ComboFix 08-12-13.03 - Magnus 2008-12-14 0:55:09.1 - NTFSx86 Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.2047.1246 [GMT 1:00] Kjører fra: c:\users\Magnus\Desktop\ComboFix.exe * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\X64 c:\windows\system32\X64\License.rtf c:\windows\system32\X64\Readme.txt c:\windows\system32\X64\setup.exe c:\windows\system32\X86 c:\windows\system32\X86\License.rtf c:\windows\system32\X86\Readme.txt c:\windows\system32\X86\setup.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-13 til 2008-12-13 ))))))))))))))))))))))))))))))))) . 2008-12-14 00:45 . 2008-12-14 00:45 d-------- c:\users\Magnus\AppData\Roaming\Malwarebytes 2008-12-14 00:45 . 2008-12-14 00:45 d-------- c:\users\All Users\Malwarebytes 2008-12-14 00:45 . 2008-12-14 00:45 d-------- c:\programdata\Malwarebytes 2008-12-14 00:45 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-14 00:45 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-13 17:29 . 2008-12-13 17:29 d-------- c:\program files\SmartFTP Client 3.0 Setup Files 2008-12-11 14:01 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-11 14:01 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-11 14:01 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-11 14:00 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-11 14:00 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll 2008-12-11 14:00 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2008-12-11 14:00 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll 2008-12-11 14:00 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe 2008-12-11 13:59 . 2008-10-16 03:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-12-11 13:58 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-08 21:06 . 2008-12-13 16:49 139,921,551 --a------ c:\windows\MEMORY.DMP 2008-12-07 17:09 . 2008-12-07 17:09 d-------- c:\program files\Intel 2008-12-07 17:08 . 2008-12-07 17:08 d-------- C:\Intel 2008-12-03 14:01 . 2008-12-03 19:06 d-------- c:\users\Magnus\AppData\Roaming\Winamp 2008-12-01 16:48 . 2008-12-01 16:48 268 --ah----- C:\sqmdata02.sqm 2008-12-01 16:48 . 2008-12-01 16:48 244 --ah----- C:\sqmnoopt02.sqm 2008-11-27 13:53 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-27 13:53 . 2008-08-28 04:37 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-27 13:53 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-27 13:53 . 2008-08-28 04:37 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-27 13:53 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-23 22:50 . 2002-12-20 14:02 1,077,336 --a------ c:\windows\System32\MSCOMCTL.OCX 2008-11-23 22:50 . 2002-12-20 14:02 1,077,336 --a------ c:\windows\system\MSCOMCTL.OCX 2008-11-23 22:49 . 2002-12-06 21:32 180,224 --a------ c:\windows\System32\SFmpq.dll 2008-11-23 22:49 . 2002-12-06 21:32 180,224 --a------ c:\windows\system\SFmpq.dll 2008-11-23 19:33 . 2008-11-12 13:45 453,152 --a------ c:\windows\System32\NVUNINST.EXE 2008-11-23 19:32 . 2008-11-23 19:32 d-------- C:\NVIDIA 2008-11-18 15:13 . 2008-12-14 00:33 d-------- c:\windows\System32\drivers\Avg 2008-11-18 15:13 . 2008-11-18 15:13 d-------- c:\users\All Users\avg8 2008-11-18 15:13 . 2008-11-18 15:13 d-------- c:\programdata\avg8 2008-11-18 15:13 . 2008-11-18 15:13 d-------- c:\program files\AVG 2008-11-18 15:13 . 2008-11-18 15:13 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys 2008-11-18 15:13 . 2008-11-18 15:13 10,520 --a------ c:\windows\System32\avgrsstx.dll 2008-11-14 15:41 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-14 15:41 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-14 15:41 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-14 15:41 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-14 15:41 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-14 15:41 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-14 15:41 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-14 15:41 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-14 15:41 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-13 16:20 . 2008-11-13 16:20 203,540 --a------ c:\windows\System32\nvapps.xml 2008-11-13 14:01 . 2008-11-13 14:01 d-------- c:\users\Magnus\AppData\Roaming\Gearbox Software . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-13 17:15 17,659 ----a-w c:\windows\system32\drivers\InetLock.sys 2008-12-13 14:31 --------- d-----w c:\users\Magnus\AppData\Roaming\gtk-2.0 2008-12-11 17:41 --------- d-----w c:\program files\Windows Mail 2008-12-09 22:11 --------- d-----w c:\users\Magnus\AppData\Roaming\uTorrent 2008-12-08 20:09 30,520 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-08 20:09 107,832 ----a-w c:\windows\System32\PnkBstrB.exe 2008-12-07 16:12 --------- d-----w c:\users\Magnus\AppData\Roaming\OpenOffice.org2 2008-12-06 18:18 --------- d---a-w c:\programdata\TEMP 2008-12-03 18:05 --------- d-----w c:\program files\Common Files\Steam 2008-11-23 18:51 --------- d-----w c:\programdata\NVIDIA 2008-11-23 18:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-18 14:46 --------- d-----w c:\program files\Common Files\Adobe 2008-11-15 13:37 --------- d-----w c:\users\Magnus\AppData\Roaming\dvdcss 2008-11-08 18:33 --------- d-----w c:\users\Magnus\AppData\Roaming\Downloaded Installations 2008-11-07 20:28 --------- d-----w c:\programdata\Blizzard 2008-11-01 17:38 --------- d-----w c:\users\Magnus\AppData\Roaming\SystemRequirementsLab 2008-11-01 17:38 --------- d-----w c:\program files\SystemRequirementsLab 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-28 12:50 --------- d--h--r c:\users\Magnus\AppData\Roaming\SecuROM 2008-10-28 12:45 22,328 ----a-w c:\users\Magnus\AppData\Roaming\PnkBstrK.sys 2008-10-28 12:45 2,250,024 ----a-w c:\windows\System32\pbsvc.exe 2008-10-28 12:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-26 13:50 --------- d-----w c:\programdata\TopLang 2008-10-26 10:45 --------- d-----w c:\program files\NCH Swift Sound 2008-10-25 12:37 --------- d-----w c:\users\Magnus\AppData\Roaming\NCH Swift Sound 2008-10-22 19:32 --------- d-----w c:\users\Magnus\AppData\Roaming\DivX 2008-10-22 19:20 --------- d-----w c:\program files\Common Files\PX Storage Engine 2008-10-22 19:19 --------- d-----w c:\users\Magnus\AppData\Roaming\mIRC 2008-10-22 11:19 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-19 12:48 --------- d-----w c:\programdata\F-Secure 2008-10-18 09:58 --------- d-----w c:\programdata\TrackMania 2008-10-06 19:55 107,888 ----a-w c:\windows\System32\CmdLineExt.dll 2008-10-06 17:33 1,912 ----a-w c:\windows\System32\ealregsnapshot1.reg 2008-10-06 14:53 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2008-09-26 16:24 413,696 ----a-w c:\windows\System32\wrap_oal.dll 2008-09-26 16:24 110,592 ----a-w c:\windows\System32\OpenAL32.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-09-17 22:55 704,512 ----a-w c:\windows\System32\nvsvsr.dll 2008-09-17 22:55 5,806,624 ----a-w c:\windows\System32\nvdispsr.dll 2008-09-17 22:55 465,440 ----a-w c:\windows\System32\nvmccssr.dll 2008-09-17 22:55 4,155,936 ----a-w c:\windows\System32\nvvitvsr.dll 2008-09-17 22:55 3,463,712 ----a-w c:\windows\System32\nvgamesr.dll 2008-09-17 22:55 2,988,576 ----a-w c:\windows\System32\nvwssr.dll 2008-09-17 22:55 2,861,600 ----a-w c:\windows\System32\nvmoblsr.dll 2008-09-17 22:55 143,360 ----a-w c:\windows\System32\nvcolor.exe 2008-09-17 22:55 122,880 ----a-w c:\windows\System32\nvcodhins.dll 2008-09-17 22:55 122,880 ----a-w c:\windows\System32\nvcodh.dll 2008-09-17 22:55 122,880 ----a-w c:\windows\System32\nvcod134.dll 2008-09-17 22:55 1,108,512 ----a-w c:\windows\System32\nvCplUIR.dll 2008-09-16 00:14 524,288 ----a-w c:\windows\System32\DivXsm.exe 2008-09-16 00:14 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll 2008-09-16 00:14 129,784 ------w c:\windows\System32\pxafs.dll 2008-09-16 00:12 81,920 ----a-w c:\windows\System32\dpl100.dll 2008-09-16 00:12 593,920 ----a-w c:\windows\System32\dpuGUI11.dll 2008-09-16 00:12 57,344 ----a-w c:\windows\System32\dpv11.dll 2008-09-16 00:12 53,248 ----a-w c:\windows\System32\dpuGUI10.dll 2008-09-16 00:12 344,064 ----a-w c:\windows\System32\dpus11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\System32\dpu11.dll 2008-09-16 00:12 294,912 ----a-w c:\windows\System32\dpu10.dll 2008-09-16 00:12 200,704 ----a-w c:\windows\System32\ssldivx.dll 2008-09-16 00:12 196,608 ----a-w c:\windows\System32\dtu100.dll 2008-09-16 00:12 1,044,480 ----a-w c:\windows\System32\libdivx.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\System32\divx_xx0c.dll 2008-09-16 00:11 823,296 ----a-w c:\windows\System32\divx_xx07.dll 2008-09-16 00:11 815,104 ----a-w c:\windows\System32\divx_xx0a.dll 2008-09-16 00:11 802,816 ----a-w c:\windows\System32\divx_xx11.dll 2008-09-16 00:11 683,520 ----a-w c:\windows\System32\DivX.dll 2008-09-16 00:11 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe 2008-09-16 00:11 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll 2008-09-15 16:15 24 ----a-w c:\users\Magnus\jagex_runescape_preferences.dat 2008-05-24 12:59 174 --sha-w c:\program files\desktop.ini 2002-08-07 23:11 319,488 ----a-r c:\users\Magnus\AppData\Roaming\MafiaSetup.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StatBar"="e:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872] "NVIDIA nTune"="e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Google Update"="c:\users\Magnus\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "RivaTunerStartupDaemon"="e:\program files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 24576] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="e:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "CTCheck"="c:\program files\Creative\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-31 c:\windows\RtHDVCpl.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-19 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCFNT.SYS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderPrivacy_S] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] --a------ 2008-11-27 13:48 1261336 e:\progra~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] --a------ 2008-03-13 15:48 1443072 e:\program files\ESET\ESET NOD32 Antivirus\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{FB810D31-539D-43DE-8D52-76BB4FF2FA53}e:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:e:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "UDP Query User{5B41862C-2D99-452D-B6A1-39FD189EBC13}e:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:e:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "{193F6F9B-6E69-4CBB-8469-5BBC0F548A22}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{160A66F3-784D-403E-8C1D-E541378B3FA0}e:\\program files\\bitlord\\bitlord.exe"= UDP:e:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{F161A9C1-23DD-4880-9430-74B8345DE22D}e:\\program files\\bitlord\\bitlord.exe"= TCP:e:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{2F693375-9D86-4141-95DA-E49F5A908AA8}e:\\program files\\tmnationsforever\\tmforever.exe"= UDP:e:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{D57F7634-975C-47DA-821D-4E35202B1676}e:\\program files\\tmnationsforever\\tmforever.exe"= TCP:e:\program files\tmnationsforever\tmforever.exe:TmForever "TCP Query User{75A86AD9-FA67-46BE-98C5-11FB32CC3217}e:\\program files\\valve\\steam\\steamapps\\-=[sa]=- potetfar\counter-strike\hl.exe"= UDP:e:\program files\valve\steam\steamapps\-=[sa]=- potetfar\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{1ABB3D3E-6973-4E70-B3A0-98A739BED8DC}e:\\program files\\valve\\steam\\steamapps\\-=[sa]=- potetfar\counter-strike\hl.exe"= TCP:e:\program files\valve\steam\steamapps\-=[sa]=- potetfar\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{A2806CB4-B959-4083-ABE5-C324938AC679}c:\\windows\\system32\\solidstatenetworks\\solidstateion\\solidnm.exe"= UDP:c:\windows\system32\solidstatenetworks\solidstateion\solidnm.exe:solidnm "UDP Query User{39A55A44-2A56-48FA-82DD-49A6A56642BD}c:\\windows\\system32\\solidstatenetworks\\solidstateion\\solidnm.exe"= TCP:c:\windows\system32\solidstatenetworks\solidstateion\solidnm.exe:solidnm "{79AA0D38-CCFD-4E30-9132-93829638639B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{15163631-460D-420E-8652-5F68E8C90340}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps "UDP Query User{6CB903BD-2814-4A7F-BC1E-02CB2321FC7E}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps "TCP Query User{0A31D44F-623A-4709-AC79-6598D35229EF}e:\\program files\\valve\\steam\\steamapps\\-=[sa]=- potetfar\counter-strike source\hl2.exe"= UDP:e:\program files\valve\steam\steamapps\-=[sa]=- potetfar\counter-strike source\hl2.exe:hl2 "UDP Query User{BBF3CF13-D328-4145-A997-720883FE51AC}e:\\program files\\valve\\steam\\steamapps\\-=[sa]=- potetfar\counter-strike source\hl2.exe"= TCP:e:\program files\valve\steam\steamapps\-=[sa]=- potetfar\counter-strike source\hl2.exe:hl2 "TCP Query User{EC2E3FC0-05E1-47A4-B2F7-ABC9980A99D6}e:\\program files\\ea games\\medal of honor pacific assault(tm)\\mohpa.exe"= UDP:e:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm) "UDP Query User{DB747604-B979-48D6-BAD0-50739C93BB25}e:\\program files\\ea games\\medal of honor pacific assault(tm)\\mohpa.exe"= TCP:e:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm) "TCP Query User{0268530E-2C75-47D8-A661-C51CE1236D9D}e:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:e:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game "UDP Query User{76B8E8D3-30B3-46FC-B0C2-AA44F2B34F40}e:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:e:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game "TCP Query User{3BB58C57-62BB-487C-AD81-F262C6967A79}e:\\program files\\frostwire\\frostwire.exe"= UDP:e:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{050C7738-3CA9-4647-B7D8-307830E3E77D}e:\\program files\\frostwire\\frostwire.exe"= TCP:e:\program files\frostwire\frostwire.exe:FrostWire "{1DEAA8D5-0F06-4366-8A3C-972FC60F7BCE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FEBC421A-979D-45D6-80A1-A843AAAB156A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DE452942-0723-4F18-AE88-29825CC6858C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{2D822682-9688-4F00-9003-AD61CB7BA232}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{CAEC8132-C268-42E3-9491-1BDADD00F2C6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{9877D24F-BC98-4148-8D0E-17AEBF707991}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{3608909E-7127-4C6C-9EC2-D739E45B1F3B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{499536BE-F60F-425F-A885-64E3712B1F98}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{58A10FD9-C7F9-4322-9FAE-0C1BFC502450}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DFA80233-5349-4BEC-AD72-71C60EA98088}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D40CDB2F-7C98-4AA0-BF25-6DC760CB5EE4}e:\\program files\\mirc\\mirc.exe"= UDP:e:\program files\mirc\mirc.exe:mIRC "UDP Query User{BA1FA625-3B36-4CC2-B371-E14E8D849E46}e:\\program files\\mirc\\mirc.exe"= TCP:e:\program files\mirc\mirc.exe:mIRC "{48293299-1D0D-430C-835D-780D48653410}"= UDP:e:\uinst\WoW Test Server Shit\WoW-enGB-Installer-downloader.exe:Blizzard Downloader "{2576C696-46EC-41A2-AFDC-5B3893F83A73}"= TCP:e:\uinst\WoW Test Server Shit\WoW-enGB-Installer-downloader.exe:Blizzard Downloader "{64B3DC26-A983-461D-ABCA-35383CE0E7ED}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{79C392DA-1B16-4BF9-B1B5-3349C48130C1}e:\\gammel loldisk backup\\half-life\\backup\\hl.exe"= UDP:e:\gammel loldisk backup\half-life\backup\hl.exe:Half-Life Launcher "UDP Query User{331919E8-D856-46BD-84F7-E1EA9207A25E}e:\\gammel loldisk backup\\half-life\\backup\\hl.exe"= TCP:e:\gammel loldisk backup\half-life\backup\hl.exe:Half-Life Launcher "{2DDD9810-70DF-4BD6-A3D4-5B0482D4C92A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{59846C81-1B88-4E0B-8122-8ACAF6357661}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4AB0E5B8-A0C0-41CF-825E-4CBA84FC2321}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FE8A1BB7-4D84-4C54-BF42-187FE583ACEC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F37EC191-E268-43C2-B7BF-E294B212DC0E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{26CD93A2-F760-41A7-9ED2-02FD4BAB7D7A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{2D3F137E-F4CE-4F3B-B41F-335B6DE481BA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{65991339-CA14-4794-897C-333B776F3BD7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DC0C6076-AAEF-4DBB-B77F-5A22D4CA9200}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7EAF38A6-C28E-41C9-8A05-A68E11A8A510}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B9A00A82-0C2E-4BFF-BC2E-6B1B85B0B3BB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B0F39A88-C4D0-4D5A-BE46-60930BCE4CCF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F7F8B5B2-2B44-4463-9F32-9A3C4A768727}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{15AC49F8-D15E-4733-8242-5FA42C267442}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{291E1945-0126-45E1-9917-94BA8026E7EC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DDE3A5F5-5A53-4230-9BFB-FC61A0F4173C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{3CFB084E-FFF3-4F2B-A974-8C9690AAC0CB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{0A682C21-4753-4CB0-9DAB-1BD55083387B}"= UDP:e:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2ACE0617-7B44-409C-B001-264561C21E35}"= TCP:e:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{C1073435-D7FD-4909-9943-57F74D0C14CB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{8398EAE6-2F11-4CC2-8AB9-55A272C3D5E0}"= UDP:e:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{36A4B0D6-CBC4-4C4D-8536-58C530AAA347}"= TCP:e:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{195EE92F-CA25-4BF0-BCD3-5C4694A8F6B1}"= UDP:e:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{89B5B122-F1A6-412B-922C-AA4D709F985A}"= TCP:e:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{4FFC1925-041D-4D75-BD0B-9EA5F98D4949}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{75270E29-1751-4F3A-83AC-ECA162529536}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{81E60E1C-C1CE-4C78-B948-D1F2AF33B324}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{AEE28AF9-12F7-4104-A089-981C0A0B4CB1}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{82317B3B-6DB5-4617-BF74-C1F892F31FA5}"= UDP:e:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{A28DB022-8AA0-4993-BAC6-D7F42AE9396F}"= TCP:e:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{3A009E2F-794D-4853-A458-7A4EDAB719BE}"= UDP:e:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{1A6BDE5B-C583-4861-92AA-4934910B2ED2}"= TCP:e:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{C57D12F4-07A8-4D69-B9F0-D2E4D243689E}"= UDP:e:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{2B610F78-0D27-424E-B28D-DA2292F7E612}"= TCP:e:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{C81FFC9F-B428-42BC-803B-AF2827946F30}"= Disabled:UDP:e:\program files\id Software\Quake 4\Quake4.exe:Quake 4 "{97CF9D51-C0A3-4C08-81AF-4C1560E4EB6E}"= Disabled:TCP:e:\program files\id Software\Quake 4\Quake4.exe:Quake 4 "TCP Query User{AA1D9EE4-798D-4B05-BA8F-11BDE573FE58}e:\\program files\\opera\\opera.exe"= UDP:e:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{E8B5D34C-0C8F-4A70-B864-86E19D0031DC}e:\\program files\\opera\\opera.exe"= TCP:e:\program files\opera\opera.exe:Opera Internet Browser "{6359A399-337C-4B06-91E4-8F2712835ECE}"= UDP:e:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox "{E7CA7470-A6F8-400D-A042-A4639FBA2E6B}"= TCP:e:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox "{E8F97289-48E4-4FF4-98A5-96B514C54B5D}"= UDP:e:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{CE98BBDF-F8D0-40F6-B69A-B44EFAB84DB2}"= TCP:e:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{AB1673A2-3CC6-45E8-B97E-61CEF5683929}"= UDP:e:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{61CC0432-D152-41DA-9045-DAD8CAB80F05}"= TCP:e:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{24524E6E-EB56-4C21-9145-CFED4EA1FBA8}"= UDP:e:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "{55569CCB-D47A-4204-B829-4475CD52311D}"= TCP:e:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "TCP Query User{93A0855E-23DA-4937-9B5A-BE7299AE18BF}e:\\program files\\utorrent\\utorrent.exe"= UDP:e:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{28EEF260-6DFC-416D-B4B9-EE5BB9C16D30}e:\\program files\\utorrent\\utorrent.exe"= TCP:e:\program files\utorrent\utorrent.exe:µTorrent "{AF66422A-3118-4C54-8FD4-319608EB7604}"= e:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{7C9580B7-C972-4989-A046-99D2F413B0E4}"= UDP:e:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{9AACB6FA-54AF-4F37-B371-6B7613537F64}"= TCP:e:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-18 97928] R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800] R1 FDCFNT;FDCFNT;\??\c:\windows\system32\drivers\FDCFNT.SYS [2008-08-14 47470] R2 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-18 231704] R2 ekrn;Eset Service;"e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-03-13 472320] R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\Inetlock.sys [2008-07-07 17659] R2 INETLOCKSVC;Internet Lock Service;e:\program files\Internet Lock\ILSvc.exe [2008-07-23 139264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbabe87b-6796-11dd-be21-001d923517b0}] \shell\AutoRun\command - G:\setup.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-11 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\users\Magnus\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 15:46] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-14 00:58:12 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run StatBar = e:\program files\Globe Software\StatBar\StatBar.exe??? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(836) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(680) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-14 1:02:38 ComboFix-quarantined-files.txt 2008-12-14 00:02:35 Pre-Run: 46 396 846 080 bytes free Post-Run: 46,199,635,968 bytes free 328 --- E O F --- 2008-12-13 01:09:53