ComboFix 09-03-14.02 - Lars Erik 2009-03-17 15:53:18.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3066.1696 [GMT 1:00] Kjører fra: c:\users\Lars Erik\Downloads\ComboFix.exe Command switches brukt :: c:\users\Lars Erik\Desktop\cfscript.txt AV: AVG Anti-Virus *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Mfcd 1 c:\programdata\Mfcd 1\bone great manager.exe c:\programdata\Mfcd 1\DUPE EXIT JOY TICK.exe c:\programdata\Mfcd 1\pwhdzywf.exe c:\users\All Users\Mfcd 1\bone great manager.exe c:\users\All Users\Mfcd 1\DUPE EXIT JOY TICK.exe c:\users\All Users\Mfcd 1\pwhdzywf.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-17 til 2009-03-17 ))))))))))))))))))))))))))))))))) . 2009-03-16 10:34 . 2009-03-16 10:34 d----c--- c:\windows\System32\DRVSTORE 2009-03-16 10:34 . 2009-03-16 10:34 d-------- c:\users\Lars Erik\AppData\Roaming\Apple Computer 2009-03-16 10:34 . 2009-03-16 10:34 d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 10:34 . 2009-03-16 10:34 d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 10:34 . 2009-03-16 10:34 d-------- c:\program files\iTunes 2009-03-16 10:34 . 2009-03-16 10:34 d-------- c:\program files\iPod 2009-03-16 10:34 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2009-03-16 10:34 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2009-03-16 10:33 . 2009-03-16 10:33 d-------- c:\program files\Bonjour 2009-03-16 10:32 . 2009-03-16 10:34 d-------- c:\users\All Users\Apple Computer 2009-03-16 10:32 . 2009-03-16 10:34 d-------- c:\programdata\Apple Computer 2009-03-16 10:32 . 2009-03-16 10:33 d-------- c:\program files\QuickTime 2009-03-16 10:32 . 2009-03-16 10:32 d-------- c:\program files\Apple Software Update 2009-03-16 10:31 . 2009-03-16 10:31 d-------- c:\users\All Users\Apple 2009-03-16 10:31 . 2009-03-16 10:31 d-------- c:\programdata\Apple 2009-03-16 10:31 . 2009-03-16 10:34 d-------- c:\program files\Common Files\Apple 2009-03-16 06:09 . 2008-01-21 03:24 333,203 -rahs---- C:\bootmgr 2009-03-16 05:52 . 2009-03-16 06:09 d--hs---- C:\Boot 2009-03-15 22:41 . 2009-03-15 22:41 d-------- c:\users\Lars Erik\AppData\Roaming\Malwarebytes 2009-03-15 22:41 . 2009-03-15 22:41 d-------- c:\users\All Users\Malwarebytes 2009-03-15 22:41 . 2009-03-15 22:41 d-------- c:\programdata\Malwarebytes 2009-03-15 22:41 . 2009-03-15 22:41 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-15 22:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-03-15 22:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-03-15 22:10 . 2009-03-15 22:12 d-------- c:\program files\Counter-Strike 1.6 2009-03-15 00:33 . 2009-03-15 00:33 d-------- c:\program files\File Shredder 2009-03-13 22:37 . 2009-03-13 22:38 d-------- c:\program files\Windows Live Safety Center 2009-03-11 20:50 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 20:50 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-08 17:15 . 2009-03-08 17:15 d-------- c:\program files\Microsoft Silverlight 2009-03-08 17:14 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-08 17:14 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-08 17:14 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-08 17:14 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-08 09:21 . 2009-03-08 09:21 d-------- c:\users\Lars Erik\AppData\Roaming\Publish Providers 2009-03-08 09:20 . 2009-03-08 09:20 d-------- c:\users\All Users\TEMP 2009-03-08 09:20 . 2009-03-08 09:20 d-------- c:\programdata\TEMP 2009-03-08 09:01 . 2009-03-08 09:20 d-------- c:\users\Lars Erik\AppData\Roaming\Sony 2009-03-08 08:55 . 2009-03-10 22:25 d-------- c:\program files\Microsoft SQL Server 2009-03-08 08:46 . 2009-03-08 09:00 d-------- c:\users\All Users\Sony 2009-03-08 08:46 . 2009-03-08 09:00 d-------- c:\programdata\Sony 2009-03-08 08:46 . 2009-03-08 08:46 d-------- c:\program files\Vstplugins 2009-03-08 08:46 . 2009-03-08 08:46 d-------- c:\program files\Sony 2009-03-08 08:45 . 2009-03-08 08:54 d-------- c:\program files\Sony Setup 2009-03-07 19:41 . 2009-03-07 19:41 d-------- c:\program files\Codec Pack Ultimate 2009-03-07 17:22 . 2009-03-07 17:22 d-------- c:\program files\PROnetworks 2009-03-06 21:25 . 2009-03-06 21:25 d-------- c:\users\Lars Erik\AppData\Roaming\DAEMON Tools Pro 2009-03-06 21:25 . 2009-03-06 21:25 d-------- c:\users\Lars Erik\AppData\Roaming\DAEMON Tools 2009-03-04 16:10 . 2009-03-04 16:10 d-------- c:\users\All Users\BVRP Software 2009-03-04 16:10 . 2009-03-04 16:10 d-------- c:\programdata\BVRP Software 2009-03-04 15:42 . 2009-03-04 15:42 d-------- c:\users\All Users\Sony Ericsson 2009-03-04 15:42 . 2009-03-04 15:42 d-------- c:\programdata\Sony Ericsson 2009-03-04 15:42 . 2009-03-09 09:43 d-------- c:\program files\Sony Ericsson 2009-03-03 23:51 . 2008-09-03 04:59 468,992 --a------ c:\windows\System32\newdev.dll 2009-03-03 23:51 . 2008-09-03 04:58 74,752 --a------ c:\windows\System32\newdev.exe 2009-03-03 23:31 . 2008-05-10 04:35 885,248 --a------ c:\windows\System32\RacEngn.dll 2009-03-03 23:31 . 2008-05-09 23:22 9,127 --a------ c:\windows\System32\RacUR.xml 2009-03-03 23:31 . 2008-05-09 23:22 153 --a------ c:\windows\System32\RacUREx.xml 2009-03-03 23:27 . 2009-03-03 23:27 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-03-02 09:11 . 2009-03-02 09:11 d-------- c:\program files\WinPcap 2009-03-02 00:49 . 2008-02-29 15:13 1,202,560 --a------ c:\windows\System32\drivers\AGRSM.sys 2009-03-02 00:49 . 2008-03-18 11:36 54,824 --------- c:\windows\System32\agrsmdel.exe 2009-03-02 00:49 . 2008-03-18 11:36 54,824 --a------ c:\windows\agrsmdel.exe 2009-03-02 00:49 . 2008-03-18 11:27 13,312 --a------ c:\windows\System32\agrsmsvc.exe 2009-03-02 00:49 . 2007-12-11 11:40 13,312 --------- c:\windows\System32\agrscoin.dll 2009-03-01 23:08 . 2009-03-01 23:08 d-------- c:\users\Lars Erik\AppData\Roaming\ImgBurn 2009-03-01 22:47 . 2009-03-01 22:47 d-------- c:\program files\HyCam2 2009-03-01 19:07 . 2009-03-01 19:07 d-------- c:\program files\PowerISO 2009-03-01 01:37 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll 2009-03-01 01:35 . 2009-03-01 01:35 d-------- c:\program files\Microsoft Works 2009-03-01 01:34 . 2009-03-08 08:56 d-------- c:\program files\Microsoft.NET 2009-03-01 01:32 . 2009-03-01 01:32 d-------- c:\program files\Microsoft Visual Studio 8 2009-03-01 01:31 . 2009-03-12 07:11 d-------- c:\users\All Users\Microsoft Help 2009-03-01 01:31 . 2009-03-12 07:11 d-------- c:\programdata\Microsoft Help 2009-03-01 01:29 . 2009-03-01 01:29 dr-h----- C:\MSOCache 2009-03-01 00:55 . 2009-03-16 16:37 d-------- c:\program files\Cain 2009-02-28 21:31 . 2009-03-15 20:02 d-------- c:\users\All Users\Google 2009-02-28 21:31 . 2009-03-15 20:02 d-------- c:\program files\Google 2009-02-28 11:21 . 2009-03-17 09:11 32,251 --a------ c:\users\All Users\nvModes.dat 2009-02-28 11:21 . 2009-03-17 09:11 32,251 --a------ c:\programdata\nvModes.dat 2009-02-28 11:13 . 2009-02-28 11:13 d-------- c:\users\All Users\NVIDIA 2009-02-28 11:13 . 2009-02-28 11:13 d-------- c:\programdata\NVIDIA 2009-02-28 11:10 . 2009-02-28 11:10 d-------- c:\windows\System32\AGEIA 2009-02-28 11:10 . 2009-02-28 11:10 d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-28 11:10 . 2009-02-28 11:10 d-------- c:\program files\AGEIA Technologies 2009-02-28 11:10 . 2009-02-09 13:18 801,312 --a------ c:\windows\System32\nvcplui.exe 2009-02-28 11:10 . 2009-02-09 13:18 420,384 --a------ c:\windows\System32\nvcpl.cpl 2009-02-28 02:22 . 2009-03-17 12:39 d--h----- C:\$AVG8.VAULT$ 2009-02-28 02:11 . 2009-02-27 17:18 d-------- c:\windows\Panther 2009-02-28 02:05 . 2009-02-28 02:05 d-------- c:\program files\Common Files\Adobe 2009-02-28 02:03 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-02-28 01:54 . 2009-02-28 01:54 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf 2009-02-28 01:53 . 2009-02-28 01:53 d-------- c:\program files\Synaptics 2009-02-28 01:53 . 2006-03-09 09:58 1,060,424 --a------ c:\windows\System32\WdfCoInstaller01000.dll 2009-02-28 01:53 . 2008-02-22 11:50 198,064 --a------ c:\windows\System32\drivers\SynTP.sys 2009-02-28 01:53 . 2008-02-22 10:58 196,608 --a------ c:\windows\System32\SynCtrl.dll 2009-02-28 01:53 . 2008-02-22 10:57 163,840 --a------ c:\windows\System32\SynCOM.dll 2009-02-28 01:53 . 2008-02-22 11:11 147,456 --a------ c:\windows\System32\SynTPAPI.dll 2009-02-28 01:53 . 2008-02-22 11:49 110,592 --a------ c:\windows\System32\SynTPCo4.dll 2009-02-28 01:46 . 2008-02-25 16:28 238,080 --a------ c:\windows\System32\ITEIO_64.dll 2009-02-28 01:46 . 2008-02-25 16:29 14,544 --a------ c:\windows\System32\drivers\TVicPort.sys 2009-02-28 01:46 . 2008-02-25 16:29 6,080 --a------ c:\windows\System32\drivers\zntport.sys 2009-02-28 01:41 . 2008-04-23 15:58 204,800 --a------ c:\windows\System32\SysHook.dll 2009-02-28 01:24 . 2009-03-16 17:18 d-------- c:\program files\Common Files\InstallShield 2009-02-28 01:17 . 2009-02-28 01:17 d-------- c:\program files\Acer 2009-02-28 01:17 . 2008-03-21 13:21 487,424 --a------ c:\windows\System32\INT15.dll 2009-02-28 01:17 . 2008-03-21 10:48 17,952 --a------ c:\windows\System32\drivers\int15_64.sys 2009-02-28 01:17 . 2008-03-21 10:48 15,392 --a------ c:\windows\System32\drivers\int15.sys 2009-02-28 00:56 . 2009-03-17 15:45 d-------- c:\users\Lars Erik\Incomplete 2009-02-28 00:54 . 2009-03-17 15:45 d-------- c:\users\Lars Erik\AppData\Roaming\FrostWire 2009-02-28 00:53 . 2009-02-28 00:54 d-------- c:\program files\FrostWire 2009-02-28 00:48 . 2009-02-28 00:47 410,984 --a------ c:\windows\System32\deploytk.dll 2009-02-28 00:42 . 2009-03-16 16:09 d-------- c:\users\Lars Erik\Tracing 2009-02-28 00:41 . 2009-02-28 00:41 d-------- c:\users\All Users\DAEMON Tools Lite 2009-02-28 00:41 . 2009-02-28 00:41 d-------- c:\programdata\DAEMON Tools Lite 2009-02-28 00:41 . 2009-02-28 20:25 d-------- c:\program files\DAEMON Tools Toolbar 2009-02-28 00:41 . 2009-02-28 00:41 d-------- c:\program files\DAEMON Tools Lite 2009-02-28 00:31 . 2009-02-28 00:32 d-------- c:\program files\Magic Video Converter 2009-02-28 00:31 . 2004-05-26 21:37 719,872 --a------ c:\windows\System32\devil.dll 2009-02-28 00:31 . 2003-03-19 11:03 544,768 --a------ c:\windows\System32\msvcr71d.dll 2009-02-28 00:31 . 2002-01-05 14:37 344,064 --a------ c:\windows\System32\msvcr70.dll 2009-02-28 00:31 . 2006-09-16 19:44 314,368 --a------ c:\windows\System32\avisynth.dll 2009-02-28 00:22 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2009-02-28 00:21 . 2009-02-28 00:21 d-------- c:\program files\YouTube Downloader 2009-02-28 00:20 . 2009-03-17 15:45 d-------- c:\users\Lars Erik\AppData\Roaming\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-12 06:12 --------- d-----w c:\program files\Windows Mail 2009-03-07 22:49 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-07 22:49 10,520 ----a-w c:\windows\System32\avgrsstx.dll 2009-03-01 00:34 --------- d-----w c:\program files\MSBuild 2009-02-28 09:43 80,051 ----a-w c:\windows\System32\slmgr.vbs 2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll 2009-01-30 14:42 1,257 ----a-w C:\silent.bat 2009-01-16 17:24 70,936 ----a-w c:\windows\System32\PhysXLoader.dll 2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll 2008-12-23 15:36 96,784 ----a-w c:\windows\System32\Packet.dll 2008-12-23 15:35 281,104 ----a-w c:\windows\System32\wpcap.dll 2008-12-23 15:33 53,299 ----a-w c:\windows\System32\pthreadVC.dll 2008-12-22 12:47 57,344 ----a-w c:\windows\System32\nvapo32v.dll 2008-12-22 12:47 19,456 ----a-w c:\windows\System32\nvhdap32.dll 2008-12-21 23:31 453,152 ----a-w c:\windows\System32\nvuhda.exe 2008-12-21 23:31 135,168 ----a-w c:\windows\System32\nvcohda.dll 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( SnapShot@2009-03-16_21.13.32,52 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-16 14:48:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-03-17 08:10:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-03-16 14:48:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-03-17 08:10:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-03-16 18:27:05 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-03-17 13:19:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-03-17 13:19:55 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-03-16 19:04:55 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-03-17 08:11:30 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-03-17 08:11:30 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-03-16 09:53:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-17 09:31:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-03-16 09:53:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-03-17 09:31:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-16 09:53:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-17 09:31:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-03-16 14:52:25 119,132 ----a-w c:\windows\System32\perfc009.dat + 2009-03-17 08:16:36 119,132 ----a-w c:\windows\System32\perfc009.dat - 2009-03-16 14:52:25 633,886 ----a-w c:\windows\System32\perfh009.dat + 2009-03-17 08:16:36 633,886 ----a-w c:\windows\System32\perfh009.dat - 2009-03-16 14:50:04 6,186 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3541046976-155896138-3030049883-1000_UserData.bin + 2009-03-17 08:11:54 6,362 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3541046976-155896138-3030049883-1000_UserData.bin - 2009-03-16 14:50:04 71,962 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-17 08:11:53 72,072 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-03-16 14:50:03 35,960 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-17 08:11:54 36,252 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Lars Erik\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-28 133104] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-31 793096] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-07 1601304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-28 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\program files\Codec Pack Ultimate\Filters\FFDShow\ff_vfw.dll "vidc.wmv3"= c:\progra~1\CODECP~1\Filters\wmv9vcm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-07 01:05 200704 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] --a------ 2008-07-02 16:16 393216 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2009-03-04 16:55 281392 c:\program files\uTorrent\uTorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{EF621767-876D-4CA2-8009-60D69BEB6AA0}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{8D4326F8-B1B8-4560-9B1C-BEDE8271931F}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "{81496330-39EE-4A51-9BFC-F4533F9BE696}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{780B164C-BFFF-48F9-9AD8-D57897AEDC31}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{6CF5AB7A-90A0-40A0-B2BF-7956CA9DA9C8}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{F4077B27-D307-4066-A830-C166B1BF345F}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{593E9A40-EDE3-4B2E-8C03-984536B957D8}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire "TCP Query User{4D45FB25-A2DA-46E3-93EB-6E36880A3E63}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility "UDP Query User{E73B4659-DA76-4BF8-8350-B67D6D0F9689}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility "{6DDE5593-F833-43A3-90DB-8CC9A5F9F52E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{81B3C39F-6853-40C2-A58A-3B01257C5026}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{2D7A9E23-1319-46A2-8B71-773420915F3C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3782EBA6-E5AB-4E08-B3D4-B0D61AB24EF0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{22A87562-7439-477F-84A0-715842D4B607}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{1111B0DC-F84E-4EC1-ACB2-5086EEA72E6B}c:\\program files\\empire earth\\empire earth.exe"= UDP:c:\program files\empire earth\empire earth.exe:Empire Earth "UDP Query User{4CB2F798-ED6F-4457-8FD5-F733339A2582}c:\\program files\\empire earth\\empire earth.exe"= TCP:c:\program files\empire earth\empire earth.exe:Empire Earth "TCP Query User{105B72AC-AACC-4391-96E5-90C612D38F12}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{49F8795B-A530-4DD2-B12E-963737C9376B}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar "TCP Query User{DAF4CD37-EF7A-4AAF-BADE-9A125F89F421}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{C6006AFE-D3F7-4A82-AAC7-CB8110B92DC1}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire "TCP Query User{C587859E-7EA4-4477-B562-AD146831FF6D}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility "UDP Query User{4E3DB473-0D86-4BBD-94D4-7552F96F1AFC}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility "TCP Query User{7938C673-012E-4D5B-A26C-C10B69EAF538}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{0606A5DE-6C4C-4F2F-9EF1-E66959BC2013}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{85B36ACC-8566-47D5-BE5B-65176ED61972}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{C0DF35B8-6AA8-4740-AB34-C00B0B19EBF6}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "TCP Query User{FC5D43B6-1C4F-44AE-84E4-41767C12FE2E}c:\\program files\\empire earth\\empire earth.exe"= UDP:c:\program files\empire earth\empire earth.exe:Empire Earth "UDP Query User{3854404A-C67A-4497-9EFA-5C0CD15AF4A0}c:\\program files\\empire earth\\empire earth.exe"= TCP:c:\program files\empire earth\empire earth.exe:Empire Earth "{7740E24B-A025-4A7A-84C0-7E8F7119F094}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A3F55D4E-369D-47F7-808B-A2630B6F1443}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{D562F644-0B0E-4BFC-B68D-1AEB9A52464A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{0F676479-28B5-4F2B-A015-170F128041D6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{A49F8A53-416D-4D4A-B318-EFCA01259C7A}c:\\program files\\utorrent\\utorrent.exe"= Disabled:UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{BBCD1EE9-B6B1-488E-B39F-53CE9BD5023C}c:\\program files\\utorrent\\utorrent.exe"= Disabled:TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{0FEA0DFC-A27A-46F7-9DC5-A8257DEE28A6}"= UDP:c:\program files\Counter-Strike 1.6\cstrike.exe:Counter-Strike 1.6 "{A726DC7C-2542-4B4F-A2F3-42BD5F6B5B64}"= TCP:c:\program files\Counter-Strike 1.6\cstrike.exe:Counter-Strike 1.6 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-02-27 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-27 107272] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-07 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-07 298264] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-02-28 24576] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-12-22 51232] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2008-12-23 50704] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541046976-155896138-3030049883-1000.job - c:\users\Lars Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-28 00:03] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.benjaminstrahs.com/start.php uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-17 15:54:57 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-03-17 15:56:41 ComboFix-quarantined-files.txt 2009-03-17 14:56:38 ComboFix2.txt 2009-03-17 08:25:40 ComboFix3.txt 2009-03-16 20:14:52 Pre-Run: 40 332 353 536 bytes free Post-Run: 40,303,243,264 bytes free 308 --- E O F --- 2009-03-17 08:14:52