Fått virus, Kan noen hjelpe?[løst]

[Orochimaru]

Jaja, da har jeg fått et virus på PC'en (Muligens flere, siden det mest sannsynelig var en trojaner)

Jeg har kjørt SAS, og AVG 8.0 I sikkerhetsmodus. Desverre er den der fremdeles. Og jeg kan ikke gå inn i vanlig modus, uten at jeg nesten får bluescreen.

Kjære diskusjon.no. Hjelp meg!

 

HiJackThis-Logg!

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:20, on 2008-09-01

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: QXK Olive - {7AFF0558-B4DF-4D98-B741-60169574D2D1} - C:\Windows\vanwxemgqep.dll

O2 - BHO: D - {7BF7A33F-3837-3843-A91D-6B5EB796312A} - C:\Windows\system32\mmx90217.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bisonInst0402] C:\Windows\BR040286.exe

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jKaxyxyY.dll,#1

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Run] "C:\Users\Othar\AppData\Roaming\Adobe\Manager.exe"

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Othar\AppData\Local\Temp\khfDwuVP.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Othar\AppData\Local\Temp\qoMdBRjk.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Nedlasting alle med Free Nedlasting Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Nedlasting med Free Nedlasting Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Nedlasting valgte med Free Nedlasting Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: xrdwbfgn - {75A83CAC-B234-4804-BEF4-D0EC192D5F85} - C:\Windows\xrdwbfgn.dll

O21 - SSODL: dgksvbpn - {3280251A-A870-4BC2-B149-5F207D9C950D} - C:\Windows\dgksvbpn.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10821 bytes

 

Takker på forhånd!

Endret 1. september 2008 av Orochimaru

[Svenni212000]

Denne guiden er en god start.

[norbat]

Alt.

 

Punkt 1:

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

 

Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

 

Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere.

 

Punkt 2:

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggene fra combofix og mbam.

Endret 1. september 2008 av norbat

[Orochimaru]

Praise you, norbat! Hva mener du med alt?

Uansett, her er loggene!

 

Klikk for å se/fjerne innholdet nedenfor

MBM:

Malwarebytes' Anti-Malware 1.25

Database versjon: 1103

Windows 6.0.6001 Service Pack 1

 

20:14:47 01.09.2008

mbam-log-09-01-2008 (20-14-42).txt

 

Skanntype: Rask Skann

Objekter skannet: 40088

Tid tilbakelagt: 3 minute(s), 9 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 14

Registerverdier infisert: 7

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 15

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\CLSID\{0e2166d6-02c1-4210-883c-28b42ff0977d} (Trojan.Vundo) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{3d72f15b-24a2-4880-b8e5-7944d2ee4a27} (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{0c63fd70-fc74-46f1-ac6c-85f1e47a2e75} (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{af9bdb20-9e34-4a79-85cb-37f97a9a9fd2} (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7aff0558-b4df-4d98-b741-60169574d2d1} (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7aff0558-b4df-4d98-b741-60169574d2d1} (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{2f0bc2b8-a2e8-4c8f-b6ac-f20feea7e96d} (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{75a83cac-b234-4804-bef4-d0ec192d5f85} (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{3280251a-a870-4bc2-b149-5f207d9c950d} (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{43ecbe1c-aaa2-4dd6-8b4e-0d1df70dd50f} (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\gksraemq.bkte (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bf7a33f-3837-3843-a91d-6b5eb796312a} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7bf7a33f-3837-3843-a91d-6b5eb796312a} (Trojan.BHO) -> No action taken.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0e2166d6-02c1-4210-883c-28b42ff0977d} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xrdwbfgn (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dgksvbpn (Trojan.FakeAlert) -> No action taken.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Users\Othar\AppData\Roaming\Adobe\Manager.exe (Backdoor.Bot) -> No action taken.

C:\Windows\System32\jKaxyxyY.dll (Malware.Trace) -> No action taken.

C:\Users\Othar\AppData\Local\Temp\khfDwuVP.dll (Malware.Trace) -> No action taken.

C:\Users\Othar\AppData\Local\Temp\qoMdBRjk.dll (Malware.Trace) -> No action taken.

C:\Windows\System32\efcARifF.dll (Trojan.Vundo) -> No action taken.

C:\Windows\System32\efCTMFyv.dll (Trojan.Vundo) -> No action taken.

C:\Windows\vanwxemgqep.dll (Trojan.FakeAlert) -> No action taken.

C:\Windows\xrdwbfgn.dll (Trojan.FakeAlert) -> No action taken.

C:\Windows\sxmaokgf.exe (Trojan.FakeAlert) -> No action taken.

C:\Windows\dgksvbpn.dll (Trojan.FakeAlert) -> No action taken.

C:\Users\Othar\AppData\Local\Temp\HDVideodll_ver1.5897.0.exe (Trojan.Agent) -> No action taken.

C:\Users\Othar\AppData\Local\Temp\lwpwer.exe (Trojan.FakeAlert) -> No action taken.

C:\Users\Othar\AppData\Local\Temp8.php (Trojan.FakeAlert) -> No action taken.

C:\Users\Othar\AppData\Local\Temp\ac8zt2\vanwxemgqep.dll (Trojan.FakeAlert) -> No action taken.

C:\Windows\System32\mmx90217.dll (Trojan.BHO) -> No action taken.

 

Slettet alle sammen.

 

AVG Nekter å la meg kjøre ComboFix....

Endret 1. september 2008 av Zeph

[norbat]

- slå av AVG og la combofix få kjøre

 

(Alt. = Alternativ)

[Orochimaru]

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-08-31.01 - Othar 2008-09-01 20:25:38.2 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1494 [GMT 2:00]

Running from: C:\Downloads\Software\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Tuner\Liteon\Resources\_desktop.ini

C:\DRV\Tuner\Yuan\Resources\_desktop.ini

C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat

C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat

C:\update.exe

C:\Users\Othar\AppData\Roaming\Adobe\crc.dat

C:\Windows\system32\dDSmkJbX.dll

C:\Windows\system32\mx90217.dll

C:\Windows\system32\x64

.

---- Previous Run -------

.

C:\Windows\system32\ACER.exe

 

----- BITS: Possible infected sites -----

 

 

.

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-01 18:24 --------- d-----w C:\Users\Othar\AppData\Roaming\Free Download Manager

2008-09-01 18:22 --------- d-----w C:\PROGRA~2\eMule

2008-09-01 17:26 --------- d-----w C:\Users\Othar\AppData\Roaming\Malwarebytes

2008-09-01 17:26 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-09-01 17:26 --------- d-----w C:\PROGRA~2\Malwarebytes

2008-09-01 17:05 --------- d-----w C:\Program Files\Steam

2008-09-01 16:19 15,872 ----a-w C:\StarCodec_ver1.5897.0.exe

2008-09-01 16:18 73,728 ----a-w C:\MediaTube_ver1.1573.0.exe

2008-09-01 16:00 --------- d-----w C:\Users\Othar\AppData\Roaming\uTorrent

2008-09-01 06:59 97,928 ----a-w C:\Windows\system32\drivers\avgldx86.sys

2008-08-30 13:20 55,335 ----a-w C:\Users\Othar\AppData\Roaming\nvModes.dat

2008-08-29 15:01 --------- d-----w C:\Program Files\World of Warcraft

2008-08-21 07:08 --------- d-----w C:\Program Files\Windows Mail

2008-08-20 17:30 --------- d-----w C:\PROGRA~2\Microsoft Help

2008-08-20 17:16 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-19 21:23 --------- d-----w C:\Program Files\ESF Tool

2008-08-18 10:34 669,184 ----a-w C:\Windows\System32\pbsvc.exe

2008-08-18 10:34 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-08-18 10:34 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-08-18 10:34 22,328 ----a-w C:\Users\Othar\AppData\Roaming\PnkBstrK.sys

2008-08-18 10:34 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-08-18 10:32 --------- d-----w C:\PROGRA~2\Media Center Programs

2008-08-18 10:21 --------- d-----w C:\Program Files\Electronic Arts

2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys

2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-08-17 02:43 --------- d-----w C:\Users\Othar\AppData\Roaming\LimeWire

2008-08-17 01:20 --------- d-----w C:\Program Files\Warcraft III

2008-08-17 00:56 2,829 ----a-w C:\Windows\War3Unin.pif

2008-08-17 00:56 139,264 ----a-w C:\Windows\War3Unin.exe

2008-08-10 19:08 --------- d-----w C:\Program Files\Common Files\Steam

2008-08-09 09:45 --------- d-----w C:\Program Files\MySQL

2008-08-03 19:27 --------- d-----w C:\Program Files\Trend Micro

2008-08-01 18:01 --------- d-----w C:\Program Files\Microsoft Games

2008-08-01 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-01 17:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-27 21:33 --------- d-----w C:\Program Files\Free Download Manager

2008-07-27 21:33 --------- d-----w C:\PROGRA~2\FreeDownloadManager.ORG

2008-07-27 14:22 --------- d-----w C:\Program Files\PremiumSoft

2008-07-25 17:34 --------- d-----w C:\Users\Othar\AppData\Roaming\teamspeak2

2008-07-25 17:30 --------- d-----w C:\Program Files\Teamspeak2_RC2

2008-07-22 22:03 --------- d-----w C:\Users\Othar\AppData\Roaming\Hamachi

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-15 13:43 --------- d-----w C:\Users\Othar\AppData\Roaming\Media Center Programs

2008-07-15 13:25 --------- d-----w C:\Users\Othar\AppData\Roaming\InstallShield Installation Information

2008-07-13 15:34 --------- d-----w C:\Program Files\LucasArts

2008-07-10 14:19 278,728 ----a-w C:\Windows\system32\drivers\atksgt.sys

2008-07-10 14:19 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys

2008-07-10 14:12 --------- d-----w C:\Program Files\Ubisoft

2008-07-04 13:36 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys

2008-07-04 13:36 10,520 ----a-w C:\Windows\System32\avgrsstx.dll

2008-07-01 12:37 --------- d-----w C:\Users\Othar\AppData\Roaming\Petroglyph

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-03-23 00:30 174 --sha-w C:\Program Files\desktop.ini

2008-02-05 18:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-02-05 18:01 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-02-05 18:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 15:41 970752]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:23 221568]

"Steam"="c:\program files\steam\steam.exe" [2008-04-17 19:06 1271032]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-01 13:48 1470464]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 01:33 457216]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 13:38 40048]

"BisonInst0402"="C:\Windows\BR040286.exe" [2007-05-09 06:48 53248]

"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 15:54 1286144]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 11:41 845360]

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-23 00:49 151552]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-01 08:59 1235736]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-23 00:49 151552]

 

C:\Users\Othar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-02-20 12:37:22 546816]

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-09 01:01:06 535336]

 

C:\Users\Othar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-02-20 12:37:22 546816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= Pvmjpg30.dll

"VIDC.I420"= vdrcodec.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000004

"AntiVirusOverride"=dword:00000004

"FirewallOverride"=dword:00000004

"UpdatesDisableNotify"=dword:00000004

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{3652E95A-13D0-406D-BD67-B11585A532B9}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{19A5E2DD-5873-4F5F-B880-E512C211D97E}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{29226A04-C324-4418-956C-28C554112675}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{504B06D6-D6FC-479A-B22C-E33C004A55A6}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{015BEBF1-E63B-4A76-8527-E68A653B1855}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{458D7522-B1F8-4A09-9DE3-396B896A1D7F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A3F9AA91-F729-4B58-84EC-34D1B59AD8B3}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{6B01CD46-B213-4B2A-979F-D70544BBB888}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{AE64CC2C-93FF-4086-BD87-2F0D29EF06B6}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{B0800DAB-BEF9-4A52-AC6C-81D6D7F42179}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{BF64C1E4-8A29-4578-AFBD-B1217B22A38C}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire

"{6ECE21F5-8EDD-42A3-9147-6CA1CA608776}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire

"TCP Query User{F539EE78-A55C-4352-84D4-C00D915EA3C2}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{F04AC4DF-5C6E-4A62-B91A-45D52ED00A6D}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"{ABF6DD6E-8B06-429C-B527-218101A38D1A}"= UDP:18956:Listening Port for Bitcomet

"TCP Query User{D72F866D-690C-4E61-AAA7-532B7ECF11B3}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord

"UDP Query User{929703C9-8FF1-4DE5-B69B-FE135947F4AE}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord

"{5BC27A44-5916-4FD6-8E4A-B6820C824E1C}"= UDP:13653:Bitlord List.port

"TCP Query User{A648F631-C9E6-44BD-A203-C2E7AA60EC62}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{0A8EEF54-FED2-4B1D-BD5A-8F5494E8B171}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{1ECF21D1-B7C6-4F92-86E5-3E55A5774714}C:\\program files\\codemasters\\overlord\\overlord (2).exe"= UDP:C:\program files\codemasters\overlord\overlord (2).exe:Overlord (2)

"UDP Query User{3CC3102F-1245-4BC0-A721-83FF89CBAB33}C:\\program files\\codemasters\\overlord\\overlord (2).exe"= TCP:C:\program files\codemasters\overlord\overlord (2).exe:Overlord (2)

"TCP Query User{9CDAC321-7E64-45C4-8B5D-FCAAEE5A994F}C:\\users\\othar\\desktop\\prorat\\pi2.2.0.exe"= UDP:C:\users\othar\desktop\prorat\pi2.2.0.exe:pi2.2.0.exe

"UDP Query User{7B45A425-E0B9-4A75-8994-302EBFE298BD}C:\\users\\othar\\desktop\\prorat\\pi2.2.0.exe"= TCP:C:\users\othar\desktop\prorat\pi2.2.0.exe:pi2.2.0.exe

"{0918A194-98FB-49AC-95E4-F584241D6752}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{C8E947A8-9469-493D-877D-5859F3993EAC}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{F0995043-3792-4AAC-B44D-05541600743E}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR

"{4FDBB422-795B-465F-82B5-5148A2D1F4E9}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR

"TCP Query User{D52C3F0C-F00B-4458-A508-80EDFEACBB50}C:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad

"UDP Query User{686B62E6-9233-477A-AE26-A4D4928936DC}C:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad

"TCP Query User{16DFF051-D29E-4E44-ACA7-A1B069246254}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{235547AE-DB28-4633-8D88-111E608D0814}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{EC7BEC12-C4B2-4697-9163-99E8CDE23444}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{0A794889-E52E-48A6-AE0D-DD804247282D}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{CB6F3C9F-83BA-40DD-B9F1-EA0294EA84A3}C:\\program files\\lucasarts\\star wars battlefront ii\\gamedata\\battlefrontii.exe"= UDP:C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe:BattlefrontII

"UDP Query User{4355E8DF-2503-415B-90A3-5CF9C52CC5A5}C:\\program files\\lucasarts\\star wars battlefront ii\\gamedata\\battlefrontii.exe"= TCP:C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe:BattlefrontII

"TCP Query User{1BBFF74D-EE23-40B0-A1A7-4989E94CF4BE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{3F8BFC5E-D0E2-4332-B09C-E39705C400BD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{C56AAFDB-837E-4531-A0FC-B05F0C9E9C2E}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager

"{C0E484D4-D474-4230-96C5-B455DE73CA5E}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager

"{207ADC28-D12A-413C-9667-FF1AD087C444}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio

"{CA746373-D487-4F07-8F0A-CA1F2FE53EF7}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio

"{8E5F536F-8FB9-4B41-85C0-2EE7ECC47E6C}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile

"{34616E04-99B4-4067-B956-1135B336ACD8}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile

"{B9D318CB-50BF-4D6E-93BC-431651ECAFB8}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi

"{C2CF04AD-1BAA-4DC2-9693-02928CF6EFF2}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi

"TCP Query User{D965FA17-3960-41B7-A184-7EA7EE8174C3}C:\\users\\othar\\desktop\\wowclient-downloader.exe"= UDP:C:\users\othar\desktop\wowclient-downloader.exe:wowclient-downloader.exe

"UDP Query User{9CA6AE5D-7D68-4C26-9DA4-8DE3D65DB9BC}C:\\users\\othar\\desktop\\wowclient-downloader.exe"= TCP:C:\users\othar\desktop\wowclient-downloader.exe:wowclient-downloader.exe

"TCP Query User{272EB145-0607-48BB-9528-CA2721A12DCE}C:\\users\\othar\\desktop\\wow-burningcrusade-enus-installer-downloader.exe"= UDP:C:\users\othar\desktop\wow-burningcrusade-enus-installer-downloader.exe:wow-burningcrusade-enus-installer-downloader.exe

"UDP Query User{9FBE38EA-3BFF-40F1-A818-CA4BD2FFEE27}C:\\users\\othar\\desktop\\wow-burningcrusade-enus-installer-downloader.exe"= TCP:C:\users\othar\desktop\wow-burningcrusade-enus-installer-downloader.exe:wow-burningcrusade-enus-installer-downloader.exe

"TCP Query User{72FC78C0-2F0A-4DEB-AD82-3D8F31638FC8}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader

"UDP Query User{87AC3414-3178-407F-8194-DED5DE6EAE78}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader

"TCP Query User{0F0D3016-4C7B-400B-98CC-29657D5A4168}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader

"UDP Query User{7899FE2D-52FF-41DE-8172-E5B96394A548}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader

"TCP Query User{C644106E-06A2-4EF1-A1F8-8F66D6A97F0A}C:\\ccproxy\\ccproxy.exe"= UDP:C:\ccproxy\ccproxy.exe:CCProxy Microsoft

"UDP Query User{A5FE77CD-7E58-4048-967E-A1DBC5E4DA53}C:\\ccproxy\\ccproxy.exe"= TCP:C:\ccproxy\ccproxy.exe:CCProxy Microsoft

"TCP Query User{EC4031B1-ADE9-4A40-86A3-43364C77BE19}C:\\program files\\sierra\\fearcombat\\fpupdate.exe"= UDP:C:\program files\sierra\fearcombat\fpupdate.exe:fpupdate

"UDP Query User{A2888606-1EC8-4F99-ADD2-C17DC6228553}C:\\program files\\sierra\\fearcombat\\fpupdate.exe"= TCP:C:\program files\sierra\fearcombat\fpupdate.exe:fpupdate

"TCP Query User{A380F726-095C-4E36-A65E-F0F1656E8E4E}C:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= UDP:C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer

"UDP Query User{14A448FB-A109-417A-8234-EFB85436096A}C:\\program files\\lucasarts\\star wars jedi knight jedi academy\\gamedata\\jamp.exe"= TCP:C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe:Jedi Academy MultiPlayer

"TCP Query User{81C1D2E9-4777-47B6-ADFC-0B64F989511E}C:\\program files\\steam\\steamapps\\orochimaru12\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\orochimaru12\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{A69E3A81-AFC9-4F4C-B8C7-3E645B5F3EB8}C:\\program files\\steam\\steamapps\\orochimaru12\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\orochimaru12\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{330A8050-2BAC-4819-843C-6E97B7DFBA92}C:\\program files\\steam\\steamapps\\orochimaru12\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\orochimaru12\condition zero\hl.exe:Half-Life Launcher

"UDP Query User{4A8D3622-B105-498D-A001-1CCE34424EE5}C:\\program files\\steam\\steamapps\\orochimaru12\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\orochimaru12\condition zero\hl.exe:Half-Life Launcher

"TCP Query User{04E71B1E-A8FF-4C4E-8032-D6DD0E0BB70F}C:\\program files\\steam\\steamapps\\orochimaru12\\team fortress classic\\hl.exe"= UDP:C:\program files\steam\steamapps\orochimaru12\team fortress classic\hl.exe:Half-Life Launcher

"UDP Query User{B4897D94-1D2F-41D1-977A-E3730F73AB7B}C:\\program files\\steam\\steamapps\\orochimaru12\\team fortress classic\\hl.exe"= TCP:C:\program files\steam\steamapps\orochimaru12\team fortress classic\hl.exe:Half-Life Launcher

"TCP Query User{5A0C4CD1-1D28-4E38-832D-28B76DF6AF01}C:\\program files\\steam\\steamapps\\orochimaru12\\ricochet\\hl.exe"= UDP:C:\program files\steam\steamapps\orochimaru12\ricochet\hl.exe:Half-Life Launcher

"UDP Query User{10D2293A-CC5E-41F5-B539-60B82F0494C0}C:\\program files\\steam\\steamapps\\orochimaru12\\ricochet\\hl.exe"= TCP:C:\program files\steam\steamapps\orochimaru12\ricochet\hl.exe:Half-Life Launcher

"TCP Query User{83342B37-4F2D-40A8-8777-6676E2D215EF}C:\\program files\\steam\\steamapps\\orochimaru12\\half-life\\hl.exe"= UDP:C:\program files\steam\steamapps\orochimaru12\half-life\hl.exe:Half-Life Launcher

"UDP Query User{977CB251-D21F-4379-9E54-C98DF831A2C1}C:\\program files\\steam\\steamapps\\orochimaru12\\half-life\\hl.exe"= TCP:C:\program files\steam\steamapps\orochimaru12\half-life\hl.exe:Half-Life Launcher

"{B9EA16F1-9B13-408E-A94B-163097067C02}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War

"{80110393-5A73-4FCC-98C3-2EB7C3D9B14C}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War

"{B213D81E-AAC2-4D21-8236-2E2215806001}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars: Empire at War: Forces of Corruption

"{45496516-D8E4-40B6-B2EB-0C2E26C82598}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:Star Wars: Empire at War: Forces of Corruption

"TCP Query User{D18D3EA6-DB29-4E94-B1D1-8C0566725AFE}C:\\program files\\lucasarts\\star wars galactic battlegrounds saga\\game\\battlegrounds_x1.exe"= UDP:C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe:Star Wars Galactic Battlegrounds: Clone Campaigns

"UDP Query User{BD4E17F7-812C-47E9-9E85-15AA91A80071}C:\\program files\\lucasarts\\star wars galactic battlegrounds saga\\game\\battlegrounds_x1.exe"= TCP:C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe:Star Wars Galactic Battlegrounds: Clone Campaigns

"{07088B18-D7CD-4F37-8375-90FA52FDA43D}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"{AE91C935-8AE5-49E1-A972-BA8ADBDA2DB6}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"{93CD4881-DA29-48FD-95DC-1545F5ED34A7}"= UDP:0:LocalSubnet:LocalSubnet:Magix UPnP Media Server

"{6C2DB14C-473B-4681-90E8-17384C71860A}"= UDP:2869:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (TCP)

"{378064C5-CEC7-4900-B262-D2CF46D4FE95}"= TCP:1900:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (UDP)

"{6B5297A2-F4F5-4BC5-8871-1210E08A4128}"= UDP:C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service

"{DD639CD9-5E52-44B6-A9C5-033868C58B41}"= TCP:C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service

"TCP Query User{D40CB530-E5F0-46C2-B539-1353D290E94E}C:\\program files\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader

"UDP Query User{F3F359AA-A0A0-42CB-A8C9-768361D16725}C:\\program files\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader

"{8B2309B2-4EFE-4149-AA95-DB24AF094C4D}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

"{42F5913B-AE43-4B28-8F51-A1324F906A4E}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe

"{1CBBE896-53FF-40DC-BB54-0135A9678EC2}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{B535491A-6991-4A1B-B876-99890F50156C}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"TCP Query User{4DEA1A55-0779-49BD-A01D-6079D1615CAD}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{B88FCC2D-B6FE-4083-BEC7-D38A1C2F6AA0}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{2378559C-BE34-4A47-999A-F38C0DB2C0D8}C:\\program files\\lucasarts\\star wars empire at war forces of corruption\\swfoc.exe"= UDP:C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe:Star Wars®: Empire at War: Forces of Corruption

"UDP Query User{240E0233-EBE6-4FB0-AD6B-B9FBC68578BA}C:\\program files\\lucasarts\\star wars empire at war forces of corruption\\swfoc.exe"= TCP:C:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe:Star Wars®: Empire at War: Forces of Corruption

"TCP Query User{329C9265-F641-4DEA-B2BA-63802515924B}C:\\program files\\steam\\steamapps\\orochimaru12\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\orochimaru12\condition zero\hl.exe:Half-Life Launcher

"UDP Query User{9F71422B-7B71-48C3-B85C-0BD299CA7D8E}C:\\program files\\steam\\steamapps\\orochimaru12\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\orochimaru12\condition zero\hl.exe:Half-Life Launcher

"TCP Query User{2B93486D-1CA2-4F54-A86D-9341962F16DF}C:\\program files\\steam\\steamapps\\orochimaru12\\ricochet\\hl.exe"= UDP:C:\program files\steam\steamapps\orochimaru12\ricochet\hl.exe:Half-Life Launcher

"UDP Query User{D1C34F82-5D60-49CA-8A84-0E804A62E81B}C:\\program files\\steam\\steamapps\\orochimaru12\\ricochet\\hl.exe"= TCP:C:\program files\steam\steamapps\orochimaru12\ricochet\hl.exe:Half-Life Launcher

"{A2A5D5FB-0854-4288-85F3-342B59570BC1}"= UDP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"{EC5D517D-5E8F-4A10-BC95-DFAB2F31F2F2}"= TCP:C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire

"TCP Query User{25508147-9A97-4DF0-B54A-4DF8D43EDD78}D:\\program files\\genesis rising\\bin\\genesisrising.exe"= UDP:D:\program files\genesis rising\bin\genesisrising.exe:GenesisRising

"UDP Query User{B48CD811-D7D9-48BE-A4DB-48BEA7C52F7C}D:\\program files\\genesis rising\\bin\\genesisrising.exe"= TCP:D:\program files\genesis rising\bin\genesisrising.exe:GenesisRising

"{CD4ED3A1-4649-489A-B1D9-D9CD4AEC4EF6}"= UDP:D:\Program Files\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{B085B7A6-64F9-415B-BE37-55412EDA0ABE}"= TCP:D:\Program Files\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{DA6879AF-45CB-4BC3-B9ED-4CA8EC256B23}"= UDP:D:\Program Files\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander

"{354E9854-1A66-4987-B816-A8C19F6B331C}"= TCP:D:\Program Files\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander

"TCP Query User{324ABA7A-9C86-47FF-AF85-DE7103C810EE}C:\\ac web ultimate repack\\ascent\\ascent-logonserver.exe"= UDP:C:\ac web ultimate repack\ascent\ascent-logonserver.exe:ascent-logonserver

"UDP Query User{9ADEE7B6-B0A0-4732-9071-3CDF5E4285B8}C:\\ac web ultimate repack\\ascent\\ascent-logonserver.exe"= TCP:C:\ac web ultimate repack\ascent\ascent-logonserver.exe:ascent-logonserver

"TCP Query User{04273438-1732-4443-8968-EB2CED164157}C:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= UDP:C:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server

"UDP Query User{7081D8DB-829A-4BD6-84B2-9CB2DB2EA8FA}C:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= TCP:C:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server

"TCP Query User{D44B8E71-9B92-479C-B091-1CB10252B75C}C:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= UDP:C:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld

"UDP Query User{FAFE0783-2238-48FE-ADCE-B7E164DA73B0}C:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= TCP:C:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld

"TCP Query User{1B7AF753-4B6F-423A-8E08-B0DCAC0810FC}C:\\ac web ultimate repack\\ascent\\ascent-world.exe"= UDP:C:\ac web ultimate repack\ascent\ascent-world.exe:ascent-world

"UDP Query User{85364009-2CE8-4E63-8003-E4BA7D042C1F}C:\\ac web ultimate repack\\ascent\\ascent-world.exe"= TCP:C:\ac web ultimate repack\ascent\ascent-world.exe:ascent-world

"TCP Query User{910D903A-985B-41C7-AD28-45061B6121CA}D:\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= UDP:D:\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader

"UDP Query User{05012EE2-2251-479A-BF61-98E767EEB1D4}D:\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= TCP:D:\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader

"TCP Query User{D09A7797-5BB0-4B98-ACF9-2392B49E81C9}D:\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= UDP:D:\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader

"UDP Query User{0515A1AA-80C4-492A-AA95-9F61E87F94D3}D:\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= TCP:D:\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader

"TCP Query User{D7239E9C-8BA0-4181-A3F7-E4B97235A3E5}C:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader

"UDP Query User{B3016A3D-EB77-4393-97B8-E4C8CA02C388}C:\\program files\\world of warcraft\\wow-2.4.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.4.0-enus-downloader.exe:Blizzard Downloader

"TCP Query User{743E8F30-481E-40BC-BCB2-9BD1608C4F76}C:\\users\\othar\\desktop\\repack\\server\\cystem\\mysql\\bin\\mysqld.exe"= UDP:C:\users\othar\desktop\repack\server\cystem\mysql\bin\mysqld.exe:mysqld.exe

"UDP Query User{F58EE249-8462-46B3-A627-490D43D0FFCB}C:\\users\\othar\\desktop\\repack\\server\\cystem\\mysql\\bin\\mysqld.exe"= TCP:C:\users\othar\desktop\repack\server\cystem\mysql\bin\mysqld.exe:mysqld.exe

"TCP Query User{4CFED75E-9B63-40B3-A650-4676B51B78C1}C:\\dudeys repack\\server\\cystem\\mysql\\bin\\mysqld.exe"= UDP:C:\dudeys repack\server\cystem\mysql\bin\mysqld.exe:mysqld

"UDP Query User{481D4A20-136F-4B54-8628-8690ADB7F44C}C:\\dudeys repack\\server\\cystem\\mysql\\bin\\mysqld.exe"= TCP:C:\dudeys repack\server\cystem\mysql\bin\mysqld.exe:mysqld

"TCP Query User{4B665070-1835-4D63-817F-9F61DF6DA75C}C:\\dudeys repack\\ascent\\ascent-logonserver.exe"= UDP:C:\dudeys repack\ascent\ascent-logonserver.exe:ascent-logonserver

"UDP Query User{DCAB9B52-F2D1-47B7-B76A-275B97F62DF7}C:\\dudeys repack\\ascent\\ascent-logonserver.exe"= TCP:C:\dudeys repack\ascent\ascent-logonserver.exe:ascent-logonserver

"TCP Query User{4C2E6F47-5C80-490E-BC10-073316033838}C:\\dudeys repack\\ascent\\ascent-world.exe"= UDP:C:\dudeys repack\ascent\ascent-world.exe:ascent-world

"UDP Query User{422EE58C-7D7C-492B-8329-F68069EC57F1}C:\\dudeys repack\\ascent\\ascent-world.exe"= TCP:C:\dudeys repack\ascent\ascent-world.exe:ascent-world

"{A1095911-2435-4DB0-9141-5E93AB16ECB6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{C75B66C5-1022-4CE4-BA26-2BA9B8081245}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{A3D8E204-50E7-4888-BACC-0DCE50D8078C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{0CD0C53B-6E38-45E3-BDE7-51DBA2803141}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"{15439B68-C758-4473-A3BD-B91709DF7223}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{B10E38FD-C2BB-4F02-A90D-0AD0FC97D3D9}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{088B140C-3886-4258-9223-CBE4A5D3943B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{12E37607-06C8-427B-9977-59B96C5BD0C5}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{264D622D-1124-49E1-AC2A-B8CC9B8718BC}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{13D3742C-B265-4FAB-90CD-4D557D6EDE2B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{C5ACCCC7-5315-4D2E-A173-9C4342D08D28}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{111C2E98-887E-41E1-AB97-C3974DB255C4}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{D9FD34A1-182D-4244-A3AA-0F44F466E9F4}C:\\program files\\steam\\steamapps\\orochimaru12\\half-life\\hl.exe"= UDP:C:\program files\steam\steamapps\orochimaru12\half-life\hl.exe:Half-Life Launcher

"UDP Query User{4016A1EB-1831-4620-8562-F1FAFD1FF26C}C:\\program files\\steam\\steamapps\\orochimaru12\\half-life\\hl.exe"= TCP:C:\program files\steam\steamapps\orochimaru12\half-life\hl.exe:Half-Life Launcher

"TCP Query User{A8ACBF14-E2E0-46DE-9D34-806FCFDA684B}C:\\program files\\steam\\steamapps\\orochimaru12\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\orochimaru12\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{27B8D1EB-EEAD-48E2-B595-3211083AAC96}C:\\program files\\steam\\steamapps\\orochimaru12\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\orochimaru12\counter-strike\hl.exe:Half-Life Launcher

 

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-01 08:59]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51]

S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-01 08:59]

S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 08:59]

S3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-04 15:36]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-10 15:57]

S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{067228cf-e479-11dc-ab59-eddb18acead3}]

\shell\AutoRun\command - I:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{067228d4-e479-11dc-ab59-eddb18acead3}]

\shell\AutoRun\command - H:\LaunchU3.exe -a

 

*Newly Created Service* - ECACHE

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-Acer Tour Reminder - (no file)

HKLM-RunOnce-@ - (no file)

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Othar\AppData\Roaming\Mozilla\Firefox\Profiles\dbxnbsnx.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.anarchistcookbook.com

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npagent.dll

FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-01 20:28:50

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-09-01 20:30:29

ComboFix-quarantined-files.txt 2008-09-01 18:30:26

 

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.

Post-Run: 6,101,618,688 bytes free

 

347 --- E O F --- 2008-08-20 17:30:56

Når Combofix startet, Avsluttet Windows Security Center, Plutselig.

Endret 1. september 2008 av Orochimaru

[Zeph]

Eg har lagt nokre loggar i skjult-tag, vennligst bruk dette vidare, då blir det lettare å få oversikt og lese tråden.

[Orochimaru]

PCEN Er tilbake til den normale og vennelige tilstanden! T.U.S.E.N Takk!

God praise you!

[norbat]

Ser fint ut dette

 

Avinstaller combofix ved å skrive combofix /u i kjør-feltet (Start->kjør)

Behold gjerne SAS og MBAM

 

Surf trygt.