fnedy Skrevet 14. september 2008 Del Skrevet 14. september 2008 (endret) Hei, jeg har problemer med CID, som popper opp på skjermen uten videre. Tilleg til det, så kan jeg fjerne ca 10 GB i uken, meste parten med unødvendge backup filer. Kankje du kan ta en titt på loggen min Ingen ting funnet i Malware ComboFix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-09-13.05 - Fredrik 2008-09-14 18:03:22.1 - NTFSx86Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1044.18.1027 [GMT 2:00] Running from: C:\Users\Fredrik\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\MabryObj.dll . ((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 ))))))))))))))))))))))))))))))) . 2008-09-14 17:54 . 2008-09-14 17:54 <DIR> d-------- C:\Program Files\CCleaner 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Malwarebytes 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-14 17:43 . 2008-09-10 00:08 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-14 17:43 . 2008-09-10 00:08 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\SUPERAntiSpyware.com 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-10 17:53 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 17:53 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 17:53 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 17:53 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 17:53 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 17:53 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 17:53 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 17:53 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-10 17:53 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-10 08:23 . 2008-09-10 08:23 <DIR> d-------- C:\SYSWIN34 2008-09-10 08:23 . 2008-09-10 08:24 1,046 --a------ C:\Windows\SYSWIN.INI 2008-09-09 18:26 . 2008-09-14 17:48 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\OpenOffice.org2 2008-09-09 18:23 . 2008-09-09 18:24 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 2008-09-08 12:39 . 2008-09-08 12:39 122,896 --a------ C:\Users\All Users\bluedashdash.k4sys 2008-09-08 12:39 . 2008-09-08 12:39 122,896 --a------ C:\ProgramData\bluedashdash.k4sys 2008-09-06 00:38 . 2008-09-06 01:33 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Spore 2008-09-03 22:34 . 2008-09-03 22:34 <DIR> d-------- C:\Users\All Users\Memo Drive Vc Log 2008-09-03 22:34 . 2008-09-07 16:51 <DIR> d-------- C:\Users\All Users\2 dart iso 2008-09-03 22:34 . 2008-09-03 22:34 <DIR> d-------- C:\ProgramData\Memo Drive Vc Log 2008-09-03 22:34 . 2008-09-07 16:51 <DIR> d-------- C:\ProgramData\2 dart iso 2008-09-03 22:34 . 2008-09-03 22:34 <DIR> d-------- C:\Program Files\Circle Developement 2008-09-03 22:34 . 2008-09-03 22:34 <DIR> d-------- C:\Program Files\2 dart iso 2008-09-03 17:53 . 2008-09-03 17:53 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Atari 2008-09-03 17:53 . 2008-09-12 18:04 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll 2008-09-03 10:12 . 2008-09-03 10:12 <DIR> d-------- C:\Program Files\Common Files\PocketSoft 2008-09-03 10:12 . 2002-02-27 18:50 197,120 --a------ C:\Windows\patchw32.dll 2008-09-03 10:06 . 2008-09-03 10:06 <DIR> d-------- C:\Program Files\Atari 2008-09-01 17:13 . 2008-09-01 17:13 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\aAvgApi 2008-08-28 09:49 . 2008-09-13 19:26 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-14 03:05 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-14 15:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-14 10:53 --------- d-----w C:\Program Files\Steam 2008-09-14 10:25 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-09-13 23:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-13 23:17 --------- d-----w C:\Program Files\EA GAMES 2008-09-13 23:12 --------- d-----w C:\Program Files\World of Warcraft 2008-09-12 06:32 --------- d-----w C:\Program Files\Common Files\Steam 2008-09-11 01:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-10 20:45 --------- d-----w C:\ProgramData\Lx_cats 2008-09-09 07:14 --------- d-----w C:\Program Files\Clue 2008-09-07 13:53 --------- d-----w C:\ProgramData\avg8 2008-09-06 01:19 --------- d-----w C:\Users\Fredrik\AppData\Roaming\uTorrent 2008-09-05 23:01 --------- d-----w C:\Program Files\Electronic Arts 2008-09-03 20:34 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-30 23:38 97,928 ----a-w C:\Windows\system32\drivers\avgldx86.sys 2008-08-30 15:37 --------- d-----w C:\Program Files\Warcraft III 2008-08-22 23:21 --------- d-----w C:\ProgramData\WLInstaller 2008-08-14 01:11 --------- d-----w C:\Program Files\Windows Mail 2008-08-05 20:20 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-08-05 20:17 --------- d-----w C:\Users\Fredrik\AppData\Roaming\vlc 2008-08-05 19:03 --------- d-----w C:\Program Files\VideoLAN 2008-08-05 18:56 --------- d-----w C:\Users\Fredrik\AppData\Roaming\Media Player Classic 2008-07-31 21:08 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 22:12 --------- d-----w C:\Users\Fredrik\AppData\Roaming\CyberLink 2008-07-30 22:12 --------- d-----w C:\ProgramData\CyberLink 2008-07-18 18:38 587,264 ----a-w C:\Windows\WLXPGSS.SCR 2008-06-11 22:07 174 --sha-w C:\Program Files\desktop.ini 2007-07-16 17:31 19,194,902 ----a-w C:\Users\Fredrik\TmNationsESWC_175_to_179_Setup.exe 2007-09-30 09:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-30 09:15 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-30 09:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 167368] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-07-31 1271032] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-30 171448] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fork find"="C:\ProgramData\bluedashdash.0hf6lg" [X] "vc log bows face"="C:\ProgramData\license four body.t2awxbe" [X] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-16 159744] "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 1548288] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864] "lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264] "FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 1235736] "SigmatelSysTrayApp"="sttray.exe" [2007-04-23 C:\Windows\sttray.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-17 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i263_32.drv "MSACM.G723"= g723.acm "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun "BitTorrent DNA"="C:\Users\Fredrik\Program Files\DNA\btdna.exe" "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "Microsoft Office Outlook"=C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE /recycle [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "PluginCamera"=C:\Program Files\Intel\Createshare\program\starter.exe -regargs "\\Commands\RegPlug" "Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "PC Booster"=C:\Program Files\inKline Global\PC Booster\pcbooster.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" "WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{72C73353-FDA3-4479-A41F-77C8C62C8519}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{0E33FD01-4328-468C-9C42-9DA0B3AB018E}"= UDP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "{6AB943AC-9EE2-4EF8-A1B9-742065993F24}"= TCP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "TCP Query User{1449B01C-B12C-48F9-BBD7-5D5186AEBFE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{D1E9F221-9BE8-44EB-9A1E-E4E7FF2AB089}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{32F077DB-228B-405D-BD74-FC20F3F2B7E6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{B7C6927D-F3A9-466F-8C01-FB668A042248}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{F3682469-2A59-4501-B909-891ED1E51951}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{DD17C53E-0EE8-4D5D-A2D8-0B877708B90D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{F3E296BD-42C4-448B-B092-257C29DD03CF}E:\\setup.exe"= UDP:E:\setup.exe:Setup "UDP Query User{3A063789-FBB0-4B5F-8CDC-25B642713158}E:\\setup.exe"= TCP:E:\setup.exe:Setup "TCP Query User{DF8C657A-2227-4337-A0B8-B7F4ADB95625}E:\\setup.exe"= UDP:E:\setup.exe:Setup "UDP Query User{6BA2F75D-7536-4330-8661-E174B8504660}E:\\setup.exe"= TCP:E:\setup.exe:Setup "{1FD9A0D6-BC62-4C32-B048-A6BF78863EE7}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{F7DEEB85-E793-45C2-B437-99F6F7FE17BF}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{029C909C-71DA-4073-A4D2-BBACC40F6259}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{650E41C9-6B8D-4AD3-9F50-84C5A536DB04}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "TCP Query User{7887500E-56CA-4D9C-98A4-6C6AA2043ECF}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "UDP Query User{95FEE24B-9830-4F70-BB54-34BE28E199D2}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "{DC6BE42C-254F-43D1-87D3-D012CA66C524}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{EDBB8EE5-EA86-4762-9450-F552108BE083}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{8097D8EA-8E81-44B4-8FA8-D02BCFF9F8D7}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{521681C6-DCFD-48B9-8AD2-74E2F2F45EA8}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{A438DA5C-41F9-4541-A1FA-8DFCDB802D5D}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{16BBC2D0-9C97-40EA-8284-A34FDE5CF2E7}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{3F145890-DBE5-424D-933C-ADBFC2C0B891}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{C7B36EF8-F998-4002-9730-9A67B2A4C90C}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{6E42E7FA-5C87-4495-97DE-1B8714BCC1CA}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{2CCFD2E0-7A7D-4983-A990-635B839DEDE7}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{29A62686-F120-49CC-9823-B1F082FDA86A}"= UDP:C:\Windows\System32\lxdicfg.exe:Printer Communication System "{DF83C141-A1DF-4E8A-B10E-CEB33ACBCBC0}"= TCP:C:\Windows\System32\lxdicfg.exe:Printer Communication System "{B4B01F13-381C-4ACD-93BD-DF06A8FE4BBB}"= UDP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System "{6F0AFFEA-53CD-40AD-BBA6-8E23363E66D2}"= TCP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System "{45C25AE0-8C04-41A3-8991-328FA58E0C9C}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{C3D1E609-E1E8-4F52-A1E8-B4049CB6E1F2}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{2027EBB9-209D-46D5-85FC-D97A12AFB290}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "{F273D514-4220-4A4B-A399-9AFCF0260EC5}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "TCP Query User{FDE5BF92-31ED-4C19-AE84-AD9D0A8CA424}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{D85706A3-3515-4A42-B182-03D159EA25E9}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "TCP Query User{283C4775-94E7-442A-BC4B-5F1B9A2B9FBB}C:\\users\\fredrik\\documents\\downloads\\wormsarm\\wormsarm\\wa.exe"= UDP:C:\users\fredrik\documents\downloads\wormsarm\wormsarm\wa.exe:wa.exe "UDP Query User{718B5D60-E845-4754-8F49-E67D58A99EF8}C:\\users\\fredrik\\documents\\downloads\\wormsarm\\wormsarm\\wa.exe"= TCP:C:\users\fredrik\documents\downloads\wormsarm\wormsarm\wa.exe:wa.exe "TCP Query User{25E0CCBA-3FD3-4867-AEC8-F66CE8E94676}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{456A63E8-5FC0-4A14-B7DD-810E24E6224B}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{37DDAA5F-B7EB-4752-A022-B1584CA22907}C:\\users\\fredrik\\program files\\dna\\btdna.exe"= UDP:C:\users\fredrik\program files\dna\btdna.exe:btdna.exe "UDP Query User{AEEF02B2-D20A-4420-92D2-AF12F97BC467}C:\\users\\fredrik\\program files\\dna\\btdna.exe"= TCP:C:\users\fredrik\program files\dna\btdna.exe:btdna.exe "TCP Query User{DAE6FF43-CF83-4363-B537-2D14E88F5DC9}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{93135F19-8ADB-476A-8096-F01FB285CB7F}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{F515BF25-9375-46AA-BC31-5B2045ED0D9E}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{6072784C-EC89-4216-AB3B-079078524EA8}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "{C5046C8E-5840-4AE9-90A5-C7757DBC4DB4}"= UDP:C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2 "{64473023-680B-4FC7-BFCC-2C6FCDF90FB9}"= TCP:C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2 "TCP Query User{5A7C612F-9C1C-43E9-AFA2-72A2305EE99B}C:\\program files\\firefly studios\\stronghold 2\\stronghold2.exe"= UDP:C:\program files\firefly studios\stronghold 2\stronghold2.exe:Stronghold 2 "UDP Query User{6EDCCA53-72A0-4F0E-9A67-AD5434ABC10B}C:\\program files\\firefly studios\\stronghold 2\\stronghold2.exe"= TCP:C:\program files\firefly studios\stronghold 2\stronghold2.exe:Stronghold 2 "TCP Query User{8B6203FD-A519-480A-9882-3A981ACBCEA7}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= UDP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "UDP Query User{CBAF1E08-BDF8-4A7F-A76B-6FD703AE853E}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= TCP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "TCP Query User{152E5207-769C-4765-BDAF-4D54A2CDCE6E}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= UDP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "UDP Query User{84AD4C73-AB91-41B2-831B-80F883BBD55E}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= TCP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "TCP Query User{84FCFB69-2920-42EC-B5D4-D877A0FE80E6}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "UDP Query User{89379119-6712-4F04-B64B-B766518A5C5B}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "TCP Query User{86D05A14-8F8A-4317-97C9-48AA32DF9522}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "UDP Query User{6242B71B-C603-4E48-B718-D9C9DBB61BA6}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "TCP Query User{7265CF0C-64B9-4C60-8138-FEBD8B6DD13A}C:\\program files\\lexmark 3500-4500 series\\app4r.exe"= UDP:C:\program files\lexmark 3500-4500 series\app4r.exe:Printing Application "UDP Query User{B93AF554-E416-478E-889B-085D4026AA77}C:\\program files\\lexmark 3500-4500 series\\app4r.exe"= TCP:C:\program files\lexmark 3500-4500 series\app4r.exe:Printing Application "TCP Query User{4185B8A4-C528-40C5-A7BA-9AD34C13DD95}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= UDP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "UDP Query User{F5118D6D-5999-4659-BB0E-11F6F2894E34}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= TCP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "TCP Query User{989B807C-62BC-4F31-8217-BAA15693DEEC}C:\\program files\\tf\\team fortress 2\\hl2.exe"= UDP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "UDP Query User{91D52777-7275-4DE4-A33D-AD9B0AD8E28A}C:\\program files\\tf\\team fortress 2\\hl2.exe"= TCP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "TCP Query User{4162C2F4-EBA9-4C4C-8C59-BA1D3154911B}C:\\program files\\tf\\team fortress 2\\hl2.exe"= UDP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "UDP Query User{F7EAF497-6D08-427E-AF04-4BC837E4CF98}C:\\program files\\tf\\team fortress 2\\hl2.exe"= TCP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "TCP Query User{04C99F89-804F-4A77-8F92-0B28B25F608D}C:\\program files\\steam\\steamapps\\fnedy\\dark messiah might and magic dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\fnedy\dark messiah might and magic dedicated server\srcds.exe:srcds "UDP Query User{7DE68A56-7E3B-48C7-AD6C-8D5C9F1146AD}C:\\program files\\steam\\steamapps\\fnedy\\dark messiah might and magic dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\fnedy\dark messiah might and magic dedicated server\srcds.exe:srcds "TCP Query User{2DD6EDB0-E911-40F0-95E1-AF3C12CA6C67}C:\\users\\fredrik\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:C:\users\fredrik\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe "UDP Query User{C6AAF1DA-147C-412A-9939-4326B742ED24}C:\\users\\fredrik\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:C:\users\fredrik\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe "TCP Query User{34E1CA44-1523-4932-AF67-6166546AC672}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "UDP Query User{C8C4A023-81D1-40E5-B97A-2E9BFCC03689}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "TCP Query User{77CE3CF0-8F1B-42E9-A323-244384ECAAB2}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor "UDP Query User{E47D12CA-F789-43BB-9A0E-768220D31808}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor "TCP Query User{BE65E148-B6BF-4B58-8DBD-68238C1AA14A}C:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application "UDP Query User{AF77790A-478A-40E5-9B0B-91E9F740581D}C:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application "TCP Query User{0238F6CF-3747-4E68-B929-6B13B20F0AF1}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "UDP Query User{AF5C846E-9CE9-48B7-B0C9-CF8C3836A94A}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "{ED98C0BE-5C3A-4C95-8336-158C3499EDE5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5C534514-83E2-425C-A6AA-9DBD47271FDE}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "UDP Query User{60EC3FBC-56AE-40BD-AE18-E565D5C2956C}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "TCP Query User{9D5EFB34-985D-427F-AC32-3D10E28FA7CF}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{F6BBD1AE-01AE-42AE-8A69-9E8D2226BF27}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{55D1F2D7-5006-47FB-9F1A-7058551AAC8B}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= UDP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "UDP Query User{C187BF55-DAD8-4F8B-B98D-416AF95586F4}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= TCP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "TCP Query User{CC5FAA76-86FE-4E8C-AD22-69DA7318C23B}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{46B3BB3A-5DDB-4FC3-B54C-CA966BA6AF99}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "{5DAF5515-DD63-4A59-B5D9-719BFAF902B1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{9AEC6ABF-677C-4482-B8B9-250F6E7F1B48}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{A79F2130-3069-4E07-8730-ED7220B324E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{45044632-16E1-4B45-A97E-54078903923E}"= UDP:C:\Users\Fredrik\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{37C0B15F-EA68-40BE-B665-21AB24C83AA5}"= TCP:C:\Users\Fredrik\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{B0D9E4E4-3CC5-42BB-93E8-725DBEE0B8AF}C:\\users\\fredrik\\documents\\downloads\\quake 3 arena\\quake3.exe"= UDP:C:\users\fredrik\documents\downloads\quake 3 arena\quake3.exe:quake3.exe "UDP Query User{7C8574E7-5916-4670-954D-4F0ACAB6B045}C:\\users\\fredrik\\documents\\downloads\\quake 3 arena\\quake3.exe"= TCP:C:\users\fredrik\documents\downloads\quake 3 arena\quake3.exe:quake3.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680] R0 PBADRV;PBADRV;C:\Windows\system32\DRIVERS\PBADRV.sys [2006-08-28 19968] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-31 97928] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704] R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 BthFilterHelper;Bluetooth Feature Support;C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488] R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe [2007-06-11 517040] R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 21504] R2 WavxDMgr;WavxDMgr;C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-02-15 121344] R3 BTHFILT;Bluetooth-kommandofilter;C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824] R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-12 92656] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-21 179712] S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);C:\Windows\system32\Drivers\FLMckUSB.sys [2006-07-27 69810] S3 ICAM8USB;Intel® PC Camera CS120;C:\Windows\system32\Drivers\Icm8D2.SYS [2001-07-12 237504] S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2008-09-10 38528] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 SecureStorageService;SecureStorageService;C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-02-16 488448] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-05 355584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a47e54dc-7a87-11dc-9398-001a6b79634e}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fda21a36-53dd-11dc-8cbb-001a6b79634e}] \shell\AutoRun\command - G:\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {BA384837-6755-6433-A806-943F6BBD8B01} /qb . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Fredrik\AppData\Roaming\Mozilla\Firefox\Profiles\1jjwh2eq.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.vg.no FF -: plugin - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll FF -: plugin - C:\Users\Fredrik\Program Files\DNA\plugins\npbtdna.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-14 18:10:59 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\BCMWLTRY.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\System32\stacsv.exe C:\Windows\System32\drivers\XAudio.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Windows\System32\conime.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\hidfind.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-09-14 18:20:59 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-14 16:20:50 Pre-Run: 34,088,943,616 byte ledig Post-Run: 33,968,820,224 byte ledig 331 --- E O F --- 2008-09-13 23:10:40 Og Hijackthis Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:29:55, on 14.09.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Program Files\Apoint\Apoint.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\sttray.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Fork find] "C:\ProgramData\bluedashdash.0hf6lg" O4 - HKLM\..\Run: [vc log bows face] "C:\ProgramData\license four body.t2awxbe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://www.itslearning.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9202 bytes Endret 15. september 2008 av fnedy Lenke til kommentar
norbat Skrevet 14. september 2008 Del Skrevet 14. september 2008 Avinstaller Messenger Plus! Live fra legg til/fjern programmer. Kjør Combofix på nytt og post loggen, så ser vi om det er mer som må gjøres. Lenke til kommentar
fnedy Skrevet 14. september 2008 Forfatter Del Skrevet 14. september 2008 Takk for raskt svar:) Her er min nye logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-09-14.01 - Fredrik 2008-09-14 23:03:21.2 - NTFSx86Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1044.18.994 [GMT 2:00] Running from: C:\Users\Fredrik\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 ))))))))))))))))))))))))))))))) . 2008-09-14 18:24 . 2008-09-14 18:24 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-14 17:54 . 2008-09-14 17:54 <DIR> d-------- C:\Program Files\CCleaner 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Malwarebytes 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-14 17:43 . 2008-09-10 00:08 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-14 17:43 . 2008-09-10 00:08 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\SUPERAntiSpyware.com 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-10 17:53 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 17:53 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 17:53 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 17:53 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 17:53 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 17:53 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 17:53 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 17:53 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-10 17:53 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-10 08:23 . 2008-09-10 08:23 <DIR> d-------- C:\SYSWIN34 2008-09-10 08:23 . 2008-09-10 08:24 1,046 --a------ C:\Windows\SYSWIN.INI 2008-09-09 18:26 . 2008-09-14 17:48 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\OpenOffice.org2 2008-09-09 18:23 . 2008-09-09 18:24 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 2008-09-08 12:39 . 2008-09-08 12:39 122,896 --a------ C:\Users\All Users\bluedashdash.k4sys 2008-09-08 12:39 . 2008-09-08 12:39 122,896 --a------ C:\ProgramData\bluedashdash.k4sys 2008-09-06 00:38 . 2008-09-06 01:33 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Spore 2008-09-03 22:34 . 2008-09-03 22:34 <DIR> d-------- C:\Users\All Users\Memo Drive Vc Log 2008-09-03 22:34 . 2008-09-07 16:51 <DIR> d-------- C:\Users\All Users\2 dart iso 2008-09-03 22:34 . 2008-09-03 22:34 <DIR> d-------- C:\ProgramData\Memo Drive Vc Log 2008-09-03 22:34 . 2008-09-07 16:51 <DIR> d-------- C:\ProgramData\2 dart iso 2008-09-03 22:34 . 2008-09-03 22:34 <DIR> d-------- C:\Program Files\2 dart iso 2008-09-03 17:53 . 2008-09-03 17:53 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Atari 2008-09-03 17:53 . 2008-09-12 18:04 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll 2008-09-03 10:12 . 2008-09-03 10:12 <DIR> d-------- C:\Program Files\Common Files\PocketSoft 2008-09-03 10:12 . 2002-02-27 18:50 197,120 --a------ C:\Windows\patchw32.dll 2008-09-03 10:06 . 2008-09-03 10:06 <DIR> d-------- C:\Program Files\Atari 2008-09-01 17:13 . 2008-09-01 17:13 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\aAvgApi 2008-08-28 09:49 . 2008-09-13 19:26 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-14 03:05 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-14 16:14 --------- d-----w C:\Program Files\Steam 2008-09-14 15:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-14 10:25 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-09-13 23:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-13 23:17 --------- d-----w C:\Program Files\EA GAMES 2008-09-13 23:12 --------- d-----w C:\Program Files\World of Warcraft 2008-09-12 06:32 --------- d-----w C:\Program Files\Common Files\Steam 2008-09-11 01:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-10 20:45 --------- d-----w C:\ProgramData\Lx_cats 2008-09-09 07:14 --------- d-----w C:\Program Files\Clue 2008-09-07 13:53 --------- d-----w C:\ProgramData\avg8 2008-09-06 01:19 --------- d-----w C:\Users\Fredrik\AppData\Roaming\uTorrent 2008-09-05 23:01 --------- d-----w C:\Program Files\Electronic Arts 2008-08-30 23:38 97,928 ----a-w C:\Windows\system32\drivers\avgldx86.sys 2008-08-30 15:37 --------- d-----w C:\Program Files\Warcraft III 2008-08-22 23:21 --------- d-----w C:\ProgramData\WLInstaller 2008-08-14 01:11 --------- d-----w C:\Program Files\Windows Mail 2008-08-05 20:20 355,584 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-08-05 20:20 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-08-05 20:17 --------- d-----w C:\Users\Fredrik\AppData\Roaming\vlc 2008-08-05 19:03 --------- d-----w C:\Program Files\VideoLAN 2008-08-05 18:56 --------- d-----w C:\Users\Fredrik\AppData\Roaming\Media Player Classic 2008-07-31 21:08 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 22:12 --------- d-----w C:\Users\Fredrik\AppData\Roaming\CyberLink 2008-07-30 22:12 --------- d-----w C:\ProgramData\CyberLink 2008-07-18 18:38 587,264 ----a-w C:\Windows\WLXPGSS.SCR 2008-07-02 21:01 10,520 ----a-w C:\Windows\System32\avgrsstx.dll 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-06-11 22:07 174 --sha-w C:\Program Files\desktop.ini 2007-07-16 17:31 19,194,902 ----a-w C:\Users\Fredrik\TmNationsESWC_175_to_179_Setup.exe 2007-09-30 09:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-30 09:15 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-30 09:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-09-14_18.19.50.99 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-14 16:10:55 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-09-14 21:09:42 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-09-14 16:10:55 151,552 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-09-14 21:09:42 151,552 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-09-14 16:03:12 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-14 21:03:15 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-14 21:03:15 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2008-09-14 10:31:32 123,306 ----a-w C:\Windows\System32\perfc009.dat + 2008-09-14 16:18:10 123,306 ----a-w C:\Windows\System32\perfc009.dat - 2008-09-14 10:31:32 99,030 ----a-w C:\Windows\System32\perfc014.dat + 2008-09-14 16:18:10 99,030 ----a-w C:\Windows\System32\perfc014.dat - 2008-09-14 10:31:32 645,118 ----a-w C:\Windows\System32\perfh009.dat + 2008-09-14 16:18:10 645,118 ----a-w C:\Windows\System32\perfh009.dat - 2008-09-14 10:31:32 509,572 ----a-w C:\Windows\System32\perfh014.dat + 2008-09-14 16:18:10 509,572 ----a-w C:\Windows\System32\perfh014.dat - 2008-09-14 14:27:26 448,718 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-09-14 20:01:49 451,012 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 167368] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-07-31 1271032] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-30 171448] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fork find"="C:\ProgramData\bluedashdash.0hf6lg" [X] "vc log bows face"="C:\ProgramData\license four body.t2awxbe" [X] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-16 159744] "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 1548288] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864] "lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264] "FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 1235736] "SigmatelSysTrayApp"="sttray.exe" [2007-04-23 C:\Windows\sttray.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-17 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i263_32.drv "MSACM.G723"= g723.acm "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun "BitTorrent DNA"="C:\Users\Fredrik\Program Files\DNA\btdna.exe" "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "Microsoft Office Outlook"=C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE /recycle [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "PluginCamera"=C:\Program Files\Intel\Createshare\program\starter.exe -regargs "\\Commands\RegPlug" "Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "PC Booster"=C:\Program Files\inKline Global\PC Booster\pcbooster.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" "WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{72C73353-FDA3-4479-A41F-77C8C62C8519}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{0E33FD01-4328-468C-9C42-9DA0B3AB018E}"= UDP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "{6AB943AC-9EE2-4EF8-A1B9-742065993F24}"= TCP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "TCP Query User{1449B01C-B12C-48F9-BBD7-5D5186AEBFE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{D1E9F221-9BE8-44EB-9A1E-E4E7FF2AB089}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{32F077DB-228B-405D-BD74-FC20F3F2B7E6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{B7C6927D-F3A9-466F-8C01-FB668A042248}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{F3682469-2A59-4501-B909-891ED1E51951}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{DD17C53E-0EE8-4D5D-A2D8-0B877708B90D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{F3E296BD-42C4-448B-B092-257C29DD03CF}E:\\setup.exe"= UDP:E:\setup.exe:Setup "UDP Query User{3A063789-FBB0-4B5F-8CDC-25B642713158}E:\\setup.exe"= TCP:E:\setup.exe:Setup "TCP Query User{DF8C657A-2227-4337-A0B8-B7F4ADB95625}E:\\setup.exe"= UDP:E:\setup.exe:Setup "UDP Query User{6BA2F75D-7536-4330-8661-E174B8504660}E:\\setup.exe"= TCP:E:\setup.exe:Setup "{1FD9A0D6-BC62-4C32-B048-A6BF78863EE7}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{F7DEEB85-E793-45C2-B437-99F6F7FE17BF}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{029C909C-71DA-4073-A4D2-BBACC40F6259}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{650E41C9-6B8D-4AD3-9F50-84C5A536DB04}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "TCP Query User{7887500E-56CA-4D9C-98A4-6C6AA2043ECF}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "UDP Query User{95FEE24B-9830-4F70-BB54-34BE28E199D2}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "{DC6BE42C-254F-43D1-87D3-D012CA66C524}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{EDBB8EE5-EA86-4762-9450-F552108BE083}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{8097D8EA-8E81-44B4-8FA8-D02BCFF9F8D7}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{521681C6-DCFD-48B9-8AD2-74E2F2F45EA8}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{A438DA5C-41F9-4541-A1FA-8DFCDB802D5D}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{16BBC2D0-9C97-40EA-8284-A34FDE5CF2E7}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{3F145890-DBE5-424D-933C-ADBFC2C0B891}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{C7B36EF8-F998-4002-9730-9A67B2A4C90C}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{6E42E7FA-5C87-4495-97DE-1B8714BCC1CA}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{2CCFD2E0-7A7D-4983-A990-635B839DEDE7}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{29A62686-F120-49CC-9823-B1F082FDA86A}"= UDP:C:\Windows\System32\lxdicfg.exe:Printer Communication System "{DF83C141-A1DF-4E8A-B10E-CEB33ACBCBC0}"= TCP:C:\Windows\System32\lxdicfg.exe:Printer Communication System "{B4B01F13-381C-4ACD-93BD-DF06A8FE4BBB}"= UDP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System "{6F0AFFEA-53CD-40AD-BBA6-8E23363E66D2}"= TCP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System "{45C25AE0-8C04-41A3-8991-328FA58E0C9C}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{C3D1E609-E1E8-4F52-A1E8-B4049CB6E1F2}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{2027EBB9-209D-46D5-85FC-D97A12AFB290}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "{F273D514-4220-4A4B-A399-9AFCF0260EC5}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "TCP Query User{FDE5BF92-31ED-4C19-AE84-AD9D0A8CA424}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{D85706A3-3515-4A42-B182-03D159EA25E9}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "TCP Query User{283C4775-94E7-442A-BC4B-5F1B9A2B9FBB}C:\\users\\fredrik\\documents\\downloads\\wormsarm\\wormsarm\\wa.exe"= UDP:C:\users\fredrik\documents\downloads\wormsarm\wormsarm\wa.exe:wa.exe "UDP Query User{718B5D60-E845-4754-8F49-E67D58A99EF8}C:\\users\\fredrik\\documents\\downloads\\wormsarm\\wormsarm\\wa.exe"= TCP:C:\users\fredrik\documents\downloads\wormsarm\wormsarm\wa.exe:wa.exe "TCP Query User{25E0CCBA-3FD3-4867-AEC8-F66CE8E94676}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{456A63E8-5FC0-4A14-B7DD-810E24E6224B}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{37DDAA5F-B7EB-4752-A022-B1584CA22907}C:\\users\\fredrik\\program files\\dna\\btdna.exe"= UDP:C:\users\fredrik\program files\dna\btdna.exe:btdna.exe "UDP Query User{AEEF02B2-D20A-4420-92D2-AF12F97BC467}C:\\users\\fredrik\\program files\\dna\\btdna.exe"= TCP:C:\users\fredrik\program files\dna\btdna.exe:btdna.exe "TCP Query User{DAE6FF43-CF83-4363-B537-2D14E88F5DC9}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{93135F19-8ADB-476A-8096-F01FB285CB7F}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{F515BF25-9375-46AA-BC31-5B2045ED0D9E}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{6072784C-EC89-4216-AB3B-079078524EA8}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "{C5046C8E-5840-4AE9-90A5-C7757DBC4DB4}"= UDP:C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2 "{64473023-680B-4FC7-BFCC-2C6FCDF90FB9}"= TCP:C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2 "TCP Query User{5A7C612F-9C1C-43E9-AFA2-72A2305EE99B}C:\\program files\\firefly studios\\stronghold 2\\stronghold2.exe"= UDP:C:\program files\firefly studios\stronghold 2\stronghold2.exe:Stronghold 2 "UDP Query User{6EDCCA53-72A0-4F0E-9A67-AD5434ABC10B}C:\\program files\\firefly studios\\stronghold 2\\stronghold2.exe"= TCP:C:\program files\firefly studios\stronghold 2\stronghold2.exe:Stronghold 2 "TCP Query User{8B6203FD-A519-480A-9882-3A981ACBCEA7}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= UDP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "UDP Query User{CBAF1E08-BDF8-4A7F-A76B-6FD703AE853E}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= TCP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "TCP Query User{152E5207-769C-4765-BDAF-4D54A2CDCE6E}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= UDP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "UDP Query User{84AD4C73-AB91-41B2-831B-80F883BBD55E}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= TCP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "TCP Query User{84FCFB69-2920-42EC-B5D4-D877A0FE80E6}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "UDP Query User{89379119-6712-4F04-B64B-B766518A5C5B}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "TCP Query User{86D05A14-8F8A-4317-97C9-48AA32DF9522}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "UDP Query User{6242B71B-C603-4E48-B718-D9C9DBB61BA6}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "TCP Query User{7265CF0C-64B9-4C60-8138-FEBD8B6DD13A}C:\\program files\\lexmark 3500-4500 series\\app4r.exe"= UDP:C:\program files\lexmark 3500-4500 series\app4r.exe:Printing Application "UDP Query User{B93AF554-E416-478E-889B-085D4026AA77}C:\\program files\\lexmark 3500-4500 series\\app4r.exe"= TCP:C:\program files\lexmark 3500-4500 series\app4r.exe:Printing Application "TCP Query User{4185B8A4-C528-40C5-A7BA-9AD34C13DD95}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= UDP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "UDP Query User{F5118D6D-5999-4659-BB0E-11F6F2894E34}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= TCP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "TCP Query User{989B807C-62BC-4F31-8217-BAA15693DEEC}C:\\program files\\tf\\team fortress 2\\hl2.exe"= UDP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "UDP Query User{91D52777-7275-4DE4-A33D-AD9B0AD8E28A}C:\\program files\\tf\\team fortress 2\\hl2.exe"= TCP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "TCP Query User{4162C2F4-EBA9-4C4C-8C59-BA1D3154911B}C:\\program files\\tf\\team fortress 2\\hl2.exe"= UDP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "UDP Query User{F7EAF497-6D08-427E-AF04-4BC837E4CF98}C:\\program files\\tf\\team fortress 2\\hl2.exe"= TCP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "TCP Query User{04C99F89-804F-4A77-8F92-0B28B25F608D}C:\\program files\\steam\\steamapps\\fnedy\\dark messiah might and magic dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\fnedy\dark messiah might and magic dedicated server\srcds.exe:srcds "UDP Query User{7DE68A56-7E3B-48C7-AD6C-8D5C9F1146AD}C:\\program files\\steam\\steamapps\\fnedy\\dark messiah might and magic dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\fnedy\dark messiah might and magic dedicated server\srcds.exe:srcds "TCP Query User{2DD6EDB0-E911-40F0-95E1-AF3C12CA6C67}C:\\users\\fredrik\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:C:\users\fredrik\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe "UDP Query User{C6AAF1DA-147C-412A-9939-4326B742ED24}C:\\users\\fredrik\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:C:\users\fredrik\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe "TCP Query User{34E1CA44-1523-4932-AF67-6166546AC672}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "UDP Query User{C8C4A023-81D1-40E5-B97A-2E9BFCC03689}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "TCP Query User{77CE3CF0-8F1B-42E9-A323-244384ECAAB2}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor "UDP Query User{E47D12CA-F789-43BB-9A0E-768220D31808}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor "TCP Query User{BE65E148-B6BF-4B58-8DBD-68238C1AA14A}C:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application "UDP Query User{AF77790A-478A-40E5-9B0B-91E9F740581D}C:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application "TCP Query User{0238F6CF-3747-4E68-B929-6B13B20F0AF1}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "UDP Query User{AF5C846E-9CE9-48B7-B0C9-CF8C3836A94A}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "{ED98C0BE-5C3A-4C95-8336-158C3499EDE5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5C534514-83E2-425C-A6AA-9DBD47271FDE}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "UDP Query User{60EC3FBC-56AE-40BD-AE18-E565D5C2956C}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "TCP Query User{9D5EFB34-985D-427F-AC32-3D10E28FA7CF}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{F6BBD1AE-01AE-42AE-8A69-9E8D2226BF27}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{55D1F2D7-5006-47FB-9F1A-7058551AAC8B}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= UDP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "UDP Query User{C187BF55-DAD8-4F8B-B98D-416AF95586F4}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= TCP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "TCP Query User{CC5FAA76-86FE-4E8C-AD22-69DA7318C23B}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{46B3BB3A-5DDB-4FC3-B54C-CA966BA6AF99}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "{5DAF5515-DD63-4A59-B5D9-719BFAF902B1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{9AEC6ABF-677C-4482-B8B9-250F6E7F1B48}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{A79F2130-3069-4E07-8730-ED7220B324E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{45044632-16E1-4B45-A97E-54078903923E}"= UDP:C:\Users\Fredrik\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{37C0B15F-EA68-40BE-B665-21AB24C83AA5}"= TCP:C:\Users\Fredrik\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{B0D9E4E4-3CC5-42BB-93E8-725DBEE0B8AF}C:\\users\\fredrik\\documents\\downloads\\quake 3 arena\\quake3.exe"= UDP:C:\users\fredrik\documents\downloads\quake 3 arena\quake3.exe:quake3.exe "UDP Query User{7C8574E7-5916-4670-954D-4F0ACAB6B045}C:\\users\\fredrik\\documents\\downloads\\quake 3 arena\\quake3.exe"= TCP:C:\users\fredrik\documents\downloads\quake 3 arena\quake3.exe:quake3.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680] R0 PBADRV;PBADRV;C:\Windows\system32\DRIVERS\PBADRV.sys [2006-08-28 19968] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-31 97928] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704] R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 BthFilterHelper;Bluetooth Feature Support;C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488] R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe [2007-06-11 517040] R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 21504] R2 WavxDMgr;WavxDMgr;C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-02-15 121344] R3 BTHFILT;Bluetooth-kommandofilter;C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824] R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-12 92656] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-21 179712] S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);C:\Windows\system32\Drivers\FLMckUSB.sys [2006-07-27 69810] S3 ICAM8USB;Intel® PC Camera CS120;C:\Windows\system32\Drivers\Icm8D2.SYS [2001-07-12 237504] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 SecureStorageService;SecureStorageService;C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-02-16 488448] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-05 355584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a47e54dc-7a87-11dc-9398-001a6b79634e}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fda21a36-53dd-11dc-8cbb-001a6b79634e}] \shell\AutoRun\command - G:\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {BA384837-6755-6433-A806-943F6BBD8B01} /qb . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Fredrik\AppData\Roaming\Mozilla\Firefox\Profiles\1jjwh2eq.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.vg.no FF -: plugin - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll FF -: plugin - C:\Users\Fredrik\Program Files\DNA\plugins\npbtdna.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-14 23:10:35 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Windows\TEMP\0eef50d4-4621-46c9-bd77-3a0b41ce047c.tmp 0 bytes C:\Windows\TEMP\3237309d-fae6-4918-b6eb-117e47b24f4f.tmp 0 bytes C:\Windows\TEMP\cafbf9bc-ece3-4432-baa9-b4c0c52bccde.tmp 0 bytes scan completed successfully hidden files: 3 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\BCMWLTRY.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\System32\stacsv.exe C:\Windows\System32\drivers\XAudio.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Windows\System32\conime.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Apoint\hidfind.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-09-14 23:19:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-14 21:19:29 ComboFix2.txt 2008-09-14 16:21:01 Pre-Run: 36,799,610,880 byte ledig Post-Run: 36,595,007,488 byte ledig 355 --- E O F --- 2008-09-13 23:10:40 Lenke til kommentar
fnedy Skrevet 15. september 2008 Forfatter Del Skrevet 15. september 2008 Vil bare si, at jeg har fortsatt problemer med CID poppup, selv om Messenger Plus! Live er fjernet =/ Mvh fnedy Lenke til kommentar
norbat Skrevet 15. september 2008 Del Skrevet 15. september 2008 Åpne notisblokk og kopier/lim inn det som står i fet skrift under. Lagre fila på skrivebordet som CFScript.txt Dra og slipp fila over Combofix-iconet. Combofix vil starte igjen: Folder:: C:\Users\All Users\Memo Drive Vc Log C:\Users\All Users\2 dart iso C:\ProgramData\Memo Drive Vc Log C:\ProgramData\2 dart iso C:\Program Files\2 dart iso Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fork find"=- "vc log bows face"=- Sjekk deretter i Hosts-fila om det ligger noen oppføringer knyttet til CiD: Gå til: C:\Windows\System32\Drivers\etc Dobbeltklikk på Hosts og velg å åpne den i notisblokk. Sjekk at det ikke står noen oppføringer knyttet til CiD. Hvis, gi beskjed, så fjerner vi dem derfra. Lenke til kommentar
fnedy Skrevet 16. september 2008 Forfatter Del Skrevet 16. september 2008 Hei igjen! Fant ingen ting knyttet til CID på Hosts. Men var en fil som ver rett under som het "hosts.msn" skal den være der? Men, loggen til ComboFix blir Klikk for å se/fjerne innholdet nedenfor ComboFix 08-09-14.01 - Fredrik 2008-09-16 12:13:41.3 - NTFSx86Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1044.18.1016 [GMT 2:00] Running from: C:\Users\Fredrik\Downloads\ComboFix.exe Command switches used :: C:\Users\Fredrik\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\2 dart iso C:\ProgramData\2 dart iso C:\ProgramData\2 dart iso\xebldccb.exe C:\ProgramData\Memo Drive Vc Log C:\ProgramData\Memo Drive Vc Log\bold glue.exe C:\Users\All Users\2 dart iso C:\Users\All Users\2 dart iso\xebldccb.exe C:\Users\All Users\Memo Drive Vc Log C:\Users\All Users\Memo Drive Vc Log\bold glue.exe . ((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 ))))))))))))))))))))))))))))))) . 2008-09-14 18:24 . 2008-09-14 18:24 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-14 17:54 . 2008-09-14 17:54 <DIR> d-------- C:\Program Files\CCleaner 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Malwarebytes 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-09-14 17:43 . 2008-09-14 17:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-14 17:43 . 2008-09-10 00:08 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-14 17:43 . 2008-09-10 00:08 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\SUPERAntiSpyware.com 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-09-14 17:28 . 2008-09-14 17:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-10 17:53 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 17:53 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 17:53 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 17:53 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 17:53 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 17:53 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 17:53 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 17:53 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-10 17:53 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-10 08:23 . 2008-09-10 08:23 <DIR> d-------- C:\SYSWIN34 2008-09-10 08:23 . 2008-09-10 08:24 1,046 --a------ C:\Windows\SYSWIN.INI 2008-09-09 18:26 . 2008-09-16 09:34 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\OpenOffice.org2 2008-09-09 18:23 . 2008-09-09 18:24 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 2008-09-08 12:39 . 2008-09-08 12:39 122,896 --a------ C:\Users\All Users\bluedashdash.k4sys 2008-09-08 12:39 . 2008-09-08 12:39 122,896 --a------ C:\ProgramData\bluedashdash.k4sys 2008-09-06 00:38 . 2008-09-06 01:33 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Spore 2008-09-03 17:53 . 2008-09-03 17:53 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Atari 2008-09-03 17:53 . 2008-09-12 18:04 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll 2008-09-03 10:12 . 2008-09-03 10:12 <DIR> d-------- C:\Program Files\Common Files\PocketSoft 2008-09-03 10:12 . 2002-02-27 18:50 197,120 --a------ C:\Windows\patchw32.dll 2008-09-03 10:06 . 2008-09-03 10:06 <DIR> d-------- C:\Program Files\Atari 2008-09-01 17:13 . 2008-09-01 17:13 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\aAvgApi 2008-08-28 09:49 . 2008-09-15 16:16 <DIR> d--h----- C:\$AVG8.VAULT$ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-16 10:27 --------- d-----w C:\Program Files\Steam 2008-09-16 08:37 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-16 06:41 --------- d-----w C:\Program Files\Clue 2008-09-14 15:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-14 10:25 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-09-13 23:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-13 23:17 --------- d-----w C:\Program Files\EA GAMES 2008-09-13 23:12 --------- d-----w C:\Program Files\World of Warcraft 2008-09-12 06:32 --------- d-----w C:\Program Files\Common Files\Steam 2008-09-10 20:45 --------- d-----w C:\ProgramData\Lx_cats 2008-09-07 13:53 --------- d-----w C:\ProgramData\avg8 2008-09-06 01:19 --------- d-----w C:\Users\Fredrik\AppData\Roaming\uTorrent 2008-09-05 23:01 --------- d-----w C:\Program Files\Electronic Arts 2008-08-30 23:38 97,928 ----a-w C:\Windows\system32\drivers\avgldx86.sys 2008-08-30 15:37 --------- d-----w C:\Program Files\Warcraft III 2008-08-22 23:21 --------- d-----w C:\ProgramData\WLInstaller 2008-08-14 01:11 --------- d-----w C:\Program Files\Windows Mail 2008-08-05 20:20 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-08-05 20:17 --------- d-----w C:\Users\Fredrik\AppData\Roaming\vlc 2008-08-05 19:03 --------- d-----w C:\Program Files\VideoLAN 2008-08-05 18:56 --------- d-----w C:\Users\Fredrik\AppData\Roaming\Media Player Classic 2008-07-31 21:08 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 22:12 --------- d-----w C:\Users\Fredrik\AppData\Roaming\CyberLink 2008-07-30 22:12 --------- d-----w C:\ProgramData\CyberLink 2008-07-18 18:38 587,264 ----a-w C:\Windows\WLXPGSS.SCR 2008-06-11 22:07 174 --sha-w C:\Program Files\desktop.ini 2007-07-16 17:31 19,194,902 ----a-w C:\Users\Fredrik\TmNationsESWC_175_to_179_Setup.exe 2007-09-30 09:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-30 09:15 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-30 09:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-09-14_18.19.50.99 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-14 16:10:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-09-16 10:25:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-09-14 16:10:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-09-16 10:25:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-09-14 16:10:55 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-09-16 10:27:25 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-09-14 16:10:55 151,552 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-09-16 10:27:25 151,552 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-09-14 16:03:12 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-14 21:03:15 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-14 21:03:15 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2008-09-14 10:31:32 123,306 ----a-w C:\Windows\System32\perfc009.dat + 2008-09-16 07:37:01 123,306 ----a-w C:\Windows\System32\perfc009.dat - 2008-09-14 10:31:32 99,030 ----a-w C:\Windows\System32\perfc014.dat + 2008-09-16 07:37:01 99,030 ----a-w C:\Windows\System32\perfc014.dat - 2008-09-14 10:31:32 645,118 ----a-w C:\Windows\System32\perfh009.dat + 2008-09-16 07:37:01 645,118 ----a-w C:\Windows\System32\perfh009.dat - 2008-09-14 10:31:32 509,572 ----a-w C:\Windows\System32\perfh014.dat + 2008-09-16 07:37:01 509,572 ----a-w C:\Windows\System32\perfh014.dat - 2008-09-14 16:12:31 16,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1748251382-2731769529-558059207-1003_UserData.bin + 2008-09-16 06:19:27 16,966 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1748251382-2731769529-558059207-1003_UserData.bin - 2008-09-14 16:12:31 83,572 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-09-16 06:19:27 83,896 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-09-14 10:54:24 52,194 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-09-16 06:18:39 52,406 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-09-14 14:27:26 448,718 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-09-15 20:35:28 454,524 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 167368] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-07-31 1271032] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-30 171448] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-16 159744] "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 1548288] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864] "lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264] "FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 1235736] "SigmatelSysTrayApp"="sttray.exe" [2007-04-23 C:\Windows\sttray.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-17 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i263_32.drv "MSACM.G723"= g723.acm "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun "BitTorrent DNA"="C:\Users\Fredrik\Program Files\DNA\btdna.exe" "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "Microsoft Office Outlook"=C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE /recycle [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "PluginCamera"=C:\Program Files\Intel\Createshare\program\starter.exe -regargs "\\Commands\RegPlug" "Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "PC Booster"=C:\Program Files\inKline Global\PC Booster\pcbooster.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" "WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{72C73353-FDA3-4479-A41F-77C8C62C8519}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{0E33FD01-4328-468C-9C42-9DA0B3AB018E}"= UDP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "{6AB943AC-9EE2-4EF8-A1B9-742065993F24}"= TCP:C:\Program Files\Electronic Arts\Kampen om Midgard II\game.dat:Kampen om Midgard™ II "TCP Query User{1449B01C-B12C-48F9-BBD7-5D5186AEBFE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{D1E9F221-9BE8-44EB-9A1E-E4E7FF2AB089}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{32F077DB-228B-405D-BD74-FC20F3F2B7E6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{B7C6927D-F3A9-466F-8C01-FB668A042248}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{F3682469-2A59-4501-B909-891ED1E51951}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{DD17C53E-0EE8-4D5D-A2D8-0B877708B90D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{F3E296BD-42C4-448B-B092-257C29DD03CF}E:\\setup.exe"= UDP:E:\setup.exe:Setup "UDP Query User{3A063789-FBB0-4B5F-8CDC-25B642713158}E:\\setup.exe"= TCP:E:\setup.exe:Setup "TCP Query User{DF8C657A-2227-4337-A0B8-B7F4ADB95625}E:\\setup.exe"= UDP:E:\setup.exe:Setup "UDP Query User{6BA2F75D-7536-4330-8661-E174B8504660}E:\\setup.exe"= TCP:E:\setup.exe:Setup "{1FD9A0D6-BC62-4C32-B048-A6BF78863EE7}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{F7DEEB85-E793-45C2-B437-99F6F7FE17BF}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{029C909C-71DA-4073-A4D2-BBACC40F6259}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{650E41C9-6B8D-4AD3-9F50-84C5A536DB04}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "TCP Query User{7887500E-56CA-4D9C-98A4-6C6AA2043ECF}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "UDP Query User{95FEE24B-9830-4F70-BB54-34BE28E199D2}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2 "{DC6BE42C-254F-43D1-87D3-D012CA66C524}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{EDBB8EE5-EA86-4762-9450-F552108BE083}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{8097D8EA-8E81-44B4-8FA8-D02BCFF9F8D7}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{521681C6-DCFD-48B9-8AD2-74E2F2F45EA8}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{A438DA5C-41F9-4541-A1FA-8DFCDB802D5D}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{16BBC2D0-9C97-40EA-8284-A34FDE5CF2E7}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{3F145890-DBE5-424D-933C-ADBFC2C0B891}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{C7B36EF8-F998-4002-9730-9A67B2A4C90C}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{6E42E7FA-5C87-4495-97DE-1B8714BCC1CA}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{2CCFD2E0-7A7D-4983-A990-635B839DEDE7}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{29A62686-F120-49CC-9823-B1F082FDA86A}"= UDP:C:\Windows\System32\lxdicfg.exe:Printer Communication System "{DF83C141-A1DF-4E8A-B10E-CEB33ACBCBC0}"= TCP:C:\Windows\System32\lxdicfg.exe:Printer Communication System "{B4B01F13-381C-4ACD-93BD-DF06A8FE4BBB}"= UDP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System "{6F0AFFEA-53CD-40AD-BBA6-8E23363E66D2}"= TCP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System "{45C25AE0-8C04-41A3-8991-328FA58E0C9C}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{C3D1E609-E1E8-4F52-A1E8-B4049CB6E1F2}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface "{2027EBB9-209D-46D5-85FC-D97A12AFB290}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "{F273D514-4220-4A4B-A399-9AFCF0260EC5}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable "TCP Query User{FDE5BF92-31ED-4C19-AE84-AD9D0A8CA424}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{D85706A3-3515-4A42-B182-03D159EA25E9}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "TCP Query User{283C4775-94E7-442A-BC4B-5F1B9A2B9FBB}C:\\users\\fredrik\\documents\\downloads\\wormsarm\\wormsarm\\wa.exe"= UDP:C:\users\fredrik\documents\downloads\wormsarm\wormsarm\wa.exe:wa.exe "UDP Query User{718B5D60-E845-4754-8F49-E67D58A99EF8}C:\\users\\fredrik\\documents\\downloads\\wormsarm\\wormsarm\\wa.exe"= TCP:C:\users\fredrik\documents\downloads\wormsarm\wormsarm\wa.exe:wa.exe "TCP Query User{25E0CCBA-3FD3-4867-AEC8-F66CE8E94676}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{456A63E8-5FC0-4A14-B7DD-810E24E6224B}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{37DDAA5F-B7EB-4752-A022-B1584CA22907}C:\\users\\fredrik\\program files\\dna\\btdna.exe"= UDP:C:\users\fredrik\program files\dna\btdna.exe:btdna.exe "UDP Query User{AEEF02B2-D20A-4420-92D2-AF12F97BC467}C:\\users\\fredrik\\program files\\dna\\btdna.exe"= TCP:C:\users\fredrik\program files\dna\btdna.exe:btdna.exe "TCP Query User{DAE6FF43-CF83-4363-B537-2D14E88F5DC9}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{93135F19-8ADB-476A-8096-F01FB285CB7F}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{F515BF25-9375-46AA-BC31-5B2045ED0D9E}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{6072784C-EC89-4216-AB3B-079078524EA8}C:\\users\\fredrik\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\fredrik\program files\utorrent\utorrent.exe:utorrent.exe "{C5046C8E-5840-4AE9-90A5-C7757DBC4DB4}"= UDP:C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2 "{64473023-680B-4FC7-BFCC-2C6FCDF90FB9}"= TCP:C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2 "TCP Query User{5A7C612F-9C1C-43E9-AFA2-72A2305EE99B}C:\\program files\\firefly studios\\stronghold 2\\stronghold2.exe"= UDP:C:\program files\firefly studios\stronghold 2\stronghold2.exe:Stronghold 2 "UDP Query User{6EDCCA53-72A0-4F0E-9A67-AD5434ABC10B}C:\\program files\\firefly studios\\stronghold 2\\stronghold2.exe"= TCP:C:\program files\firefly studios\stronghold 2\stronghold2.exe:Stronghold 2 "TCP Query User{8B6203FD-A519-480A-9882-3A981ACBCEA7}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= UDP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "UDP Query User{CBAF1E08-BDF8-4A7F-A76B-6FD703AE853E}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= TCP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "TCP Query User{152E5207-769C-4765-BDAF-4D54A2CDCE6E}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= UDP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "UDP Query User{84AD4C73-AB91-41B2-831B-80F883BBD55E}C:\\users\\fredrik\\documents\\downloads\\team fortress 2\\team fortress 2\\hl2.exe"= TCP:C:\users\fredrik\documents\downloads\team fortress 2\team fortress 2\hl2.exe:hl2.exe "TCP Query User{84FCFB69-2920-42EC-B5D4-D877A0FE80E6}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "UDP Query User{89379119-6712-4F04-B64B-B766518A5C5B}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "TCP Query User{86D05A14-8F8A-4317-97C9-48AA32DF9522}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "UDP Query User{6242B71B-C603-4E48-B718-D9C9DBB61BA6}C:\\program files\\steam\\steamapps\\fnedy\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\fnedy\team fortress 2\hl2.exe:hl2 "TCP Query User{7265CF0C-64B9-4C60-8138-FEBD8B6DD13A}C:\\program files\\lexmark 3500-4500 series\\app4r.exe"= UDP:C:\program files\lexmark 3500-4500 series\app4r.exe:Printing Application "UDP Query User{B93AF554-E416-478E-889B-085D4026AA77}C:\\program files\\lexmark 3500-4500 series\\app4r.exe"= TCP:C:\program files\lexmark 3500-4500 series\app4r.exe:Printing Application "TCP Query User{4185B8A4-C528-40C5-A7BA-9AD34C13DD95}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= UDP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "UDP Query User{F5118D6D-5999-4659-BB0E-11F6F2894E34}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= TCP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "TCP Query User{989B807C-62BC-4F31-8217-BAA15693DEEC}C:\\program files\\tf\\team fortress 2\\hl2.exe"= UDP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "UDP Query User{91D52777-7275-4DE4-A33D-AD9B0AD8E28A}C:\\program files\\tf\\team fortress 2\\hl2.exe"= TCP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "TCP Query User{4162C2F4-EBA9-4C4C-8C59-BA1D3154911B}C:\\program files\\tf\\team fortress 2\\hl2.exe"= UDP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "UDP Query User{F7EAF497-6D08-427E-AF04-4BC837E4CF98}C:\\program files\\tf\\team fortress 2\\hl2.exe"= TCP:C:\program files\tf\team fortress 2\hl2.exe:hl2 "TCP Query User{04C99F89-804F-4A77-8F92-0B28B25F608D}C:\\program files\\steam\\steamapps\\fnedy\\dark messiah might and magic dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\fnedy\dark messiah might and magic dedicated server\srcds.exe:srcds "UDP Query User{7DE68A56-7E3B-48C7-AD6C-8D5C9F1146AD}C:\\program files\\steam\\steamapps\\fnedy\\dark messiah might and magic dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\fnedy\dark messiah might and magic dedicated server\srcds.exe:srcds "TCP Query User{2DD6EDB0-E911-40F0-95E1-AF3C12CA6C67}C:\\users\\fredrik\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:C:\users\fredrik\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe "UDP Query User{C6AAF1DA-147C-412A-9939-4326B742ED24}C:\\users\\fredrik\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:C:\users\fredrik\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe "TCP Query User{34E1CA44-1523-4932-AF67-6166546AC672}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "UDP Query User{C8C4A023-81D1-40E5-B97A-2E9BFCC03689}C:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary "TCP Query User{77CE3CF0-8F1B-42E9-A323-244384ECAAB2}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor "UDP Query User{E47D12CA-F789-43BB-9A0E-768220D31808}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor "TCP Query User{BE65E148-B6BF-4B58-8DBD-68238C1AA14A}C:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application "UDP Query User{AF77790A-478A-40E5-9B0B-91E9F740581D}C:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application "TCP Query User{0238F6CF-3747-4E68-B929-6B13B20F0AF1}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "UDP Query User{AF5C846E-9CE9-48B7-B0C9-CF8C3836A94A}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "{ED98C0BE-5C3A-4C95-8336-158C3499EDE5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5C534514-83E2-425C-A6AA-9DBD47271FDE}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "UDP Query User{60EC3FBC-56AE-40BD-AE18-E565D5C2956C}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidepanel "TCP Query User{9D5EFB34-985D-427F-AC32-3D10E28FA7CF}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{F6BBD1AE-01AE-42AE-8A69-9E8D2226BF27}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{55D1F2D7-5006-47FB-9F1A-7058551AAC8B}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= UDP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "UDP Query User{C187BF55-DAD8-4F8B-B98D-416AF95586F4}C:\\program files\\3do\\heroes 3 complete\\heroes3.exe"= TCP:C:\program files\3do\heroes 3 complete\heroes3.exe:Heroes of Might and Magic® III "TCP Query User{CC5FAA76-86FE-4E8C-AD22-69DA7318C23B}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{46B3BB3A-5DDB-4FC3-B54C-CA966BA6AF99}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "{5DAF5515-DD63-4A59-B5D9-719BFAF902B1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{9AEC6ABF-677C-4482-B8B9-250F6E7F1B48}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{A79F2130-3069-4E07-8730-ED7220B324E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{45044632-16E1-4B45-A97E-54078903923E}"= UDP:C:\Users\Fredrik\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{37C0B15F-EA68-40BE-B665-21AB24C83AA5}"= TCP:C:\Users\Fredrik\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{B0D9E4E4-3CC5-42BB-93E8-725DBEE0B8AF}C:\\users\\fredrik\\documents\\downloads\\quake 3 arena\\quake3.exe"= UDP:C:\users\fredrik\documents\downloads\quake 3 arena\quake3.exe:quake3.exe "UDP Query User{7C8574E7-5916-4670-954D-4F0ACAB6B045}C:\\users\\fredrik\\documents\\downloads\\quake 3 arena\\quake3.exe"= TCP:C:\users\fredrik\documents\downloads\quake 3 arena\quake3.exe:quake3.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680] R0 PBADRV;PBADRV;C:\Windows\system32\DRIVERS\PBADRV.sys [2006-08-28 19968] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-31 97928] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704] R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 BthFilterHelper;Bluetooth Feature Support;C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488] R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe [2007-06-11 517040] R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 21504] R2 WavxDMgr;WavxDMgr;C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-02-15 121344] R3 BTHFILT;Bluetooth-kommandofilter;C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-21 179712] S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);C:\Windows\system32\Drivers\FLMckUSB.sys [2006-07-27 69810] S3 ICAM8USB;Intel® PC Camera CS120;C:\Windows\system32\Drivers\Icm8D2.SYS [2001-07-12 237504] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 SecureStorageService;SecureStorageService;C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-02-16 488448] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-12 92656] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-05 355584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a47e54dc-7a87-11dc-9398-001a6b79634e}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fda21a36-53dd-11dc-8cbb-001a6b79634e}] \shell\AutoRun\command - G:\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {BA384837-6755-6433-A806-943F6BBD8B01} /qb . Contents of the 'Scheduled Tasks' folder . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-16 12:27:49 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\BCMWLTRY.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\System32\stacsv.exe C:\Windows\System32\drivers\XAudio.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Windows\System32\conime.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\hidfind.exe C:\Program Files\Apoint\ApntEx.exe . ************************************************************************** . Completion time: 2008-09-16 12:35:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-16 10:35:23 ComboFix2.txt 2008-09-14 21:19:50 ComboFix3.txt 2008-09-14 16:21:01 Pre-Run: 36,016,685,056 byte ledig Post-Run: 35,833,610,240 byte ledig 350 --- E O F --- 2008-09-13 23:10:40 Lenke til kommentar
QBab Skrevet 16. september 2008 Del Skrevet 16. september 2008 Hva er problemet med messenger plus? Det er en jo en digg addon. Lenke til kommentar
norbat Skrevet 16. september 2008 Del Skrevet 16. september 2008 (endret) Og hvordan går det nå med adwaren som ble installert pga. Messenger Plus!? I Hosts kan du slette alt som står under linjene: 127.0.0.1 localhost ::1 localhost Hvis, så gjør du følgende for å editere fila i Vista: Høyreklikk på Notisblokk (du finner den unde Tilbehør) og velg å kjøre som Administrator Klikk Fil->Åpne og bla deg fra til der Hostsfila ligger - åpne den. Fjern det som skal fjernes Lagre og lukk. Kunne du ha åpnet hosts.msn i notisblokk og sjekket hva den inneholder Endret 16. september 2008 av norbat Lenke til kommentar
fnedy Skrevet 16. september 2008 Forfatter Del Skrevet 16. september 2008 Jeg fant ingen ting under 127.0.0.1 localhost ::1 localhost Virket ikke som hosts.msn, var skummel den heller. Klikk for å se/fjerne innholdet nedenfor # Copyright © 1993-2006 Microsoft Corp.# # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost Etter å ha kjørt alle di nye anti programmene, har unødvendige backupfiler blitt redusert Har funnet 800MB på 2 dager, med TuneUp. Og det er en framgang. Lenke til kommentar
norbat Skrevet 16. september 2008 Del Skrevet 16. september 2008 -og CiD er borte? Lenke til kommentar
fnedy Skrevet 16. september 2008 Forfatter Del Skrevet 16. september 2008 Fikk to-tre CID tidligere i dag, men etter å startet pcen på nytt, har jeg ikke fått noen problemer på noen timer. Virker som det har gitt seg Takk for all hjelp:) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå