Malware fjerning - logger

[Frode99]

Hei!

 

Kan noen se over disse loggene for å se om de ser greie ut, eller om noe lumskheter fortsatt er igjen..

 

Takker!

 

CF log

 

 

ComboFix 09-08-01.06 - Frode 02.08.2009 12:04.2.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3327.2445 [GMT 2:00]

Kjører fra: c:\users\Frode\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1669735576-745722746-2175647533-1000

c:\$recycle.bin\S-1-5-21-1796931044-2308778208-1486429884-1000

c:\windows\Installer\92b8dc.msi

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-02 til 2009-08-02 )))))))))))))))))))))))))))))))))

.

 

2009-08-02 10:08 . 2009-08-02 10:08 -------- d-----w- c:\users\Frode\AppData\Local\temp

2009-08-02 08:32 . 2009-08-02 08:29 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-08-02 08:27 . 2009-08-02 08:32 -------- d-----w- c:\users\Frode\.housecall6.6

2009-08-01 19:20 . 2009-08-01 19:20 -------- d-----w- c:\program files\RivaTuner v2.24

2009-07-30 11:50 . 2009-07-30 11:50 -------- d-----w- C:\Windows 7

2009-07-23 08:42 . 2008-02-04 08:27 102400 ----a-w- c:\windows\system32\cttele32.dll

2009-07-23 08:42 . 2009-03-26 12:46 148480 ----a-w- c:\windows\system32\APOMngr.DLL

2009-07-23 08:42 . 2009-02-06 16:52 73728 ----a-w- c:\windows\system32\CmdRtr.DLL

2009-07-22 10:08 . 2009-07-22 10:08 -------- d-----w- c:\program files\NVIDIA Corporation

2009-07-22 09:53 . 2009-07-14 18:54 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-07-22 09:53 . 2009-07-14 18:54 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2009-07-22 09:53 . 2009-07-14 18:54 3287040 ----a-w- c:\windows\system32\nvwgf2um.dll

2009-07-22 09:53 . 2009-07-14 18:54 2169376 ----a-w- c:\windows\system32\nvcuvid.dll

2009-07-22 09:53 . 2009-07-14 18:54 10854400 ----a-w- c:\windows\system32\nvoglv32.dll

2009-07-22 09:53 . 2009-07-14 18:54 1983488 ----a-w- c:\windows\system32\nvcuda.dll

2009-07-22 09:53 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-07-22 09:53 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod157.dll

2009-07-22 09:53 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-07-21 22:10 . 2009-07-21 22:10 4096 ----a-w- c:\windows\d3dx.dat

2009-07-21 21:55 . 2009-07-21 21:55 -------- d-----w- c:\windows\Java

2009-07-21 21:31 . 2009-07-21 21:55 -------- d-----w- c:\program files\CPUID

2009-07-15 08:45 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-07-15 08:45 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-07-15 08:45 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-07-15 08:45 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-07-10 18:36 . 2009-07-10 18:36 -------- d-----w- c:\users\Frode\AppData\Roaming\Ubisoft

2009-07-10 18:16 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll

2009-07-10 18:16 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2009-07-10 18:16 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2009-07-10 18:16 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2009-07-10 18:16 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2009-07-10 18:16 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

2009-07-10 18:16 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2009-07-10 18:16 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2009-07-10 18:16 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2009-07-10 18:15 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-02 10:02 . 2009-06-30 11:55 -------- d-----w- c:\program files\Mozilla Firefox 3.5

2009-08-02 10:00 . 2009-05-11 17:23 32879 ----a-w- c:\programdata\nvModes.dat

2009-08-02 10:00 . 2008-05-26 18:39 -------- d-----w- c:\programdata\NVIDIA

2009-08-02 09:07 . 2008-05-26 19:24 -------- d-----w- c:\users\Frode\AppData\Roaming\uTorrent

2009-08-02 09:04 . 2008-05-26 18:27 1356 ----a-w- c:\users\Frode\AppData\Local\d3d9caps.dat

2009-08-02 08:56 . 2008-11-19 17:37 -------- d-----w- c:\program files\TortoiseSVN

2009-08-02 03:02 . 2008-08-03 10:18 -------- d-----w- c:\program files\Electronic Arts

2009-08-02 03:02 . 2008-08-04 14:59 -------- d-----w- c:\users\Frode\AppData\Roaming\My Battle for Middle-earth II Files

2009-07-31 18:41 . 2008-06-29 09:12 -------- d-----w- c:\program files\Free Hide Folder

2009-07-31 13:58 . 2008-05-26 20:26 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-27 20:46 . 2009-04-25 13:13 5 ----a-w- c:\windows\sbacknt.bin

2009-07-26 20:42 . 2009-01-31 14:56 -------- d-----w- c:\program files\AdiIRC

2009-07-25 21:47 . 2008-10-18 09:02 -------- d-----w- c:\program files\Curse

2009-07-25 21:47 . 2008-08-29 13:31 -------- d-----w- c:\program files\Runes of Magic

2009-07-23 08:43 . 2008-05-26 18:34 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-23 08:42 . 2008-05-26 18:36 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2009-07-23 08:42 . 2008-05-26 18:36 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2009-07-22 09:51 . 2008-05-26 18:37 -------- d-----w- c:\programdata\Creative

2009-07-21 21:52 . 2009-07-29 08:45 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 08:45 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 08:45 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 08:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-20 20:11 . 2008-05-26 18:34 -------- d-----w- c:\program files\Creative

2009-07-18 08:54 . 2008-05-26 19:43 -------- d-----w- c:\users\Frode\AppData\Roaming\FileZilla

2009-07-15 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-14 22:20 . 2009-06-25 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-14 18:55 . 2009-03-29 14:34 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-07-14 18:54 . 2009-07-22 09:53 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2009-07-14 18:54 . 2007-12-11 15:06 7565824 ----a-w- c:\windows\system32\nvd3dum.dll

2009-07-14 18:54 . 2007-12-11 15:06 1044992 ----a-w- c:\windows\system32\nvapi.dll

2009-07-13 11:36 . 2009-06-25 11:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 11:36 . 2009-06-25 11:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-10 18:22 . 2009-02-03 22:32 -------- d-----w- c:\programdata\Tages

2009-07-10 18:16 . 2008-08-03 20:26 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys

2009-07-10 18:16 . 2008-08-03 20:26 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2009-07-10 05:01 . 2008-05-26 18:30 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-07-09 13:16 . 2006-11-21 05:16 76272 ----a-w- c:\windows\system32\perfc014.dat

2009-07-09 13:16 . 2006-11-21 05:16 452096 ----a-w- c:\windows\system32\perfh014.dat

2009-07-08 09:00 . 2008-05-27 15:53 -------- d-----w- c:\program files\cpuz_146

2009-06-30 21:27 . 2008-07-07 11:07 -------- d-----w- c:\program files\Java

2009-06-25 11:34 . 2009-06-25 11:34 -------- d-----w- c:\users\Frode\AppData\Roaming\Malwarebytes

2009-06-25 11:34 . 2009-06-25 11:34 -------- d-----w- c:\programdata\Malwarebytes

2009-06-25 11:29 . 2008-05-26 19:21 -------- d-----w- c:\program files\CCleaner

2009-06-25 10:58 . 2009-06-25 10:58 220600 ----a-w- c:\users\Frode\FileZilla_3.2.6-rc1_win32-setup.exe

2009-06-20 21:57 . 2009-06-20 21:42 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-06-20 21:56 . 2009-06-20 21:42 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-06-20 21:53 . 2009-06-20 21:42 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-06-20 21:42 . 2009-06-20 21:42 22328 ----a-w- c:\users\Frode\AppData\Roaming\PnkBstrK.sys

2009-06-20 21:42 . 2009-06-20 21:42 22328 ----a-w- c:\users\Frode\AppData\Roaming\PnkBstrK.sys

2009-06-20 21:29 . 2009-06-20 21:29 -------- d-----w- c:\program files\id Software

2009-06-20 21:29 . 2008-06-29 17:24 -------- d-----w- c:\programdata\Codemasters

2009-06-19 11:15 . 2008-06-28 19:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-06-19 11:14 . 2008-06-28 19:01 -------- d-----w- c:\program files\AGEIA Technologies

2009-06-17 20:22 . 2009-06-17 20:22 -------- d-----w- c:\program files\Monte Cristo

2009-06-16 17:18 . 2009-06-16 17:18 -------- d-----w- c:\users\Frode\AppData\Roaming\dvdcss

2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll

2009-06-10 11:27 . 2008-05-29 19:37 -------- d-----w- c:\programdata\Microsoft Help

2009-06-10 06:34 . 2009-06-10 06:34 143360 ----a-w- c:\windows\system32\nvshext.dll

2009-06-07 14:07 . 2009-06-07 14:03 -------- d-----w- c:\users\Frode\AppData\Roaming\CrystalButton

2009-06-07 14:02 . 2009-06-07 14:02 -------- d-----w- c:\program files\Crystal Button 2008

2009-06-07 13:49 . 2009-06-07 13:49 -------- d-----w- c:\program files\Web Button Menu Maker

2009-06-04 20:40 . 2009-06-04 20:39 -------- d-----w- c:\program files\NCSoft

2009-06-04 20:39 . 2008-08-13 19:49 -------- d-----w- c:\users\Frode\AppData\Roaming\GetRightToGo

2009-06-04 13:20 . 2008-08-14 07:14 -------- d-----w- c:\program files\Perfect World Entertainment

2009-06-03 22:55 . 2009-06-03 22:55 2560 ----a-w- c:\windows\CTXFIRES.DLL

2009-06-03 22:40 . 2009-06-03 22:40 56509 ----a-w- c:\windows\system32\SETE4EB.tmp

2009-06-03 22:40 . 2009-06-03 22:40 56509 ----a-w- c:\windows\system32\SET25DA.tmp

2009-06-03 22:40 . 2009-06-03 22:40 56509 ------w- c:\windows\system32\ctdnlstr.dat

2009-06-03 22:40 . 2009-06-03 22:40 321512 ----a-w- c:\windows\system32\SETE469.tmp

2009-06-03 22:40 . 2009-06-03 22:40 321512 ----a-w- c:\windows\system32\SET24ED.tmp

2009-06-03 22:40 . 2009-06-03 22:40 321512 ------w- c:\windows\system32\ctdlang.dat

2009-06-02 16:11 . 2009-03-29 14:34 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-05-29 21:37 . 2009-03-29 14:34 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2009-05-29 21:31 . 2009-03-29 14:34 881664 ----a-w- c:\windows\system32\xvidcore.dll

2009-05-21 09:33 . 2008-11-26 20:21 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-12 10:25 . 2009-05-12 10:25 47104 ----a-w- c:\windows\system32\UDAPLD32.dll

2009-05-12 10:24 . 2009-05-12 10:24 511488 ----a-w- c:\windows\system32\UDAAPO32.dll

2009-05-04 19:52 . 2009-05-04 18:34 62059520 ----a-w- c:\programdata\Creative\Software Update\cache\Creative Console Launcher 2.60.35__\CSL_PCAPP_LB_2_60_35A.exe

2009-06-15 18:11 . 2008-05-26 19:00 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]

"CTXFIREG"="CTxfiReg.exe" - c:\windows\System32\CTxfiReg.exe [2008-10-07 47104]

"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-10-07 23552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DevconDefaultDB"="c:\windows\system32\READREG" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UACDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C81F4159-FE9C-45A0-B25A-F11463F97550}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{5858AB44-4BE1-43CB-B7CD-31E9A8AEE203}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{2A786937-1241-4A2C-8D5C-136B9B0BFB28}d:\\teamspeak2_server\\server_windows.exe"= UDP:d:\teamspeak2_server\server_windows.exe:server_windows

"UDP Query User{AA6B3A06-89AE-4300-AC17-3523C19324B3}d:\\teamspeak2_server\\server_windows.exe"= TCP:d:\teamspeak2_server\server_windows.exe:server_windows

"TCP Query User{D3D0084F-2773-4306-842A-8E739BB753C1}d:\\div stuff\\screamer040-prerelease\\screamer.exe"= UDP:d:\div stuff\screamer040-prerelease\screamer.exe:Screamer Radio

"UDP Query User{544CC1CA-A8F5-4D88-AAE6-970D7D7B7931}d:\\div stuff\\screamer040-prerelease\\screamer.exe"= TCP:d:\div stuff\screamer040-prerelease\screamer.exe:Screamer Radio

"TCP Query User{CFFDC117-C18B-4E77-86BB-25BC3429B73D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{84952F8B-C40A-4185-B2AE-F1956805F9E2}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{9AFA406D-C807-4188-85F4-1E25EF005E69}d:\\rohan\\rohanclient.exe"= UDP:d:\rohan\rohanclient.exe:Rohan Online Game

"UDP Query User{9C910D04-C07B-4D77-AC6B-2D23746D1E90}d:\\rohan\\rohanclient.exe"= TCP:d:\rohan\rohanclient.exe:Rohan Online Game

"TCP Query User{E19618DA-952C-4319-A5E0-96F15F41324B}c:\\program files\\teamspeak2_server\\server_windows.exe"= UDP:c:\program files\teamspeak2_server\server_windows.exe:server_windows

"UDP Query User{6ACF6DD8-7B2D-4975-A0B9-40A319E474F2}c:\\program files\\teamspeak2_server\\server_windows.exe"= TCP:c:\program files\teamspeak2_server\server_windows.exe:server_windows

"TCP Query User{9C2F5524-B215-4314-8ECC-58D77CE53EDC}c:\\program files\\teamspeak2_server\\server_windows.exe"= UDP:c:\program files\teamspeak2_server\server_windows.exe:server_windows

"UDP Query User{086EDE18-77EB-4680-88E4-E522B8EFFBCF}c:\\program files\\teamspeak2_server\\server_windows.exe"= TCP:c:\program files\teamspeak2_server\server_windows.exe:server_windows

"TCP Query User{21988B1E-4F01-4864-A3B6-5F20D913A355}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire

"UDP Query User{588F5F4B-6C3A-42E3-9A21-DEB2334FBB44}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

"{A602DCD1-3B8D-4FF6-905D-88047C712F34}"= UDP:48759:48759

"{7B6C92B4-60FC-4E70-9E54-5A7DA56BE75F}"= TCP:48759:48759

"TCP Query User{17E18DA7-83CB-4288-85F6-A157FD2585F0}c:\\program files\\microsoft games\\rise of nations\\patriots.exe"= UDP:c:\program files\microsoft games\rise of nations\patriots.exe:Rise of Nations

"UDP Query User{74DC7DBC-83A0-4C4B-9464-F25185C35084}c:\\program files\\microsoft games\\rise of nations\\patriots.exe"= TCP:c:\program files\microsoft games\rise of nations\patriots.exe:Rise of Nations

"{F1E9CE95-13C4-408F-81BA-DDCE9B034000}"= UDP:d:\div stuff\utorrent-1.8-beta-10770.upx.exe:µTorrent (TCP-In)

"{5DF2594A-8B20-45E2-8ECA-ADD6A95DC8D7}"= TCP:d:\div stuff\utorrent-1.8-beta-10770.upx.exe:µTorrent (UDP-In)

"TCP Query User{506907AC-4BEE-4292-AB5E-38BFB6DBF83C}d:\\div stuff\\screamer-beta-20070222(2)\\screamer.exe"= UDP:d:\div stuff\screamer-beta-20070222(2)\screamer.exe:Screamer Radio

"UDP Query User{A8C3131A-275E-4622-8C99-2289FA974D09}d:\\div stuff\\screamer-beta-20070222(2)\\screamer.exe"= TCP:d:\div stuff\screamer-beta-20070222(2)\screamer.exe:Screamer Radio

"{412B2B8C-25EE-4D64-BF74-69CB4C04E0BD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{C8492A5A-8C70-42BE-B9C4-CC693AEDBDE3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{BC6915A1-4A25-46C1-AFCE-2B48ED54CFC4}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{10E05AA1-AEBD-490B-8E01-8AE24F351DFF}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{BC7D1AD7-4F30-468F-9A3E-50F311707D77}"= UDP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable

"{79FF9434-1A23-4357-83C8-AA85D5C8F124}"= TCP:c:\program files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable

"TCP Query User{519D0773-71E7-4C9C-96F6-FBF282907EFD}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client

"UDP Query User{250F1D1C-B926-45F0-9AF9-7D788D5E2EEF}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client

"TCP Query User{117848A3-F839-4A4A-A591-072C7AE8C794}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{08DE904E-EFBA-478A-BF66-AC16F4B5B3C7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"{43DD3125-B457-4050-8B1D-15311F40ACAD}"= UDP:c:\windows\System32\dpnsvr.exe:Microsoft DirectPlay8 Server

"{DD72C328-6E48-49EA-A75F-576C49A4AAB4}"= TCP:c:\windows\System32\dpnsvr.exe:Microsoft DirectPlay8 Server

"{CEEF30A1-C368-4545-8626-76EAF90B3F7B}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi

"{DF920171-E160-44C6-9735-C23A618CA61E}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi

"{2FB4ADA8-8A43-440A-B6ED-9F75D92CD62A}"= UDP:c:\program files\Codemasters\Archlord\Archlord.exe:Archlord

"{C4D3FC91-A0A5-45BA-A2EC-F7682D12DB17}"= TCP:c:\program files\Codemasters\Archlord\Archlord.exe:Archlord

"{44C1A799-1E57-41A1-B53E-E54045F98996}"= UDP:c:\program files\GameTribe\Dekaron\minilauncher.exe:Dekaron

"{CA73F0E9-B8D6-4BCD-9FA3-DC5A929FD23E}"= TCP:c:\program files\GameTribe\Dekaron\minilauncher.exe:Dekaron

"TCP Query User{8844FF43-5765-4AA4-9C56-AA423D073FA6}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{CDB75EBA-84E9-4F9C-B8C7-A9E40502FADA}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

"TCP Query User{B07F99CD-2DCE-4CA2-A286-E9ABA75CA382}d:\\div stuff\\screamer040-prerelease\\screamer.exe"= UDP:d:\div stuff\screamer040-prerelease\screamer.exe:Screamer Radio

"UDP Query User{6CF671D4-90C0-4F00-BC3F-440CC6F95215}d:\\div stuff\\screamer040-prerelease\\screamer.exe"= TCP:d:\div stuff\screamer040-prerelease\screamer.exe:Screamer Radio

"TCP Query User{53E48C5C-2866-41F2-8AFF-09BCEDE0DB51}c:\\program files\\goftp\\goftp.exe"= UDP:c:\program files\goftp\goftp.exe:GoFTP

"UDP Query User{2146818A-0FBB-406A-B949-1F818EDCC6D8}c:\\program files\\goftp\\goftp.exe"= TCP:c:\program files\goftp\goftp.exe:GoFTP

"TCP Query User{6AC14A78-05F3-4516-8ED2-94E20CF3F4B4}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood

"UDP Query User{F46B02EC-1574-43DD-AE92-06E8BEA0F245}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood

"TCP Query User{6A13CD88-50A5-41F4-98B6-87474ACAB1B0}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:

"UDP Query User{C7E77F1B-140E-4A7D-88FE-B592EB59AE04}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:

"TCP Query User{7BA1BC25-10F5-4111-83A2-0E7888F043F9}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV

"UDP Query User{F3EBC17E-F06A-4F2E-9827-91D6409CCC34}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV

"TCP Query User{2775F308-2758-422F-AF12-505D7452D3E4}d:\\div stuff\\viviplay.exe"= UDP:d:\div stuff\viviplay.exe:ViViMediaPlay

"UDP Query User{3E54F163-F0FE-4D49-B08F-6A878FE55CF7}d:\\div stuff\\viviplay.exe"= TCP:d:\div stuff\viviplay.exe:ViViMediaPlay

"{0D41088C-6E69-4618-9F0E-7D53C2639A74}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"{1031BA43-3CC6-4980-90D6-A85CF7D69224}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II

"TCP Query User{FB0E0FDE-EA03-4C85-9696-27C8D071CE88}c:\\program files\\anno 1701\\anno1701.exe"= UDP:c:\program files\anno 1701\anno1701.exe:Anno 1701

"UDP Query User{BF5BA93F-C35C-4CB6-8C29-F67A0541A2FA}c:\\program files\\anno 1701\\anno1701.exe"= TCP:c:\program files\anno 1701\anno1701.exe:Anno 1701

"{AB7E0BFE-2F08-43C4-AEA1-529127F6FA4B}"= UDP:d:\div stuff\utorrent-1.8-rc7.upx.exe:µTorrent (TCP-In)

"{2CF441DA-4EA6-4F35-B81C-9227D242CF5F}"= TCP:d:\div stuff\utorrent-1.8-rc7.upx.exe:µTorrent (UDP-In)

"TCP Query User{B2A3C2A6-2FAE-410C-A804-BB2489FC039B}c:\\program files\\screamer radio\\screamer.exe"= UDP:c:\program files\screamer radio\screamer.exe:Screamer Radio

"UDP Query User{39269975-A6B9-439C-A9E7-9727EE967EA2}c:\\program files\\screamer radio\\screamer.exe"= TCP:c:\program files\screamer radio\screamer.exe:Screamer Radio

"TCP Query User{8986C729-70FC-406B-BD8F-79229C9B7381}c:\\program files\\d-link\\pc agent\\nica.exe"= UDP:c:\program files\d-link\pc agent\nica.exe:NICA

"UDP Query User{39B2EDD2-2950-4CC1-A342-6418F9BA3CF5}c:\\program files\\d-link\\pc agent\\nica.exe"= TCP:c:\program files\d-link\pc agent\nica.exe:NICA

"TCP Query User{3CD39075-64A9-4012-B576-755A0E94E39A}c:\\users\\frode\\appdata\\local\\temp\\rar$ex00.560\\yuleech-runes_of_magic_en-en.exe"= UDP:c:\users\frode\appdata\local\temp\rar$ex00.560\yuleech-runes_of_magic_en-en.exe:yuleech-runes_of_magic_en-en.exe

"UDP Query User{0E40CFD3-9D50-4467-88AF-C4AB8826588C}c:\\users\\frode\\appdata\\local\\temp\\rar$ex00.560\\yuleech-runes_of_magic_en-en.exe"= TCP:c:\users\frode\appdata\local\temp\rar$ex00.560\yuleech-runes_of_magic_en-en.exe:yuleech-runes_of_magic_en-en.exe

"TCP Query User{5A357DFC-F67B-4102-BEB1-4C45882DAE64}d:\\div stuff\\war europe downloader.exe"= UDP:d:\div stuff\war europe downloader.exe:Warhammer Downloader

"UDP Query User{CBFA7A66-2A30-4E8D-A861-57515E8ED425}d:\\div stuff\\war europe downloader.exe"= TCP:d:\div stuff\war europe downloader.exe:Warhammer Downloader

"TCP Query User{4056AC3A-2335-4604-9099-182E65617880}c:\\program files\\ventsrv\\ventrilo_srv.exe"= UDP:c:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv

"UDP Query User{8F5EA64C-FC9E-494A-A1E4-26E76D630487}c:\\program files\\ventsrv\\ventrilo_srv.exe"= TCP:c:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv

"TCP Query User{08E48EEA-60F8-458D-B31F-F496E6FA50D6}c:\\program files\\screamer radio\\screamer.exe"= UDP:c:\program files\screamer radio\screamer.exe:Screamer Radio

"UDP Query User{8AB321CA-53D0-4B27-A4FB-B3BDA4220CCA}c:\\program files\\screamer radio\\screamer.exe"= TCP:c:\program files\screamer radio\screamer.exe:Screamer Radio

"{D85098A1-4AEE-4C7E-A035-7624306B2C50}"= UDP:c:\program files\Runes of Magic\Runes of Magic.exe:Runes of Magic

"{1E365E9E-D9A3-4466-9819-E25A245BB71A}"= TCP:c:\program files\Runes of Magic\Runes of Magic.exe:Runes of Magic

"TCP Query User{63235411-CBD5-4346-A656-2FC645EFE049}c:\\program files\\novalogic\\joint operations typhoon rising\\update.exe"= UDP:c:\program files\novalogic\joint operations typhoon rising\update.exe:UPDATE

"UDP Query User{7789C157-E628-4929-9799-3DBC552F1FE7}c:\\program files\\novalogic\\joint operations typhoon rising\\update.exe"= TCP:c:\program files\novalogic\joint operations typhoon rising\update.exe:UPDATE

"TCP Query User{6C260882-44BF-4DD5-BE2A-00701F127207}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= UDP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops

"UDP Query User{47AE5B4D-730E-47AF-976A-344EE4A4956E}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= TCP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops

"TCP Query User{4D54EF26-A9C3-4C07-9792-8044F210AE21}c:\\program files\\cs 1.6\\hl.exe"= UDP:c:\program files\cs 1.6\hl.exe:Half-Life Launcher

"UDP Query User{7C4C5C92-04A4-46BF-AB20-C537B3C42122}c:\\program files\\cs 1.6\\hl.exe"= TCP:c:\program files\cs 1.6\hl.exe:Half-Life Launcher

"TCP Query User{8937E84B-9DF8-47A6-9F47-707DCF09A1BB}c:\\program files\\warcraft 3 fr\\war3.exe"= UDP:c:\program files\warcraft 3 fr\war3.exe:Warcraft III

"UDP Query User{C6BD895A-0B7C-44CD-8882-C2B198E40A2D}c:\\program files\\warcraft 3 fr\\war3.exe"= TCP:c:\program files\warcraft 3 fr\war3.exe:Warcraft III

"TCP Query User{9F43FCEF-C7B0-4906-831B-2B7F0A2EA820}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client

"UDP Query User{96F8587D-9427-448D-94A3-C02EADBD24EF}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client

"TCP Query User{26C4630C-C3E0-44EC-A33D-C8A4EFB5B2F3}c:\\program files\\trellian\\trellian ftp\\ftp.exe"= UDP:c:\program files\trellian\trellian ftp\ftp.exe:Multithreaded FTP client

"UDP Query User{EFFED92A-3E6E-4E98-B30C-9F0AAE91D40F}c:\\program files\\trellian\\trellian ftp\\ftp.exe"= TCP:c:\program files\trellian\trellian ftp\ftp.exe:Multithreaded FTP client

"{64C6E384-0ABE-40A5-966D-2F7C1CEC9286}"= UDP:28900:28900

"{E4F55478-D1C7-456E-A7A7-B36494E65438}"= TCP:28900:28900

"{1B161D43-6AF3-4F60-B933-17D22F6EB643}"= UDP:d:\warhammer online age of reckoning\WAR.exe:WAR

"{F944BF59-ACA3-437B-990A-E3969BD5CC4D}"= TCP:d:\warhammer online age of reckoning\WAR.exe:WAR

"{7C8F8540-CB33-4CAD-8297-1C0046CA52A6}"= UDP:d:\warhammer online age of reckoning\warpatch.exe:warpatch

"{5194C546-CAEE-45FE-A280-96CBF0DBB1E2}"= TCP:d:\warhammer online age of reckoning\warpatch.exe:warpatch

"{FF61FBBF-FC77-4294-BBFF-20F997C9A2AB}"= UDP:1380:1380

"{E81F6500-ADD6-4D4F-BBB6-FCF30732F994}"= UDP:10622:10622

"{45467F3A-3296-4B1A-89F9-D7706E3F3490}"= Disabled:UDP:c:\program files\Electronic Arts\Red Alert 3\RA3.exe:RA3

"{DAA44B3B-3FF5-4D95-8380-60F06DF9545D}"= Disabled:TCP:c:\program files\Electronic Arts\Red Alert 3\RA3.exe:RA3

"TCP Query User{FB64CF26-B3A0-4D85-A26B-119F4C73B817}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.4.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.4.game:Command & Conquer™ Red Alert™ 3

"UDP Query User{1A1DF8B4-C550-4914-B0D2-DEE52B083BFA}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.4.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.4.game:Command & Conquer™ Red Alert™ 3

"TCP Query User{8ABEF425-473D-4369-8477-72057F2C0587}c:\\xampp\\apache\\bin\\apache.exe"= UDP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server

"UDP Query User{3F0EEA2D-B875-4A10-AB80-1C6D1AC186C6}c:\\xampp\\apache\\bin\\apache.exe"= TCP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server

"TCP Query User{78FBB444-47D9-48B1-8BF7-643B6508147D}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{80B24EC2-D69B-4892-95F1-B95AE5F04C7F}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"{20E73440-EC25-48C8-B878-694F39AFDF4B}"= UDP:c:\program files\VentSrv\ventrilo_svc.exe:ventrilo_svc

"{6ADA6B88-0333-4D1E-9F72-FCB24DAE5535}"= TCP:c:\program files\VentSrv\ventrilo_svc.exe:ventrilo_svc

"TCP Query User{E89D81C2-C27B-428A-8046-35B4A0F480F2}c:\\program files\\ventsrv\\ventrilo_old.exe"= UDP:c:\program files\ventsrv\ventrilo_old.exe:ventrilo_old

"UDP Query User{5865CE31-4FE7-4F92-96BF-9153E772FF80}c:\\program files\\ventsrv\\ventrilo_old.exe"= TCP:c:\program files\ventsrv\ventrilo_old.exe:ventrilo_old

"TCP Query User{9F5310D0-9912-463E-A460-7FB1F62CA4BB}c:\\program files\\ventsrv\\ventrilo_svr.exe"= UDP:c:\program files\ventsrv\ventrilo_svr.exe:ventrilo_svr

"UDP Query User{82B2B13B-F0D5-4FDA-BA61-28A7FA38F6D2}c:\\program files\\ventsrv\\ventrilo_svr.exe"= TCP:c:\program files\ventsrv\ventrilo_svr.exe:ventrilo_svr

"TCP Query User{AC707C6A-8B10-4C39-9D28-5120C580462D}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"UDP Query User{BD7EDFF7-587A-45D9-893A-21FA5750CE51}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"{F9C6742C-A6C8-4062-A742-92D0C4070127}"= UDP:c:\program files\Runes of Magic\ClientUpdate.exe:ClientUpdate

"{423E37ED-3523-4F39-9EBA-A2DB9E4214F5}"= TCP:c:\program files\Runes of Magic\ClientUpdate.exe:ClientUpdate

"{406974E6-FF00-4095-ABE1-69F5E63ECA47}"= UDP:c:\program files\Runes of Magic\Client.exe:Client

"{17313F7E-4E17-44A9-A8CB-C298C9EE1210}"= TCP:c:\program files\Runes of Magic\Client.exe:Client

"{DB60A4AC-58F4-4327-ADE1-E281267012BE}"= UDP:c:\program files\Runes of Magic\Launcher.exe:Launcher

"{3AFF87F5-D939-4B38-A246-E90D6409E753}"= TCP:c:\program files\Runes of Magic\Launcher.exe:Launcher

"TCP Query User{5278D08E-FD00-41C3-9418-E1AED6D65A88}c:\\users\\frode\\appdata\\local\\screamer radio\\screamer.exe"= UDP:c:\users\frode\appdata\local\screamer radio\screamer.exe:screamer.exe

"UDP Query User{DE680AA2-C1A7-4E88-873A-D82CE958E9CD}c:\\users\\frode\\appdata\\local\\screamer radio\\screamer.exe"= TCP:c:\users\frode\appdata\local\screamer radio\screamer.exe:screamer.exe

"TCP Query User{3953A86F-D3DA-4252-BD29-58CF8F423255}c:\\program files\\adiirc\\adiirc.exe"= UDP:c:\program files\adiirc\adiirc.exe:AdiIRC

"UDP Query User{05AE59E4-E8AA-4FF7-B59B-EE8E9923A1F1}c:\\program files\\adiirc\\adiirc.exe"= TCP:c:\program files\adiirc\adiirc.exe:AdiIRC

"TCP Query User{A9D345DA-CB62-4B6A-BF0C-66929B9D527A}c:\\users\\frode\\appdata\\local\\temp\\blizzard launcher temporary - 73d34b58\\launcher.exe"= UDP:c:\users\frode\appdata\local\temp\blizzard launcher temporary - 73d34b58\launcher.exe:launcher.exe

"UDP Query User{814F1176-5DEA-499E-9296-E26DEBAEB2D1}c:\\users\\frode\\appdata\\local\\temp\\blizzard launcher temporary - 73d34b58\\launcher.exe"= TCP:c:\users\frode\appdata\local\temp\blizzard launcher temporary - 73d34b58\launcher.exe:launcher.exe

"TCP Query User{585305A7-F546-41FE-8817-276F9538EEA8}d:\\flashget\\flashget.exe"= UDP:d:\flashget\flashget.exe:FlashGet

"UDP Query User{2FBE982A-37F3-4499-9170-8F04EFC141A8}d:\\flashget\\flashget.exe"= TCP:d:\flashget\flashget.exe:FlashGet

"{3609C22B-05CA-43AA-870B-E50121B34A03}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client

"{5A488C1F-D47E-497D-B87F-43A88EE9467F}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client

"{F7939D7B-C646-4977-A768-32F3DC6699F7}"= UDP:1100:Anno 1404 CB

"TCP Query User{A994621A-86A6-47FE-904E-1DC29CF653B0}i:\\screamer radio\\screamer.exe"= UDP:i:\screamer radio\screamer.exe:Screamer Radio

"UDP Query User{0E66D303-197D-434A-91FC-E8BE8A4E8B5A}i:\\screamer radio\\screamer.exe"= TCP:i:\screamer radio\screamer.exe:Screamer Radio

"{C14BE224-84AD-4C21-BCD5-F880C52C81EC}"= UDP:c:\wow\BackgroundDownloader.exe:Blizzard Downloader

"{06B587F3-4C00-492A-8226-9031A5ED0266}"= TCP:c:\wow\BackgroundDownloader.exe:Blizzard Downloader

"{6C0E82F2-79A4-419A-A325-6BEBAA49E86C}"= UDP:3724:Blizzard Downloader: 3724

"TCP Query User{B2540D08-C670-4E30-B322-B02DF3E5B7AD}d:\\div stuff\\viviplay(2).exe"= UDP:d:\div stuff\viviplay(2).exe:ViViMediaPlay

"UDP Query User{28E5D459-6460-4B6A-A734-6B52A11D7A02}d:\\div stuff\\viviplay(2).exe"= TCP:d:\div stuff\viviplay(2).exe:ViViMediaPlay

"{041E9E0D-1362-4271-8AD1-84484F0B9354}"= UDP:80:rom

"{64114107-84BC-4D4C-9029-7E22085B14D9}"= UDP:21002:rom2

"{06DCD101-F3EF-4404-9306-89BB23ED5AC4}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{1AC2BFE6-87E2-44EE-A4B1-2690FB6901FF}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{93521945-6A90-47C5-A99C-2ADA664FAFF7}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent

"{CCB06324-3941-4585-845A-5F06E13AA9CA}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent

"TCP Query User{9E2E035F-5FD3-4F16-8E62-3E6B53920638}c:\\wow\\launcher.exe"= UDP:c:\wow\launcher.exe:Blizzard Launcher

"UDP Query User{56388026-7669-47D5-9D09-03DA2488A56F}c:\\wow\\launcher.exe"= TCP:c:\wow\launcher.exe:Blizzard Launcher

"{FDA64C6A-7F41-4E85-9515-25AAA74BEF35}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server

"{BE0135C2-2ABD-4F7C-8010-5D76E1CAC097}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server

"{1BEB61CA-34C2-4CE9-99C8-CEC85DDE95B5}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes

"{7957CE6E-75E0-42AF-9F3F-CFB49A5A7D33}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes

"{0D4889AF-5C0D-49B4-86E0-A0767ECE7E6F}"= UDP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader

"{C7AF4474-D8E6-4147-B768-DBB9E3DE90AA}"= TCP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader

"{4810DDFA-67D0-4D46-A755-36A2D2031837}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{6369554C-73FB-4EE1-AE2A-0B61F6649DA9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{FF2B2D95-1228-4406-BA4F-612F2032ABE1}"= UDP:c:\program files\Perfect World Entertainment\Jade Dynasty\launcher\Launcher.exe:Launcher

"{1D0DD600-14DC-4742-B855-EDF5DF50F8AC}"= TCP:c:\program files\Perfect World Entertainment\Jade Dynasty\launcher\Launcher.exe:Launcher

"{14E33593-5CE2-4383-BD06-69E2D1B4A407}"= UDP:c:\program files\Perfect World Entertainment\Jade Dynasty\patcher\patcher.exe:Jade Dynasty

"{8244E7CF-67AF-446B-A0E9-A89C0AD14F48}"= TCP:c:\program files\Perfect World Entertainment\Jade Dynasty\patcher\patcher.exe:Jade Dynasty

"TCP Query User{B68681C4-9575-415F-84E9-E449E412BEED}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{B4A14587-5265-4B12-A311-2F8ECC8E3767}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{176FD458-476D-416B-85F3-1BFEFE95FB27}"= UDP:c:\program files\NCSoft\Launcher\NCLauncher.exe:NCsoft Launcher

"{B27755B1-D410-4DAE-A1A6-6FF405C1D329}"= TCP:c:\program files\NCSoft\Launcher\NCLauncher.exe:NCsoft Launcher

"TCP Query User{AB74F799-F6F3-455D-B1D4-2939CBDA3896}d:\\div stuff\\citiesxl_downloader.exe"= UDP:d:\div stuff\citiesxl_downloader.exe:citiesxl_downloader.exe

"UDP Query User{F9ED8792-8BFA-4B09-B61F-345D16D56FA9}d:\\div stuff\\citiesxl_downloader.exe"= TCP:d:\div stuff\citiesxl_downloader.exe:citiesxl_downloader.exe

"TCP Query User{3CC2A21C-54FF-44A9-80D9-8CF632375249}c:\\program files\\monte cristo\\cities xl\\cds\\citiesxl_http.exe"= UDP:c:\program files\monte cristo\cities xl\cds\citiesxl_http.exe:CitiesXL_http

"UDP Query User{C42F846D-70BE-469F-84EF-A86E895FBFDE}c:\\program files\\monte cristo\\cities xl\\cds\\citiesxl_http.exe"= TCP:c:\program files\monte cristo\cities xl\cds\citiesxl_http.exe:CitiesXL_http

"{2727E7A1-FD20-4BCA-B259-DAF5F26359F9}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{F7EF3F26-5EEC-4A21-9423-6818F68232A2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{963F02E8-A1A8-41DC-9225-C63E5529ECF4}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{33AA3D15-38B1-4D99-974D-AA0A28D2ACC9}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3B9A7C26-7402-42E4-B9CD-7C514AB31498}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars

"{F16B61A7-AF82-4287-B51A-F5A9ED497EEE}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars

"{709737C3-1E5D-4DCD-A109-C30F1354C3C5}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe

"{2BFBF0CC-2546-418E-A50D-522BEEF0BE22}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe

"TCP Query User{4519DA58-5FAD-43B6-AAAE-D52AF3BB45B7}c:\\program files\\mozilla firefox 3.5\\firefox.exe"= UDP:c:\program files\mozilla firefox 3.5\firefox.exe:Firefox

"UDP Query User{411A714F-B9C8-4385-BD4A-05D7790C7720}c:\\program files\\mozilla firefox 3.5\\firefox.exe"= TCP:c:\program files\mozilla firefox 3.5\firefox.exe:Firefox

"{2E481B7D-8E05-4D76-80FE-C61DFA1E7A76}"= UDP:c:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404

"{9A3C1B00-A27B-42D4-A562-89A701EED90F}"= TCP:c:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404

"{D2BBF1B8-439C-42B4-9777-6F326A6051D9}"= UDP:c:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web

"{433178F7-6E01-420D-B2BD-E8372B1FA324}"= TCP:c:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web

"TCP Query User{31A2724E-16CE-441E-AC85-C92C6E677C3A}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09

"UDP Query User{99B47B72-87D6-455D-965A-76F4D0544499}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09

"TCP Query User{6FB08E1B-13EE-44A4-80D7-41A1E554FF0B}c:\\program files\\thq\\company of heroes\\relicdownloader\\relicdownloader.exe"= UDP:c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager

"UDP Query User{1F3C3CC8-BA27-406C-8310-9F8B0282834B}c:\\program files\\thq\\company of heroes\\relicdownloader\\relicdownloader.exe"= TCP:c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe:Relic Patch Download Manager

"TCP Query User{77A942AF-6773-4C2B-AF5C-F3594AFC4A0F}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH

"UDP Query User{CA483B62-011C-4EE6-8DD1-FE9B9E0DA3BC}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [25.07.2008 10:51 12800]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11.04.2009 13:01 108289]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [29.01.2009 13:50 206096]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14.07.2009 12:28 239648]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [08.10.2008 01:21 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [08.10.2008 01:21 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [08.10.2008 01:21 72728]

R3 m4cxvista;NDIS6.0 Miniport Driver for D-Link Gigabit Ethernet Controller;c:\windows\System32\drivers\m4cxvista.sys [10.01.2007 09:15 196096]

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]

S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [16.05.2009 10:58 12672]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [27.09.2008 18:33 79360]

S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [08.10.2008 01:21 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [08.10.2008 01:21 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [08.10.2008 01:21 72728]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [30.11.2008 23:29 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [30.11.2008 23:29 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [30.11.2008 23:29 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [30.11.2008 23:29 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [30.11.2008 23:29 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [30.11.2008 23:29 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [30.11.2008 23:29 115752]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [30.11.2008 23:29 90536]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [30.11.2008 23:29 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [30.11.2008 23:29 122152]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [30.11.2008 23:29 115496]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [30.11.2008 23:29 25768]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [30.11.2008 23:29 111912]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [30.11.2008 23:29 117672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = *.local

IE: &Last ned alle med FlashGet - d:\flashget\jc_all.htm

IE: &Last ned med FlashGet - d:\flashget\jc_link.htm

IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm

FF - ProfilePath - c:\users\Frode\AppData\Roaming\Mozilla\Firefox\Profiles\bs9cdtkw.default\

FF - prefs.js: browser.startup.homepage - hxxp://nb-NO.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nb-NO:official

FF - plugin: c:\program files\Mozilla Firefox 3.5\plugins\np-mswmp.dll

FF - plugin: c:\users\Frode\AppData\Roaming\Mozilla\Firefox\Profiles\bs9cdtkw.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox 3.5\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox 3.5\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox 3.5\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

.

------- Filassosiasjoner -------

.

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-02 12:08

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-1987112767-1190121641-504785011-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:88,bf,66,08,cd,72,99,b5,81,21,82,82,f2,df,e8,10,56,ca,75,10,e6,78,08,

00,d9,9e,8f,dc,bf,bc,eb,1f,0b,38,1d,d2,ee,0d,99,a9,1f,98,38,d8,03,5d,73,6e,\

"??"=hex:2e,50,ea,c9,19,92,5a,18,8b,5c,da,3c,6f,fd,4e,1c

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tidspunkt ferdig: 2009-08-02 12:10

ComboFix-quarantined-files.txt 2009-08-02 10:10

ComboFix2.txt 2009-06-25 22:32

 

Pre-Run: 81 166 544 896 byte ledig

Post-Run: 82 125 238 272 byte ledig

 

527 --- E O F --- 2009-07-31 13:58

 

 

 

 

HJT log

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:01:13, on 02.08.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Creative\Volume Panel\VolPanlu.exe

C:\Windows\System32\Ctxfihlp.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\HJT\testing.exe.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll (file missing)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')

O8 - Extra context menu item: &Last ned alle med FlashGet - D:\FlashGet\jc_all.htm

O8 - Extra context menu item: &Last ned med FlashGet - D:\FlashGet\jc_link.htm

O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe (file missing)

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe (file missing)

O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 6158 bytes

 

 

 

 

MBAM fant ingenting. AVIRA fant ingenting ved nytt søk.

Endret 2. august 2009 av Frode789

[snippsat]

Ser rimlig greit ut,tar og rydder litt.

 

Med vista kjør cmd som administrator.

Skriv inn 1 og 1 linje eller kopiere og lim inn går også.

---

sc stop ioloFileInfoList

sc delete ioloFileInfoList

 

sc stop ioloSystemService

sc delete ioloSystemService

 

sc stop npggsvc

sc delete npggsvc

---

 

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe (file missing)

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe (file missing)

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

---

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

---

Sjekk om software er oppdatert Secunia

---

Surf trygt

Endret 2. august 2009 av SNIPPSAT

[Frode99]

Ok.

 

Takker for svar og hjelpen!