[Løst]Kan nokon sjekke loggenfor virus? :)(HijackThis )

Soildor · 7. januar 2009

hmm... tror det er et virus som reagerer på combofix..
får du innstalert det og kjørt det ?

edit: hvis det ikke er windows defender som tar Combofix som et virus?

det er windows defender som tar det som eit virus :/ (trur eg)

skal eg bare trykke ignorer da eller?

Endret 7. januar 2009 av Soildor

raWrz · 7. januar 2009

ja

Soildor · 7. januar 2009

her er loggen :

ComboFix 09-01-06.02 - sondre 2009-01-07 18:26:03.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2046.1079 [GMT 1:00]

Kjører fra: c:\users\sondre\Desktop\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\drv\TVtuner\Liteon\Resources\_desktop.ini

c:\windows\Downloaded Program Files\setup.inf

c:\windows\icon.ico

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-07 til 2009-01-07 )))))))))))))))))))))))))))))))))

.

2009-01-07 17:51 . 2009-01-07 17:51 <DIR> d-------- c:\users\sondre\AppData\Roaming\Malwarebytes

2009-01-07 17:51 . 2009-01-04 18:41 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-07 17:51 . 2009-01-04 18:41 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-07 17:50 . 2009-01-07 17:50 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-01-07 17:50 . 2009-01-07 17:50 <DIR> d-------- c:\programdata\Malwarebytes

2009-01-07 17:50 . 2009-01-07 17:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-07 17:37 . 2009-01-07 17:38 524,288 --ahs---- c:\users\aadne{893e0d42-ba25-11dd-8b2a-001b3828eefb}.TMContainer00000000000000000002.regtrans-ms

2009-01-07 17:37 . 2009-01-07 17:45 524,288 --ahs---- c:\users\aadne{893e0d42-ba25-11dd-8b2a-001b3828eefb}.TMContainer00000000000000000001.regtrans-ms

2009-01-07 17:37 . 2009-01-07 17:45 65,536 --ahs---- c:\users\aadne{893e0d42-ba25-11dd-8b2a-001b3828eefb}.TM.blf

2009-01-07 16:46 . 2009-01-07 16:47 <DIR> d-------- c:\program files\HJT

2009-01-04 20:54 . 2009-01-04 20:54 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com

2009-01-04 20:54 . 2009-01-04 20:54 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

2009-01-04 20:51 . 2009-01-04 20:51 <DIR> d-------- c:\users\sondre\AppData\Roaming\SUPERAntiSpyware.com

2009-01-04 20:51 . 2009-01-04 20:51 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-28 00:46 . 2008-12-28 00:46 410,984 --a------ c:\windows\System32\deploytk.dll

2008-12-21 11:32 . 2008-12-21 11:32 <DIR> d-------- c:\program files\Bonjour

2008-12-19 11:12 . 2008-12-19 11:12 126,976 --a------ c:\windows\War3Unin.exe

2008-12-19 11:12 . 2008-12-19 11:17 21,150 --a------ c:\windows\War3Unin.dat

2008-12-19 11:12 . 2008-12-19 11:12 2,829 --a------ c:\windows\War3Unin.pif

2008-12-18 16:40 . 2008-12-18 16:40 3,120 --a------ c:\windows\System32\ALLFSAF7a.ocx

2008-12-18 16:23 . 2008-12-21 20:23 <DIR> d-------- c:\program files\WinISD

2008-12-18 16:19 . 2008-12-18 16:27 484 --a------ c:\windows\ltN1.ini

2008-12-17 23:33 . 2008-12-17 23:33 20 --a------ c:\windows\mafosav.INI

2008-12-15 15:14 . 2008-12-15 15:14 <DIR> d-------- c:\users\sondre\AppData\Roaming\skypePM

2008-12-15 15:14 . 2008-12-15 15:14 56 --ah----- c:\windows\System32\ezsidmv.dat

2008-12-15 15:12 . 2008-12-15 15:12 <DIR> d-------- c:\program files\Common Files\Skype

2008-12-14 22:48 . 2008-12-14 23:30 <DIR> d-------- c:\program files\VstPlugins

2008-12-14 22:48 . 2008-12-21 20:21 <DIR> d-------- c:\program files\Image-Line

2008-12-14 22:48 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\System32\vorbis.acm

2008-12-14 22:48 . 2006-06-20 09:56 225,280 --a------ c:\windows\System32\rewire.dll

2008-12-13 22:54 . 2008-12-13 22:54 <DIR> d-------- c:\program files\ToggleEN

2008-12-13 22:10 . 2008-12-13 22:12 <DIR> d-------- c:\users\All Users\OrbNetworks

2008-12-13 22:10 . 2008-12-13 22:12 <DIR> d-------- c:\programdata\OrbNetworks

2008-12-13 22:10 . 2008-12-13 22:10 <DIR> d-------- c:\program files\Winamp Remote

2008-12-13 22:09 . 2008-12-13 22:31 <DIR> d-------- c:\users\sondre\AppData\Roaming\Winamp

2008-12-13 22:09 . 2008-12-21 11:59 <DIR> d-------- c:\program files\Winamp

2008-12-13 22:09 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll

2008-12-13 16:20 . 2008-12-13 16:20 <DIR> d-------- c:\users\sondre\AppData\Roaming\Canneverbe_Limited

2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\users\All Users\Avira

2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\programdata\Avira

2008-12-12 22:56 . 2008-12-12 22:56 <DIR> d-------- c:\program files\Avira

2008-12-12 22:34 . 2008-12-12 22:35 72,744 --a------ c:\windows\System32\GDIPFONTCACHEV1.DAT

2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe

2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll

2008-12-11 07:37 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-11 07:02 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe

2008-12-11 07:02 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll

2008-12-11 07:02 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll

2008-12-11 07:01 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-11 07:01 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll

2008-12-11 07:01 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll

2008-12-11 07:01 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe

2008-12-11 07:01 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2008-12-07 00:18 . 2008-12-07 00:18 <DIR> d-------- c:\program files\OpenAL

2008-12-07 00:18 . 2008-12-07 00:18 413,696 --a------ c:\windows\System32\wrap_oal.dll

2008-12-07 00:18 . 2008-12-07 00:18 110,592 --a------ c:\windows\System32\OpenAL32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-07 16:43 --------- d-----w c:\users\sondre\AppData\Roaming\uTorrent

2009-01-07 16:43 --------- d-----w c:\programdata\avg8

2009-01-07 14:58 --------- d-----w c:\program files\Common Files\Steam

2009-01-06 19:07 27,430 ----a-w c:\users\sondre\AppData\Roaming\nvModes.dat

2009-01-06 15:10 --------- d-----w c:\users\sondre\AppData\Roaming\OpenOffice.org2

2009-01-04 19:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-30 11:05 --------- d-----w c:\program files\Google

2008-12-29 01:23 --------- d-----w c:\program files\CCleaner

2008-12-28 04:26 --------- d-----w c:\users\sondre\AppData\Roaming\dvdcss

2008-12-27 23:46 --------- d-----w c:\program files\Java

2008-12-17 18:04 --------- d-----w c:\program files\Rockstar Games

2008-12-15 15:33 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-15 14:21 --------- d-----w c:\users\sondre\AppData\Roaming\Skype

2008-12-14 10:47 --------- d-----w c:\program files\Safari

2008-12-12 19:35 --------- d-----w c:\program files\Common Files\Adobe

2008-12-12 17:28 8,066 ----a-w c:\windows\System32\ealregsnapshot1.reg

2008-12-11 06:47 --------- d-----w c:\program files\Windows Mail

2008-12-11 06:41 --------- d-----w c:\programdata\Microsoft Help

2008-12-07 13:42 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-12-06 23:34 --------- d-----w c:\program files\Microsoft Games

2008-12-06 13:18 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2008-12-06 09:54 --------- d-----w c:\program files\Common Files\3DO Shared

2008-12-06 09:38 --------- d-----w c:\program files\directx

2008-12-05 22:17 --------- d-----w c:\programdata\Symantec

2008-12-05 15:47 --------- d-----w c:\program files\SystemRequirementsLab

2008-11-28 09:21 --------- d-----w c:\users\sondre\AppData\Roaming\Hamachi

2008-11-24 13:07 --------- d-----w c:\program files\AVG

2008-11-23 10:47 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-23 10:46 --------- d-----w c:\program files\iPod

2008-11-23 10:46 --------- d-----w c:\program files\Common Files\Apple

2008-11-23 10:45 --------- d-----w c:\program files\QuickTime

2008-11-16 12:30 --------- d---a-w c:\programdata\TEMP

2008-11-15 20:38 --------- d-----w c:\users\sondre\AppData\Roaming\Acoustica

2008-11-15 20:38 --------- d-----w c:\program files\Acoustica Shared Effects

2008-11-15 20:38 --------- d-----w c:\program files\Acoustica Mixcraft 4

2008-11-15 20:24 --------- d-----w c:\programdata\Acoustica

2008-11-12 16:58 --------- d-----w c:\users\sondre\AppData\Roaming\SPORE

2008-11-12 16:44 --------- d-----w c:\program files\Electronic Arts

2008-11-11 19:45 --------- d-----w c:\users\sondre\AppData\Roaming\Bioshock

2008-11-11 17:46 --------- d-----w c:\users\sondre\AppData\Roaming\Red Alert 3

2008-11-07 23:25 --------- d-----w c:\programdata\Messenger Plus!

2008-11-07 20:10 --------- d-----w c:\users\sondre\AppData\Roaming\vlc

2008-11-07 18:21 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys

2008-11-07 18:21 --------- d-----w c:\program files\Hamachi

2008-11-07 16:25 15,819,776 ----a-w c:\windows\System32\imageres.dll

2008-11-07 16:21 --------- d-----w c:\programdata\Stardock

2008-11-07 16:19 --------- d--h--w c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}

2008-11-07 14:54 --------- d-----w c:\program files\Softonic_English

2008-11-07 14:54 --------- d-----w c:\program files\Conduit

2008-11-04 18:21 107,888 ----a-w c:\windows\System32\CmdLineExt.dll

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-27 09:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll

2008-10-27 09:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll

2008-10-27 09:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll

2008-10-27 09:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll

2008-10-22 04:29 14,303,392 ----a-w c:\windows\System32\xlive.dll

2008-10-22 04:29 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll

2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-10-10 03:52 452,440 ----a-w c:\windows\System32\d3dx10_40.dll

2008-10-10 03:52 4,379,984 ----a-w c:\windows\System32\D3DX9_40.dll

2008-10-10 03:52 2,036,576 ----a-w c:\windows\System32\D3DCompiler_40.dll

2008-06-15 17:03 174 --sha-w c:\program files\desktop.ini

2007-09-20 13:23 0 ----a-w c:\users\sondre\AppData\Roaming\wklnhst.dat

2008-06-18 09:43 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-06-18 09:43 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-06-18 09:43 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]

"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

2008-11-23 23:03 1784856 --a------ c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

2008-09-15 06:47 1784856 --a------ c:\program files\Softonic_English\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]

"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]

"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"Steam"="d:\cs\steam.exe" [2008-10-08 1410296]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]

"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-06 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="d:\programmer\QuickTime\iTunesHelper.exe" [2008-11-20 290088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 c:\windows\RtHDVCpl.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-03 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\K:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Users^sondre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]

path=c:\users\sondre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk

backup=c:\windows\pss\hamachi.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{46378D39-6192-45FE-86F7-64A545F0B1B4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D61150FB-6AC1-4290-8870-705DFA8F9779}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{865A5C83-C108-437B-8AF3-39BF8E851292}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{25E5AE1B-5384-4FC7-B15B-F0F0DBB071C3}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{BB90C049-97AE-47C9-9947-AC02E36FED37}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{3B8E43F8-5124-4484-B682-2CA2E37ADC55}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{AF48596A-CDC1-4E39-AC7A-97E16AA7B751}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{A2DD3F69-16E6-4282-8AD3-187E3ACE6389}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{7C546036-2353-4CAC-BEEC-6256E0C8EBA6}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{4D1F501C-2EDC-4BB7-A585-1D703CB23DA3}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{86D07C70-7B6C-4D80-A6D3-987D1E2A9BC5}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade

"{A3E2A3EB-6B03-4CFA-94D0-05AB7A07C361}"= UDP:d:\bf2\BF2.exe:Battlefield 2

"{BDD458C7-B12D-4EAF-8CC5-D4D10FE06917}"= TCP:d:\bf2\BF2.exe:Battlefield 2

"TCP Query User{89CB9C49-11F7-4E85-8BDE-73448C504B39}c:\\users\\sondre\\desktop\\skype\\phone\\skype.exe"= UDP:c:\users\sondre\desktop\skype\phone\skype.exe:skype.exe

"UDP Query User{D2D6168C-F56B-4055-9705-2536DBFF40E2}c:\\users\\sondre\\desktop\\skype\\phone\\skype.exe"= TCP:c:\users\sondre\desktop\skype\phone\skype.exe:skype.exe

"TCP Query User{709750F8-C548-48CA-9750-5FBF147DEB21}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= UDP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{93AA1A6D-141A-4DEF-878C-CC28FF66A837}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= TCP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher

"{A6D8CEC5-BD26-4386-A12E-B0F28164744D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{BB3FF932-BEAF-4F41-9CB9-6950AE97896D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{F6688792-BB38-4306-A460-E30C930BD1E1}c:\\users\\sondre\\documents\\^ting\\skype\\phone\\skype.exe"= UDP:c:\users\sondre\documents\^ting\skype\phone\skype.exe:skype.exe

"UDP Query User{483774F6-9987-41F6-AE17-0BF171197213}c:\\users\\sondre\\documents\\^ting\\skype\\phone\\skype.exe"= TCP:c:\users\sondre\documents\^ting\skype\phone\skype.exe:skype.exe

"{72D4C292-7DDE-4F47-87C1-63C56CB980D0}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4

"{20539A95-9015-48C8-B45E-D233096FFB61}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4

"TCP Query User{614B4F20-CC4D-4A87-AB8B-A771BBE01B95}d:\\cs\\steam.exe"= UDP:d:\cs\steam.exe:Steam

"UDP Query User{2BC236A4-364F-4DE9-B03F-1680AD90AA45}d:\\cs\\steam.exe"= TCP:d:\cs\steam.exe:Steam

"TCP Query User{EC3390F0-386B-445E-B3B6-DE5BD27C7E38}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= UDP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{38349E42-DF84-49C0-9B99-16527E9DF84D}d:\\cs\\steamapps\\aose\\counter-strike\\hl.exe"= TCP:d:\cs\steamapps\aose\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{E3FFEA64-706B-4CFB-9227-683CDE9B4C98}d:\\cs\\steamapps\\aose\\condition zero deleted scenes\\hl.exe"= UDP:d:\cs\steamapps\aose\condition zero deleted scenes\hl.exe:Half-Life Launcher

"UDP Query User{68FA644E-E524-4341-BF2C-3DE60C5E484A}d:\\cs\\steamapps\\aose\\condition zero deleted scenes\\hl.exe"= TCP:d:\cs\steamapps\aose\condition zero deleted scenes\hl.exe:Half-Life Launcher

"TCP Query User{C8E69D93-B724-4CC4-B433-FE16FC99C1BF}d:\\cs\\steam.exe"= UDP:d:\cs\steam.exe:Steam

"UDP Query User{0308372E-EE1E-4127-B61E-B604907F0AEC}d:\\cs\\steam.exe"= TCP:d:\cs\steam.exe:Steam

"TCP Query User{0250E114-B125-410E-BD13-C6E2D88CBEBB}d:\\cs\\steamapps\\aose\\deathmatch classic\\hl.exe"= UDP:d:\cs\steamapps\aose\deathmatch classic\hl.exe:Half-Life Launcher

"UDP Query User{70D40977-6432-46A7-B367-37D5DD320E68}d:\\cs\\steamapps\\aose\\deathmatch classic\\hl.exe"= TCP:d:\cs\steamapps\aose\deathmatch classic\hl.exe:Half-Life Launcher

"TCP Query User{8B5FE294-288F-4D61-9250-00447CACD5F3}d:\\cs\\steamapps\\sondre_o\\counter-strike\\hl.exe"= UDP:d:\cs\steamapps\sondre_o\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{1CF1DA62-E3D3-4105-B246-6D00447D31EA}d:\\cs\\steamapps\\sondre_o\\counter-strike\\hl.exe"= TCP:d:\cs\steamapps\sondre_o\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{199DCA47-D779-4381-AE8F-A46C56D72BA6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{C3DFB329-0190-40A3-9D8D-CDD0996E953C}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{6FB53468-2693-48E0-924B-665DAA68EC15}d:\\fraps\\xfire\\xfire.exe"= UDP:d:\fraps\xfire\xfire.exe:Xfire

"UDP Query User{DC3B8B84-2D56-4B43-AC9D-9B73711A61F3}d:\\fraps\\xfire\\xfire.exe"= TCP:d:\fraps\xfire\xfire.exe:Xfire

"TCP Query User{F4C059F9-1AD9-4714-9E66-1C965561EC64}c:\\users\\sondre\\documents\\mediaplayer\\bitlord\\bitlord.exe"= UDP:c:\users\sondre\documents\mediaplayer\bitlord\bitlord.exe:bitlord.exe

"UDP Query User{9700559D-81AB-42B1-841E-D44F6202AA51}c:\\users\\sondre\\documents\\mediaplayer\\bitlord\\bitlord.exe"= TCP:c:\users\sondre\documents\mediaplayer\bitlord\bitlord.exe:bitlord.exe

"TCP Query User{BE3CC345-55F8-4714-9C7B-E124DC4599F4}d:\\cs\\steamapps\\sondre_o\\day of defeat\\hl.exe"= UDP:d:\cs\steamapps\sondre_o\day of defeat\hl.exe:Half-Life Launcher

"UDP Query User{554CE5A7-0551-47CA-AD48-54144B11EC64}d:\\cs\\steamapps\\sondre_o\\day of defeat\\hl.exe"= TCP:d:\cs\steamapps\sondre_o\day of defeat\hl.exe:Half-Life Launcher

"TCP Query User{3C564E4B-CD78-4541-8FCA-5AE1677A51C8}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2

"UDP Query User{6445D868-7A4A-45D7-98D9-FFADCF0FE8F5}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2

"TCP Query User{646D98D2-D575-4B08-893F-A2FD8C396E4B}d:\\cs\\steamapps\\sondre_o\\half-life 2 deathmatch\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{BE292D32-4F97-421A-9835-4E2BA1238C75}d:\\cs\\steamapps\\sondre_o\\half-life 2 deathmatch\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\half-life 2 deathmatch\hl2.exe:hl2

"TCP Query User{FB8EB337-A504-49EC-B7B4-E4B18760F5FA}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{E18A50CA-028A-4E80-BF67-CF334EBAE613}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent

"{2CDE17D8-5756-43A2-8321-33DDA1DF406C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{13D75719-8368-493D-8327-48EA4778A0D9}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger

"UDP Query User{C0412AB7-62D5-4160-B4CC-609FCBDE95C2}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger

"TCP Query User{0E67EFD8-0A5B-46BB-A743-F752853E794B}d:\\programmer\\liero 0.6.6b\\lierox.exe"= UDP:d:\programmer\liero 0.6.6b\lierox.exe:Liero Xtreme

"UDP Query User{FC57F34E-1EAA-4D99-880C-352BBA80FDA5}d:\\programmer\\liero 0.6.6b\\lierox.exe"= TCP:d:\programmer\liero 0.6.6b\lierox.exe:Liero Xtreme

"{79F6AF27-C123-47D4-B53D-26F2DDD8243C}"= UDP:d:\programmer\lime wier\LimeWire\LimeWire.exe:LimeWire

"{D2B3F997-AB0C-4F6A-A034-405014D18B3D}"= TCP:d:\programmer\lime wier\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{1FE15FFF-9563-4FD5-9CDA-5D5CD8A82A68}d:\\programmer\\bitlord\\bitlord.exe"= UDP:d:\programmer\bitlord\bitlord.exe:BitLord

"UDP Query User{97EE938E-9F7A-4EA0-B9F7-F71987B28340}d:\\programmer\\bitlord\\bitlord.exe"= TCP:d:\programmer\bitlord\bitlord.exe:BitLord

"TCP Query User{8FB84CC6-16B1-4CB3-BDFB-5471A26E5E1B}d:\\programmer\\utorrent\\utorrent.exe"= UDP:d:\programmer\utorrent\utorrent.exe:uTorrent

"UDP Query User{F4861F5B-4200-437B-9035-983FC3E659B9}d:\\programmer\\utorrent\\utorrent.exe"= TCP:d:\programmer\utorrent\utorrent.exe:uTorrent

"TCP Query User{7A5A89EF-DEA1-4CD8-9526-8BBC882F711C}c:\\users\\sondre\\desktop\\utorrent.exe"= UDP:c:\users\sondre\desktop\utorrent.exe:utorrent.exe

"UDP Query User{27FE2CE3-3400-4CAC-8205-8770B62E9EE6}c:\\users\\sondre\\desktop\\utorrent.exe"= TCP:c:\users\sondre\desktop\utorrent.exe:utorrent.exe

"TCP Query User{1F4C265C-BD4E-4F4C-A15F-F870A01E4231}d:\\programmer\\win dvd\\windvd.exe"= UDP:d:\programmer\win dvd\windvd.exe:WinDVD

"UDP Query User{4F7EE31F-E9B2-4C8D-996C-A3928C4B526F}d:\\programmer\\win dvd\\windvd.exe"= TCP:d:\programmer\win dvd\windvd.exe:WinDVD

"{3387C312-4D18-47D6-A83D-C26519B93DC1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{3E4462EA-5FE1-45AB-B151-DE0C0A5DEA15}d:\\cs\\steamapps\\sondre_o\\source sdk base\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\source sdk base\hl2.exe:hl2

"UDP Query User{7B6ACB02-4A45-4EA3-AEA0-A005BD353A1E}d:\\cs\\steamapps\\sondre_o\\source sdk base\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\source sdk base\hl2.exe:hl2

"TCP Query User{0C2B2FD7-6BB1-4655-AAE4-D4085B24D3EA}d:\\programmer\\ny mappe\\tmnationsforever\\tmforever.exe"= UDP:d:\programmer\ny mappe\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{64D54EBD-D9B3-47A9-B270-35468EEB75A4}d:\\programmer\\ny mappe\\tmnationsforever\\tmforever.exe"= TCP:d:\programmer\ny mappe\tmnationsforever\tmforever.exe:TmForever

"TCP Query User{8A807267-904A-4FA8-8F6C-7A4B66C1D463}d:\\cs\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:d:\cs\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"UDP Query User{50FD7D98-7973-4A49-9D8B-2EE58FDDACF0}d:\\cs\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:d:\cs\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"TCP Query User{D0D989DA-2219-4F13-8840-4AE9B368EA87}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{0A2A1623-D480-4CE8-9DA6-1D7F33AD6678}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{90B662C1-7253-49FC-80D6-C5B5A43F5534}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidepanel

"UDP Query User{CC60BFC6-31ED-4B70-8B13-1BCA26F56C9F}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidepanel

"TCP Query User{C557F818-AACE-4020-9F8B-52E3EC118DE5}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2

"UDP Query User{E5CA0775-3F44-4243-9A89-9331E5C1EE17}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2

"TCP Query User{49B79FB1-36FB-4D67-A1B8-8CF8F064B6DC}d:\\utorrent\\utorrent.exe"= UDP:d:\utorrent\utorrent.exe:µTorrent

"UDP Query User{F8C79150-7C98-457C-9828-23482FF9C85E}d:\\utorrent\\utorrent.exe"= TCP:d:\utorrent\utorrent.exe:µTorrent

"TCP Query User{D108B99F-0FB7-4458-BFD5-42B17AE025AF}d:\\games\\elma\\test drive unlimited\\testdriveunlimited.exe"= UDP:d:\games\elma\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"UDP Query User{E2F6D774-E237-41E4-81BC-3A65507DD168}d:\\games\\elma\\test drive unlimited\\testdriveunlimited.exe"= TCP:d:\games\elma\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"TCP Query User{E1721E29-0E09-4090-B755-031F201678C1}d:\\cs\\steamapps\\sondre_o\\source dedicated server\\srcds.exe"= UDP:d:\cs\steamapps\sondre_o\source dedicated server\srcds.exe:srcds

"UDP Query User{3AB8210E-FAC6-4D7C-A8CB-BC2E524EFCD4}d:\\cs\\steamapps\\sondre_o\\source dedicated server\\srcds.exe"= TCP:d:\cs\steamapps\sondre_o\source dedicated server\srcds.exe:srcds

"TCP Query User{3459903E-22B7-44B9-B107-AA6161C8B48B}d:\\cs\\steamapps\\sondre_o\\zombie panic! source\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\zombie panic! source\hl2.exe:hl2

"UDP Query User{62D1040F-D96C-45FD-B1BD-C66A9F33837D}d:\\cs\\steamapps\\sondre_o\\zombie panic! source\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\zombie panic! source\hl2.exe:hl2

"TCP Query User{42AE1D84-FCBE-479D-B6FF-CE38DCAFB10E}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{70DBF98F-DCD3-4253-9715-FEA37C01E0F4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{AACAC9B2-E00B-4545-A5B4-BE4AC4EE8CCA}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{FE301625-48D4-403C-BF8C-9281B014216B}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{F9D28C01-A0D8-42E3-BC91-B114DA24DEBA}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{E1142066-E8E9-484C-915B-B3AF6EFAB671}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{E3983F06-400D-4202-AD63-8D8BD4F524A8}c:\\users\\sondre\\desktop\\cs me bota\\hl.exe"= UDP:c:\users\sondre\desktop\cs me bota\hl.exe:hl.exe

"UDP Query User{D4245EA4-A986-43F5-A98B-087719105782}c:\\users\\sondre\\desktop\\cs me bota\\hl.exe"= TCP:c:\users\sondre\desktop\cs me bota\hl.exe:hl.exe

"TCP Query User{6AD55CF9-A1B3-4B84-B8C0-310CCB58D86C}d:\\utorrent\\utorrent.exe"= UDP:d:\utorrent\utorrent.exe:µTorrent

"UDP Query User{854838DE-19AA-47B8-839A-236D501D8337}d:\\utorrent\\utorrent.exe"= TCP:d:\utorrent\utorrent.exe:µTorrent

"TCP Query User{B0552FBE-07FD-49DF-9FE9-F2563D330FD6}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3

"UDP Query User{675B8ACC-6047-4AC8-95E5-29E6DEDCF1E6}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3

"TCP Query User{270A2229-7774-41F5-A78D-8E7DB16FB354}c:\\program files\\rockstar games\\midnight club ii\\mc2.exe"= UDP:c:\program files\rockstar games\midnight club ii\mc2.exe:mc2

"UDP Query User{4D50D4B4-B026-4190-BB84-EFB878456DB5}c:\\program files\\rockstar games\\midnight club ii\\mc2.exe"= TCP:c:\program files\rockstar games\midnight club ii\mc2.exe:mc2

"{D141B16E-1D59-4AE6-9730-0257BB15E36A}"= UDP:d:\utorrent\uTorrent.exe:µTorrent (TCP-In)

"{290BEAD1-74BB-484B-BBD6-75B15DC5DD41}"= TCP:d:\utorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{4A8B53E0-0126-4F04-B9D2-A943F6C4346F}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3

"UDP Query User{670D5982-21D8-4930-80B8-3EBE25D6A7E6}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.0.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.0.game:Command & Conquer™ Red Alert™ 3

"TCP Query User{065984B1-1B17-4D70-A4F5-C6488BAD7D62}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo

"UDP Query User{07C755A8-0798-4C29-9B2C-7CAF61273AF7}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo

"{3990C28B-BC44-4AF9-BDBA-00D192305450}"= UDP:d:\programmer\QuickTime\iTunes.exe:iTunes

"{FFBD36CE-8D6F-48A3-B4EA-DEE0D857F042}"= TCP:d:\programmer\QuickTime\iTunes.exe:iTunes

"{8C1FDB73-5877-41B7-AFD3-DBE61F8A092D}"= UDP:d:\games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{C6979B84-CC15-4C92-9982-7E2E3D30724E}"= TCP:d:\games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"TCP Query User{CF445DD3-6DA4-4060-BD09-9901F68DC635}d:\\games\\cs me bota\\hl.exe"= UDP:d:\games\cs me bota\hl.exe:Half-Life Launcher

"UDP Query User{094CF2E0-A086-465A-9054-D4577AD215B7}d:\\games\\cs me bota\\hl.exe"= TCP:d:\games\cs me bota\hl.exe:Half-Life Launcher

"TCP Query User{FA8C476B-54B5-42A8-811E-360AAACCF903}d:\\games\\left 4 dead\\left4dead.exe"= UDP:d:\games\left 4 dead\left4dead.exe:left4dead

"UDP Query User{8E95A511-724B-49DC-A461-0A549C22F0BA}d:\\games\\left 4 dead\\left4dead.exe"= TCP:d:\games\left 4 dead\left4dead.exe:left4dead

"{BD599D51-BAEA-4FFD-95E5-9C7561028BAF}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{D4A55936-D219-4BAD-B83F-D093D63A2DC5}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{1672B3A4-F9B6-4CB9-9370-99A5F2DD504E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{383C2EB7-C840-4A68-98F1-98F7C95A5D04}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{74E13A4B-89C0-41C9-8554-1168AE9D1D07}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{9474C1FF-49A4-4C7C-A4DE-41ADAFFB571C}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{DBC368F8-EBDF-491D-B667-950A027DC40E}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{4B1FD340-951B-434E-A913-2965A178FF82}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{811453EF-AF6D-4379-A14E-D30BD1E71720}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{BC2538D8-947D-4198-9910-DDCA6FE687A1}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{C7F9971B-B3D5-468F-8994-09BF4C42E6AD}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{CF73C4B2-EF0B-4768-9E46-340EB79A09A1}d:\\games\\left 4 dead\\left4dead.exe"= UDP:d:\games\left 4 dead\left4dead.exe:left4dead

"UDP Query User{D55BB499-3785-4EAD-8F85-37AA0E23BE2C}d:\\games\\left 4 dead\\left4dead.exe"= TCP:d:\games\left 4 dead\left4dead.exe:left4dead

"TCP Query User{232B4277-0B8D-4E9D-9209-914C7AC2FD7B}d:\\games\\games\\grand theft auto iv\\gtaiv.exe"= UDP:d:\games\games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"UDP Query User{B0CE9FFE-D9B1-42F8-B0AE-BB66F35DD112}d:\\games\\games\\grand theft auto iv\\gtaiv.exe"= TCP:d:\games\games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"{A6369BA7-2B65-4515-B262-CA67AF8110A9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{14F42108-7ADC-4130-8679-D6CD04D3781A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{0A206D78-BBAD-409B-B2E0-05B9ADCE4BFD}d:\\games\\warcraft iii\\war3.exe"= UDP:d:\games\warcraft iii\war3.exe:Warcraft III

"UDP Query User{EFDD2845-DD88-4150-9060-1A6937CBBDAD}d:\\games\\warcraft iii\\war3.exe"= TCP:d:\games\warcraft iii\war3.exe:Warcraft III

"TCP Query User{A3649EE4-F8B9-46D0-B8D9-DAE22C2A7839}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java Platform SE binary

"UDP Query User{3A5703BD-129F-459E-8F0C-8947A87D02D3}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java Platform SE binary

"TCP Query User{CE25D576-1A54-458D-954E-E84BBCD16DDB}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2

"UDP Query User{46E3E920-A951-46EA-80F1-1CB78752C128}d:\\cs\\steamapps\\sondre_o\\team fortress 2\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\team fortress 2\hl2.exe:hl2

"TCP Query User{7F565F37-5E77-41CE-873C-B2C02F9A1050}d:\\cs\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:d:\cs\steamapps\common\left 4 dead\left4dead.exe:left4dead

"UDP Query User{2E8AEE3A-9942-488E-BB12-19BD43A881C8}d:\\cs\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:d:\cs\steamapps\common\left 4 dead\left4dead.exe:left4dead

"TCP Query User{6CC456E5-705F-4BD9-952F-AB4203154236}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= UDP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2

"UDP Query User{B147CB70-51A7-44DD-B026-3988F530B94E}d:\\cs\\steamapps\\sondre_o\\counter-strike source\\hl2.exe"= TCP:d:\cs\steamapps\sondre_o\counter-strike source\hl2.exe:hl2

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2007-08-03 32256]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-09-20 14:25:37 13560]

R4 TeamViewer;TeamViewer 3;d:\programmer\team viewer\TeamViewer3\TeamViewer_Host.exe [2007-12-17 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-01-07 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-01-06 c:\windows\Tasks\User_Feed_Synchronization-{0FC97D1B-695B-4149-B4AF-C0782936A31E}.job

- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

.

- - - - TOMME PEKERE FJERNET - - - -

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://thepiratebay.org/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://no.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\sondre\AppData\Roaming\Mozilla\Firefox\Profiles\vc7po422.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - Softonic_English Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.nettby.no/

FF - component: c:\program files\Mozilla Firefox\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFAlert.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: d:\programmer\QuickTime\Mozilla Plugins\npitunes.dll

ATTENTION: FIREFOX POLICIES ARE IN FORCE

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-07 18:31:00

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

c:\windows\TEMP\TMP0000008246724FC8E2A71768 524288 bytes

skanning vellykket

skjulte filer: 1

**************************************************************************

.

Tidspunkt ferdig: 2009-01-07 18:33:23

ComboFix-quarantined-files.txt 2009-01-07 17:33:21

Pre-Run: 16ÿ898ÿ547ÿ712 byte ledig

Post-Run: 18,122,551,296 byte ledig

436 --- E O F --- 2009-01-02 12:37:07

raWrz · 7. januar 2009

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

File::
c:\windows\System32\ALLFSAF7a.ocx
c:\windows\ltN1.ini

Lagre det som CFScript på Skrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

Soildor · 7. januar 2009

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:
File::
c:\windows\System32\ALLFSAF7a.ocx
c:\windows\ltN1.ini
Lagre det som CFScript på Skrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

der det står film med?

Soildor · 7. januar 2009

slik? ;D

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-01-06.02 - sondre 2009-01-07 19:19:01.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2046.991 [GMT 1:00]

Kjører fra: c:\users\sondre\Desktop\ComboFix.exe

Command switches brukt :: c:\users\sondre\Desktop\CFScript.txt

* Opprettet nytt gjenopprettingspunkt

FILE ::

c:\windows\ltN1.ini

c:\windows\System32\ALLFSAF7a.ocx