-18 18:15:13 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-18 16:15:05

 

Pre-Run: 74,608,537,600 byte ledig

Post-Run: 74,160,590,848 byte ledig

 

308 --- E O F --- 2008-07-18 01:37:38

[snippsat]

Loggene er fine.

Grumset slett combofix og SAS.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf trygt.